diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 6e7102bf..463b7cd4 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,4 @@ +--- # These are supported funding model platforms # https://liberapay.com/s.pantaleev/ diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000..b9c3cd49 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,7 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml new file mode 100644 index 00000000..6445dc03 --- /dev/null +++ b/.github/workflows/matrix.yml @@ -0,0 +1,16 @@ +--- +name: Matrix CI + +on: # yamllint disable-line rule:truthy + push: + pull_request: + +jobs: + yamllint: + name: 🧹 yamllint + runs-on: ubuntu-latest + steps: + - name: ⤵️ Check out configuration from GitHub + uses: actions/checkout@v2.4.0 + - name: 🚀 Run yamllint + uses: frenck/action-yamllint@v1.1.2 diff --git a/.yamllint b/.yamllint new file mode 100644 index 00000000..08b89afd --- /dev/null +++ b/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +ignore: | + roles/matrix-synapse/vars/workers.yml + +rules: + line-length: disable diff --git a/CHANGELOG.md b/CHANGELOG.md index e9f23468..c1ac92e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,27 @@ +# 2022-02-12 + +## matrix_encryption_disabler support + +We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401). + +To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`. + + +# 2022-02-01 + +## matrix-hookshot bridging support + +Thanks to [HarHarLinks](https://github.com/HarHarLinks), the playbook can now install the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to multiple project management services, such as GitHub, GitLab and JIRA. +See our [Setting up matrix-hookshot](docs/configuring-playbook-bridge-hookshot.md) documentation to get started. + + +# 2022-01-31 + +## ARM support for matrix-corporal + +[matrix-corporal](https://github.com/devture/matrix-corporal) (as of version `2.2.3`) is now published to Docker Hub (see [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal)) as a multi-arch container image with support for all these platforms: `linux/amd64`, `linux/arm64/v8` and `linux/arm/v7`. The playbook no longer resorts to self-building matrix-corporal on these ARM architectures. + + # 2022-01-07 ## Dendrite support diff --git a/README.md b/README.md index af02a3b0..6ae3ca0b 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation - (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation diff --git a/collections/requirements.yml b/collections/requirements.yml index 9d365441..483ed156 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,4 +1,4 @@ --- collections: - name: community.general - - name: community.docker + - name: community.docker diff --git a/docs/configuring-playbook-bot-matrix-reminder-bot.md b/docs/configuring-playbook-bot-matrix-reminder-bot.md index c3c8e8bb..aaf5670c 100644 --- a/docs/configuring-playbook-bot-matrix-reminder-bot.md +++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md @@ -54,6 +54,6 @@ You can also add the bot to any existing Matrix room (`/invite @bot.matrix-remin Basic usage is like this: `!remindme in 2 minutes; This is a test` -Send `!help commands` to the room to see the bot's help menu for additional commands. +Send `!help reminders` to the room to see the bot's help menu for additional commands. You can also refer to the upstream [Usage documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage). diff --git a/docs/configuring-playbook-bridge-appservice-webhooks.md b/docs/configuring-playbook-bridge-appservice-webhooks.md index 3654bfa4..f4fbfbc0 100644 --- a/docs/configuring-playbook-bridge-appservice-webhooks.md +++ b/docs/configuring-playbook-bridge-appservice-webhooks.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. +Note: This bridge is no longer maintained. While not a 1:1 replacement, the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) as a replacement, which can also be installed using [this playbook](configuring-playbook-bridge-hookshot.md). + This bridge provides support for Slack-compatible webhooks. Setup Instructions: diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md new file mode 100644 index 00000000..9a7f3f53 --- /dev/null +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -0,0 +1,47 @@ +# Setting up Hookshot (optional) + +The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. + +Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. + +See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. + +Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. + +## Setup Instructions + +Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. + +1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. +2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. +5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. + +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. + +### Manage GitHub Private Key with matrix-aux role + +The GitHub bridge requires you to install a private key file. This can be done in multiple ways: +- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)). +- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. +- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. + +To use `matrix-aux`, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add to `matrix-aux` configuration like this: +```yaml +matrix_aux_file_definitions: + - dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" + content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}" + mode: '0400' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" +``` +For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml). + +### Provisioning API + +The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. + +### Metrics + +If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index e7d8dba2..0630270f 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -1,20 +1,33 @@ # Setting up MX Puppet Slack (optional) -**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. +**Note**: bridging to [Slack](https://slack.com) can also happen via the +[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) +bridge supported by the playbook. The playbook can install and configure [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. See the project page to learn what it does and why it might be useful to you. -To enable the [Slack](https://slack.com/) bridge just use the following -playbook configuration: - - -```yaml -matrix_mx_puppet_slack_enabled: true -``` - +## Setup + +To enable the [Slack](https://slack.com/) bridge: + +1. Follow the + [OAuth credentials](https://github.com/Sorunome/mx-puppet-slack#option-2-oauth) + instructions to create a new Slack app, setting the redirect URL to + `https://matrix.YOUR_DOMAIN/slack/oauth`. +2. Update your `vars.yml` with the following: + ```yaml + matrix_mx_puppet_slack_enabled: true + # Client ID must be quoted so YAML does not parse it as a float. + matrix_mx_puppet_slack_oauth_client_id: "" + matrix_mx_puppet_slack_oauth_client_secret: "" + ``` +3. Run playbooks with `setup-all` and `start` tags: + ``` + ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start + ``` ## Usage diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 2e6410ec..4650b5e2 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -47,3 +47,20 @@ matrix_synapse_federation_port_enabled: false # This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false ``` + +## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports + +Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection. + +The following changes in the configuration file (`inventory/host_vars/matrix./vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other: + +``` +matrix_synapse_http_listener_resource_names: ["client","federation"] +# Any port can be used but in this case we use 443 +matrix_federation_public_port: 443 +matrix_synapse_federation_port_enabled: false +# Note that the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true. +matrix_synapse_tls_federation_listener_enabled: false +``` + +**Use this at you own risk as all the possible side-effects of doing this are not fully known. However, it has been tested and works fine and passes all the tests on without issues.** diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 2e288cc8..07e49c5a 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -67,8 +67,13 @@ By default, it obtains certificates for: - `matrix.` (`matrix_server_fqn_matrix`) - possibly for `element.`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false` - possibly for `riot.`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true` +- possibly for `hydrogen.`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md). +- possibly for `cinny.`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md). - possibly for `dimension.`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md). +- possibly for `goneb.`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md). - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). +- possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). +- possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 31168d23..9b153883 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -117,6 +117,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional) +- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) + - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) diff --git a/docs/faq.md b/docs/faq.md index 5181c6ea..d9c7a586 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -226,7 +226,7 @@ Using a separate domain name is easier to manage (although it's a little hard to We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method. -If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain). +If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain) ### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do? diff --git a/examples/haproxy/docker-compose.yml b/examples/haproxy/docker-compose.yml index 9177161d..b5c9aab7 100644 --- a/examples/haproxy/docker-compose.yml +++ b/examples/haproxy/docker-compose.yml @@ -1,7 +1,8 @@ +--- version: '3' services: nginx: - image: local/nginx + image: local/nginx ports: - 40888:80 volumes: diff --git a/examples/vars.yml b/examples/vars.yml index f5776962..3ca8f460 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -1,3 +1,4 @@ +--- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index af84d5d9..596fba13 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -662,6 +662,45 @@ matrix_heisenbridge_systemd_wanted_services_list: | # ###################################################################### +###################################################################### +# +# matrix-bridge-hookshot +# +###################################################################### + +# We don't enable bridges by default. +matrix_hookshot_enabled: false + +matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" + +matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" + +matrix_hookshot_systemd_wanted_services_list: | + {{ + (['matrix-' + matrix_homeserver_implementation + '.service']) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_hookshot_container_http_host_bind_ports_defaultmapping: + - "127.0.0.1:{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}" + - "127.0.0.1:{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}" + - "127.0.0.1:{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" + - "127.0.0.1:{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" + +matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_enabled else matrix_hookshot_container_http_host_bind_ports_defaultmapping }}" + +matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" + +matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" +matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" + +###################################################################### +# +# /matrix-bridge-hookshot +# +###################################################################### + ###################################################################### # # matrix-bridge-mx-puppet-skype @@ -1059,7 +1098,7 @@ matrix_bot_mjolnir_systemd_required_services_list: | matrix_corporal_enabled: false -matrix_corporal_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -1089,8 +1128,6 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati # ###################################################################### - - ###################################################################### # # matrix-coturn @@ -1125,8 +1162,6 @@ matrix_coturn_container_additional_volumes: | # ###################################################################### - - ###################################################################### # # matrix-dimension @@ -1204,8 +1239,6 @@ matrix_dynamic_dns_enabled: false # ###################################################################### - - ###################################################################### # # matrix-email2matrix @@ -1214,7 +1247,7 @@ matrix_dynamic_dns_enabled: false matrix_email2matrix_enabled: false -matrix_email2matrix_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" ###################################################################### # @@ -1222,8 +1255,6 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture != 'amd6 # ###################################################################### - - ###################################################################### # # matrix-jitsi @@ -1268,8 +1299,6 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # ###################################################################### - - ###################################################################### # # matrix-mailer @@ -1281,7 +1310,7 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # Other services (like ma1sd), also use the mailer. matrix_mailer_enabled: true -matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" ###################################################################### # @@ -1289,8 +1318,6 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # ###################################################################### - - ###################################################################### # # matrix-ma1sd @@ -1354,8 +1381,6 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr # ###################################################################### - - ###################################################################### # # matrix-nginx-proxy @@ -1482,6 +1507,10 @@ matrix_nginx_proxy_systemd_wanted_services_list: | (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) + + + (['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else []) + + + (['matrix-hookshot.service'] if matrix_hookshot_enabled else []) }} matrix_ssl_domains_to_obtain_certificates_for: | @@ -1527,8 +1556,6 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr # ###################################################################### - - ###################################################################### # # matrix-postgres @@ -1777,8 +1804,6 @@ matrix_postgres_import_databases_to_ignore: | # ###################################################################### - - ###################################################################### # # matrix-sygnal @@ -1799,8 +1824,6 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### - - ###################################################################### # # matrix-redis @@ -1815,8 +1838,6 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}" # ###################################################################### - - ###################################################################### # # matrix-client-element @@ -1864,8 +1885,6 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr # ###################################################################### - - ###################################################################### # # matrix-client-hydrogen @@ -1889,8 +1908,6 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl # ###################################################################### - - ###################################################################### # # matrix-client-cinny @@ -1916,8 +1933,6 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_re # ###################################################################### - - ###################################################################### # # matrix-synapse @@ -2028,8 +2043,6 @@ matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_re # ###################################################################### - - ###################################################################### # # matrix-synapse-admin @@ -2051,8 +2064,6 @@ matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd # ###################################################################### - - ###################################################################### # # matrix-prometheus-node-exporter @@ -2067,8 +2078,6 @@ matrix_prometheus_node_exporter_enabled: false # ###################################################################### - - ###################################################################### # # matrix-prometheus @@ -2093,6 +2102,8 @@ matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:91 matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" +matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled }}" +matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### # @@ -2100,7 +2111,6 @@ matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exp # ###################################################################### - ###################################################################### # # matrix-prometheus-postgres-exporter @@ -2156,8 +2166,6 @@ matrix_grafana_systemd_wanted_services_list: | # ###################################################################### - - ###################################################################### # # matrix-registration diff --git a/roles/matrix-aux/tasks/main.yml b/roles/matrix-aux/tasks/main.yml index ee93f63a..2585715b 100644 --- a/roles/matrix-aux/tasks/main.yml +++ b/roles/matrix-aux/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/setup.yml" when: run_stop|bool tags: diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml index 1b61797e..cb847325 100755 --- a/roles/matrix-awx/defaults/main.yml +++ b/roles/matrix-awx/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_awx_enabled: true # Defaults for 'Customise Website + Access Export' template diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index d33f0f70..553eb1b9 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -1,3 +1,4 @@ +--- - name: Record Backup Server variables locally on AWX delegate_to: 127.0.0.1 @@ -38,18 +39,18 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true tags: use-survey - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Copy new 'matrix_vars.yml' to target machine copy: @@ -58,8 +59,8 @@ mode: '0660' tags: use-survey -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" +- name: Run initial backup of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" with_items: - borgmatic -c /root/.config/borgmatic/config_1.yaml - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 diff --git a/roles/matrix-awx/tasks/bridge_discord_appservice.yml b/roles/matrix-awx/tasks/bridge_discord_appservice.yml index 7cb24028..3c124db3 100644 --- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml +++ b/roles/matrix-awx/tasks/bridge_discord_appservice.yml @@ -1,3 +1,4 @@ +--- - name: Record Bridge Discord AppService variables locally on AWX delegate_to: 127.0.0.1 @@ -33,7 +34,7 @@ - name: Copy new 'Bridge Discord Appservice' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json' - dest: '/matrix/awx/bridge_discord_appservice.json' + dest: '/matrix/awx/bridge_discord_appservice.json' mode: '0660' - name: Recreate 'Bridge Discord Appservice' job template @@ -54,4 +55,4 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml index a34b3792..ca41880a 100644 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ b/roles/matrix-awx/tasks/cache_matrix_variables.yml @@ -1,3 +1,4 @@ +--- - name: Collect current datetime set_fact: diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml index 9f22a37e..7d984b3d 100644 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ b/roles/matrix-awx/tasks/create_session_token.yml @@ -1,3 +1,4 @@ +--- - name: Create a AWX session token for executing modules awx.awx.tower_token: @@ -7,4 +8,4 @@ tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_master_token }}" register: awx_session_token - no_log: True + no_log: true diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml index fefec426..7d203ed0 100755 --- a/roles/matrix-awx/tasks/create_user.yml +++ b/roles/matrix-awx/tasks/create_user.yml @@ -1,3 +1,4 @@ +--- # # Create user and define if they are admin # diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index c9b96026..80d6d795 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -48,7 +48,7 @@ - name: Reload vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template delegate_to: 127.0.0.1 @@ -60,7 +60,7 @@ - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' + dest: '/matrix/awx/configure_website_access_export.json' mode: '0660' when: awx_customise_base_domain_website is defined @@ -74,7 +74,7 @@ - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' + dest: '/matrix/awx/access_export.json' mode: '0660' when: awx_customise_base_domain_website is undefined @@ -92,12 +92,12 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: awx_customise_base_domain_website is defined - name: Recreate 'Access Export' job template @@ -114,12 +114,12 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: awx_customise_base_domain_website is undefined - name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account @@ -153,7 +153,7 @@ user: name: sftp groups: sftp - append: yes + append: true when: awx_customise_base_domain_website is defined - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) @@ -208,7 +208,7 @@ group: sftp mode: '0644' when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - + - name: Remove any existing Subsystem lines lineinfile: path: /etc/ssh/sshd_config diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml index d779028e..a2b97e79 100644 --- a/roles/matrix-awx/tasks/export_server.yml +++ b/roles/matrix-awx/tasks/export_server.yml @@ -1,7 +1,7 @@ --- -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" +- name: Run export of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" with_items: - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 @@ -23,7 +23,7 @@ command: rm /chroot/export/matrix* count: 1 units: days - unique: yes + unique: true - name: Delete the AWX session token for executing modules awx.awx.tower_token: diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index 69b2aac8..6e8bb899 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -3,14 +3,14 @@ - name: Include vars in organisation.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: True + no_log: true - name: Include vars in hosting_vars.yml include_vars: file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: True + no_log: true - name: Include AWX master token from awx_tokens.yml include_vars: file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: True + no_log: true diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml index 34754efb..7a76f34b 100755 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ b/roles/matrix-awx/tasks/load_matrix_variables.yml @@ -3,9 +3,9 @@ - name: Include new vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true -- name: If include_vars succeeds overwrite the old matrix_vars.yml +- name: If include_vars succeeds overwrite the old matrix_vars.yml delegate_to: 127.0.0.1 shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 6ac39a49..b5e951c6 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -1,6 +1,6 @@ - +--- # Load initial hosting and organisation variables from AWX volume -- include_tasks: +- include_tasks: file: "load_hosting_and_org_variables.yml" apply: tags: always @@ -9,7 +9,7 @@ - always # Renames or updates the vars.yml if needed -- include_tasks: +- include_tasks: file: "update_variables.yml" apply: tags: always @@ -18,7 +18,7 @@ - always # Create AWX session token -- include_tasks: +- include_tasks: file: "create_session_token.yml" apply: tags: always @@ -27,7 +27,7 @@ - always # Perform a backup of the server -- include_tasks: +- include_tasks: file: "backup_server.yml" apply: tags: backup-server @@ -36,7 +36,7 @@ - backup-server # Perform a export of the server -- include_tasks: +- include_tasks: file: "export_server.yml" apply: tags: export-server @@ -45,7 +45,7 @@ - export-server # Create a user account if called -- include_tasks: +- include_tasks: file: "create_user.yml" apply: tags: create-user @@ -54,7 +54,7 @@ - create-user # Purge local/remote media if called -- include_tasks: +- include_tasks: file: "purge_media_main.yml" apply: tags: purge-media @@ -63,7 +63,7 @@ - purge-media # Purge Synapse database if called -- include_tasks: +- include_tasks: file: "purge_database_main.yml" apply: tags: purge-database @@ -72,7 +72,7 @@ - purge-database # Rotate SSH key if called -- include_tasks: +- include_tasks: file: "rotate_ssh.yml" apply: tags: rotate-ssh @@ -81,16 +81,16 @@ - rotate-ssh # Import configs, media repo from /chroot/backup import -- include_tasks: +- include_tasks: file: "import_awx.yml" apply: tags: import-awx when: run_setup|bool and matrix_awx_enabled|bool tags: - import-awx - + # Perform extra self-check functions -- include_tasks: +- include_tasks: file: "self_check.yml" apply: tags: self-check @@ -99,7 +99,7 @@ - self-check # Create cached matrix_vars.yml file -- include_tasks: +- include_tasks: file: "cache_matrix_variables.yml" apply: tags: always @@ -108,7 +108,7 @@ - always # Configure SFTP so user can upload a static website or access the servers export -- include_tasks: +- include_tasks: file: "customise_website_access_export.yml" apply: tags: setup-nginx-proxy @@ -117,7 +117,7 @@ - setup-nginx-proxy # Additional playbook to set the variable file during Element configuration -- include_tasks: +- include_tasks: file: "set_variables_element.yml" apply: tags: setup-client-element @@ -126,7 +126,7 @@ - setup-client-element # Additional playbook to set the variable file during Mailer configuration -- include_tasks: +- include_tasks: file: "set_variables_mailer.yml" apply: tags: setup-mailer @@ -135,7 +135,7 @@ - setup-mailer # Additional playbook to set the variable file during Element configuration -- include_tasks: +- include_tasks: file: "set_variables_element_subdomain.yml" apply: tags: setup-client-element-subdomain @@ -144,7 +144,7 @@ - setup-client-element-subdomain # Additional playbook to set the variable file during Synapse configuration -- include_tasks: +- include_tasks: file: "set_variables_synapse.yml" apply: tags: setup-synapse @@ -153,7 +153,7 @@ - setup-synapse # Additional playbook to set the variable file during Jitsi configuration -- include_tasks: +- include_tasks: file: "set_variables_jitsi.yml" apply: tags: setup-jitsi @@ -162,7 +162,7 @@ - setup-jitsi # Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: +- include_tasks: file: "set_variables_ma1sd.yml" apply: tags: setup-ma1sd @@ -171,7 +171,7 @@ - setup-ma1sd # Additional playbook to set the variable file during Corporal configuration -- include_tasks: +- include_tasks: file: "set_variables_corporal.yml" apply: tags: setup-corporal @@ -180,7 +180,7 @@ - setup-corporal # Additional playbook to set the variable file during Dimension configuration -- include_tasks: +- include_tasks: file: "set_variables_dimension.yml" apply: tags: setup-dimension @@ -189,7 +189,7 @@ - setup-dimension # Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: +- include_tasks: file: "set_variables_synapse_admin.yml" apply: tags: setup-synapse-admin @@ -198,7 +198,7 @@ - setup-synapse-admin # Additional playbook to set the variable file during Discord Appservice Bridge configuration -- include_tasks: +- include_tasks: file: "bridge_discord_appservice.yml" apply: tags: bridge-discord-appservice @@ -207,7 +207,7 @@ - bridge-discord-appservice # Delete AWX session token -- include_tasks: +- include_tasks: file: "delete_session_token.yml" apply: tags: always @@ -216,7 +216,7 @@ - always # Load newly formed matrix variables from AWX volume -- include_tasks: +- include_tasks: file: "load_matrix_variables.yml" apply: tags: always diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index f29061fb..9882f195 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -9,20 +9,20 @@ - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Ensure curl and jq intalled on target machine apt: pkg: - - curl - - jq + - curl + - jq state: present - name: Collect before shrink size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_before_stat when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True + no_log: true - name: Collect the internal IP of the matrix-synapse container shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" @@ -34,7 +34,7 @@ curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_janitors_token - no_log: True + no_log: true - name: Copy build_room_list.py script to target machine copy: @@ -55,7 +55,7 @@ fetch: src: /tmp/room_list_complete.json dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: yes + flat: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Remove complete room list from target machine @@ -80,7 +80,7 @@ - name: Setting host fact awx_room_list_no_local_users set_fact: awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: True + no_log: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Purge all rooms with no local users @@ -113,7 +113,7 @@ set_fact: awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: True + no_log: true - name: Purge all rooms with more then N users include_tasks: purge_database_users.yml @@ -138,7 +138,7 @@ set_fact: awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: True + no_log: true - name: Purge all rooms with more then N events include_tasks: purge_database_events.yml @@ -161,17 +161,17 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Execute rust-synapse-compress-state job template delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes + wait: true tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -190,14 +190,14 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Ensure matrix-synapse is stopped service: name: matrix-synapse state: stopped - daemon_reload: yes + daemon_reload: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Re-index Synapse database @@ -208,7 +208,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Adjust 'Deploy/Update a Server' job template @@ -227,17 +227,17 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Execute run-postgres-vacuum job template delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes + wait: true tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -256,7 +256,7 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Cleanup room_list files @@ -264,13 +264,13 @@ shell: | rm /tmp/{{ subscription_id }}_room_list* when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: yes + ignore_errors: true - name: Collect after shrink size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_after_stat when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True + no_log: true - name: Print total number of rooms processed debug: diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index c836d16c..bd7e7d1c 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -1,3 +1,4 @@ +--- - name: Ensure dateutils is installed in AWX delegate_to: 127.0.0.1 @@ -8,13 +9,13 @@ - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Ensure curl and jq intalled on target machine apt: pkg: - - curl - - jq + - curl + - jq state: present - name: Collect the internal IP of the matrix-synapse container @@ -25,7 +26,7 @@ shell: | curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' register: awx_janitors_token - no_log: True + no_log: true - name: Generate list of dates to purge to delegate_to: 127.0.0.1 @@ -37,16 +38,16 @@ register: awx_local_media_size_before when: awx_purge_media_type == "Local Media" async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate initial size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_before when: awx_purge_media_type == "Remote Media" - async: 600 - ignore_errors: yes - no_log: True + async: 600 + ignore_errors: true + no_log: true - name: Purge local media with loop include_tasks: purge_media_local.yml @@ -62,15 +63,15 @@ shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_after when: awx_purge_media_type == "Local Media" - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate final size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_after when: awx_purge_media_type == "Remote Media" - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Print size of local media repository before purge debug: diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml index 9596f504..bd59cbc1 100644 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ b/roles/matrix-awx/tasks/rotate_ssh.yml @@ -4,7 +4,7 @@ authorized_key: user: root state: present - exclusive: yes + exclusive: true key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - name: Delete the AWX session token for executing modules diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index a7b0cb3a..68e833a4 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -25,53 +25,53 @@ shell: | curl -s localhost:9000 | grep "^synapse_admin_mau_current " register: awx_mau_stat - no_log: True + no_log: true - name: Calculate CPU usage statistics shell: iostat -c register: awx_cpu_usage_stat - no_log: True + no_log: true - name: Calculate RAM usage statistics shell: free -mh register: awx_ram_usage_stat - no_log: True + no_log: true - name: Calculate free disk space shell: df -h register: awx_disk_space_stat - no_log: True + no_log: true - name: Calculate size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_stat - no_log: True + no_log: true - name: Calculate size of local media repository shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_stat async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_stat async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate docker container statistics shell: docker stats --all --no-stream register: awx_docker_stats - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Print size of remote media repository debug: msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" when: awx_remote_media_size_stat is defined - + - name: Print size of local media repository debug: msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index e911144d..007ae59f 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -235,9 +235,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index eee4e6f2..d692e081 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -3,18 +3,18 @@ - name: Include vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true - name: Install jq and curl on remote machine apt: - name: + name: - jq - curl state: present - name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX @@ -27,7 +27,7 @@ with_dict: 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"' - + - name: Set final users list if users are defined set_fact: awx_dimension_users_final: "{{ awx_dimension_users }}" @@ -80,7 +80,7 @@ - name: Copy new 'Configure Dimension' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' + dest: '/matrix/awx/configure_dimension.json' mode: '0660' - name: Recreate 'Configure Dimension' job template @@ -97,9 +97,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index 491c91b3..4b2ce859 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -172,9 +172,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml index 9e47be16..1c78b9e0 100644 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml @@ -9,7 +9,7 @@ insertafter: '# Element Settings Start' with_dict: 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - + - name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: @@ -40,4 +40,4 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 2e8f1f8e..b12391bf 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -20,7 +20,7 @@ - name: Copy new 'Configure Jitsi' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' + dest: '/matrix/awx/configure_jitsi.json' mode: '0660' - name: Recreate 'Configure Jitsi' job template @@ -37,9 +37,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index db5037d1..fba7225a 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -66,7 +66,7 @@ with_dict: 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: True + no_log: true - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template delegate_to: 127.0.0.1 @@ -77,7 +77,7 @@ - name: Copy new 'Configure ma1sd' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' + dest: '/matrix/awx/configure_ma1sd.json' mode: '0660' - name: Recreate 'Configure ma1sd (Advanced)' job template @@ -94,10 +94,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml index 2ae2d513..6581223d 100644 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -36,9 +36,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index f0fe2369..f749f03f 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -1,3 +1,4 @@ +--- - name: Limit max upload size to 200MB part 1 set_fact: @@ -197,7 +198,7 @@ - name: Copy new 'Configure Synapse' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' + dest: '/matrix/awx/configure_synapse.json' mode: '0660' - name: Recreate 'Configure Synapse' job template @@ -214,9 +215,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index 635befb5..1e63fb71 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -19,7 +19,7 @@ - name: Copy new 'Configure Synapse Admin' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' + dest: '/matrix/awx/configure_synapse_admin.json' mode: '0660' - name: Recreate 'Configure Synapse Admin' job template @@ -36,9 +36,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml index 9818a9c2..e072667f 100644 --- a/roles/matrix-awx/tasks/update_variables.yml +++ b/roles/matrix-awx/tasks/update_variables.yml @@ -12,7 +12,7 @@ command: | openssl rand -hex 16 register: generic_secret - no_log: True + no_log: true when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) - name: Add new matrix_homeserver_generic_secret_key variable @@ -22,5 +22,5 @@ line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}" insertbefore: '# Basic Settings End' mode: '0600' - state: present + state: present when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index be403de7..e83b6c95 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -1,3 +1,4 @@ +--- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # @@ -98,8 +99,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce.repo b/roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce.repo rename to roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo b/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo new file mode 100644 index 00000000..6f94e4fb --- /dev/null +++ b/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo @@ -0,0 +1,62 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-debuginfo] +name=Docker CE Stable - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-source] +name=Docker CE Stable - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test] +name=Docker CE Test - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-debuginfo] +name=Docker CE Test - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-source] +name=Docker CE Test - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly] +name=Docker CE Nightly - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-debuginfo] +name=Docker CE Nightly - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-source] +name=Docker CE Nightly - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/matrix-base/tasks/clean_up_old_files.yml index 01d4a83d..03eb8bcc 100644 --- a/roles/matrix-base/tasks/clean_up_old_files.yml +++ b/roles/matrix-base/tasks/clean_up_old_files.yml @@ -6,4 +6,4 @@ state: absent with_items: - "{{ matrix_base_data_path }}/environment-variables" - - "{{ matrix_base_data_path }}/scratchpad" \ No newline at end of file + - "{{ matrix_base_data_path }}/scratchpad" diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index f9db37b3..1cdc0432 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/sanity_check.yml" tags: - always diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index 0869e501..bbfa077c 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,10 +1,13 @@ --- -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8 -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30 + +- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30 - block: # ansible_lsb is only available if lsb-release is installed. @@ -13,7 +16,7 @@ name: - lsb-release state: present - update_cache: yes + update_cache: true register: lsb_release_installation_result - name: Reread ansible_lsb facts if lsb-release got installed @@ -34,10 +37,10 @@ service: name: docker state: started - enabled: yes + enabled: true - name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" service: name: "{{ matrix_ntpd_service }}" state: started - enabled: yes + enabled: true diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/matrix-base/tasks/server_base/setup_archlinux.yml index 6c5cdff8..a4912a5d 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/matrix-base/tasks/server_base/setup_archlinux.yml @@ -6,7 +6,7 @@ - python-docker - python-dnspython state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed pacman: diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index 1cd7ac41..5b169df7 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -7,7 +7,7 @@ - ca-certificates - gnupg state: present - update_cache: yes + update_cache: true - name: Ensure Docker's APT key is trusted apt_key: @@ -22,7 +22,7 @@ apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed @@ -30,7 +30,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed apt: diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml new file mode 100644 index 00000000..7369b6ad --- /dev/null +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -0,0 +1,39 @@ +--- + +- name: Ensure Docker repository is enabled + template: + src: "{{ role_path }}/files/yum.repos.d/{{ item }}" + dest: "/etc/yum.repos.d/docker-ce.repo" + owner: "root" + group: "root" + mode: 0644 + with_items: + - docker-ce-fedora.repo + when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + +- name: Ensure Docker's RPM key is trusted + rpm_key: + state: present + key: https://download.docker.com/linux/fedora/gpg + when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + +- name: Ensure yum packages are installed + yum: + name: + - "{{ matrix_ntpd_package }}" + state: latest + update_cache: true + +- name: Ensure Docker is installed + yum: + name: + - "{{ matrix_docker_package_name }}" + - python3-pip + state: latest + when: matrix_docker_installation_enabled|bool + +- name: Ensure Docker-Py is installed + pip: + name: docker-py + state: latest + when: matrix_docker_installation_enabled|bool diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index 4aed3c76..6a09f2fe 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -7,7 +7,7 @@ - ca-certificates - gnupg state: present - update_cache: yes + update_cache: true - name: Ensure Docker's APT key is trusted apt_key: @@ -22,7 +22,7 @@ apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed @@ -30,7 +30,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed apt: diff --git a/roles/matrix-base/tasks/server_base/setup_centos.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml similarity index 82% rename from roles/matrix-base/tasks/server_base/setup_centos.yml rename to roles/matrix-base/tasks/server_base/setup_redhat.yml index cbf7fbc6..b4be1d08 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -2,13 +2,11 @@ - name: Ensure Docker repository is enabled template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" + src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" + dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 - with_items: - - docker-ce.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted @@ -22,7 +20,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed yum: diff --git a/roles/matrix-base/tasks/server_base/setup_centos8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml similarity index 84% rename from roles/matrix-base/tasks/server_base/setup_centos8.yml rename to roles/matrix-base/tasks/server_base/setup_redhat8.yml index e6127f47..d9dd6e23 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -2,13 +2,11 @@ - name: Ensure Docker repository is enabled template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" + src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" + dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 - with_items: - - docker-ce.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted @@ -22,14 +20,14 @@ name: - epel-release state: latest - update_cache: yes + update_cache: true - name: Ensure yum packages are installed yum: name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed yum: diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index ab5e8111..41604f87 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -18,8 +18,8 @@ state: present group: "{{ matrix_user_groupname }}" home: "{{ matrix_base_data_path }}" - create_home: no - system: yes + create_home: false + system: true register: matrix_user - name: Set Matrix Group UID Variable diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index 11ee48b9..3f475950 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -1,3 +1,4 @@ +--- # We need others to be able to read these directories too, # so that matrix-nginx-proxy's nginx user can access the files. # diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index 948c6082..7a3fde41 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -1,11 +1,11 @@ - -# This is for both CentOS 7 and 8 -- name: Ensure fuse installed (CentOS) +--- +# This is for both RedHat 7 and 8 +- name: Ensure fuse installed (RedHat) yum: name: - fuse state: latest - when: ansible_distribution == 'CentOS' + when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian - name: Ensure fuse installed (Debian/Raspbian) diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml new file mode 100644 index 00000000..53fc9b03 --- /dev/null +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -0,0 +1,23 @@ +--- +# This is for both RedHat 7 and 8 +- name: Ensure openssl installed (RedHat) + yum: + name: + - openssl + state: latest + when: ansible_os_family == 'RedHat' + +# This is for both Debian and Raspbian +- name: Ensure openssl installed (Debian/Raspbian) + apt: + name: + - openssl + state: latest + when: ansible_os_family == 'Debian' + +- name: Ensure openssl installed (Archlinux) + pacman: + name: + - openssl + state: latest + when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-base/vars/main.yml b/roles/matrix-base/vars/main.yml index 8b99708b..28ac226a 100644 --- a/roles/matrix-base/vars/main.yml +++ b/roles/matrix-base/vars/main.yml @@ -1,3 +1,4 @@ +--- # This will contain a list of enabled services that the playbook is managing. # Each component is expected to append its service name to this list. matrix_systemd_services_list: [] diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index c5a1f636..fa57b109 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. # See: https://github.com/matrix-org/go-neb @@ -203,8 +204,8 @@ matrix_bot_go_neb_services: [] # # Each room will get the notification with the alert rendered with the given template # rooms: # "!someroomid:domain.tld": -# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" -# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" +# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" +# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" # msg_type: "m.text" # Must be either `m.text` or `m.notice` # Default configuration template which covers the generic use case. @@ -228,4 +229,3 @@ matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_e # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml index 169f5978..b046d494 100644 --- a/roles/matrix-bot-go-neb/tasks/init.yml +++ b/roles/matrix-bot-go-neb/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" when: matrix_bot_go_neb_enabled|bool diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/matrix-bot-go-neb/tasks/main.yml index 1a4fe70a..3c2ed9c5 100644 --- a/roles/matrix-bot-go-neb/tasks/main.yml +++ b/roles/matrix-bot-go-neb/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index e26be080..a390eb5e 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -11,9 +11,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_go_neb_config_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true } + - {path: "{{ matrix_bot_go_neb_config_path }}", when: true} + - {path: "{{ matrix_bot_go_neb_data_path }}", when: true} + - {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true} when: "item.when|bool" - name: Ensure go-neb image is pulled @@ -40,7 +40,7 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_go_neb_systemd_service_result.changed|bool" - name: Ensure matrix-bot-go-neb.service restarted, if necessary diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml index 3610eb44..a009badf 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-go-neb state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_go_neb_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - name: Ensure Matrix go-neb paths don't exist diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 056447eb..eabf1137 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 426aa372..2c50a1f7 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -1,3 +1,4 @@ +--- # honoroit is a helpdesk bot # See: https://gitlab.com/etke.cc/honoroit @@ -7,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.2 +matrix_bot_honoroit_version: v0.9.4 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -83,6 +84,12 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Text prefix: open +matrix_bot_honoroit_text_prefix_open: '' + +# Text prefix: done +matrix_bot_honoroit_text_prefix_done: '' + # Text: greetings matrix_bot_honoroit_text_greetings: '' diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/matrix-bot-honoroit/tasks/init.yml index 1b652e56..5ace015b 100644 --- a/roles/matrix-bot-honoroit/tasks/init.yml +++ b/roles/matrix-bot-honoroit/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" when: matrix_bot_honoroit_enabled|bool diff --git a/roles/matrix-bot-honoroit/tasks/main.yml b/roles/matrix-bot-honoroit/tasks/main.yml index bc5c1490..7d66177c 100644 --- a/roles/matrix-bot-honoroit/tasks/main.yml +++ b/roles/matrix-bot-honoroit/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 0d2d325b..81f2eabc 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -33,10 +33,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_honoroit_config_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_data_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_config_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_data_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure honoroit environment variables file created @@ -70,7 +70,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_bot_honoroit_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_honoroit_container_image_self_build|bool" - name: Ensure matrix-bot-honoroit.service installed @@ -82,7 +82,7 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_honoroit_systemd_service_result.changed|bool" - name: Ensure matrix-bot-honoroit.service restarted, if necessary diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml index afad2cc1..45bccabd 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-honoroit state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_honoroit_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_honoroit_service_stat.stat.exists|bool" - name: Ensure Matrix honoroit paths don't exist diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 4b1dd43f..fdd9b13d 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -7,6 +7,8 @@ HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }} HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} +HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} +HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }} HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }} diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index c4eb1a94..a2ba1a98 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 419e3cca..76b153e7 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-reminder-bot is a bot for one-off and recurring reminders # See: https://github.com/anoadragon453/matrix-reminder-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml index 7fd12524..41496955 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" when: matrix_bot_matrix_reminder_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml index fc2afddb..d9a1df7e 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index bd33326f..e237bc21 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -34,10 +34,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure matrix-reminder-bot image is pulled @@ -65,7 +65,7 @@ build: dockerfile: docker/Dockerfile path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" - name: Ensure matrix-reminder-bot config installed @@ -85,7 +85,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index d7e41201..eb7543c5 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-matrix-reminder-bot state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - name: Ensure Matrix matrix-reminder-bot paths don't exist diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index 14b5fa45..b1fe3c32 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 72c68502..9f45432c 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -1,9 +1,10 @@ +--- # A moderation tool for Matrix # See: https://github.com/matrix-org/mjolnir matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.2.1" +matrix_bot_mjolnir_version: "v1.3.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" @@ -56,4 +57,3 @@ matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml index b8ab58f1..e09964ec 100644 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/matrix-bot-mjolnir/tasks/main.yml index eada8de5..a2a20914 100644 --- a/roles/matrix-bot-mjolnir/tasks/main.yml +++ b/roles/matrix-bot-mjolnir/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index e770b6d5..3f4d5d8f 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -11,10 +11,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" } + - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"} when: "item.when|bool" - name: Ensure mjolnir Docker image is pulled @@ -42,7 +42,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_mjolnir_container_image_self_build|bool" - name: Ensure matrix-bot-mjolnir config installed @@ -62,7 +62,7 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" - name: Ensure matrix-bot-mjolnir.service restarted, if necessary diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 7fff5e13..93585977 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-mjolnir state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - name: Ensure matrix-bot-mjolnir paths don't exist diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index b2298312..0b018f25 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 92a51a31..daa83dea 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-discord is a Matrix <-> Discord bridge # See: https://github.com/Half-Shot/matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index ef64e78a..e16a6979 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml index bad5e320..5df7bfe2 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 546e5043..924531ad 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -54,8 +54,8 @@ service: name: matrix-appservice-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_appservice_discord_stat_db.stat.exists" @@ -105,7 +105,7 @@ - name: Ensure systemd reloaded after matrix-appservice-discord.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_discord_systemd_service_result.changed" - name: Ensure matrix-appservice-discord.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 5dd8075d..ab56c26b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" - name: Ensure matrix-appservice-discord.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-discord.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 8f61bd9f..84dee801 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 25b0a241..fa861308 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Matrix Appservice IRC is a Matrix <-> IRC bridge # See: https://github.com/matrix-org/matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index b90d93a5..5e181412 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml index da92ecf0..339615ea 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 6b39ac62..d7fcaa07 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." @@ -16,7 +18,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 20714a41..23c175c4 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + - name: Ensure Appservice IRC paths exist file: path: "{{ item.path }}" @@ -8,10 +10,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_irc_base_path }}", when: true } - - { path: "{{ matrix_appservice_irc_config_path }}", when: true } - - { path: "{{ matrix_appservice_irc_data_path }}", when: true } - - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" } + - {path: "{{ matrix_appservice_irc_base_path }}", when: true} + - {path: "{{ matrix_appservice_irc_config_path }}", when: true} + - {path: "{{ matrix_appservice_irc_data_path }}", when: true} + - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"} when: item.when|bool - name: Check if an old passkey file already exists @@ -24,7 +26,7 @@ service: name: matrix-appservice-irc state: stopped - daemon_reload: yes + daemon_reload: true failed_when: false - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory @@ -80,7 +82,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_appservice_irc_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed" - name: Ensure Matrix Appservice IRC config installed @@ -184,7 +186,7 @@ - name: Ensure systemd reloaded after matrix-appservice-irc.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_irc_systemd_service_result.changed" - name: Ensure matrix-appservice-irc.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 51507817..a4d95df5 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-irc state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" - name: Ensure matrix-appservice-irc.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-irc.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 2c26c782..8650bd8d 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index b1c98d2a..e303f834 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-slack is a Matrix <-> Slack bridge # See: https://github.com/matrix-org/matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 7f251ec5..2ff7c942 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -39,40 +40,40 @@ when: "matrix_synapse_role_executed|default(False)" - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; - {% endif %} - } + - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_appservice_slack_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; + {% endif %} + } - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_slack_matrix_nginx_proxy_configuration] - }} + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_appservice_slack_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_appservice_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/matrix-bridge-appservice-slack/tasks/main.yml index acd03fff..06c3abb6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/main.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index fedad977..0bea65bc 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." @@ -16,7 +18,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 8c5a1eed..af2003fc 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -8,10 +8,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_slack_base_path }}", when: true } - - { path: "{{ matrix_appservice_slack_config_path }}", when: true } - - { path: "{{ matrix_appservice_slack_data_path }}", when: true } - - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" } + - {path: "{{ matrix_appservice_slack_base_path }}", when: true} + - {path: "{{ matrix_appservice_slack_config_path }}", when: true} + - {path: "{{ matrix_appservice_slack_data_path }}", when: true} + - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"} when: item.when|bool - set_fact: @@ -56,7 +56,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_appservice_slack_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed" - name: Ensure Matrix Appservice Slack config installed @@ -84,7 +84,7 @@ - name: Ensure systemd reloaded after matrix-appservice-slack.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_slack_systemd_service_result.changed" - name: Ensure matrix-appservice-slack.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 2dfe1c7b..dffe78b3 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" - name: Ensure matrix-appservice-slack.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-slack.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 9bf73711..21ba27ef 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index f987c087..7a6db2d0 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-webhooks is a Matrix <-> webhook bridge # See: https://github.com/redoonetworks/matrix-appservice-webhooks diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 7f49e8b6..35d62ded 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed @@ -32,42 +33,42 @@ when: "matrix_synapse_role_executed|default(False)" - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_appservice_webhooks_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; - } - {% endif %} + - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; + proxy_pass http://$backend/$1; + } + {% else %} + {# Generic configuration for use outside of our container setup #} + location {{ matrix_appservice_webhooks_public_endpoint }}/ { + proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; + } + {% endif %} - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] - }} + - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_appservice_webhooks_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml index 216905f3..26a7e24c 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 1b276efc..1f40d731 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -8,10 +8,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_webhooks_base_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_config_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_data_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} + - {path: "{{ matrix_appservice_webhooks_base_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_config_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_data_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Appservice webhooks image is pulled @@ -40,7 +40,7 @@ build: dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_webhooks_container_image_self_build|bool" - name: Ensure Matrix Appservice webhooks config is installed @@ -84,5 +84,5 @@ - name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_webhooks_systemd_service_result.changed" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 81440b88..38235652 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-webhooks state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" - name: Ensure matrix-appservice-webhooks.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index a227387a..f27111b3 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 34c9c3cb..e622522d 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -1,3 +1,4 @@ +--- # beeper-linkedin is a Matrix <-> LinkedIn bridge # See: https://gitlab.com/beeper/linkedin diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 755ac2f5..977db925 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml index 79c54f1a..920265fb 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c873d0c2..3cec1c1f 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -15,10 +15,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_beeper_linkedin_base_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_config_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_data_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}" } + - {path: "{{ matrix_beeper_linkedin_base_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_data_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"} when: "item.when|bool" @@ -31,38 +31,38 @@ when: "not matrix_beeper_linkedin_container_image_self_build|bool" - block: - - name: Ensure Beeper LinkedIn repository is present on self-build - git: - repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" - dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" - version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" - force: "yes" - register: matrix_beeper_linkedin_git_pull_results + - name: Ensure Beeper LinkedIn repository is present on self-build + git: + repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" + dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" + version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" + force: "yes" + register: matrix_beeper_linkedin_git_pull_results - # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. - # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 - - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image - command: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ - -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" + # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. + # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 + - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image + command: | + {{ matrix_host_command_docker }} run \ + --rm \ + --entrypoint=/bin/sh \ + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ + -w /work \ + docker.io/python:3.9.6-buster \ + -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" - - name: Ensure Beeper LinkedIn Docker image is built - docker_image: - name: "{{ matrix_beeper_linkedin_docker_image }}" - source: build - force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_beeper_linkedin_docker_src_files_path }}" - pull: yes - args: - TARGETARCH: "{{ matrix_architecture }}" + - name: Ensure Beeper LinkedIn Docker image is built + docker_image: + name: "{{ matrix_beeper_linkedin_docker_image }}" + source: build + force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_beeper_linkedin_docker_src_files_path }}" + pull: true + args: + TARGETARCH: "{{ matrix_architecture }}" when: "matrix_beeper_linkedin_container_image_self_build|bool" - name: Ensure beeper-linkedin config.yaml installed @@ -90,5 +90,5 @@ - name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 175613f0..befa2f61 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-beeper-linkedin state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" - name: Ensure matrix-beeper-linkedin.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml index fe33defa..d808de08 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -8,4 +8,3 @@ with_items: - "matrix_beeper_linkedin_appservice_token" - "matrix_beeper_linkedin_homeserver_token" - diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 84e4a9c2..4498b4f0 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 6772c364..80b3c95a 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -1,9 +1,10 @@ +--- # heisenbridge is a bouncer-style Matrix IRC bridge # See: https://github.com/hifi/heisenbridge matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.0 +matrix_heisenbridge_version: 1.10.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" @@ -34,13 +35,13 @@ matrix_heisenbridge_registration_yaml: id: heisenbridge url: http://matrix-heisenbridge:9898 as_token: "{{ matrix_heisenbridge_appservice_token }}" - hs_token: "{{ matrix_heisenbridge_homeserver_token }}" + hs_token: "{{ matrix_heisenbridge_homeserver_token }}" rate_limited: false sender_localpart: heisenbridge namespaces: users: - - regex: '@hbirc_.*' - exclusive: true + - regex: '@hbirc_.*' + exclusive: true aliases: [] rooms: [] diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index 18e89b68..a66d7199 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/matrix-bridge-heisenbridge/tasks/main.yml index 1358709d..a266643d 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/main.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 03cf9ec3..29b5842b 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -4,8 +4,8 @@ docker_image: name: "{{ matrix_heisenbridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" - name: Ensure heisenbridge paths exist file: @@ -34,5 +34,5 @@ - name: Ensure systemd reloaded after matrix-heisenbridge.service installation service: - daemon_reload: yes + daemon_reload: true when: matrix_heisenbridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index cf100a89..54d5bd67 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-heisenbridge state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" - name: Ensure matrix-heisenbridge.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-heisenbridge.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index 6a0750bf..e27b88f1 100644 --- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge +ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 SyslogIdentifier=matrix-heisenbridge diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml new file mode 100644 index 00000000..2db8ba77 --- /dev/null +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -0,0 +1,203 @@ +--- + +# A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. +# https://github.com/Half-Shot/matrix-hookshot + +matrix_hookshot_enabled: true + +matrix_hookshot_version: 1.1.0 +matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" +matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" + +matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" + +matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_hookshot_container_url: 'matrix-hookshot' + +matrix_hookshot_public_endpoint: /hookshot + +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_appservice_port: 9993 +matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" + +# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc +matrix_hookshot_metrics_enabled: true +# There is no need to edit ports. +# Read the documentation to learn about using hookshot metrics with external Prometheus +# If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_metrics_port: 9001 +matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" + +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_webhook_port: 9000 +matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhooks" + + +# You need to create a GitHub app to enable this and fill in the empty variables below +# https://half-shot.github.io/matrix-hookshot/setup/github.html +matrix_hookshot_github_enabled: false +matrix_hookshot_github_appid: '' +# Set this variable to the contents of the generated and downloaded GitHub private key: +# matrix_hookshot_github_private_key: | +# -----BEGIN RSA PRIVATE KEY----- +# 0123456789ABCDEF... +# -----END RSA PRIVATE KEY----- +# Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. +matrix_hookshot_github_private_key: '' +matrix_hookshot_github_private_key_file: 'private-key.pem' +matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page +matrix_hookshot_github_oauth_enabled: false +# You need to configure oauth settings only when you have enabled oauth (optional) +matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page +matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page +# Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" +matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" +matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration +matrix_hookshot_github_ignore_hooks: "{}" +matrix_hookshot_github_command_prefix: '!gh' +matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" +matrix_hookshot_github_including_labels: '' +matrix_hookshot_github_excluding_labels: '' + + +matrix_hookshot_gitlab_enabled: true +# Optionally add your instances, e.g. +# matrix_hookshot_gitlab_instances: +# gitlab.com: +# url: https://gitlab.com +# mygitlab: +# url: https://gitlab.example.org +matrix_hookshot_gitlab_instances: + gitlab.com: + url: https://gitlab.com + +# This will be the "Secret token" you have to enter into all GitLab instances for authentication +matrix_hookshot_gitlab_secret: '' + + +matrix_hookshot_jira_enabled: false +# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth +matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_oauth_enabled: false +matrix_hookshot_jira_oauth_id: '' +matrix_hookshot_jira_oauth_secret: '' +# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" +matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" +matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" + + +# No need to change these +matrix_hookshot_generic_enabled: true +# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" +matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_allow_js_transformation_functions: false +# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap +matrix_hookshot_generic_user_id_prefix: '_webhooks_' + + +matrix_hookshot_figma_enabled: false +# Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" +matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" +matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" +# To bridge figma webhooks, you need to configure one of multiple instances like this: +# matrix_hookshot_figma_instances: +# your-instance: +# teamId: your-team-id +# accessToken: your-personal-access-token +# passcode: your-webhook-passcode + + +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_provisioning_port: 9002 +matrix_hookshot_provisioning_secret: '' +# Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it +matrix_hookshot_provisioning_enabled: false +matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" + +# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions +# When empty, the default permissions are applied. +# Example: +# matrix_hookshot_permissions: +# - actor: * +# services: +# - service: * +# level: commands +# - actor: example.com +# services: +# - service: "*" +# level: admin +matrix_hookshot_permissions: [] + +matrix_hookshot_bot_displayname: Hookshot Bot +matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d' + +# A list of extra arguments to pass to the container +matrix_hookshot_container_extra_arguments: [] + +# List of systemd services that service depends on. +matrix_hookshot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that service wants +matrix_hookshot_systemd_wanted_services_list: [] + +# List of ports to bind to the host to expose them directly. +# Ports will automatically be bound to localhost if matrix_nginx_proxy_enabled is false. +# Setting this variable will override that behaviour in either case. +# Supply docker port bind arguments in a list like this: +# +# matrix_hookshot_container_http_host_bind_ports: +# - "127.0.0.1:9999:{{ matrix_hookshot_metrics_port }}" +# +# Above example will bind the metrics port in the container to port 9999 on localhost. +matrix_hookshot_container_http_host_bind_ports: [] + +# These tokens will be set automatically +matrix_hookshot_appservice_token: '' +matrix_hookshot_homeserver_token: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrixhookshot_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_hookshot_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}" + +matrix_hookshot_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_hookshot_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_hookshot_configuration_yaml`. + +matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_extension_yaml|from_yaml if matrix_hookshot_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_configuration_yaml`. +matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml|from_yaml|combine(matrix_hookshot_configuration_extension, recursive=True) }}" + +# Default registration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrixhookshot_registration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_hookshot_registration_yaml: "{{ lookup('template', 'templates/registration.yml.j2') }}" + +matrix_hookshot_registration_extension_yaml: | + # Your custom YAML registration goes here. + # This registration extends the default starting registration (`matrix_hookshot_registration_yaml`). + # + # You can override individual variables from the default registration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_hookshot_registration_yaml`. + +matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extension_yaml|from_yaml if matrix_hookshot_registration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final registration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_registration_yaml`. +matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml|from_yaml|combine(matrix_hookshot_registration_extension, recursive=True) }}" diff --git a/roles/matrix-bridge-hookshot/files/.gitkeep b/roles/matrix-bridge-hookshot/files/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml new file mode 100644 index 00000000..a2229c36 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -0,0 +1,130 @@ +--- +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-hookshot role needs to execute before the matrix-synapse role. + when: "matrix_hookshot_enabled and matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}" + when: matrix_hookshot_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/hookshot-registration.yml"] }} + when: matrix_hookshot_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_configuration: | + location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% if matrix_hookshot_provisioning_enabled %} + location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + + - name: Register hookshot proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_configuration] + }} + + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | + {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} + location {{ matrix_hookshot_metrics_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + proxy_set_header Host $host; + {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + {% endif %} + } + {% endif %} + + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + }} + tags: + - always + when: matrix_hookshot_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` + URL endpoint to the matrix-hookshot container. + You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. + when: "matrix_hookshot_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/matrix-bridge-hookshot/tasks/main.yml new file mode 100644 index 00000000..409b6175 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml new file mode 100644 index 00000000..66a452f0 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -0,0 +1,84 @@ +--- + +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + +- name: Ensure hookshot image is pulled + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + +- name: Ensure hookshot paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_hookshot_base_path }}" + +- name: Check if hookshot passkey exists + stat: + path: "{{ matrix_hookshot_base_path }}/passkey.pem" + register: hookshot_passkey_file + +- name: Generate hookshot passkey if it doesn't exist + shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096" + become: true + become_user: "{{ matrix_user_username }}" + when: "not hookshot_passkey_file.stat.exists" + +- name: Ensure hookshot config.yml installed if provided + copy: + content: "{{ matrix_hookshot_configuration|to_nice_yaml }}" + dest: "{{ matrix_hookshot_base_path }}/config.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Validate hookshot config.yml + command: | + {{ matrix_host_command_docker }} run + --rm + --name={{ matrix_hookshot_container_url }}-validate + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + -v {{ matrix_hookshot_base_path }}/config.yml:/config.yml + {{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml + register: hookshot_config_validation_result + +- name: Fail if hookshot config.yml invalid + fail: + msg: "Your hookshot configuration did not pass validation:\n{{ hookshot_config_validation_result.stdout }}\n{{ hookshot_config_validation_result.stderr }}" + when: "hookshot_config_validation_result.rc > 0" + +- name: Ensure hookshot registration.yml installed if provided + copy: + content: "{{ matrix_hookshot_registration|to_nice_yaml }}" + dest: "{{ matrix_hookshot_base_path }}/registration.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure hookshot github private key file installed if github is enabled + copy: + content: "{{ matrix_hookshot_github_private_key }}" + dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" + mode: 0400 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length > 0 + +- name: Ensure matrix-hookshot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-hookshot.service" + mode: 0644 + register: matrix_hookshot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-hookshot.service installation + service: + daemon_reload: true + when: matrix_hookshot_systemd_service_result.changed diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml new file mode 100644 index 00000000..d8efbb02 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-hookshot service + stat: + path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + register: matrix_hookshot_service_stat + +- name: Ensure matrix-hookshot is stopped + service: + name: matrix-hookshot + state: stopped + enabled: false + daemon_reload: true + when: "matrix_hookshot_service_stat.stat.exists" + +- name: Ensure matrix-hookshot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + state: absent + when: "matrix_hookshot_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-hookshot.service removal + service: + daemon_reload: true + when: "matrix_hookshot_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml new file mode 100644 index 00000000..5da8809e --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -0,0 +1,59 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_hookshot_appservice_token" + - "matrix_hookshot_homeserver_token" + +- name: Fail if required GitHub settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable GitHub. + when: "matrix_hookshot_github_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_github_appid" + - "matrix_hookshot_github_secret" + +- name: Fail if required GitHub OAuth settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth. + when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_github_oauth_id" + - "matrix_hookshot_github_oauth_secret" + +- name: Fail if required Jira settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable Jira. + when: "matrix_hookshot_jira_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_jira_secret" + +- name: Fail if required Jira OAuth settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth. + when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_jira_oauth_id" + - "matrix_hookshot_jira_oauth_secret" + +- name: Fail if required Figma settings not defined + fail: + msg: >- + You need to define at least one Figma instance to enable Figma. + when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined" + +- name: Fail if required provisioning settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable provisioning. + when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_provisioning_secret" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 new file mode 100644 index 00000000..fc04c755 --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -0,0 +1,127 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Basic homeserver configuration + # + domain: {{ matrix_domain }} + url: {{ matrix_hookshot_homeserver_address }} + mediaUrl: {{ matrix_hookshot_homeserver_address }} + port: {{ matrix_hookshot_appservice_port }} + bindAddress: 0.0.0.0 +{% if matrix_hookshot_github_enabled %} +github: + # (Optional) Configure this to enable GitHub support + # + auth: + # Authentication for the GitHub App. + # + id: {{ matrix_hookshot_github_appid }} + privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }} + webhook: + # Webhook settings for the GitHub app. + # + secret: {{ matrix_hookshot_github_secret|to_json }} +{% if matrix_hookshot_github_oauth_enabled %} + oauth: + # (Optional) Settings for allowing users to sign in via OAuth. + # + client_id: {{ matrix_hookshot_github_oauth_id }} + client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }} + redirect_uri: {{ matrix_hookshot_github_oauth_uri }} +{% endif %} + defaultOptions: + # (Optional) Default options for GitHub connections. + # + ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} + commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" + showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + prDiff: {{ matrix_hookshot_github_pr_diff }} + includingLabels:{{ matrix_hookshot_github_including_labels }} + excludingLabels: {{ matrix_hookshot_github_excluding_labels }} +{% endif %} +{% if matrix_hookshot_gitlab_enabled %} +gitlab: + # (Optional) Configure this to enable GitLab support + # + instances: + {{ matrix_hookshot_gitlab_instances }} + webhook: + secret: {{ matrix_hookshot_gitlab_secret|to_json }} +{% endif %} +{% if matrix_hookshot_jira_enabled %} +jira: + # (Optional) Configure this to enable Jira support + # + webhook: + secret: {{ matrix_hookshot_jira_secret|to_json }} +{% if matrix_hookshot_jira_oauth_enabled %} + oauth: + client_id: {{ matrix_hookshot_jira_oauth_id|to_json }} + client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }} + redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} +{% endif %} +{% endif %} +{% if matrix_hookshot_generic_enabled %} +generic: + # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments + # + enabled: {{ matrix_hookshot_generic_enabled }} + urlPrefix: {{ matrix_hookshot_generic_urlprefix }} + allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} + userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} +{% endif %} +{% if matrix_hookshot_figma_enabled %} +figma: + # (Optional) Configure this to enable Figma support + # + publicUrl: {{ matrix_hookshot_figma_publicUrl }} + instances: {{ matrix_hookshot_figma_instances }} +{% endif %} +{% if matrix_hookshot_provisioning_enabled %} +provisioning: + # (Optional) Provisioning API for integration managers + # + secret: {{ matrix_hookshot_provisioning_secret|to_json }} +{% endif %} +passFile: + # A passkey used to encrypt tokens stored inside the bridge. + # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate + # + /data/passkey.pem +bot: + # (Optional) Define profile information for the bot user + # + displayname: {{ matrix_hookshot_bot_displayname }} + avatar: {{ matrix_hookshot_bot_avatar }} +metrics: + # (Optional) Prometheus metrics support + # + enabled: {{ matrix_hookshot_metrics_enabled }} +logging: + # (Optional) Logging settings. You can have a severity debug,info,warn,error + # + level: info +{% if matrix_hookshot_permissions %} +permissions: {{ matrix_hookshot_permissions }} +{% endif %} +listeners: + # (Optional) HTTP Listener configuration. + # Bind resource endpoints to ports and addresses. + # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice + # +{# always enabled since all services need it #} + - port: {{ matrix_hookshot_webhook_port }} + bindAddress: 0.0.0.0 + resources: + - webhooks +{% if matrix_hookshot_metrics_enabled %} + - port: {{ matrix_hookshot_metrics_port }} + bindAddress: 0.0.0.0 + resources: + - metrics +{% endif %} +{% if matrix_hookshot_provisioning_enabled %} + - port: {{ matrix_hookshot_provisioning_port }} + bindAddress: 0.0.0.0 + resources: + - provisioning +{% endif %} diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 new file mode 100644 index 00000000..ced3bd77 --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -0,0 +1,16 @@ +#jinja2: lstrip_blocks: "True" +id: matrix-hookshot # This can be anything, but must be unique within your homeserver +as_token: {{ matrix_hookshot_appservice_token|to_json }} # This again can be a random string +hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this +namespaces: + rooms: [] + users: + - regex: "@_github_.*:{{ matrix_domain }}" + exclusive: true + aliases: + - regex: "#github_.+:{{ matrix_domain }}" + exclusive: true + +sender_localpart: hookshot +url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}" # This should match the bridge.port in your config file +rate_limited: false diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 new file mode 100644 index 00000000..16ff0592 --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -0,0 +1,40 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. +{% for service in matrix_hookshot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_hookshot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} + +ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_hookshot_base_path }}:/data:z \ + {% for port in matrix_hookshot_container_http_host_bind_ports %} + -p {{ port }} \ + {% endfor %} + {% for arg in matrix_hookshot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_hookshot_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +Restart=always +RestartSec=30 +SyslogIdentifier={{ matrix_hookshot_container_url }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5d83e9cc..f781ba91 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-facebook is a Matrix <-> Facebook bridge # See: https://github.com/mautrix/facebook @@ -6,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.2 +matrix_mautrix_facebook_version: v0.3.3 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index cf67f227..d97a3230 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml index 54fb6f9d..b6e65fe2 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index d5230bca..3fa42970 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_facebook_base_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_config_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_data_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_facebook_base_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_config_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_data_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Facebook repository is present on self-build @@ -74,7 +74,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_facebook_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_facebook_container_image_self_build|bool" - name: Check if an old database file already exists @@ -86,8 +86,8 @@ service: name: matrix-mautrix-facebook state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_facebook_stat_database.stat.exists" @@ -120,7 +120,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Ensure matrix-mautrix-facebook.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index abbce350..1c8fbd3b 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-facebook state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" - name: Ensure matrix-mautrix-facebook.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 07ee8fb7..f3af4b9f 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 02bef16a..1b89bea6 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-googlechat is a Matrix <-> googlechat bridge # See: https://github.com/mautrix/googlechat diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index 5c8d82bf..e64cb44c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,39 +24,39 @@ when: matrix_mautrix_googlechat_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-googlechat:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] - }} + - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_googlechat_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-googlechat:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_googlechat_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml index defcd58a..16054e7b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 293e8817..9faf344f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_googlechat_base_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_config_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_data_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_googlechat_base_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_config_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_data_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_googlechat_container_image_self_build|bool" - name: Check if an old database file already exists @@ -85,8 +85,8 @@ service: name: matrix-mautrix-googlechat state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_googlechat_stat_database.stat.exists" @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_googlechat_systemd_service_result.changed" - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index bdcaa6e7..a315c0c8 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-googlechat state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" - name: Ensure matrix-mautrix-googlechat.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml index 7aa42870..083e8d34 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml @@ -11,4 +11,4 @@ - "matrix_mautrix_googlechat_homeserver_token" - debug: msg: - - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' + - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index 5a6ab799..c56473be 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 013e1d14..911c81c6 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-hangouts is a Matrix <-> Hangouts bridge # See: https://github.com/mautrix/hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 59756ec9..65d4776e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,39 +24,39 @@ when: matrix_mautrix_hangouts_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-hangouts:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] - }} + - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_hangouts_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml index 0df0d0e3..b43ff478 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index fb5236fd..368ee5f8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_hangouts_base_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_config_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_data_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_hangouts_base_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_config_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_data_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_hangouts_container_image_self_build|bool" - name: Check if an old database file already exists @@ -85,8 +85,8 @@ service: name: matrix-mautrix-hangouts state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_hangouts_stat_database.stat.exists" @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_hangouts_systemd_service_result.changed" - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 34348cfd..8ce859c8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-hangouts state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" - name: Ensure matrix-mautrix-hangouts.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 8922bef4..0242ef16 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -11,4 +11,4 @@ - "matrix_mautrix_hangouts_homeserver_token" - debug: msg: - - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' + - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 66f34d94..60f0e055 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a3783328..9fc42cea 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-instagram is a Matrix <-> Instagram bridge # See: https://github.com/mautrix/instagram diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index c44855d8..d33acd09 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml index 7326e22d..b6ffcd06 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 38a7f62e..dc95af3a 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -23,13 +23,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_instagram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_data_path }}", when: true } - - { - path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", - when: "{{ matrix_mautrix_instagram_container_image_self_build }}", - } + - {path: "{{ matrix_mautrix_instagram_base_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_config_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_data_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", when: "{{ matrix_mautrix_instagram_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix instagram repository is present on self-build @@ -49,7 +46,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_instagram_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_instagram_container_image_self_build|bool" - name: Ensure mautrix-instagram config.yaml installed @@ -77,5 +74,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_instagram_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index 02e20b61..2cc0e0e9 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -8,8 +8,8 @@ service: name: matrix-mautrix-instagram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" - name: Ensure matrix-mautrix-instagram.service doesn't exist @@ -20,5 +20,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 0157accc..33a5bab3 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ceaa9b87..0f91d6cc 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-signal is a Matrix <-> Signal bridge # See: https://github.com/mautrix/signal @@ -7,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.2 -matrix_mautrix_signal_daemon_version: 0.16.1 +matrix_mautrix_signal_version: v0.2.3 +matrix_mautrix_signal_daemon_version: 0.17.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 6133e865..21d52066 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/matrix-bridge-mautrix-signal/tasks/main.yml index edca20e6..643b94c9 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 1a9b2915..6fd0f813 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -34,7 +34,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_signal_container_image_self_build|bool" @@ -64,7 +64,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" - name: Ensure Mautrix Signal paths exist @@ -114,5 +114,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-signal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index b36ef81d..8ca2be3f 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -10,8 +10,8 @@ service: name: matrix-mautrix-signal-daemon state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist @@ -30,8 +30,8 @@ service: name: matrix-mautrix-signal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal.service doesn't exist @@ -43,5 +43,5 @@ # All services - name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 314bba6d..6f128da3 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index 0d3eb9b8..a65895ed 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index bcdcfdd8..d1397b21 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-telegram is a Matrix <-> Telegram bridge # See: https://github.com/mautrix/telegram @@ -7,13 +8,13 @@ matrix_telegram_lottieconverter_container_image_self_build: false matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.1 +matrix_mautrix_telegram_version: v0.11.2 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 662ea1c3..267658ef 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mautrix_telegram_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-telegram:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9006; - {% endif %} - } + - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_telegram_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-telegram:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9006; + {% endif %} + } - - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] - }} + - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_telegram_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml index 8a218ed8..018b30da 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 1e34e2cd..ceda10a5 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -42,10 +42,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_telegram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_data_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_telegram_base_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_config_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_data_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Telegram image is pulled @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build|bool" - name: Ensure matrix-mautrix-telegram repository is present when self-building @@ -107,8 +107,8 @@ service: name: matrix-mautrix-telegram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_telegram_stat_database.stat.exists" @@ -141,7 +141,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_telegram_systemd_service_result.changed" - name: Ensure matrix-mautrix-telegram.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index bc84edbb..a713898b 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-telegram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" - name: Ensure matrix-mautrix-telegram.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 3f5cbd00..d24e960e 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 6a72706b..f8fd29c8 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-twitter is a Matrix <-> Twitter bridge # See: https://github.com/mautrix/twitter diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 4f8df9e0..5b526bbd 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}" when: matrix_mautrix_twitter_enabled|bool diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml index 60eea099..6c0abe4f 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index c27eeccd..86134d2b 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -27,17 +27,17 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_twitter_base_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_config_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_data_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_twitter_base_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_config_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_data_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Twitter repository is present on self-build git: repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" -# version: "{{ matrix_coturn_docker_image.split(':')[1] }}" + # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" force: "yes" register: matrix_mautrix_twitter_git_pull_results when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build" @@ -50,7 +50,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_twitter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool" - name: Ensure mautrix-twitter config.yaml installed @@ -78,7 +78,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_systemd_service_result.changed" - name: Ensure matrix-mautrix-twitter.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 28819726..024603e7 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ service: name: matrix-mautrix-twitter state: stopped - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" - name: Ensure matrix-mautrix-twitter.service doesn't exist @@ -20,5 +20,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 55509b85..73bdbc86 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index aaa1f04a..54097ad8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-whatsapp is a Matrix <-> Whatsapp bridge # See: https://github.com/mautrix/whatsapp @@ -7,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.3 +matrix_mautrix_whatsapp_version: v0.2.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" @@ -77,7 +78,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: # Servers to always allow double puppeting from matrix_mautrix_whatsapp_bridge_double_puppet_server_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" + "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index f320bc74..57166386 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml index 188eae4a..0a963eb2 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index ddd49dd0..d33524f3 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -44,10 +44,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Whatsapp image is pulled @@ -76,7 +76,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_whatsapp_container_image_self_build|bool" - name: Check if an old database file exists @@ -93,8 +93,8 @@ service: name: matrix-mautrix-whatsapp state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_whatsapp_stat_database.stat.exists" @@ -131,7 +131,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 7dd4b402..3884f9e7 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-whatsapp state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - name: Ensure matrix-mautrix-whatsapp.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index 48314190..c983c4cc 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -8,4 +8,3 @@ with_items: - "matrix_mautrix_whatsapp_appservice_token" - "matrix_mautrix_whatsapp_homeserver_token" - diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 77daa825..4a492492 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index cd9c1477..80734c25 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Discord is a Matrix <-> Discord bridge # See: https://github.com/matrix-discord/mx-puppet-discord @@ -27,7 +28,7 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' -matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}" +matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}" # "@user:server.com" to allow specific user # "@.*:yourserver.com" to allow users on a specific homeserver diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 6fa43037..69458093 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml index 3ca32335..e11a2db0 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index f9985ed8..3ef57cb7 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_discord_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}"} when: matrix_mx_puppet_discord_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -32,8 +32,8 @@ service: name: matrix-mx-puppet-discord state: stopped - daemon_reload: yes - failed_when: False + daemon_reload: true + failed_when: false - name: (Data relocation) Move mx-puppet-discord database file to ./data directory command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" @@ -90,7 +90,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" - name: Ensure mx-puppet-discord config.yaml installed @@ -118,7 +118,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_discord_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-discord.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index a0298ad9..b3ab8e39 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-discord.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 58b01e20..6ffb87cd 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 8b382605..0daf6dfc 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge # See: https://gitlab.com/robintown/mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index b4469ea1..db28f324 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml index 994e7e45..070f920b 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 3ed4867c..84802c4f 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}"} when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-groupme state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_groupme_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure mx-puppet-groupme config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_groupme_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index f9ecce58..24daf7be 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-groupme state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-groupme.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index 7e008aeb..dabafd18 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 27210360..3a73e0fe 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mx-puppet-instagram bridges instagram DMs # See: https://github.com/Sorunome/mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index a12885e7..d16e6be0 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -21,4 +22,3 @@ + {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} when: matrix_mx_puppet_instagram_enabled|bool - diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml index d0fe90e4..6abb281f 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index cdbaa18e..63f1878b 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -51,10 +51,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}"} when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool - name: Ensure mx-puppet-instagram repository is present on self build @@ -74,7 +74,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" - name: Ensure mx-puppet-instagram config.yaml installed @@ -102,7 +102,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_instagram_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index 9ad4e13d..e4435a3e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-instagram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-instagram.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index b2921a4f..965bb41c 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 8dcb2faf..905e5086 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Skype is a Matrix <-> Skype bridge # See: https://github.com/Sorunome/mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index 5618821b..d28f6ca1 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml index 01ddd7d8..0793e994 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a39e7acf..28573533 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_skype_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_skype_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}"} when: matrix_mx_puppet_skype_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-skype state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_skype_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - name: Ensure mx-puppet-skype config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_skype_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-skype.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml index a1af7e33..838c3be5 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-skype state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_skype_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-skype.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index 4c604bb7..9a7986e4 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 30d42475..bf5c6dfa 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,8 +1,12 @@ +--- # Mx Puppet Slack is a Matrix <-> Slack bridge # See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true +matrix_mx_puppet_slack_oauth_client_id: '' +matrix_mx_puppet_slack_oauth_client_secret: '' + matrix_mx_puppet_slack_container_image_self_build: false matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 74ec0350..897f3f8f 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mx_puppet_slack_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; - {% endif %} - } + - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_slack_redirect_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; + {% endif %} + } - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] - }} + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mx_puppet_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml index 6aa0fd0f..0e886d45 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 8ef8ac4e..eca29e9b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_slack_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}"} when: matrix_mx_puppet_slack_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_slack_stat_database.stat.exists" @@ -87,7 +87,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" - name: (Data relocation) Move mx-puppet-slack database file to ./data directory @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_slack_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-slack.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index f6e7d33e..3a119267 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-slack.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index b1917b86..c7497a84 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -18,6 +18,10 @@ bridge: # Slack OAuth settings. Create a slack app at https://api.slack.com/apps oauth: enabled: true + # Slack app credentials. + # N.B. This must be quoted so YAML does not parse it as a float. + clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}' + clientSecret: {{ matrix_mx_puppet_slack_oauth_client_secret|to_json }} # Path where to listen for OAuth redirect callbacks. redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index f130c095..973771b3 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 2af4a32a..91675fce 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Steam is a Matrix <-> Steam bridge # See: https://github.com/matrix-steam/mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index c3218e89..efca4110 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml index cd6bb147..733cfa90 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index a92d63fb..a1786ba9 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_steam_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}"} when: matrix_mx_puppet_steam_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-steam state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_steam_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure mx-puppet-steam config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_steam_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-steam.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index 608bde73..2e152ef6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-steam state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-steam.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index c736b7ca..0772872b 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 0e37d51f..37be2be2 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -1,3 +1,5 @@ +--- + # Mx Puppet Twitter is a Matrix <-> Twitter bridge # See: https://github.com/Sorunome/mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 2054d23c..9d868bfe 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mx_puppet_twitter_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; - {% endif %} - } + - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } - - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] - }} + - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mx_puppet_twitter_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml index af355df3..7d65257c 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index a6250a16..8ca4f3f1 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}"} when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-twitter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_twitter_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure mx-puppet-twitter config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_twitter_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 1382ee58..56dcd9ce 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-twitter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-twitter.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index efa3e4e3..7e1b1c32 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index d3a686ce..82ffce6e 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-sms-bridge is a Matrix <-> SMS bridge # See: https://github.com/benkuly/matrix-sms-bridge diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index 5979d132..b8af8e60 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -1,3 +1,5 @@ +--- + # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/matrix-bridge-sms/tasks/main.yml index c1c499de..b06e1a54 100644 --- a/roles/matrix-bridge-sms/tasks/main.yml +++ b/roles/matrix-bridge-sms/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 61de923f..1f296043 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-sms-bridge.service installation service: - daemon_reload: yes - when: matrix_sms_bridge_systemd_service_result.changed \ No newline at end of file + daemon_reload: true + when: matrix_sms_bridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml index ad8442bc..d74476eb 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-sms-bridge state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_sms_bridge_service_stat.stat.exists" - name: Ensure matrix-sms-bridge.service doesn't exist diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml index f89b18fa..96e41755 100644 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ b/roles/matrix-bridge-sms/tasks/validate_config.yml @@ -13,4 +13,4 @@ - "matrix_sms_bridge_default_timezone" - "matrix_sms_bridge_provider_android_baseurl" - "matrix_sms_bridge_provider_android_username" - - "matrix_sms_bridge_provider_android_password" \ No newline at end of file + - "matrix_sms_bridge_provider_android_password" diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 404b5aab..46c3463f 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -35,8 +35,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endfor %} {{ matrix_sms_bridge_docker_image }} -ExecStopPost=-/usr/bin/docker kill matrix-sms-bridge -ExecStopPost=-/usr/bin/docker rm matrix-sms-bridge +ExecStop=-/usr/bin/docker kill matrix-sms-bridge +ExecStop=-/usr/bin/docker rm matrix-sms-bridge Restart=always RestartSec=30 SyslogIdentifier=matrix-sms-bridge diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 21ce09d4..1cb9b26f 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -1,9 +1,11 @@ +--- + matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.6.1 +matrix_client_cinny_version: v1.7.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/matrix-client-cinny/tasks/init.yml index e6889e4d..04fbd8a2 100644 --- a/roles/matrix-client-cinny/tasks/init.yml +++ b/roles/matrix-client-cinny/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-client-cinny/tasks/main.yml b/roles/matrix-client-cinny/tasks/main.yml index 8a39c021..5c37d38e 100644 --- a/roles/matrix-client-cinny/tasks/main.yml +++ b/roles/matrix-client-cinny/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-cinny/tasks/self_check.yml b/roles/matrix-client-cinny/tasks/self_check.yml index df1241a8..d00408da 100644 --- a/roles/matrix-client-cinny/tasks/self_check.yml +++ b/roles/matrix-client-cinny/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_cinny_self_check_validate_certificates }}" register: matrix_client_cinny_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Cinny not working diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5d92f1d3..5571d8d0 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -7,16 +7,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_cinny_data_path }}", when: true } - - { path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}" } + - {path: "{{ matrix_client_cinny_data_path }}", when: true} + - {path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Cinny Docker image is pulled docker_image: - name: "{{ matrix_client_cinny_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" + name: "{{ matrix_client_cinny_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" - name: Ensure Cinny repository is present on self-build @@ -55,7 +55,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_cinny_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_cinny_container_image_self_build|bool" - name: Ensure matrix-client-cinny.service installed @@ -67,5 +67,5 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_cinny_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/matrix-client-cinny/tasks/setup_uninstall.yml index 2a3bffb5..507c5d70 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/matrix-client-cinny/tasks/setup_uninstall.yml @@ -8,8 +8,8 @@ service: name: matrix-client-cinny state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_cinny_service_stat.stat.exists|bool" @@ -21,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_cinny_service_stat.stat.exists|bool" - name: Ensure Cinny paths doesn't exist diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index aa5a0432..f4ebd6a0 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 15f401dd..51ddf1c2 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false @@ -7,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.9.9 +matrix_client_element_version: v1.10.4 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/matrix-client-element/tasks/init.yml index 44fa1544..cb1df0b5 100644 --- a/roles/matrix-client-element/tasks/init.yml +++ b/roles/matrix-client-element/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}" when: matrix_client_element_enabled|bool diff --git a/roles/matrix-client-element/tasks/main.yml b/roles/matrix-client-element/tasks/main.yml index f020382a..28e23e8a 100644 --- a/roles/matrix-client-element/tasks/main.yml +++ b/roles/matrix-client-element/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/matrix-client-element/tasks/migrate_riot_web.yml index 304e9fbf..ee0fd446 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/matrix-client-element/tasks/migrate_riot_web.yml @@ -10,8 +10,8 @@ service: name: matrix-riot-web state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" @@ -23,7 +23,7 @@ - name: Ensure systemd reloaded after matrix-riot-web.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" - name: Check existence of /matrix/riot-web diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index 1453e37d..bfb9837b 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -25,7 +25,7 @@ - name: Load Element theme set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" + matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" with_items: "{{ matrix_client_element_theme_file_contents.results }}" run_once: true diff --git a/roles/matrix-client-element/tasks/self_check.yml b/roles/matrix-client-element/tasks/self_check.yml index 34b6b88b..d05644c8 100644 --- a/roles/matrix-client-element/tasks/self_check.yml +++ b/roles/matrix-client-element/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}" register: matrix_client_element_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Element not working diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index b14a0dd5..3b877e8e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -8,8 +8,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_element_data_path }}", when: true } - - { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" } + - {path: "{{ matrix_client_element_data_path }}", when: true} + - {path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Element Docker image is pulled @@ -37,7 +37,7 @@ path: "{{ matrix_client_element_docker_src_files_path }}/webpack.config.js" regexp: '(\s+)splitChunks: \{' line: '\1splitChunks: { maxSize: 100000,' - backrefs: yes + backrefs: true owner: root group: root mode: '0644' @@ -52,7 +52,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_element_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_element_container_image_self_build|bool" - name: Ensure Element configuration installed @@ -93,5 +93,5 @@ - name: Ensure systemd reloaded after matrix-client-element.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/matrix-client-element/tasks/setup_uninstall.yml index 82805b78..55bc20d6 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/matrix-client-element/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-client-element state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_element_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-client-element.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_service_stat.stat.exists|bool" - name: Ensure Element paths doesn't exist diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index d4ad2b9e..fe2a3a86 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 61db1ba2..4b91eb2b 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_hydrogen_enabled: true # Self building is used by default because the `config.json` file is only read at build time. @@ -5,7 +7,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.23 +matrix_client_hydrogen_version: v0.2.26 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml index 8116a003..c6801e51 100644 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ b/roles/matrix-client-hydrogen/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 8d5c493f..13d157cc 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index c7407dcd..28af9c78 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_hydrogen_self_check_validate_certificates }}" register: matrix_client_hydrogen_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Hydrogen not working diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index 2f949927..d8372768 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -8,16 +8,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_hydrogen_data_path }}", when: true } - - { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" } + - {path: "{{ matrix_client_hydrogen_data_path }}", when: true} + - {path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Hydrogen Docker image is pulled docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" + name: "{{ matrix_client_hydrogen_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure Hydrogen repository is present on self-build @@ -59,7 +59,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure matrix-client-hydrogen.service installed @@ -71,5 +71,5 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_hydrogen_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml index 64d20166..7aff2916 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-client-hydrogen state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_hydrogen_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_hydrogen_service_stat.stat.exists|bool" - name: Ensure Hydrogen paths doesn't exist diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 7a72e876..c85aeb97 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-common-after/defaults/main.yml b/roles/matrix-common-after/defaults/main.yml index 8112191a..51c48c7d 100644 --- a/roles/matrix-common-after/defaults/main.yml +++ b/roles/matrix-common-after/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Specifies how long to wait between starting systemd services and checking if they're started. # # A too low value may lead to a failure, as services may not have enough time to start and potentially fail. diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 9c472ca3..ad0a0ee8 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -6,7 +6,7 @@ register: cmd when: not awx_janitor_user_created|bool no_log: false - + - name: Update AWX janitor user created variable delegate_to: 127.0.0.1 lineinfile: @@ -24,7 +24,7 @@ register: cmd when: not awx_dimension_user_created|bool no_log: false - + - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 lineinfile: @@ -42,7 +42,7 @@ register: cmd when: not awx_mjolnir_user_created|bool no_log: false - + - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 lineinfile: diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml index 9788bf84..44ae1a30 100644 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ b/roles/matrix-common-after/tasks/dump_runtime_results.yml @@ -1,3 +1,4 @@ +--- # Ansible outputs the message in the `item=` field. # It's unnecessary to output it again in the actual message, so we don't. - debug: diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index b4503ae1..75dee15d 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/start.yml" when: run_start|bool @@ -12,7 +13,7 @@ - import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" tags: - always - + - import_tasks: "{{ role_path }}/tasks/awx_post.yml" when: run_setup|bool and matrix_awx_enabled|bool tags: @@ -21,5 +22,3 @@ - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune - - diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index 64ab4d99..02fa672e 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -6,7 +6,7 @@ - name: Ensure systemd is reloaded service: - daemon_reload: yes + daemon_reload: true - name: Ensure Matrix services are stopped service: @@ -35,39 +35,39 @@ become: false - block: - - name: Populate service facts - service_facts: + - name: Populate service facts + service_facts: - - name: Fail if service isn't detected to be running - fail: - msg: >- - {{ item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. - If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. - You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. - See `roles/matrix-common-after/defaults/main.yml` for more details about that. - with_items: "{{ matrix_systemd_services_list }}" - when: - - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" + - name: Fail if service isn't detected to be running + fail: + msg: >- + {{ item }} was not detected to be running. + It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). + Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. + If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. + You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. + See `roles/matrix-common-after/defaults/main.yml` for more details about that. + with_items: "{{ matrix_systemd_services_list }}" + when: + - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" when: " ansible_distribution != 'Archlinux'" - block: - # Currently there is a bug in ansible that renders is incompatible with systemd. - # service_facts is not collecting the data successfully. - # Therefore iterating here manually - - name: Fetch systemd information - systemd: - name: "{{ item }}" - register: systemdstatus - with_items: "{{ matrix_systemd_services_list }}" + # Currently there is a bug in ansible that renders is incompatible with systemd. + # service_facts is not collecting the data successfully. + # Therefore iterating here manually + - name: Fetch systemd information + systemd: + name: "{{ item }}" + register: systemdstatus + with_items: "{{ matrix_systemd_services_list }}" - - name: Fail if service isn't detected to be running - fail: - msg: >- - {{ item.item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. - with_items: "{{ systemdstatus.results }}" - when: "item.status['ActiveState'] != 'active'" + - name: Fail if service isn't detected to be running + fail: + msg: >- + {{ item.item }} was not detected to be running. + It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). + Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. + with_items: "{{ systemdstatus.results }}" + when: "item.status['ActiveState'] != 'active'" when: "ansible_distribution == 'Archlinux'" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index aede4d50..66896e0e 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-corporal is a reconciliator and gateway for a managed Matrix server. # See: https://github.com/devture/matrix-corporal @@ -22,10 +23,10 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.2 +matrix_corporal_version: 2.2.3 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility +matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index e5062c27..b2f50e93 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml index 90c8105c..7ff359d0 100644 --- a/roles/matrix-corporal/tasks/main.yml +++ b/roles/matrix-corporal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index f7c15109..b702c00f 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -8,7 +8,7 @@ url: "{{ corporal_client_api_url_endpoint_public }}" follow_redirects: none return_content: true - check_mode: no + check_mode: false register: result_corporal_client_api ignore_errors: true diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 8e007c4f..b8edc596 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -35,7 +35,7 @@ build: dockerfile: etc/docker/Dockerfile path: "{{ matrix_corporal_container_src_files_path }}" - pull: yes + pull: true when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" - name: Ensure Matrix Corporal Docker image is pulled @@ -65,7 +65,7 @@ - name: Ensure systemd reloaded after matrix-corporal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" @@ -83,8 +83,8 @@ service: name: matrix-corporal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" @@ -96,7 +96,7 @@ - name: Ensure systemd reloaded after matrix-corporal.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal files don't exist diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 9c42f2b1..262e2e77 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 4d7ccf6b..f1274657 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index a7d8a343..93e4fa3a 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/matrix-coturn/tasks/main.yml index 9794bcb3..76352df1 100644 --- a/roles/matrix-coturn/tasks/main.yml +++ b/roles/matrix-coturn/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index c31406b1..f5726e32 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -14,7 +14,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} + - {path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Coturn image is pulled @@ -43,7 +43,7 @@ build: dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_coturn_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_coturn_container_image_self_build|bool" - name: Ensure Coturn configuration path exists @@ -101,5 +101,5 @@ - name: Ensure systemd reloaded if systemd units changed service: - daemon_reload: yes + daemon_reload: true when: "matrix_coturn_systemd_service_change_results.changed" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/matrix-coturn/tasks/setup_uninstall.yml index b642c6d0..097ba873 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/matrix-coturn/tasks/setup_uninstall.yml @@ -10,16 +10,16 @@ service: name: matrix-coturn state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_coturn_service_stat.stat.exists|bool" - name: Ensure matrix-coturn-reload.timer is stopped service: name: matrix-coturn state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_coturn_service_stat.stat.exists|bool" @@ -35,7 +35,7 @@ - name: Ensure systemd reloaded after unit removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool" - name: Ensure Matrix coturn paths don't exist diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 778f8185..a39030af 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -43,8 +43,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 23789540..ec3937c7 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Dendrite is a second-generation Matrix homeserver currently in Beta # See: https://github.com/matrix-org/dendrite @@ -127,7 +128,7 @@ matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] matrix_dendrite_turn_shared_secret: "" -matrix_dendrite_turn_allow_guests: False +matrix_dendrite_turn_allow_guests: false # Controls whether the self-check feature should validate TLS certificates. matrix_dendrite_disable_tls_validation: false diff --git a/roles/matrix-dendrite/tasks/dendrite/setup.yml b/roles/matrix-dendrite/tasks/dendrite/setup.yml index 8b669193..f988d918 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup.yml @@ -1,4 +1,5 @@ --- + - import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index 3e3b2199..7b3c12d5 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -4,7 +4,7 @@ stat: path: "{{ matrix_dendrite_media_store_path }}" register: local_path_media_store_stat - ignore_errors: yes + ignore_errors: true # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. @@ -67,7 +67,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dendrite_systemd_service_result.changed|bool" - name: Ensure matrix-dendrite-create-account script created diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index 7e953365..89d5481c 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-dendrite service stat: path: "{{ matrix_systemd_path }}/matrix-dendrite.service" @@ -7,7 +9,7 @@ service: name: matrix-dendrite state: stopped - daemon_reload: yes + daemon_reload: true register: stopping_result when: "matrix_dendrite_service_stat.stat.exists" @@ -19,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure Dendrite Docker image doesn't exist diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/matrix-dendrite/tasks/init.yml index 2e2e551a..524ef6ee 100644 --- a/roles/matrix-dendrite/tasks/init.yml +++ b/roles/matrix-dendrite/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/matrix-dendrite/tasks/main.yml index 815135d7..5483adec 100644 --- a/roles/matrix-dendrite/tasks/main.yml +++ b/roles/matrix-dendrite/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index 099d57e9..b8e3ae5e 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -13,7 +13,7 @@ service: name: matrix-dendrite state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Wait a while, so that Dendrite can manage to start diff --git a/roles/matrix-dendrite/tasks/self_check_client_api.yml b/roles/matrix-dendrite/tasks/self_check_client_api.yml index 7c2f6b5e..2470d818 100644 --- a/roles/matrix-dendrite/tasks/self_check_client_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_client_api.yml @@ -6,7 +6,7 @@ validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" register: result_matrix_dendrite_client_api ignore_errors: true - check_mode: no + check_mode: false - name: Fail if Matrix Client API not working fail: diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/matrix-dendrite/tasks/self_check_federation_api.yml index a7c60a67..0afca2cb 100644 --- a/roles/matrix-dendrite/tasks/self_check_federation_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_federation_api.yml @@ -6,7 +6,7 @@ validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" register: result_matrix_dendrite_federation_api ignore_errors: true - check_mode: no + check_mode: false - name: Fail if Matrix Federation API not working fail: diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index 04c3a7fe..cbe0cf84 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -7,8 +7,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } - - { path: "{{ matrix_dendrite_ext_path }}", when: true } + - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} + - {path: "{{ matrix_dendrite_ext_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 7592fca8..e14734dd 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -53,8 +53,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 1ca5f5b8..c4da906d 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_dimension_enabled: false # You are required to specify an access token for Dimension to work. diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml index 85ca04ea..6336cb4d 100644 --- a/roles/matrix-dimension/tasks/init.yml +++ b/roles/matrix-dimension/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" when: matrix_dimension_enabled|bool diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml index aad55286..c2f01399 100644 --- a/roles/matrix-dimension/tasks/main.yml +++ b/roles/matrix-dimension/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index c75fc0b9..92c21c9e 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -111,7 +111,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_dimension_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_dimension_container_image_self_build|bool" - name: Ensure matrix-dimension.service installed @@ -123,7 +123,7 @@ - name: Ensure systemd reloaded after matrix-dimension.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dimension_systemd_service_result.changed|bool" - name: Ensure matrix-dimension.service restarted, if necessary diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml index 21f34df0..cdfbe07a 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/matrix-dimension/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-dimension state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_dimension_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-dimension.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dimension_service_stat.stat.exists|bool" - name: Ensure Dimension base directory doesn't exist diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml index ead8352b..8413c42f 100644 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -1,3 +1,4 @@ +--- - name: Fail if required Dimension settings not defined fail: msg: >- diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index 0451231b..e27a5558 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dimension/vars/main.yml b/roles/matrix-dimension/vars/main.yml index 107bb4fa..131024cc 100644 --- a/roles/matrix-dimension/vars/main.yml +++ b/roles/matrix-dimension/vars/main.yml @@ -2,4 +2,4 @@ # Doing `|from_yaml` when the extension contains nothing yields an empty string (""). # We need to ensure it's a dictionary or `|combine` (when building `matrix_dimension_configuration`) will fail later. -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" \ No newline at end of file +matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 2be1a5ba..5d733eb3 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -1,10 +1,11 @@ +--- # Whether dynamic dns is enabled matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls76 +matrix_dynamic_dns_version: v3.9.1-ls79 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index e7d33ff2..6ea6a60b 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index ac69ec89..e2e4f043 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -16,9 +16,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dynamic_dns_base_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_config_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}" } + - {path: "{{ matrix_dynamic_dns_base_path }}", when: true} + - {path: "{{ matrix_dynamic_dns_config_path }}", when: true} + - {path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}"} when: matrix_dynamic_dns_enabled|bool and item.when|bool - name: Ensure Dynamic DNS repository is present on self build @@ -38,7 +38,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_dynamic_dns_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" - name: Ensure Dynamic DNS ddclient.conf installed @@ -58,5 +58,5 @@ - name: Ensure systemd reloaded after matrix-dynamic-dns.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dynamic_dns_systemd_service_result.changed" diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/matrix-dynamic-dns/tasks/main.yml index f9aaab8f..8b8b306c 100644 --- a/roles/matrix-dynamic-dns/tasks/main.yml +++ b/roles/matrix-dynamic-dns/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml index 9d511051..80842c9c 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-dynamic-dns state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" - name: Ensure matrix-dynamic-dns.service doesn't exist @@ -21,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-dynamic-dns.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" # Intentionally not removing the Docker image when uninstalling. diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index 31e106f0..dfdd2f72 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-dynamic-dns diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 3dfabc1a..fe5d3399 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_email2matrix_enabled: true matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" @@ -8,7 +10,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" -matrix_email2matrix_version: 1.0.1 +matrix_email2matrix_version: 1.0.3 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml index 0c8ffc0c..5f582212 100644 --- a/roles/matrix-email2matrix/tasks/init.yml +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml index 77be7279..35bda4fa 100644 --- a/roles/matrix-email2matrix/tasks/main.yml +++ b/roles/matrix-email2matrix/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 7805c2c1..44f2ef7d 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_email2matrix_base_path }}", when: true } - - { path: "{{ matrix_email2matrix_config_dir_path }}", when: true } - - { path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} + - {path: "{{ matrix_email2matrix_base_path }}", when: true} + - {path: "{{ matrix_email2matrix_config_dir_path }}", when: true} + - {path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Email2Matrix configuration file created @@ -47,7 +47,7 @@ build: dockerfile: etc/docker/Dockerfile path: "{{ matrix_email2matrix_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_email2matrix_container_image_self_build|bool" - name: Ensure matrix-email2matrix.service installed @@ -59,5 +59,5 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_email2matrix_systemd_service_result.changed|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml index 270b9250..27d35f2d 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/matrix-email2matrix/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-email2matrix state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_email2matrix_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_email2matrix_service_stat.stat.exists|bool" - name: Ensure Email2Matrix data path doesn't exist diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index b620a13f..c9226768 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index bcabc3dd..0daf24a3 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index c94e0817..b155064c 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -1,52 +1,54 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" when: matrix_etherpad_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-etherpad role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - set_fact: - matrix_etherpad_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; + - name: Generate Etherpad proxying configuration for matrix-nginx-proxy + set_fact: + matrix_etherpad_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; - location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-etherpad:9001/; - {# These are proxy directives needed specifically by Etherpad #} - proxy_buffering off; - proxy_http_version 1.1; # recommended with keepalive connections - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {# Generic configuration for use outside of our container setup #} - # A good guide for setting up your Etherpad behind nginx: - # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html - proxy_pass http://127.0.0.1:9001/; - {% endif %} - } + location {{ matrix_etherpad_public_endpoint }}/ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-etherpad:9001/; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; # recommended with keepalive connections + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } - - name: Register Etherpad proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) - + - [matrix_etherpad_matrix_nginx_proxy_configuration] - }} + - name: Register Etherpad proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) + + + [matrix_etherpad_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_etherpad_enabled|bool diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/matrix-etherpad/tasks/main.yml index 27548aaf..bf59d838 100644 --- a/roles/matrix-etherpad/tasks/main.yml +++ b/roles/matrix-etherpad/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index a93c28de..27832e14 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -32,5 +32,5 @@ - name: Ensure systemd reloaded after matrix-etherpad.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_etherpad_systemd_service_result.changed|bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml index a63d3fb1..ae1f2604 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-etherpad state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_etherpad_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-etherpad.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_etherpad_service_stat.stat.exists|bool" - name: Ensure Etherpad base directory doesn't exist diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml index c76dc3b5..f9438e7b 100644 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ b/roles/matrix-etherpad/tasks/validate_config.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Etherpad is enabled without the Dimension integrations manager fail: msg: >- diff --git a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 index e55c57c7..d96c4260 100644 --- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 +++ b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ --sessionkey /data/sessionkey.json --apikey /data/apijey.json -ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-etherpad +ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad +ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad Restart=always RestartSec=30 SyslogIdentifier=matrix-etherpad diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index f802d2e5..0ee7a86a 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -1,9 +1,10 @@ +--- # matrix-grafana is open source visualization and analytics software # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md matrix_grafana_enabled: false -matrix_grafana_version: 8.3.3 +matrix_grafana_version: 8.4.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" @@ -11,8 +12,8 @@ matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith # they might still want to look at the old existing data. # So it would be silly to delete the dashboard in such case. matrix_grafana_dashboard_download_urls: -- "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" -- "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" + - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" + - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana" matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config" @@ -21,6 +22,10 @@ matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data" # Allow viewing Grafana without logging in matrix_grafana_anonymous_access: false +# When `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame. +# Read more here: https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding +matrix_grafana_allow_embedding: false + # specify organization name that should be used for unauthenticated users # if you change this in the Grafana admin panel, this needs to be updated # to match to keep anonymous logins working @@ -32,7 +37,7 @@ matrix_grafana_default_admin_user: admin matrix_grafana_default_admin_password: admin # Set to true to add the Content-Security-Policy header to your requests. -# CSP allows to control resources that the user agent can load and helps +# CSP allows to control resources that the user agent can load and helps # prevent XSS attacks. # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) matrix_grafana_content_security_policy: true diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/matrix-grafana/tasks/init.yml index 8a22e301..4c2cbf06 100644 --- a/roles/matrix-grafana/tasks/init.yml +++ b/roles/matrix-grafana/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" when: matrix_grafana_enabled|bool - - diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/matrix-grafana/tasks/main.yml index fb16c394..c93fd500 100644 --- a/roles/matrix-grafana/tasks/main.yml +++ b/roles/matrix-grafana/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index c5cee64c..5f9d21c1 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -77,7 +77,7 @@ - name: Ensure systemd reloaded after matrix-grafana.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed" # @@ -93,8 +93,8 @@ service: name: matrix-grafana state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" @@ -106,6 +106,5 @@ - name: Ensure systemd reloaded after matrix-grafana.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2 index 8f4c88f0..1e06683e 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/matrix-grafana/templates/grafana.ini.j2 @@ -16,6 +16,8 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}" content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}""" {% endif %} +allow_embedding = {{ matrix_grafana_allow_embedding }} + [auth.anonymous] # enable anonymous access enabled = {{ matrix_grafana_anonymous_access }} diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index 64d40a5c..a4f81e35 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index a36a09fc..32f4be0d 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_jitsi_enabled: true matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" @@ -69,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false matrix_jitsi_version: stable-6726-2 -matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility +matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index 1f7a2d1c..efab8745 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml index e4f3508f..fe9da205 100644 --- a/roles/matrix-jitsi/tasks/main.yml +++ b/roles/matrix-jitsi/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml index 408027ee..4b390c18 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + # # Tasks related to setting up jitsi # @@ -12,7 +14,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_base_path }}", when: true } + - {path: "{{ matrix_jitsi_base_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when # diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 4e2be696..2bb781c1 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } + - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true} + - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-jicofo Docker image is pulled @@ -51,7 +51,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" # @@ -68,8 +68,8 @@ service: name: matrix-jitsi-jicofo state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure Matrix jitsi-jicofo paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 558a6cf1..3b3b8dbf 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } + - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true} + - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-jvb Docker image is pulled @@ -51,7 +51,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" # @@ -68,8 +68,8 @@ service: name: matrix-jitsi-jvb state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure Matrix jitsi-jvb paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index c1c7c7fc..437e1e9c 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -12,9 +12,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true } + - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-prosody Docker image is pulled @@ -42,7 +42,7 @@ - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - name: Ensure authentication is properly configured @@ -67,8 +67,8 @@ service: name: matrix-jitsi-prosody state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" @@ -80,7 +80,7 @@ - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure Matrix jitsi-prosody paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index bcb1b49e..0a4d43b0 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -12,10 +12,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_web_base_path }}", when: true } - - { path: "{{ matrix_jitsi_web_config_path }}", when: true } - - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } - - { path: "{{ matrix_jitsi_web_crontabs_path }}", when: true } + - {path: "{{ matrix_jitsi_web_base_path }}", when: true} + - {path: "{{ matrix_jitsi_web_config_path }}", when: true} + - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true} + - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-web Docker image is pulled @@ -53,7 +53,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-web.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" # @@ -70,8 +70,8 @@ service: name: matrix-jitsi-web state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" @@ -83,7 +83,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-web.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure Matrix jitsi-web paths doesn't exist @@ -94,4 +94,3 @@ # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. - diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 66fb7e5d..50973acb 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -21,18 +21,14 @@ - matrix_jitsi_auth_type == "internal" - matrix_jitsi_prosody_auth_internal_accounts|length > 0 - # # Tasks related to configuring other Jitsi authentication mechanisms # - - # # Tasks related to cleaning after Jitsi authentication configuration # - # # Stop Necessary Services # @@ -40,4 +36,4 @@ systemd: state: stopped name: matrix-jitsi-prosody - when: matrix_jitsi_prosody_start_result.changed|bool \ No newline at end of file + when: matrix_jitsi_prosody_start_result.changed|bool diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml index 4defe986..5131396d 100644 --- a/roles/matrix-jitsi/tasks/validate_config.yml +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -24,7 +24,6 @@ fail: msg: >- At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication. - If you're setting up Jitsi for the first time, you may have missed a step. Refer to our setup instructions (docs/configuring-playbook-jitsi.md). when: diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index b4944c84..6ecafaa0 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 5be32210..2785795d 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 452ff954..5a4a81e5 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index ff577670..35bfca67 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index f0e96eff..f1d57049 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -1,3 +1,4 @@ +--- # ma1sd is a Federated Matrix Identity Server # See: https://github.com/ma1uta/ma1sd diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index 04cc3a21..a7c914db 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/matrix-ma1sd/tasks/main.yml index 0b8a114e..2902c05d 100644 --- a/roles/matrix-ma1sd/tasks/main.yml +++ b/roles/matrix-ma1sd/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index c36c3de9..720afa76 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -23,8 +23,8 @@ service: name: matrix-mxisd state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" - name: Check existence of matrix-ma1sd service @@ -37,26 +37,26 @@ service: name: matrix-ma1sd state: stopped - daemon_reload: yes + daemon_reload: true when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists" # We use shell commands for the migration, because the Ansible copy module cannot # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. - block: - - name: Copy mxisd data files to ma1sd folder - command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" + - name: Copy mxisd data files to ma1sd folder + command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - - name: Check existence of mxisd.db file - stat: - path: "{{ matrix_ma1sd_data_path }}/mxisd.db" - register: matrix_ma1sd_mxisd_db_stat + - name: Check existence of mxisd.db file + stat: + path: "{{ matrix_ma1sd_data_path }}/mxisd.db" + register: matrix_ma1sd_mxisd_db_stat - - name: Rename database (mxisd.db -> ma1sd.db) - command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" - when: "matrix_ma1sd_mxisd_db_stat.stat.exists" + - name: Rename database (mxisd.db -> ma1sd.db) + command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" + when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - - name: Rename mxisd folder - command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" + - name: Rename mxisd folder + command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist @@ -67,7 +67,5 @@ - name: Ensure systemd reloaded after removing outdated matrix-mxisd.service service: - daemon_reload: yes + daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" - - diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml index b8a7faaa..4a4c7136 100644 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml @@ -8,7 +8,7 @@ url: "{{ ma1sd_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" - check_mode: no + check_mode: false register: result_ma1sd ignore_errors: true diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 3f319eef..6fc6902a 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_ma1sd_config_path }}", when: true } - - { path: "{{ matrix_ma1sd_data_path }}", when: true } - - { path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} + - {path: "{{ matrix_ma1sd_config_path }}", when: true} + - {path: "{{ matrix_ma1sd_data_path }}", when: true} + - {path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} when: "item.when|bool" - import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" @@ -54,52 +54,52 @@ when: "not matrix_ma1sd_container_image_self_build|bool" - block: - - name: Ensure gradle is installed for self-building (Debian) - apt: - name: - - gradle - state: present - update_cache: yes - when: (ansible_os_family == 'Debian') - - - name: Ensure gradle is installed for self-building (CentOS) - fail: - msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" - when: ansible_distribution == 'CentOS' - - - name: Ensure gradle is installed for self-building (Archlinux) - pacman: - name: - - gradle - state: latest - update_cache: yes - when: ansible_distribution == 'Archlinux' - - - name: Ensure ma1sd repository is present on self-build - git: - repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" - dest: "{{ matrix_ma1sd_docker_src_files_path }}" - version: "{{ matrix_ma1sd_container_image_self_build_branch }}" - force: "yes" - register: matrix_ma1sd_git_pull_results - - - name: Ensure ma1sd Docker image is built - shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" - args: - chdir: "{{ matrix_ma1sd_docker_src_files_path }}" - - - name: Ensure ma1sd Docker image is tagged correctly - docker_image: - # The build script always tags the image with 2 tags: - # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) - # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) - # - generic one: `ma1uta/ma1sd:latest-dev` - # - # It's hard to predict the first one, so we'll use the latter. - name: "ma1uta/ma1sd:latest-dev" - repository: "{{ matrix_ma1sd_docker_image }}" - force_tag: yes - source: local + - name: Ensure gradle is installed for self-building (Debian) + apt: + name: + - gradle + state: present + update_cache: true + when: (ansible_os_family == 'Debian') + + - name: Ensure gradle is installed for self-building (RedHat) + fail: + msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" + when: ansible_os_family == 'RedHat' + + - name: Ensure gradle is installed for self-building (Archlinux) + pacman: + name: + - gradle + state: latest + update_cache: true + when: ansible_distribution == 'Archlinux' + + - name: Ensure ma1sd repository is present on self-build + git: + repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" + dest: "{{ matrix_ma1sd_docker_src_files_path }}" + version: "{{ matrix_ma1sd_container_image_self_build_branch }}" + force: "yes" + register: matrix_ma1sd_git_pull_results + + - name: Ensure ma1sd Docker image is built + shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" + args: + chdir: "{{ matrix_ma1sd_docker_src_files_path }}" + + - name: Ensure ma1sd Docker image is tagged correctly + docker_image: + # The build script always tags the image with 2 tags: + # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) + # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) + # - generic one: `ma1uta/ma1sd:latest-dev` + # + # It's hard to predict the first one, so we'll use the latter. + name: "ma1uta/ma1sd:latest-dev" + repository: "{{ matrix_ma1sd_docker_image }}" + force_tag: true + source: local when: "matrix_ma1sd_container_image_self_build|bool" - name: Ensure ma1sd config installed @@ -157,7 +157,7 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_ma1sd_systemd_service_result.changed|bool" - name: Ensure matrix-ma1sd.service restarted, if necessary diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml index 153f6e08..30a1bfda 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-ma1sd state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_ma1sd_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_ma1sd_service_stat.stat.exists|bool" - name: Ensure Matrix ma1sd paths don't exist diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index c3d5850f..8e5cc6dd 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index f006568f..682126d2 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" @@ -7,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0 +matrix_mailer_version: 4.95-r0-2 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index d07380f0..c928d557 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/matrix-mailer/tasks/main.yml index f636614e..c69dad20 100644 --- a/roles/matrix-mailer/tasks/main.yml +++ b/roles/matrix-mailer/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index def17883..1ac4f339 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mailer_base_path }}", when: true } - - { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" } + - {path: "{{ matrix_mailer_base_path }}", when: true} + - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"} when: "matrix_mailer_enabled|bool and item.when" - name: Ensure mailer environment variables file created @@ -41,7 +41,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" - pull: yes + pull: true when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" - name: Ensure exim-relay image is pulled @@ -62,7 +62,7 @@ - name: Ensure systemd reloaded after matrix-mailer.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed" # @@ -79,8 +79,8 @@ service: name: matrix-mailer state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" @@ -92,7 +92,7 @@ - name: Ensure systemd reloaded after matrix-mailer.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure Matrix mailer environment variables path doesn't exist diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index ee316469..bf5a2e42 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6932c8c0..32702ec9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,6 @@ +--- matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.5-alpine +matrix_nginx_proxy_version: 1.21.6-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but @@ -476,7 +477,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.22.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml index 0161da23..ddc8cb47 100644 --- a/roles/matrix-nginx-proxy/tasks/init.yml +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}" when: matrix_nginx_proxy_enabled|bool diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml index ad111951..74f8e8d1 100644 --- a/roles/matrix-nginx-proxy/tasks/main.yml +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always @@ -35,4 +36,4 @@ set_fact: matrix_nginx_proxy_role_executed: true tags: - - always + - always diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 6f831a29..588cd1e7 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -14,7 +14,7 @@ validate_certs: "{{ well_known_file_check.validate_certs }}" headers: Origin: example.com - check_mode: no + check_mode: false register: result_well_known_matrix ignore_errors: true @@ -44,7 +44,7 @@ validate_certs: "{{ well_known_file_check.validate_certs }}" headers: Origin: example.com - check_mode: no + check_mode: false register: result_well_known_identity ignore_errors: true diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index e5021468..373bc55b 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -195,7 +195,7 @@ - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed" @@ -213,8 +213,8 @@ service: name: matrix-nginx-proxy state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" @@ -226,7 +226,7 @@ - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted diff --git a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml index 3e43a8c6..1c85552c 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_well_known_file_path: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" @@ -21,4 +22,4 @@ dest: "{{ matrix_static_files_base_path }}/.well-known/matrix" mode: 0644 owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file + group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e820b0ed..e4dd53c2 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -1,3 +1,4 @@ +--- - debug: msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}" @@ -13,16 +14,16 @@ domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" - block: - - name: Ensure required service for obtaining is started - service: - name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" - state: started - register: matrix_ssl_pre_obtaining_required_service_start_result + - name: Ensure required service for obtaining is started + service: + name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" + state: started + register: matrix_ssl_pre_obtaining_required_service_start_result - - name: Wait some time, so that the required service for obtaining can start - wait_for: - timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" - when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" + - name: Wait some time, so that the required service for obtaining can start + wait_for: + timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" + when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" when: "domain_name_needs_cert|bool and matrix_ssl_pre_obtaining_required_service_name != ''" # This will fail if there is something running on port 80 (like matrix-nginx-proxy). diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index ea39f5e9..7bcd3d74 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -5,4 +5,4 @@ with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" loop_control: loop_var: domain_name - when: "matrix_ssl_retrieval_method == 'manually-managed'" \ No newline at end of file + when: "matrix_ssl_retrieval_method == 'manually-managed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml index be0444b1..2b5bb1f3 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml @@ -20,4 +20,4 @@ - fail: msg: "Failed finding a certificate key file (for domain `{{ domain_name }}`) at `{{ matrix_ssl_certificate_verification_cert_key_path }}`" - when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" \ No newline at end of file + when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 8fa316da..47ec40aa 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -1,28 +1,7 @@ --- -- name: Ensure OpenSSL installed (RedHat) - yum: - name: - - openssl - state: present - update_cache: no - when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'RedHat'" - -- name: Ensure APT usage dependencies are installed (Debian) - apt: - name: - - openssl - state: present - update_cache: no - when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'Debian'" - -- name: Ensure OpenSSL installed (Archlinux) - pacman: - name: - - openssl - state: latest - update_cache: no - when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_distribution == 'Archlinux'" +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + when: "matrix_ssl_retrieval_method == 'self-signed'" - name: Generate self-signed certificates include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 03bc32af..1143efd4 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index efce3656..59ae5076 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_postgres_backup_enabled: false matrix_postgres_backup_connection_hostname: "matrix-postgres" diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml index c6a9bd7e..f74cea06 100644 --- a/roles/matrix-postgres-backup/tasks/init.yml +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" when: matrix_postgres_backup_enabled|bool diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 68eae443..72329db3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -52,7 +52,7 @@ - name: Ensure systemd reloaded after matrix-postgres-backup.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" # @@ -69,8 +69,8 @@ service: name: matrix-postgres-backup state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure matrix-postgres-backup.service doesn't exist @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-postgres-backup.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Check existence of matrix-postgres-backup backup path diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 index 52e12edb..97c9ae7f 100644 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -21,8 +21,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backu --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ {{ matrix_postgres_backup_docker_image_to_use }} -ExecStopPost=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres-backup diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 42413286..76529a82 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_postgres_enabled: true matrix_postgres_connection_hostname: "matrix-postgres" @@ -18,11 +20,11 @@ matrix_postgres_architecture: amd64 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.19{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.14{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.9{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.5{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.1{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml index a42c6f55..2a673ee3 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -57,7 +57,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index b8e93219..948c4b3a 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -48,7 +48,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml index ea15c5a8..2dafba59 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -37,7 +37,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true - name: Ensure postgres data is wiped out file: @@ -56,7 +56,7 @@ service: name: matrix-postgres state: restarted - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml index a0f2ae60..e5ebd9c5 100644 --- a/roles/matrix-postgres/tasks/init.yml +++ b/roles/matrix-postgres/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}" when: matrix_postgres_enabled|bool diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/matrix-postgres/tasks/main.yml index b9c2ae7c..79890417 100644 --- a/roles/matrix-postgres/tasks/main.yml +++ b/roles/matrix-postgres/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index e62feee3..f927783f 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -29,7 +29,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" - name: Find files and directories in old Postgres data path @@ -68,5 +68,5 @@ - name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service service: - daemon_reload: yes + daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 19a27562..0b7a60f8 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -27,7 +27,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -71,7 +71,7 @@ service: name: matrix-synapse state: stopped - daemon_reload: yes + daemon_reload: true - name: Run Postgres vacuum command command: "{{ matrix_postgres_vacuum_command }}" @@ -86,5 +86,5 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_synapse_was_running|bool" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 96a20d25..dc170460 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -65,7 +65,7 @@ state: directory owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - recurse: yes + recurse: true when: matrix_postgres_enabled|bool - name: Ensure Postgres environment variables file created @@ -115,7 +115,7 @@ - name: Ensure systemd reloaded after matrix-postgres.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed" - include_tasks: @@ -158,7 +158,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure matrix-postgres.service doesn't exist @@ -169,7 +169,7 @@ - name: Ensure systemd reloaded after matrix-postgres.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Check existence of matrix-postgres local data path diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 564265d8..bf98d938 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -64,7 +64,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -107,9 +107,9 @@ - name: Ensure matrix-postgres autoruns and is restarted service: name: matrix-postgres - enabled: yes + enabled: true state: restarted - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -166,7 +166,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true - debug: msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/matrix-postgres/tasks/util/create_additional_databases.yml index 0ad460dd..de87f98c 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_databases.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_databases.yml @@ -4,7 +4,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index cf595ade..73acb433 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -66,7 +66,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" - pull: yes + pull: true when: "matrix_postgres_pgloader_container_image_self_build|bool" - name: Ensure pgloader Docker image is pulled @@ -91,7 +91,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 5ef3646d..d62a689a 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 2ec0d23c..5e50a1d7 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics # See: https://prometheus.io/docs/guides/node-exporter/ diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index 2894b717..db44a7ab 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/matrix-prometheus-node-exporter/tasks/main.yml index 172b5721..71bbb8d7 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index fa8eb767..419f3592 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_systemd_service_result.changed" # @@ -38,8 +38,8 @@ service: name: matrix-prometheus-node-exporter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index 0139b916..210a0d97 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 0857d3e7..c96a6ea8 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -1,9 +1,10 @@ +--- # matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics # See: https://github.com/prometheus-community/postgres_exporter matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.10.0 +matrix_prometheus_postgres_exporter_version: v0.10.1 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" @@ -11,8 +12,8 @@ matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_promethe # A list of extra arguments to pass to the container matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true", - "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", - "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\"" ] + "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", + "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\""] # List of systemd services that matrix-prometheus-postgres-exporter.service depends on matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service'] @@ -46,4 +47,4 @@ matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_e matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' matrix_prometheus_postgres_exporter_dashboard_urls: -- "https://grafana.com/api/dashboards/9628/revisions/7/download" \ No newline at end of file + - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 2bd6904e..ddea23ab 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml index e3c364fa..e9497099 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index 37743b66..a6c49816 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" # @@ -38,8 +38,8 @@ service: name: matrix-prometheus-postgres-exporter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index 4c9a4eda..993ebac4 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index d76ce744..843a90e8 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -1,9 +1,10 @@ +--- # matrix-prometheus is an open-source systems monitoring and alerting toolkit # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md matrix_prometheus_enabled: false -matrix_prometheus_version: v2.31.1 +matrix_prometheus_version: v2.33.3 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/matrix-prometheus/tasks/init.yml index 12fae831..6587ddd9 100644 --- a/roles/matrix-prometheus/tasks/init.yml +++ b/roles/matrix-prometheus/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" when: matrix_prometheus_enabled|bool - - diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/matrix-prometheus/tasks/main.yml index 20f18cc3..c74918fa 100644 --- a/roles/matrix-prometheus/tasks/main.yml +++ b/roles/matrix-prometheus/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index 15a69279..80f3e5d7 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -46,5 +46,5 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_systemd_service_result.changed|bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index d99c1a8e..c9f07f52 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-prometheus state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_prometheus_service_stat.stat.exists|bool" @@ -22,5 +22,5 @@ - name: Ensure systemd reloaded after matrix-prometheus.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_service_stat.stat.exists|bool" diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/matrix-prometheus/templates/prometheus.yml.j2 index 869b2da8..f3262f48 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/matrix-prometheus/templates/prometheus.yml.j2 @@ -57,3 +57,9 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }} {% endif %} + + {% if matrix_prometheus_scraper_hookshot_enabled %} + - job_name: hookshot + static_configs: + - targets: {{ matrix_prometheus_scraper_hookshot_targets|to_json }} + {% endif %} diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 2070ece3..ad75d664 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 355679d0..88d3d739 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_redis_enabled: true matrix_redis_connection_password: "" diff --git a/roles/matrix-redis/tasks/init.yml b/roles/matrix-redis/tasks/init.yml index 49068851..99c52026 100644 --- a/roles/matrix-redis/tasks/init.yml +++ b/roles/matrix-redis/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" when: matrix_redis_enabled|bool diff --git a/roles/matrix-redis/tasks/main.yml b/roles/matrix-redis/tasks/main.yml index 595b09f5..430b6a64 100644 --- a/roles/matrix-redis/tasks/main.yml +++ b/roles/matrix-redis/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index f1f32238..a37174a3 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -33,7 +33,7 @@ state: directory owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - recurse: yes + recurse: true when: matrix_redis_enabled|bool - name: Ensure redis environment variables file created @@ -55,7 +55,7 @@ - name: Ensure systemd reloaded after matrix-redis.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_redis_enabled|bool and matrix_redis_systemd_service_result.changed" # @@ -72,8 +72,8 @@ service: name: matrix-redis state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Ensure matrix-redis.service doesn't exist @@ -84,7 +84,7 @@ - name: Ensure systemd reloaded after matrix-redis.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Check existence of matrix-redis local data path diff --git a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 b/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 index 9f9d2902..5f6699f8 100644 --- a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 +++ b/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 @@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-redis \ {{ matrix_redis_docker_image_to_use }} \ redis-server /usr/local/etc/redis/redis.conf -ExecStopPost=-/usr/bin/docker stop matrix-redis -ExecStopPost=-/usr/bin/docker rm matrix-redis +ExecStop=-/usr/bin/docker stop matrix-redis +ExecStop=-/usr/bin/docker rm matrix-redis Restart=always RestartSec=30 SyslogIdentifier=matrix-redis diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index 4705fb5e..d924551a 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-registration is a simple python application to have a token based matrix registration # See: https://zeratax.github.io/matrix-registration/ diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/matrix-registration/tasks/generate_token.yml index ae5bdf4c..4e337b01 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/matrix-registration/tasks/generate_token.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if playbook called incorrectly fail: msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars" @@ -23,7 +25,7 @@ "one_time": {{ 'true' if one_time == 'yes' else 'false' }}, "ex_date": {{ ex_date|to_json }} } - check_mode: no + check_mode: false register: matrix_registration_api_result - set_fact: @@ -37,7 +39,7 @@ Full token details are: {{ matrix_registration_api_result.json }} - check_mode: no + check_mode: false - name: Inject result message into matrix_playbook_runtime_results set_fact: @@ -47,4 +49,4 @@ + [matrix_registration_api_result_message] }} - check_mode: no + check_mode: false diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index 47220103..cae18258 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -10,49 +11,49 @@ when: matrix_registration_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-registration role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - set_fact: - matrix_registration_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; - rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; + - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy + set_fact: + matrix_registration_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; + rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; - location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-registration:5000"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8767/$1; - {% endif %} + location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-registration:5000"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8767/$1; + {% endif %} - {# - Workaround matrix-registration serving the background image at /static - (see https://github.com/ZerataX/matrix-registration/issues/47) - #} - sub_filter_once off; - sub_filter_types text/css; - sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; - } + {# + Workaround matrix-registration serving the background image at /static + (see https://github.com/ZerataX/matrix-registration/issues/47) + #} + sub_filter_once off; + sub_filter_types text/css; + sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; + } - - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_registration_matrix_nginx_proxy_configuration] - }} + - name: Register matrix-registration proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_registration_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_registration_enabled|bool diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/matrix-registration/tasks/list_tokens.yml index dea3eb31..9ef40d27 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/matrix-registration/tasks/list_tokens.yml @@ -1,3 +1,5 @@ +--- + - name: Call matrix-registration list all tokens API uri: url: "{{ matrix_registration_api_token_endpoint }}" @@ -8,7 +10,7 @@ Authorization: "SharedSecret {{ matrix_registration_admin_secret }}" method: GET body_format: json - check_mode: no + check_mode: false register: matrix_registration_api_result - set_fact: @@ -16,7 +18,7 @@ matrix-registration result: {{ matrix_registration_api_result.json | to_nice_json }} - check_mode: no + check_mode: false - name: Inject result message into matrix_playbook_runtime_results set_fact: @@ -26,4 +28,4 @@ + [matrix_registration_api_result_message] }} - check_mode: no + check_mode: false diff --git a/roles/matrix-registration/tasks/main.yml b/roles/matrix-registration/tasks/main.yml index 3324e083..ca574384 100644 --- a/roles/matrix-registration/tasks/main.yml +++ b/roles/matrix-registration/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 0d7da9ce..31e9c35d 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -39,10 +39,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_registration_base_path }}", when: true } - - { path: "{{ matrix_registration_config_path }}", when: true } - - { path: "{{ matrix_registration_data_path }}", when: true } - - { path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} + - {path: "{{ matrix_registration_base_path }}", when: true} + - {path: "{{ matrix_registration_config_path }}", when: true} + - {path: "{{ matrix_registration_data_path }}", when: true} + - {path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} when: "item.when|bool" - name: Ensure matrix-registration image is pulled @@ -71,7 +71,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_registration_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_registration_container_image_self_build|bool" - name: Ensure matrix-registration config installed @@ -91,7 +91,7 @@ - name: Ensure systemd reloaded after matrix-registration.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_registration_systemd_service_result.changed|bool" - name: Ensure matrix-registration.service restarted, if necessary diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml index 8afd1084..4b7c195f 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/matrix-registration/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-registration state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_registration_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-registration.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_registration_service_stat.stat.exists|bool" - name: Ensure matrix-registration Docker image doesn't exist diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 index 8de331bf..e73e3e5f 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 595f8022..15bce68c 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Sygnal is a reference Push Gateway for Matrix. # To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app. # Learn more here: https://github.com/matrix-org/sygnal diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/matrix-sygnal/tasks/init.yml index 559a3681..efa17a4d 100644 --- a/roles/matrix-sygnal/tasks/init.yml +++ b/roles/matrix-sygnal/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" when: matrix_sygnal_enabled|bool diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/matrix-sygnal/tasks/main.yml index c00862a4..38579822 100644 --- a/roles/matrix-sygnal/tasks/main.yml +++ b/roles/matrix-sygnal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index b85b6bff..cd54a51d 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -36,5 +36,5 @@ - name: Ensure systemd reloaded after matrix-sygnal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_sygnal_systemd_service_result.changed|bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml index f2b6133f..5a81a1b2 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/matrix-sygnal/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-sygnal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_sygnal_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-sygnal.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_sygnal_service_stat.stat.exists|bool" - name: Ensure Sygnal base directory doesn't exist diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index 1cf8357e..2121edf4 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if no Sygnal apps defined fail: msg: >- diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 84c6f6ea..019ab40c 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index db1024fa..0aa19e86 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-synapse-admin is a web UI for mananging the Synapse Matrix server # See: https://github.com/Awesome-Technologies/synapse-admin @@ -8,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_version: 0.8.4 +matrix_synapse_admin_version: 0.8.5 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index 3ce5a693..ccaa03f6 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -10,40 +11,40 @@ when: matrix_synapse_admin_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - set_fact: - matrix_synapse_admin_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; + - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy + set_fact: + matrix_synapse_admin_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; - location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-admin:80"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8766/$1; - {% endif %} - } + location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-admin:80"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8766/$1; + {% endif %} + } - - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_synapse_admin_matrix_nginx_proxy_configuration] - }} + - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_synapse_admin_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_synapse_admin_enabled|bool diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/matrix-synapse-admin/tasks/main.yml index b5cb1689..0095f753 100644 --- a/roles/matrix-synapse-admin/tasks/main.yml +++ b/roles/matrix-synapse-admin/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 9eac7f90..ab1e6d46 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -30,7 +30,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_synapse_admin_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" - name: Ensure matrix-synapse-admin.service installed @@ -43,7 +43,7 @@ - name: Ensure systemd reloaded after matrix-synapse-admin.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed" # @@ -59,8 +59,8 @@ service: name: matrix-synapse-admin state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" @@ -72,7 +72,7 @@ - name: Ensure systemd reloaded after matrix-synapse-admin.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin Docker image doesn't exist diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 28fe08aa..4823d89c 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 2288ce83..3e3ee121 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Synapse is a Matrix homeserver # See: https://github.com/matrix-org/synapse @@ -8,16 +9,8 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -# The if statement below may look silly at times (leading to the same version being returned), -# but ARM-compatible container images are only released 1-7 hours after a release, -# so we may often be on different versions for different architectures when new Synapse releases come out. -# -# amd64 gets released first. -# arm32 relies on self-building, so the same version can be built immediately. -# arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.50.1 -matrix_synapse_version_arm64: v1.50.1 -matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" +matrix_synapse_version: v1.53.0 +matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" @@ -471,7 +464,7 @@ matrix_synapse_database_database: "synapse" matrix_synapse_turn_uris: [] matrix_synapse_turn_shared_secret: "" -matrix_synapse_turn_allow_guests: False +matrix_synapse_turn_allow_guests: false matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" @@ -496,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals # Enable this to activate the Shared Secret Auth password provider module. # See: https://github.com/devture/matrix-synapse-shared-secret-auth matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false -matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" +matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true +# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605 +matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false +matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}" +matrix_synapse_ext_password_provider_shared_secret_config_yaml: | + shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} + m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|to_json }} + com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }} # Enable this to activate LDAP password provider matrix_synapse_ext_password_provider_ldap_enabled: false @@ -517,7 +518,7 @@ matrix_synapse_ext_password_provider_ldap_default_domain: "" # See: https://github.com/t2bot/synapse-simple-antispam matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam" -matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "923ca5c85b08f157181721abbae50dd89c31e4b5" +matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "5ab711971e3a4541a7a40310ff85e17f8262cc05" matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: [] # Enable this to activate the Mjolnir Antispam spam-checker module. @@ -541,6 +542,30 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] +# Enable this to activate the E2EE disabling Synapse module. +# See: https://github.com/digitalentity/matrix_encryption_disabler +matrix_synapse_ext_encryption_disabler_enabled: false +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py" +# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. +# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. +matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] +# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list. +# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver. +# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them. +matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"] +# Specifies whether the power levels event (setting) provided during room creation should be patched. +# This makes it impossible for anybody (locally or over federation) from enabling room encryption +# for the lifetime of rooms created while this setting is enabled (irreversible). +# Enabling this may have incompatiblity consequences with servers / clients. +# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler +matrix_synapse_ext_encryption_disabler_patch_power_levels: false +matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}" +matrix_synapse_ext_encryption_config_yaml: | + deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }} + deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }} + patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels|to_json }} + + matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" @@ -580,7 +605,12 @@ matrix_synapse_default_room_version: "9" # If not, you can also control its value manually. matrix_synapse_spam_checker: [] -matrix_synapse_encryption_enabled_by_default_for_room_type: off +# Controls the Synapse `modules` list. +# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2` +# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. +matrix_synapse_modules: [] + +matrix_synapse_encryption_enabled_by_default_for_room_type: "off" matrix_synapse_trusted_key_servers: - server_name: "matrix.org" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml new file mode 100644 index 00000000..8fda082d --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" + when: matrix_synapse_ext_encryption_disabler_enabled|bool + +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" + when: "not matrix_synapse_ext_encryption_disabler_enabled|bool" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml new file mode 100644 index 00000000..dfc15a20 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -0,0 +1,33 @@ +--- + +- name: Download matrix_encryption_disabler + get_url: + url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}" + dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" + force: true + mode: 0440 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- set_fact: + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "matrix_e2ee_filter.EncryptedRoomFilter", + "config": matrix_synapse_ext_encryption_config + } + ] + }} + + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml new file mode 100644 index 00000000..a532464d --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix_encryption_disabler doesn't exist + file: + path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" + state: absent diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index e760626d..374c9e55 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_synapse_password_providers_enabled: true diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index a416e42b..ec298ccd 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -5,7 +5,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) @@ -13,7 +13,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'Debian'" - name: Ensure git installed (Archlinux) @@ -21,7 +21,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_distribution == 'Archlinux'" - name: Clone mjolnir-antispam git repository diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 31637fa9..25c8809d 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml" + - import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index af92041d..f408e2f9 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -5,6 +5,11 @@ msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" +- name: Fail if no Shared Secret Auth login types enabled + fail: + msg: "Shared Secret Auth is enabled, but none of the login types are" + when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)" + - name: Download matrix-synapse-shared-secret-auth get_url: url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" @@ -15,7 +20,17 @@ group: "{{ matrix_user_groupname }}" - set_fact: - matrix_synapse_password_providers_enabled: true + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "shared_secret_authenticator.SharedSecretAuthProvider", + "config": matrix_synapse_ext_password_provider_shared_secret_config + } + ] + }} matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 2599e7f1..740d9474 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -10,7 +10,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) @@ -18,7 +18,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'Debian'" - name: Ensure git installed (Archlinux) @@ -26,7 +26,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_distribution == 'Archlinux'" - name: Clone synapse-simple-antispam git repository @@ -38,8 +38,8 @@ become_user: "{{ matrix_user_username }}" - set_fact: - matrix_synapse_spam_checker: > - {{ matrix_synapse_spam_checker }} + matrix_synapse_modules: > + {{ matrix_synapse_modules }} + [{ "module": "synapse_simple_antispam.AntiSpamInvites", diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 147efabf..9e3870e5 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" - name: Ensure Goofys Docker image is pulled @@ -12,7 +14,7 @@ stat: path: "{{ matrix_s3_media_store_path }}" register: local_path_matrix_s3_media_store_path_stat - ignore_errors: yes + ignore_errors: true - name: Ensure Matrix Goofys external storage mountpoint exists file: @@ -39,5 +41,5 @@ - name: Ensure systemd reloaded after matrix-goofys.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 317a5371..c00206ef 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-goofys service stat: path: "{{ matrix_systemd_path }}/matrix-goofys.service" @@ -7,8 +9,8 @@ service: name: matrix-goofys state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_goofys_service_stat.stat.exists" @@ -20,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-goofys.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_goofys_service_stat.stat.exists" - name: Ensure goofys environment variables file doesn't exist diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index 42455b44..8e962680 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -44,8 +44,8 @@ service: name: matrix-synapse state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result # This can only work with local files, not if the media store is on Amazon S3, @@ -54,11 +54,11 @@ synchronize: src: "{{ server_path_media_store }}/" dest: "{{ matrix_synapse_media_store_path }}" - delete: yes + delete: true # It's wasteful to preserve owner/group now. We chown below anyway. - owner: no - group: no - times: yes + owner: false + group: false + times: true delegate_to: "{{ inventory_hostname }}" # This is for the generic case and fails in other cases (remote file systems), @@ -68,7 +68,7 @@ path: "{{ matrix_synapse_media_store_path }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - recurse: yes + recurse: true when: "not matrix_s3_media_store_enabled|bool" # We don't chown for Goofys, because due to the way it's mounted, @@ -78,7 +78,7 @@ service: name: "{{ item }}" state: started - daemon_reload: yes + daemon_reload: true when: "stopping_result.changed" with_items: - matrix-synapse diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index bc23fc86..88065049 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -1,8 +1,9 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 17eef9cc..55235843 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always @@ -52,4 +54,4 @@ set_fact: matrix_synapse_role_executed: true tags: - - always + - always diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 9c2a3ea0..2a1c5708 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -19,7 +19,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Wait a while, so that Synapse can manage to start diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 46cad808..36ef0a3a 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -1,3 +1,5 @@ +--- + - debug: msg: "Compressing room `{{ room_details.room_id }}` having {{ room_details.count }} state group rows" diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 106c59d5..ad8497cc 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -1,3 +1,4 @@ +--- # Pre-checks - name: Fail if Postgres not enabled @@ -80,12 +81,12 @@ # Row 3 contains a space when there's no result. - block: - - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" + - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" - - name: Fail if room find result is not what we expect - fail: - msg: >- - Expecting 4 lines in the "find rooms" result. + - name: Fail if room find result is not what we expect + fail: + msg: >- + Expecting 4 lines in the "find rooms" result. when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" - block: diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 30244d50..407a79ff 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,7 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true - check_mode: no + check_mode: false when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 57c9e56b..32249372 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,7 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true - check_mode: no + check_mode: false when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working @@ -17,7 +17,7 @@ - name: Fail if Matrix Federation API unexpectedly enabled fail: - msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." + msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index f8bc05a1..47e404f4 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_synapse_config_dir_path }}", when: true } - - { path: "{{ matrix_synapse_ext_path }}", when: true } - - { path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}" } + - {path: "{{ matrix_synapse_config_dir_path }}", when: true} + - {path: "{{ matrix_synapse_ext_path }}", when: true} + - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 09ec798d..bd7da90d 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -5,7 +5,7 @@ stat: path: "{{ matrix_synapse_media_store_path }}" register: local_path_media_store_stat - ignore_errors: yes + ignore_errors: true # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. @@ -18,25 +18,33 @@ group: "{{ matrix_user_groupname }}" when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" -- name: Ensure Synapse repository is present on self-build - git: - repo: "{{ matrix_synapse_container_image_self_build_repo }}" - dest: "{{ matrix_synapse_docker_src_files_path }}" - version: "{{ matrix_synapse_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_synapse_git_pull_results - when: "matrix_synapse_container_image_self_build|bool" +- block: + - name: Ensure Synapse repository is present on self-build + git: + repo: "{{ matrix_synapse_container_image_self_build_repo }}" + dest: "{{ matrix_synapse_docker_src_files_path }}" + version: "{{ matrix_synapse_docker_image.split(':')[1] }}" + force: "yes" + register: matrix_synapse_git_pull_results -- name: Ensure Synapse Docker image is built - docker_image: - name: "{{ matrix_synapse_docker_image }}" - source: build - force_source: "{{ matrix_synapse_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_git_pull_results.changed }}" - build: - dockerfile: docker/Dockerfile - path: "{{ matrix_synapse_docker_src_files_path }}" - pull: yes + - name: Check if Synapse Docker image exists + command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + register: matrix_synapse_docker_image_check_result + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Synapse Docker image is built + shell: + chdir: "{{ matrix_synapse_docker_src_files_path }}" + cmd: | + {{ matrix_host_command_docker }} build \ + -t "{{ matrix_synapse_docker_image }}" \ + -f docker/Dockerfile \ + . + environment: + DOCKER_BUILDKIT: 1 + when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''" when: "matrix_synapse_container_image_self_build|bool" - name: Ensure Synapse Docker image is pulled @@ -55,10 +63,10 @@ # We do this so that the signing key would get generated. # # This will also generate a default homeserver.yaml configuration file and a log configuration file. -# We don't care about those configuraiton files, as we replace them with our own anyway (see below). +# We don't care about those configuration files, as we replace them with our own anyway (see below). # # We don't use the `docker_container` module, because using it with `cap_drop` requires -# a very recent version, which is not available for a lot of people yet. +# a very recent docker-py version, which is not available for a lot of people yet. - name: Generate initial Synapse config and signing key command: | docker run @@ -97,7 +105,7 @@ - name: Ensure systemd reloaded after matrix-synapse.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_systemd_service_result.changed" - name: Ensure matrix-synapse-register-user script created diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 070856e4..911d1285 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-synapse service stat: path: "{{ matrix_systemd_path }}/matrix-synapse.service" @@ -7,8 +9,8 @@ service: name: matrix-synapse state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_synapse_service_stat.stat.exists" @@ -20,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-synapse.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_service_stat.stat.exists" - name: Ensure Synapse Docker image doesn't exist diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index c6fc32c3..f59313bd 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -1,3 +1,4 @@ +--- # Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. # # set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index d0440d22..f0357611 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -8,7 +8,7 @@ name: "{{ item.key }}" state: stopped with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" - when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 + when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 - name: Find worker configs to be cleaned find: diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml index 62b42625..2669e149 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml @@ -1,3 +1,4 @@ +--- # The tasks below run before `validate_config.yml`. # To avoid failing with a cryptic error message, we'll do validation here. # diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index 93ed6575..2247cd89 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 78136785..fd348d9d 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -19,14 +19,14 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Ensure matrix-postgres is started service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: postgres_start_result diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 6dcb50ce..89107c0a 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -48,6 +48,7 @@ - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} + - {'old': 'matrix_synapse_version_arm64', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index f74cbad9..df4a4f23 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -27,10 +27,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' TimeoutStartSec=5min -ExecStopPost=-{{ matrix_host_command_docker }} stop %n -ExecStopPost=-{{ matrix_host_command_docker }} kill %n -ExecStopPost=-{{ matrix_host_command_docker }} rm %n -ExecStopPost=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} +ExecStop=-{{ matrix_host_command_docker }} stop %n +ExecStop=-{{ matrix_host_command_docker }} kill %n +ExecStop=-{{ matrix_host_command_docker }} rm %n +ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} Restart=always RestartSec=5 SyslogIdentifier=matrix-goofys diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 902aaa71..0308b406 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -15,12 +15,13 @@ # See https://matrix-org.github.io/synapse/latest/modules/index.html for more # documentation on how to configure or create custom modules for Synapse. # -modules: - # - module: my_super_module.MySuperClass - # config: - # do_thing: true - # - module: my_other_super_module.SomeClass - # config: {} +#modules: + #- module: my_super_module.MySuperClass + # config: + # do_thing: true + #- module: my_other_super_module.SomeClass + # config: {} +modules: {{ matrix_synapse_modules|to_json }} ## Server ## @@ -49,13 +50,7 @@ server_name: "{{ matrix_domain }}" # pid_file: /homeserver.pid -# The absolute URL to the web client which /_matrix/client will redirect -# to if 'webclient' is configured under the 'listeners' configuration. -# -# This option can be also set to the filesystem path to the web client -# which will be served at /_matrix/client/ if 'webclient' is configured -# under the 'listeners' configuration, however this is a security risk: -# https://github.com/matrix-org/synapse#security-note +# The absolute URL to the web client which / will redirect to. # #web_client_location: https://riot.example.com/ @@ -139,7 +134,7 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe # The default room version for newly created rooms. # # Known room versions are listed here: -# https://matrix.org/docs/spec/#complete-list-of-room-versions +# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions # # For example, for room version 1, default_room_version should be set # to "1". @@ -284,8 +279,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) # -# webclient: A web client. Requires web_client_location to be set. -# listeners: {% if matrix_synapse_metrics_enabled %} - type: metrics @@ -495,6 +488,20 @@ limit_remote_rooms: # #allow_per_room_profiles: false +# The largest allowed file size for a user avatar. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#max_avatar_size: 10M + +# The MIME types allowed for user avatars. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"] + # How long to keep redacted events in unredacted form in the database. After # this period redacted events get replaced with their redacted form in the DB. # @@ -769,11 +776,16 @@ caches: per_cache_factors: #get_users_who_share_room_with_user: 2.0 - # Controls how long an entry can be in a cache without having been - # accessed before being evicted. Defaults to None, which means - # entries are never evicted based on time. + # Controls whether cache entries are evicted after a specified time + # period. Defaults to true. Uncomment to disable this feature. + # + #expire_caches: false + + # If expire_caches is enabled, this flag controls how long an entry can + # be in a cache without having been accessed before being evicted. + # Defaults to 30m. Uncomment to set a different time to live for cache entries. # - #expiry_time: 30m + #cache_entry_ttl: 30m # Controls how long the results of a /sync request are cached for after # a successful response is returned. A higher duration can help clients with @@ -883,6 +895,9 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config" # - one for ratelimiting how often a user or IP can attempt to validate a 3PID. # - two for ratelimiting how often invites can be sent in a room or to a # specific user. +# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID +# such as an email address or a phone number) based on the account that's +# sending the invite. # # The defaults are as shown below. # @@ -937,6 +952,10 @@ rc_joins: {{ matrix_synapse_rc_joins|to_json }} # per_user: # per_second: 0.003 # burst_count: 5 +# +#rc_third_party_invite: +# per_second: 0.2 +# burst_count: 10 # Ratelimiting settings for incoming federation # @@ -1465,6 +1484,16 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json # #auto_join_rooms_for_guests: false +# Whether to inhibit errors raised when registering a new account if the user ID +# already exists. If turned on, that requests to /register/available will always +# show a user ID as available, and Synapse won't raise an error when starting +# a registration with a user ID that already exists. However, Synapse will still +# raise an error if the registration completes and the username conflicts. +# +# Defaults to false. +# +#inhibit_user_in_use_error: true + ## Metrics ### @@ -1534,6 +1563,21 @@ room_prejoin_state: #additional_event_types: # - org.example.custom.event.type +# We record the IP address of clients used to access the API for various +# reasons, including displaying it to the user in the "Where you're signed in" +# dialog. +# +# By default, when puppeting another user via the admin API, the client IP +# address is recorded against the user who created the access token (ie, the +# admin user), and *not* the puppeted user. +# +# Uncomment the following to also record the IP address against the puppeted +# user. (This also means that the puppeted user will count as an "active" user +# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc +# above.) +# +#track_puppeted_user_ips: true + # A list of application service config files to use # @@ -1899,10 +1943,13 @@ saml2_config: # Defaults to false. Avoid this in production. # # user_profile_method: Whether to fetch the user profile from the userinfo -# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'. +# endpoint, or to rely on the data returned in the id_token from the +# token_endpoint. +# +# Valid values are: 'auto' or 'userinfo_endpoint'. # -# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is -# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the +# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is +# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the # userinfo endpoint. # # allow_existing_users: set to 'true' to allow a user logging in via OIDC to @@ -2551,11 +2598,6 @@ email: # #filter: "(objectClass=posixAccount)" {% if matrix_synapse_password_providers_enabled %} password_providers: -{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %} - - module: "shared_secret_authenticator.SharedSecretAuthenticator" - config: - sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} -{% endif %} {% if matrix_synapse_ext_password_provider_rest_auth_enabled %} - module: "rest_auth_provider.RestAuthProvider" config: diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 66a323f9..43dc42d1 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -46,8 +46,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} -ExecStopPost=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStopPost=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} ExecReload={{ matrix_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' Restart=always diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index bfc8dd61..188db5ef 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -63,8 +63,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 1a279ad6..48530312 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -64,7 +64,7 @@ matrix_synapse_workers_generic_worker_endpoints: # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ - - ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$ + - ^/_matrix/client/v1/register/m.login.registration_token/validity$ # Event sending requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact diff --git a/setup.yml b/setup.yml index aa1ea68b..68740b4a 100755 --- a/setup.yml +++ b/setup.yml @@ -36,6 +36,7 @@ - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-bridge-heisenbridge + - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-honoroit - matrix-bot-go-neb