From a1cbd5459c706dc1c025e973a224c859a9dc1b53 Mon Sep 17 00:00:00 2001 From: Wm Salt Hale Date: Tue, 12 Oct 2021 09:49:16 -0700 Subject: [PATCH 001/419] Update Synapse default room version (6 -> 9) From the [Synapse 1.43.0 release highlights](https://matrix.org/blog/2021/09/21/synapse-1-43-0-released): > Asks clients to prefer [room version 9](https://github.com/matrix-org/matrix-doc/pull/3375) when creating restricted rooms ([#10772](https://github.com/matrix-org/synapse/issues/10772)), via the API defined in [MSC3244: room version capabilities](https://github.com/matrix-org/matrix-doc/pull/3244). --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 460483e0..d741e034 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -561,7 +561,7 @@ matrix_synapse_room_list_publication_rules: room_id: "*" action: allow -matrix_synapse_default_room_version: "6" +matrix_synapse_default_room_version: "9" # Controls the Synapse `spam_checker` setting. # From 621251c1e52993529bc2518d42885307eab83ac1 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Mon, 3 Jan 2022 21:22:42 +0100 Subject: [PATCH 002/419] hookshot role groundwork --- docs/configuring-playbook-bridge-hookshot.md | 16 +++ group_vars/matrix_servers | 36 ++++++ .../matrix-bridge-hookshot/defaults/main.yml | 118 ++++++++++++++++++ roles/matrix-bridge-hookshot/tasks/init.yml | 101 +++++++++++++++ roles/matrix-bridge-hookshot/tasks/main.yml | 15 +++ .../tasks/setup_install.yml | 38 ++++++ .../tasks/setup_uninstall.yml | 28 +++++ .../templates/config.yml.j2 | 110 ++++++++++++++++ .../templates/registration.yml.j2 | 16 +++ .../systemd/matrix-hookshot.service.j2 | 37 ++++++ 10 files changed, 515 insertions(+) create mode 100644 docs/configuring-playbook-bridge-hookshot.md create mode 100644 roles/matrix-bridge-hookshot/defaults/main.yml create mode 100644 roles/matrix-bridge-hookshot/tasks/init.yml create mode 100644 roles/matrix-bridge-hookshot/tasks/main.yml create mode 100644 roles/matrix-bridge-hookshot/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-hookshot/templates/config.yml.j2 create mode 100644 roles/matrix-bridge-hookshot/templates/registration.yml.j2 create mode 100644 roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md new file mode 100644 index 00000000..d2bbd721 --- /dev/null +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -0,0 +1,16 @@ +# Setting up Hookshot (optional) + +The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. + +See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does and why it might be useful to you. + + +## Setup Instructions + +Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. + +1. For each of the services (GitHub, GitLab, JIRA, generic webhooks) fill in the respected variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. +2. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. +3. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start bridging things. + +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` variable. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8edcd6ba..7456aad8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -645,6 +645,42 @@ matrix_heisenbridge_systemd_wanted_services_list: | # ###################################################################### +###################################################################### +# +# matrix-bridge-hookshot +# +###################################################################### + +# We don't enable bridges by default. +matrix_hookshot_enabled: false + +matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" + +matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" + +matrix_hookshot_systemd_wanted_services_list: | + {{ + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_hookshot_container_http_host_bind_ports: +{% if matrix_nginx_proxy_enabled %} + [] +{% else %} + - "{{ '127.0.0.1:' ~ matrix_hookshot_hookshot_port ~ ':' ~ matrix_hookshot_hookshot_port }}" + - "{{ '127.0.0.1:' ~ matrix_hookshot_metrics_port ~ ':' ~ matrix_hookshot_metrics_port }}" + - "{{ '127.0.0.1:' ~ matrix_hookshot_webhook_port ~ ':' ~ matrix_hookshot_webhook_port }}" + - "{{ '127.0.0.1:' ~ matrix_hookshot_provisioning_port ~ ':' ~ matrix_hookshot_provisioning_port }}" +{% endif %} + +###################################################################### +# +# /matrix-bridge-hookshot +# +###################################################################### + ###################################################################### # # matrix-bridge-mx-puppet-skype diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml new file mode 100644 index 00000000..57438908 --- /dev/null +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -0,0 +1,118 @@ +# A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. +# https://github.com/Half-Shot/matrix-hookshot + +matrix_hookshot_enabled: true + +matrix_hookshot_version: 1.0.0 +matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/hookshot:{{ matrix_hookshot_version }}" +matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" + +matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" + +matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" + +matrix_hookshot_public_endpoint: /hookshot + +# metrics work only in conjunction with matrix_synapse_metrics_enabled etc +matrix_hookshot_metrics_enabled: true +matrix_hookshot_metrics_port: 9001 + +matrix_hookshot_hookshot_port: 9993 +matrix_hookshot_webhook_port: 9000 + +# you need to create a GitHub app to enable this +# https://half-shot.github.io/matrix-hookshot/setup/github.html +matrix_hookshot_github_enabled: true +matrix_hookshot_github_appid: 123 +matrix_hookshot_github_private_key: '' +matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page +matrix_hookshot_github_oauth_enabled: true +matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page +matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page +matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_public_endpoint }}/oauth" +matrix_hookshot_github_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +matrix_hookshot_github_ignore_hooks: '{}' +matrix_hookshot_github_command_prefix: '!gh' +matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_pr_diff: '{enabled: false, maxLines: 5}' +matrix_hookshot_github_including_labels: '' +matrix_hookshot_github_excluding_labels: '' + +matrix_hookshot_gitlab_enabled: true +matrix_hookshot_gitlab_instances: + gitlab.com: + url: https://gitlab.com + +matrix_hookshot_gitlab_secret: '' + +matrix_hookshot_jira_enabled: true +matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_oauth_id: '' +matrix_hookshot_jira_oauth_secret: '' +matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_public_endpoint }}/jira/oauth" +matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" + +matrix_hookshot_generic_enabled: true +matrix_hookshot_generic_endpoint: '{{ matrix_hookshot_public_endpoint }}/webhooks' +matrix_hookshot_generic_urlprefix: '{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}' +matrix_hookshot_generic_allow_js_transformation_functions: false +matrix_hookshot_generic_user_id_prefix: 'webhooks_' + +# matrix_hookshot_provisioning_port: 9002 +matrix_hookshot_provisioning_secret: '' + +# A list of extra arguments to pass to the container +matrix_hookshot_container_extra_arguments: [] + +# List of systemd services that service depends on. +matrix_hookshot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that service wants +matrix_hookshot_systemd_wanted_services_list: [] + +matrix_hookshot_appservice_token: '' +matrix_hookshot_homeserver_token: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrixhookshot_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_hookshot_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}" + +matrix_hookshot_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_hookshot_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_hookshot_configuration_yaml`. + +matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_extension_yaml|from_yaml if matrix_hookshot_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_configuration_yaml`. +matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml|from_yaml|combine(matrix_hookshot_configuration_extension, recursive=True) }}" + +# Default registration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrixhookshot_registration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_hookshot_registration_yaml: "{{ lookup('template', 'templates/registration.yml.j2') }}" + +matrix_hookshot_registration_extension_yaml: | + # Your custom YAML registration goes here. + # This registration extends the default starting registration (`matrix_hookshot_registration_yaml`). + # + # You can override individual variables from the default registration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_hookshot_registration_yaml`. + +matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extension_yaml|from_yaml if matrix_hookshot_registration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final registration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_registration_yaml`. +matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml|from_yaml|combine(matrix_hookshot_registration_extension, recursive=True) }}" diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml new file mode 100644 index 00000000..f71ae843 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -0,0 +1,101 @@ +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-hookshot role needs to execute before the matrix-synapse role. + when: "matrix_hookshot_enabled and matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}" + when: matrix_hookshot_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yaml,dst=/hookshot-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/hookshot-registration.yaml"] }} + when: matrix_hookshot_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + location ~ ^{{ matrix_hookshot_public_endpoint }}/metrics$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-hookshot:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + proxy_set_header Host $host; + {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + {% endif %} + } + location ~ ^{{ matrix_hookshot_generic_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-hookshot:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + location ~ ^{{ matrix_hookshot_public_endpoint }}/(.*)$ { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-hookshot:{{ matrix_hookshot_hookshot_port }}"; + proxy_pass http://$backend/$1; + } + {% else %} + {# Generic configuration for use outside of our container setup #} + location {{ matrix_hookshot_public_endpoint }}/ { + proxy_pass http://127.0.0.1:{{ matrix_hookshot_hookshot_port }}/; + } + {% endif %} + + - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_hookshot_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` + URL endpoint to the matrix-hookshot container. + You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. + when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/matrix-bridge-hookshot/tasks/main.yml new file mode 100644 index 00000000..52d90aa1 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/main.yml @@ -0,0 +1,15 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml new file mode 100644 index 00000000..55f37c8d --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -0,0 +1,38 @@ +--- + +- name: Ensure hookshot image is pulled + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + +- name: Ensure hookshot paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_hookshot_base_path }}" + +- name: Ensure hookshot registration.yaml installed if provided + copy: + content: "{{ matrix_hookshot_registration|to_nice_yaml }}" + dest: "{{ matrix_hookshot_base_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-hookshot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-hookshot.service" + mode: 0644 + register: matrix_hookshot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-hookshot.service installation + service: + daemon_reload: yes + when: matrix_hookshot_systemd_service_result.changed diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml new file mode 100644 index 00000000..52e126e9 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -0,0 +1,28 @@ +--- + +- name: Check existence of matrix-hookshot service + stat: + path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + register: matrix_hookshot_service_stat + +- name: Ensure matrix-hookshot is stopped + service: + name: matrix-hookshot + state: stopped + enabled: no + daemon_reload: yes + when: "matrix_hookshot_service_stat.stat.exists" + +- name: Ensure matrix-hookshot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + state: absent + when: "matrix_hookshot_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-hookshot.service removal + service: + daemon_reload: yes + when: "matrix_hookshot_service_stat.stat.exists" + +# remove base_path? +# remove docker image? diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 new file mode 100644 index 00000000..f23c6748 --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -0,0 +1,110 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Basic homeserver configuration + # + domain: {{ matrix_domain }} + url: {{ matrix_hookshot_homeserver_address }} + mediaUrl: { matrix_hookshot_homeserver_address }} + port: {{ matrix_hookshot_hookshot_port }} + bindAddress: 0.0.0.0 +{% if matrix_hookshot_github_enabled %} +github: + # (Optional) Configure this to enable GitHub support + # + auth: + # Authentication for the GitHub App. + # + id: {{ matrix_hookshot_github_appid }} + privateKeyFile: {{ matrix_hookshot_github_private_key }} + webhook: + # Webhook settings for the GitHub app. + # + secret: {{ matrix_hookshot_github_secret }} +{% if matrix_hookshot_github_oauth_enabled %} + oauth: + # (Optional) Settings for allowing users to sign in via OAuth. + # + client_id: {{ matrix_hookshot_github_oauth_id }} + client_secret: {{ matrix_hookshot_github_oauth_secret }} + redirect_uri: {{ matrix_hookshot_github_oauth_uri }} +{% endif %} + defaultOptions: + # (Optional) Default options for GitHub connections. + # + ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} + commandPrefix: {{ matrix_hookshot_github_command_prefix }} + showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + prDiff: {{ matrix_hookshot_github_pr_diff }} + includingLabels:{{ matrix_hookshot_github_including_labels }} + excludingLabels: {{ matrix_hookshot_github_excluding_labels }} +{% endif %} +{% if matrix_hookshot_gitlab_enabled %} +gitlab: + # (Optional) Configure this to enable GitLab support + # + instances: + {{ matrix_hookshot_gitlab_instances }} + webhook: + secret: {{ matrix_hookshot_gitlab_secret }} +{% endif %} +{% if matrix_hookshot_jira_enabled %} +jira: + # (Optional) Configure this to enable Jira support + # + webhook: + secret: {{ matrix_hookshot_jira_secret }} + oauth: + client_id: {{ matrix_hookshot_jira_oauth_id }} + client_secret: {{ matrix_hookshot_jira_oauth_secret }} + redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} +{% endif %} +{% if matrix_hookshot_generic_enabled %} +generic: + # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments + # + enabled: {{ matrix_hookshot_generic_enabled }} + urlPrefix: {{ matrix_hookshot_generic_urlprefix }} + allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} + userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix }} +{% endif %} +provisioning: + # (Optional) Provisioning API for integration managers + # + secret: {{ matrix_hookshot_provisioning_secret }} +passFile: + # A passkey used to encrypt tokens stored inside the bridge. + # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate + # + passkey.pem +bot: + # (Optional) Define profile information for the bot user + # + displayname: GitHub Bot + avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d +metrics: + # (Optional) Prometheus metrics support + # + enabled: {{ matrix_hookshot_metrics_enabled }} +logging: + # (Optional) Logging settings. You can have a severity debug,info,warn,error + # + level: info +listeners: + # (Optional) HTTP Listener configuration. + # Bind resource endpoints to ports and addresses. + # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice + # + - port: {{ matrix_hookshot_webhook_port }} + bindAddress: 0.0.0.0 + resources: + - webhooks + - widgets + - port: {{ matrix_hookshot_metrics_port }} + bindAddress: 0.0.0.0 + resources: + - metrics + - port: {{ matrix_hookshot_hookshot_port }} + bindAddress: 0.0.0.0 + resources: + - provisioning + - appservice diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 new file mode 100644 index 00000000..24cd1f4c --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -0,0 +1,16 @@ +#jinja2: lstrip_blocks: "True" +id: matrix-hookshot # This can be anything, but must be unique within your homeserver +as_token: {{ matrix_hookshot_appservice_token }} # This again can be a random string +hs_token: {{ matrix_hookshot_homeserver_token }} # ..as can this +namespaces: + rooms: [] + users: + - regex: "@_github_.*:{{ matrix_domain }}" + exclusive: true + aliases: + - regex: "#github_.+:{{ matrix_domain }}" + exclusive: true + +sender_localpart: hookshot +url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_hookshot_port }}" # This should match the bridge.port in your config file +rate_limited: false diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 new file mode 100644 index 00000000..c06456af --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. +{% for service in matrix_hookshot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_hookshot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-hookshot +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-hookshot + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-hookshot \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_hookshot_base_path }}:/data:z \ + {% for arg in matrix_hookshot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_hookshot_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-hookshot +ExecStop=-{{ matrix_host_command_docker }} rm matrix-hookshot +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-hookshot + +[Install] +WantedBy=multi-user.target From b8ee1980ea559615d66b8130122fed83606758e4 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Thu, 6 Jan 2022 18:55:36 +0100 Subject: [PATCH 003/419] refine hookshot role --- docs/configuring-playbook-bridge-hookshot.md | 5 +- .../matrix-bridge-hookshot/defaults/main.yml | 58 +++++++++++++++---- roles/matrix-bridge-hookshot/tasks/init.yml | 45 +++++++++----- .../tasks/setup_install.yml | 21 +++++++ .../templates/config.yml.j2 | 22 +++++-- .../systemd/matrix-hookshot.service.j2 | 3 + 6 files changed, 119 insertions(+), 35 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index d2bbd721..a1fefa42 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -10,7 +10,8 @@ See the project's [documentation](https://half-shot.github.io/matrix-hookshot/ho Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, JIRA, generic webhooks) fill in the respected variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. -2. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -3. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start bridging things. +2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). +3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. +4. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` variable. diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 57438908..f1f98c04 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -13,28 +13,35 @@ matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_hookshot_public_endpoint: /hookshot +# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_appservice_port: 9993 +matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" + # metrics work only in conjunction with matrix_synapse_metrics_enabled etc matrix_hookshot_metrics_enabled: true +# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 +matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" -matrix_hookshot_hookshot_port: 9993 +# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_webhook_port: 9000 +matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhooks" # you need to create a GitHub app to enable this # https://half-shot.github.io/matrix-hookshot/setup/github.html -matrix_hookshot_github_enabled: true -matrix_hookshot_github_appid: 123 +matrix_hookshot_github_enabled: false +matrix_hookshot_github_appid: '' matrix_hookshot_github_private_key: '' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page -matrix_hookshot_github_oauth_enabled: true +matrix_hookshot_github_oauth_enabled: false matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page -matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_public_endpoint }}/oauth" +matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" -matrix_hookshot_github_ignore_hooks: '{}' +matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_show_issue_room_link: false -matrix_hookshot_github_pr_diff: '{enabled: false, maxLines: 5}' +matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' @@ -45,21 +52,37 @@ matrix_hookshot_gitlab_instances: matrix_hookshot_gitlab_secret: '' -matrix_hookshot_jira_enabled: true +matrix_hookshot_jira_enabled: false matrix_hookshot_jira_secret: '' matrix_hookshot_jira_oauth_id: '' matrix_hookshot_jira_oauth_secret: '' -matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_public_endpoint }}/jira/oauth" +matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" matrix_hookshot_generic_enabled: true -matrix_hookshot_generic_endpoint: '{{ matrix_hookshot_public_endpoint }}/webhooks' -matrix_hookshot_generic_urlprefix: '{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}' +matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: 'webhooks_' -# matrix_hookshot_provisioning_port: 9002 +matrix_hookshot_figma_enabled: false +matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" +matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" +# to bridge figma webhooks, you need to configure one of multiple instances like this: +# matrix_hookshot_figma_instances: +# your-instance: +# teamId: your-team-id +# accessToken: your-personal-access-token +# passcode: your-webhook-passcode + +matrix_hookshot_provisioning_enabled: true +# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' +matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" + +matrix_hookshot_bot_displayname: Hookshot Bot +matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d' # A list of extra arguments to pass to the container matrix_hookshot_container_extra_arguments: [] @@ -70,6 +93,17 @@ matrix_hookshot_systemd_required_services_list: ['docker.service'] # List of systemd services that service wants matrix_hookshot_systemd_wanted_services_list: [] +# List of ports to bind to the host to expose them directly. +# Ports will automatically be bound to localhost if matrix_nginx_proxy_enabled is false. +# Setting this variable will override that behaviour in either case. +# Supply docker port bind arguments in a list like this: +# +# matrix_hookshot_container_http_host_bind_ports: +# - "127.0.0.1:9999:{{ matrix_hookshot_metrics_port }}" +# +# Above example will bind the metrics port in the container to port 9999 on localhost. +matrix_hookshot_container_http_host_bind_ports: [] + matrix_hookshot_appservice_token: '' matrix_hookshot_homeserver_token: '' diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index f71ae843..11ac0138 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -36,7 +36,8 @@ - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy set_fact: matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - location ~ ^{{ matrix_hookshot_public_endpoint }}/metrics$ { + {% if matrix_hookshot_metrics_enabled %} + location {{ matrix_hookshot_metrics_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; @@ -52,31 +53,45 @@ auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; {% endif %} } - location ~ ^{{ matrix_hookshot_generic_endpoint }}/(.*)$ { + {% endif %} + location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-hookshot:{{ matrix_hookshot_webhook_port }}"; + set $backend "matrix-hookshot:{{ matrix_hookshot_appservice_port }}"; proxy_pass http://$backend/$1; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; {% endif %} proxy_set_header Host $host; } - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_hookshot_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-hookshot:{{ matrix_hookshot_hookshot_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_hookshot_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_hookshot_hookshot_port }}/; + {% if matrix_hookshot_provisioning_enabled %} + location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-hookshot:{{ matrix_hookshot_provisioning_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + {% endif %} + proxy_set_header Host $host; } {% endif %} + location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-hookshot:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy set_fact: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 55f37c8d..2254d91c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -17,6 +17,27 @@ with_items: - "{{ matrix_hookshot_base_path }}" +# - name: Ensure openssl is installed (#1510) + +- name: Check if hookshot passkey exists + stat: + path: "{{ matrix_hookshot_data_path }}/passkey.pem" + register: hookshot_passkey_file + +- name: Generate hookshot passkey if it doesn't exist + shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096" + become: true + become_user: "{{ matrix_user_username }}" + when: "not hookshot_passkey_file.stat.exists" + +- name: Ensure hookshot config.yaml installed if provided + copy: + content: "{{ matrix_hookshot_config|to_nice_yaml }}" + dest: "{{ matrix_hookshot_base_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure hookshot registration.yaml installed if provided copy: content: "{{ matrix_hookshot_registration|to_nice_yaml }}" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index f23c6748..2dc87f3c 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -5,7 +5,7 @@ bridge: domain: {{ matrix_domain }} url: {{ matrix_hookshot_homeserver_address }} mediaUrl: { matrix_hookshot_homeserver_address }} - port: {{ matrix_hookshot_hookshot_port }} + port: {{ matrix_hookshot_appservice_port }} bindAddress: 0.0.0.0 {% if matrix_hookshot_github_enabled %} github: @@ -67,6 +67,13 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix }} {% endif %} +{% if matrix_hookshot_figma_enabled %} +figma: + # (Optional) Configure this to enable Figma support + # + publicUrl: https://example.com/hookshot/ + instances: {{ matrix_hookshot_figma_instances }} +{% endif %} provisioning: # (Optional) Provisioning API for integration managers # @@ -79,8 +86,8 @@ passFile: bot: # (Optional) Define profile information for the bot user # - displayname: GitHub Bot - avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d + displayname: {{ matrix_hookshot_bot_displayname }} + avatar: {{ matrix_hookshot_bot_avatar }} metrics: # (Optional) Prometheus metrics support # @@ -94,17 +101,20 @@ listeners: # Bind resource endpoints to ports and addresses. # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice # +{# always enabled since all services need it #} - port: {{ matrix_hookshot_webhook_port }} bindAddress: 0.0.0.0 resources: - webhooks - - widgets +{% if matrix_hookshot_metrics_enabled %} - port: {{ matrix_hookshot_metrics_port }} bindAddress: 0.0.0.0 resources: - metrics - - port: {{ matrix_hookshot_hookshot_port }} +{% endif %} +{% if matrix_hookshot_provisioning_enabled %} + - port: {{ matrix_hookshot_provisioning_port }} bindAddress: 0.0.0.0 resources: - provisioning - - appservice +{% endif %} diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index c06456af..a291de98 100644 --- a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-hookshot \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ -v {{ matrix_hookshot_base_path }}:/data:z \ + {% for port in matrix_hookshot_container_http_host_bind_ports %} + -p {{ port }} \ + {% endfor %} {% for arg in matrix_hookshot_container_extra_arguments %} {{ arg }} \ {% endfor %} From 495bfedc0d35f983000185c469e941501d126d10 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 8 Jan 2022 16:51:52 +0100 Subject: [PATCH 004/419] refine hookshot role using `--test` --- roles/matrix-bridge-hookshot/defaults/main.yml | 1 + roles/matrix-bridge-hookshot/tasks/init.yml | 14 +++++++------- .../matrix-bridge-hookshot/tasks/setup_install.yml | 4 ++-- .../matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- .../templates/registration.yml.j2 | 2 +- .../templates/systemd/matrix-hookshot.service.j2 | 12 ++++++------ setup.yml | 1 + 7 files changed, 19 insertions(+), 17 deletions(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index f1f98c04..d96f0822 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,6 +10,7 @@ matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswi matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_hookshot_container_url: 'matrix-hookshot' matrix_hookshot_public_endpoint: /hookshot diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 11ac0138..f6c7c107 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -35,13 +35,13 @@ - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + matrix_hookshot_matrix_nginx_proxy_configuration: | {% if matrix_hookshot_metrics_enabled %} location {{ matrix_hookshot_metrics_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-hookshot:{{ matrix_hookshot_metrics_port }}"; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; proxy_pass http://$backend/metrics; {% else %} {# Generic configuration for use outside of our container setup #} @@ -58,7 +58,7 @@ {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-hookshot:{{ matrix_hookshot_appservice_port }}"; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; proxy_pass http://$backend/$1; {% else %} {# Generic configuration for use outside of our container setup #} @@ -71,7 +71,7 @@ {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-hookshot:{{ matrix_hookshot_provisioning_port }}"; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; proxy_pass http://$backend/$1; {% else %} {# Generic configuration for use outside of our container setup #} @@ -84,7 +84,7 @@ {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-hookshot:{{ matrix_hookshot_webhook_port }}"; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; proxy_pass http://$backend/$1; {% else %} {# Generic configuration for use outside of our container setup #} @@ -93,7 +93,7 @@ proxy_set_header Host $host; } - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + - name: Register hookshot proxying configuration with matrix-nginx-proxy set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ @@ -113,4 +113,4 @@ Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` URL endpoint to the matrix-hookshot container. You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. - when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_hookshot_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 2254d91c..13bc324b 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -21,7 +21,7 @@ - name: Check if hookshot passkey exists stat: - path: "{{ matrix_hookshot_data_path }}/passkey.pem" + path: "{{ matrix_hookshot_base_path }}/passkey.pem" register: hookshot_passkey_file - name: Generate hookshot passkey if it doesn't exist @@ -32,7 +32,7 @@ - name: Ensure hookshot config.yaml installed if provided copy: - content: "{{ matrix_hookshot_config|to_nice_yaml }}" + content: "{{ matrix_hookshot_configuration|to_nice_yaml }}" dest: "{{ matrix_hookshot_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index 2dc87f3c..83d84863 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -4,7 +4,7 @@ bridge: # domain: {{ matrix_domain }} url: {{ matrix_hookshot_homeserver_address }} - mediaUrl: { matrix_hookshot_homeserver_address }} + mediaUrl: {{ matrix_hookshot_homeserver_address }} port: {{ matrix_hookshot_appservice_port }} bindAddress: 0.0.0.0 {% if matrix_hookshot_github_enabled %} diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 index 24cd1f4c..e86426c8 100644 --- a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -12,5 +12,5 @@ namespaces: exclusive: true sender_localpart: hookshot -url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_hookshot_port }}" # This should match the bridge.port in your config file +url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}" # This should match the bridge.port in your config file rate_limited: false diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index a291de98..16ff0592 100644 --- a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -13,10 +13,10 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-hookshot -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-hookshot +ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-hookshot \ +ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -30,11 +30,11 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-hookshot \ {% endfor %} {{ matrix_hookshot_docker_image }} -ExecStop=-{{ matrix_host_command_docker }} kill matrix-hookshot -ExecStop=-{{ matrix_host_command_docker }} rm matrix-hookshot +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} Restart=always RestartSec=30 -SyslogIdentifier=matrix-hookshot +SyslogIdentifier={{ matrix_hookshot_container_url }} [Install] WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index edd21205..81ab79b0 100755 --- a/setup.yml +++ b/setup.yml @@ -36,6 +36,7 @@ - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-bridge-heisenbridge + - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-go-neb - matrix-bot-mjolnir From 912c2388477465a2e6d892a63716cad0a9a69ae7 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 8 Jan 2022 16:52:09 +0100 Subject: [PATCH 005/419] Upgrade Hookshot (1.0.0 -> 1.1.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index d96f0822..27d6e8a9 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -3,7 +3,7 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.0.0 +matrix_hookshot_version: 1.1.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From ebf33f46b7cc80ea9c592673d91cc4de16da308e Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 8 Jan 2022 16:55:27 +0100 Subject: [PATCH 006/419] update hookshot passkey.pem path according to docs https://github.com/Half-Shot/matrix-hookshot/issues/133#issuecomment-1007541580 --- roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index 83d84863..3ae7d2dd 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -82,7 +82,7 @@ passFile: # A passkey used to encrypt tokens stored inside the bridge. # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate # - passkey.pem + /data/passkey.pem bot: # (Optional) Define profile information for the bot user # From e0f2aa9de809820257c2ae6960159c767ac3f607 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 8 Jan 2022 17:16:53 +0100 Subject: [PATCH 007/419] refactor matrix_hookshot_container_http_host_bind_ports --- group_vars/matrix_servers | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7456aad8..b5f4fa4d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -665,15 +665,13 @@ matrix_hookshot_systemd_wanted_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_hookshot_container_http_host_bind_ports: -{% if matrix_nginx_proxy_enabled %} - [] -{% else %} - - "{{ '127.0.0.1:' ~ matrix_hookshot_hookshot_port ~ ':' ~ matrix_hookshot_hookshot_port }}" - - "{{ '127.0.0.1:' ~ matrix_hookshot_metrics_port ~ ':' ~ matrix_hookshot_metrics_port }}" - - "{{ '127.0.0.1:' ~ matrix_hookshot_webhook_port ~ ':' ~ matrix_hookshot_webhook_port }}" - - "{{ '127.0.0.1:' ~ matrix_hookshot_provisioning_port ~ ':' ~ matrix_hookshot_provisioning_port }}" -{% endif %} +matrix_hookshot_container_http_host_bind_ports_defaultmapping: + - "127.0.0.1:{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}" + - "127.0.0.1:{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}" + - "127.0.0.1:{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" + - "127.0.0.1:{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" + +matrix_hookshot_container_http_host_bind_ports: matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_nginx_proxy_enabled else [] ###################################################################### # From 1987cc48390c99d073d6ace9f03a7ce3b006a05f Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 00:19:29 +0100 Subject: [PATCH 008/419] refine hookshot role --- docs/configuring-playbook-bridge-hookshot.md | 8 ++- group_vars/matrix_servers | 2 + .../matrix-bridge-hookshot/defaults/main.yml | 28 ++++++++++- roles/matrix-bridge-hookshot/tasks/init.yml | 49 ++++++++++++------- .../tasks/setup_install.yml | 5 +- .../templates/config.yml.j2 | 4 ++ 6 files changed, 72 insertions(+), 24 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index a1fefa42..4a9d8fb0 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -9,9 +9,13 @@ See the project's [documentation](https://half-shot.github.io/matrix-hookshot/ho Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. -1. For each of the services (GitHub, GitLab, JIRA, generic webhooks) fill in the respected variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. +1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 4. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. -Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` variable. +The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. + +If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain). See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). + +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in `/roles/matrix-bridge-hookshot/defaults/main.yml` for how to use them. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b5f4fa4d..5320e8ec 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -673,6 +673,8 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping: matrix_hookshot_container_http_host_bind_ports: matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_nginx_proxy_enabled else [] +matrix_hookshot_provisioning_enabled: "{{ true if matrix_hookshot_provisioning_secret and matrix_dimension_enabled else false}}" + ###################################################################### # # /matrix-bridge-hookshot diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 27d6e8a9..20326a0c 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -28,17 +28,21 @@ matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics matrix_hookshot_webhook_port: 9000 matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhooks" -# you need to create a GitHub app to enable this + +# you need to create a GitHub app to enable this and fill in the empty variables below # https://half-shot.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' matrix_hookshot_github_private_key: '' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false +# you need to configure oauth settings only when you have enabled oauth (optional) matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page +# default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +# these are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_show_issue_room_link: false @@ -46,27 +50,44 @@ matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' + matrix_hookshot_gitlab_enabled: true +# optionally add your instances, e.g. +# matrix_hookshot_gitlab_instances: +# gitlab.com: +# url: https://gitlab.com +# mygitlab: +# url: https://gitlab.example.org matrix_hookshot_gitlab_instances: gitlab.com: url: https://gitlab.com +# this will be the "Secret token" you have to enter into all GitLab instances for authentication matrix_hookshot_gitlab_secret: '' + matrix_hookshot_jira_enabled: false +# get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_oauth_enabled: false matrix_hookshot_jira_oauth_id: '' matrix_hookshot_jira_oauth_secret: '' +# default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" + +# no need to change these matrix_hookshot_generic_enabled: true +# default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: 'webhooks_' + matrix_hookshot_figma_enabled: false +# default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" # to bridge figma webhooks, you need to configure one of multiple instances like this: @@ -76,12 +97,15 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksh # accessToken: your-personal-access-token # passcode: your-webhook-passcode -matrix_hookshot_provisioning_enabled: true + # there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' +# provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it +matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" + matrix_hookshot_bot_displayname: Hookshot Bot matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d' diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index f6c7c107..e7b52cfd 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -36,24 +36,6 @@ - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy set_fact: matrix_hookshot_matrix_nginx_proxy_configuration: | - {% if matrix_hookshot_metrics_enabled %} - location {{ matrix_hookshot_metrics_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; - proxy_pass http://$backend/metrics; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; - {% endif %} - proxy_set_header Host $host; - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - {% endif %} - } - {% endif %} location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} @@ -101,6 +83,37 @@ + [matrix_hookshot_matrix_nginx_proxy_configuration] }} + + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | + {% if matrix_hookshot_metrics_enabled %} + location {{ matrix_hookshot_metrics_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + proxy_set_header Host $host; + {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + {% endif %} + } + {% endif %} + + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + }} tags: - always when: matrix_hookshot_enabled|bool diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 13bc324b..4892fa58 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -1,5 +1,8 @@ --- +# (#1510) +# - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + - name: Ensure hookshot image is pulled docker_image: name: "{{ matrix_hookshot_docker_image }}" @@ -17,8 +20,6 @@ with_items: - "{{ matrix_hookshot_base_path }}" -# - name: Ensure openssl is installed (#1510) - - name: Check if hookshot passkey exists stat: path: "{{ matrix_hookshot_base_path }}/passkey.pem" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index 3ae7d2dd..c188611c 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -53,11 +53,13 @@ jira: # webhook: secret: {{ matrix_hookshot_jira_secret }} +{% if matrix_hookshot_jira_oauth_enabled %} oauth: client_id: {{ matrix_hookshot_jira_oauth_id }} client_secret: {{ matrix_hookshot_jira_oauth_secret }} redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} {% endif %} +{% endif %} {% if matrix_hookshot_generic_enabled %} generic: # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments @@ -74,10 +76,12 @@ figma: publicUrl: https://example.com/hookshot/ instances: {{ matrix_hookshot_figma_instances }} {% endif %} +{% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers # secret: {{ matrix_hookshot_provisioning_secret }} +{% endif %} passFile: # A passkey used to encrypt tokens stored inside the bridge. # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate From 87871040df532b77aa770c4f92670867bc69c744 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 00:56:51 +0100 Subject: [PATCH 009/419] add hookshot metrics to internal prometheus --- docs/configuring-playbook-bridge-hookshot.md | 2 +- group_vars/matrix_servers | 2 ++ roles/matrix-bridge-hookshot/defaults/main.yml | 4 +++- roles/matrix-prometheus/templates/prometheus.yml.j2 | 6 ++++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 4a9d8fb0..2ad5154b 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,6 +16,6 @@ Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. -If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain). See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). +If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in `/roles/matrix-bridge-hookshot/defaults/main.yml` for how to use them. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5320e8ec..325d7ba0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1967,6 +1967,8 @@ matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:91 matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" +matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled }}" +matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### # diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 20326a0c..33f439d6 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -20,7 +20,9 @@ matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_mat # metrics work only in conjunction with matrix_synapse_metrics_enabled etc matrix_hookshot_metrics_enabled: true -# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +# there is no need to edit ports. +# read the documentation to learn about using hookshot metrics with external Prometheus +# if you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/matrix-prometheus/templates/prometheus.yml.j2 index 869b2da8..f3262f48 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/matrix-prometheus/templates/prometheus.yml.j2 @@ -57,3 +57,9 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }} {% endif %} + + {% if matrix_prometheus_scraper_hookshot_enabled %} + - job_name: hookshot + static_configs: + - targets: {{ matrix_prometheus_scraper_hookshot_targets|to_json }} + {% endif %} From 65991de61c6a7e102ffb077dcfca87a6ec6d61d3 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 01:30:57 +0100 Subject: [PATCH 010/419] update hookshot private key file mechanism --- docs/configuring-playbook-bridge-hookshot.md | 6 ++++-- roles/matrix-bridge-hookshot/defaults/main.yml | 3 ++- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 8 ++++++++ roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 2ad5154b..0dfdfd50 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -11,8 +11,10 @@ Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -4. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Before running the playbook, you need to copy that file to `/roles/matrix-bridge-hookshot/files/github-key.pem` so the playbook can install it for you. +4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. +5. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. + The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 33f439d6..36dd361e 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -35,7 +35,8 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # https://half-shot.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' -matrix_hookshot_github_private_key: '' +# manually copy the generated and downloaded GitHub private key to /roles/matrix-bridge-hookshot/files/github-key.pem +matrix_hookshot_github_private_key: 'github-key.pem' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false # you need to configure oauth settings only when you have enabled oauth (optional) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 4892fa58..271dacba 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -47,6 +47,14 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure hookshot github private key file installed if github is enabled + copy: + src: github-key.pem + dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key }}" + mode: 0600 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure matrix-hookshot.service installed template: src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index c188611c..702245c3 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -15,7 +15,7 @@ github: # Authentication for the GitHub App. # id: {{ matrix_hookshot_github_appid }} - privateKeyFile: {{ matrix_hookshot_github_private_key }} + privateKeyFile: /data/{{ matrix_hookshot_github_private_key }} webhook: # Webhook settings for the GitHub app. # From 206a093d5600296a5de2b7401d0f6889a5537ae0 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 22:35:57 +0100 Subject: [PATCH 011/419] fix hookshot docker image name --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 36dd361e..5a5b6c92 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -4,7 +4,7 @@ matrix_hookshot_enabled: true matrix_hookshot_version: 1.1.0 -matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/hookshot:{{ matrix_hookshot_version }}" +matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" From 8b19f56ef874d7d6408b3bfb289426857f8f0d59 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 22:36:10 +0100 Subject: [PATCH 012/419] add hookshot config validation --- .../tasks/setup_install.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 271dacba..3aa77642 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -39,6 +39,22 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Validate hookshot config.yml + command: | + {{ matrix_host_command_docker }} run + --rm + --name={{ matrix_hookshot_container_url }}-validate + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + -v {{ matrix_hookshot_base_path }}/config.yml:/config.yml + {{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml + register: hookshot_config_validation_result + +- name: Fail if hookshot config.yml invalid + fail: + msg: "Your hookshot configuration did not pass validation:\n{{ hookshot_config_validation_result.stdout }}\n{{ hookshot_config_validation_result.stderr }}" + when: "hookshot_config_validation_result.rc > 0" + - name: Ensure hookshot registration.yaml installed if provided copy: content: "{{ matrix_hookshot_registration|to_nice_yaml }}" From 3a766d4ba5039997f97ec20b1950424b052d6c7f Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 22:39:57 +0100 Subject: [PATCH 013/419] proxy hookshot metrics when proxying synapse metrics see also #1527 --- group_vars/matrix_servers | 3 +++ roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 325d7ba0..a923437a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -675,6 +675,9 @@ matrix_hookshot_container_http_host_bind_ports: matrix_hookshot_container_http_h matrix_hookshot_provisioning_enabled: "{{ true if matrix_hookshot_provisioning_secret and matrix_dimension_enabled else false}}" +matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" +matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" + ###################################################################### # # /matrix-bridge-hookshot diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index e7b52cfd..7dc781c6 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -87,7 +87,7 @@ - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy set_fact: matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | - {% if matrix_hookshot_metrics_enabled %} + {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} location {{ matrix_hookshot_metrics_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} @@ -99,7 +99,7 @@ proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; {% endif %} proxy_set_header Host $host; - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} auth_basic "protected"; auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; {% endif %} From 964479d3d341f36fbeccb3fbdcc692138f2922de Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 23:03:16 +0100 Subject: [PATCH 014/419] .gitkeep matrix-bridge-hookshot/files needed for users to put private-key.pem in --- roles/matrix-bridge-hookshot/files/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/matrix-bridge-hookshot/files/.gitkeep diff --git a/roles/matrix-bridge-hookshot/files/.gitkeep b/roles/matrix-bridge-hookshot/files/.gitkeep new file mode 100644 index 00000000..e69de29b From 23d6b2d3daf9fb9b2a2602474ade49d2e23f793b Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 23:18:47 +0100 Subject: [PATCH 015/419] update hookshot github private key path and install condition --- roles/matrix-bridge-hookshot/defaults/main.yml | 4 ++-- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 5a5b6c92..e548e51f 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -35,8 +35,8 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # https://half-shot.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' -# manually copy the generated and downloaded GitHub private key to /roles/matrix-bridge-hookshot/files/github-key.pem -matrix_hookshot_github_private_key: 'github-key.pem' +# manually copy the generated and downloaded GitHub private key to roles/matrix-bridge-hookshot/files/private-key.pem +matrix_hookshot_github_private_key: 'private-key.pem' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false # you need to configure oauth settings only when you have enabled oauth (optional) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 3aa77642..0caba20f 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -70,6 +70,7 @@ mode: 0600 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + when: "matrix_hookshot_github_enabled|bool" - name: Ensure matrix-hookshot.service installed template: From f12cad7a7bd0aee12a43aeaafba82f1cc2cc3859 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 23:34:03 +0100 Subject: [PATCH 016/419] rename hookshot *.yaml to *.yml --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 7dc781c6..67b793d4 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -15,12 +15,12 @@ matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} + - ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yaml,dst=/hookshot-registration.yaml,ro"] + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] matrix_synapse_app_service_config_files: > {{ matrix_synapse_app_service_config_files|default([]) }} + - {{ ["/hookshot-registration.yaml"] }} + {{ ["/hookshot-registration.yml"] }} when: matrix_hookshot_enabled|bool - block: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 0caba20f..5bd726a4 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -31,10 +31,10 @@ become_user: "{{ matrix_user_username }}" when: "not hookshot_passkey_file.stat.exists" -- name: Ensure hookshot config.yaml installed if provided +- name: Ensure hookshot config.yml installed if provided copy: content: "{{ matrix_hookshot_configuration|to_nice_yaml }}" - dest: "{{ matrix_hookshot_base_path }}/config.yaml" + dest: "{{ matrix_hookshot_base_path }}/config.yml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -55,10 +55,10 @@ msg: "Your hookshot configuration did not pass validation:\n{{ hookshot_config_validation_result.stdout }}\n{{ hookshot_config_validation_result.stderr }}" when: "hookshot_config_validation_result.rc > 0" -- name: Ensure hookshot registration.yaml installed if provided +- name: Ensure hookshot registration.yml installed if provided copy: content: "{{ matrix_hookshot_registration|to_nice_yaml }}" - dest: "{{ matrix_hookshot_base_path }}/registration.yaml" + dest: "{{ matrix_hookshot_base_path }}/registration.yml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" From 2b97ab9a518251156a81309c946a8cbe08e5a2d1 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 12 Jan 2022 00:45:26 +0100 Subject: [PATCH 017/419] fix matrix_hookshot_container_http_host_bind_ports --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a923437a..09abdf37 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,9 +671,9 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping: - "127.0.0.1:{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" - "127.0.0.1:{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" -matrix_hookshot_container_http_host_bind_ports: matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_nginx_proxy_enabled else [] +matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_nginx_proxy_enabled else [] }}" -matrix_hookshot_provisioning_enabled: "{{ true if matrix_hookshot_provisioning_secret and matrix_dimension_enabled else false}}" +matrix_hookshot_provisioning_enabled: "{{ true if matrix_hookshot_provisioning_secret and matrix_dimension_enabled else false }}" matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" From 28c9e7aac2eba461b636ee94dbabcf46131c47ba Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 12 Jan 2022 01:26:17 +0100 Subject: [PATCH 018/419] fix hookshot commandPrefix jinja2 --- roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index 702245c3..2bd6b0e1 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -32,7 +32,7 @@ github: # (Optional) Default options for GitHub connections. # ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} - commandPrefix: {{ matrix_hookshot_github_command_prefix }} + commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} prDiff: {{ matrix_hookshot_github_pr_diff }} includingLabels:{{ matrix_hookshot_github_including_labels }} From 8498ffd8f7f3f4c2271e49ce17e5d1509fbbd171 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 12 Jan 2022 01:28:38 +0100 Subject: [PATCH 019/419] name hookshot github private key consistently --- docs/configuring-playbook-bridge-hookshot.md | 2 +- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 0dfdfd50..74f9c638 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -11,7 +11,7 @@ Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Before running the playbook, you need to copy that file to `/roles/matrix-bridge-hookshot/files/github-key.pem` so the playbook can install it for you. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Before running the playbook, you need to copy that file to `roles/matrix-bridge-hookshot/files/private-key.pem` so the playbook can install it for you. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 5bd726a4..d07ac26c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -65,7 +65,7 @@ - name: Ensure hookshot github private key file installed if github is enabled copy: - src: github-key.pem + src: private-key.pem dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key }}" mode: 0600 owner: "{{ matrix_user_username }}" From 224633df1dddfced701ea1a58796776b656472da Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 12 Jan 2022 01:31:46 +0100 Subject: [PATCH 020/419] fix condition for matrix_hookshot_container_http_host_bind_ports --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 09abdf37..522d4a18 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,7 +671,7 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping: - "127.0.0.1:{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" - "127.0.0.1:{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" -matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_nginx_proxy_enabled else [] }}" +matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_enabled else matrix_hookshot_container_http_host_bind_ports_defaultmapping }}" matrix_hookshot_provisioning_enabled: "{{ true if matrix_hookshot_provisioning_secret and matrix_dimension_enabled else false }}" From 6f32db30638bb2b9ac4064dd34d013352408433a Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 12 Jan 2022 02:15:37 +0100 Subject: [PATCH 021/419] fix matrix_hookshot_github_oauth_uri --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index e548e51f..3063e673 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -44,7 +44,7 @@ matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page # default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" -matrix_hookshot_github_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" # these are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' From 08fe38cf407fdeb397876da6fcd52248cf82497a Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 12 Jan 2022 13:09:13 +0100 Subject: [PATCH 022/419] add hookshot to nginx wanted services related 0fb881deb578a37ba9c3fcfc966a2282aa33d3fe --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 522d4a18..18629651 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1444,6 +1444,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) + (['matrix-client-element.service'] if matrix_client_element_enabled else []) + + + (['matrix-hookshot.service'] if matrix_hookshot_enabled else []) }} matrix_ssl_domains_to_obtain_certificates_for: | From 58b732a84d0d505a73f9ff80b70df94e46e8cf77 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Fri, 14 Jan 2022 19:21:05 +0100 Subject: [PATCH 023/419] support hookshot permissions management see Half-Shot/matrix-hookshot#167 --- roles/matrix-bridge-hookshot/defaults/main.yml | 13 +++++++++++++ .../matrix-bridge-hookshot/templates/config.yml.j2 | 3 +++ 2 files changed, 16 insertions(+) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 3063e673..05e7c5a0 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -108,6 +108,19 @@ matrix_hookshot_provisioning_secret: '' matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" +# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions +# When empty, the default permissions are applied. +# Example: +# matrix_hookshot_permissions: +# - actor: * +# services: +# - service: * +# level: commands +# - actor: example.com +# services: +# - service: "*" +# level: admin +matrix_hookshot_permissions: [] matrix_hookshot_bot_displayname: Hookshot Bot matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d' diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index 2bd6b0e1..8be3b1d6 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -100,6 +100,9 @@ logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # level: info +{% if matrix_hookshot_permissions %} +permissions: {{ matrix_hookshot_permissions }} +{% endif %} listeners: # (Optional) HTTP Listener configuration. # Bind resource endpoints to ports and addresses. From df074151cdc9bc5455c754b4283b90cb3648b1bc Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Fri, 14 Jan 2022 19:24:37 +0100 Subject: [PATCH 024/419] update default hookshot webhook mxid prefix --- roles/matrix-bridge-hookshot/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 05e7c5a0..1982a5f3 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -86,7 +86,8 @@ matrix_hookshot_generic_enabled: true matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false -matrix_hookshot_generic_user_id_prefix: 'webhooks_' +# if you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap +matrix_hookshot_generic_user_id_prefix: '_webhooks_' matrix_hookshot_figma_enabled: false From 5d07f14235904abbb432e3f9f73474d72f779fd5 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 23 Jan 2022 15:11:25 +0100 Subject: [PATCH 025/419] install openssl for hookshot using b33ea48 --- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index d07ac26c..22d3f025 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -1,7 +1,6 @@ --- -# (#1510) -# - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" - name: Ensure hookshot image is pulled docker_image: From a1a5b16185deaca215e1352014c9e2188ae18955 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 23 Jan 2022 16:10:25 +0100 Subject: [PATCH 026/419] update hookshot private key installation method --- docs/configuring-playbook-bridge-hookshot.md | 27 ++++++++++++++++--- .../matrix-bridge-hookshot/defaults/main.yml | 10 +++++-- .../tasks/setup_install.yml | 8 +++--- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 74f9c638..53f19db2 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -11,13 +11,34 @@ Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Before running the playbook, you need to copy that file to `roles/matrix-bridge-hookshot/files/private-key.pem` so the playbook can install it for you. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. + +### Manage GitHub Private Key with matrix-aux role + +The GitHub bridge requires you to install a private key file. This can be done in multiple ways: +- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml)). +- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. +- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. + +To use `matrix-aux`, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add to `matrix-aux` configuration like this: +```yaml +matrix_aux_file_definitions: + - dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" + content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}" + mode: '0400' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" +``` +For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml). + +### Provisioning API The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. -If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). +### Metrics -Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in `/roles/matrix-bridge-hookshot/defaults/main.yml` for how to use them. +If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 1982a5f3..a0ecb6ff 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -35,8 +35,14 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # https://half-shot.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' -# manually copy the generated and downloaded GitHub private key to roles/matrix-bridge-hookshot/files/private-key.pem -matrix_hookshot_github_private_key: 'private-key.pem' +# set this variable to the contents of the generated and downloaded GitHub private key: +# matrix_hookshot_github_private_key: | +# -----BEGIN RSA PRIVATE KEY----- +# 0123456789ABCDEF... +# -----END RSA PRIVATE KEY----- +# alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. +matrix_hookshot_github_private_key: '' +matrix_hookshot_github_private_key_file: 'private-key.pem' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false # you need to configure oauth settings only when you have enabled oauth (optional) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 22d3f025..059dd7b5 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -64,12 +64,12 @@ - name: Ensure hookshot github private key file installed if github is enabled copy: - src: private-key.pem - dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key }}" - mode: 0600 + content: "{{ matrix_hookshot_github_private_key }}" + dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" + mode: 0400 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: "matrix_hookshot_github_enabled|bool" + when: "{{ matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length }}" - name: Ensure matrix-hookshot.service installed template: From 4de2b4bf3b7b3f3e5077bdbf57607e086c449898 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 23 Jan 2022 17:05:40 +0100 Subject: [PATCH 027/419] update hookshot docs --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 53f19db2..4e914791 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -13,7 +13,7 @@ Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. +5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From cf46b7fed5e889c1db0b2afac1380fcb6bca1951 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Jan 2022 14:19:40 +0200 Subject: [PATCH 028/419] Upgrade Synapse (1.50.2 -> 1.51.0) --- roles/matrix-synapse/defaults/main.yml | 4 +-- .../templates/synapse/homeserver.yaml.j2 | 36 ++++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 084d821f..364f26a5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.50.2 -matrix_synapse_version_arm64: v1.50.2 +matrix_synapse_version: v1.51.0 +matrix_synapse_version_arm64: v1.51.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index fccb1a25..9c7c22f5 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -50,13 +50,7 @@ server_name: "{{ matrix_domain }}" # pid_file: /homeserver.pid -# The absolute URL to the web client which /_matrix/client will redirect -# to if 'webclient' is configured under the 'listeners' configuration. -# -# This option can be also set to the filesystem path to the web client -# which will be served at /_matrix/client/ if 'webclient' is configured -# under the 'listeners' configuration, however this is a security risk: -# https://github.com/matrix-org/synapse#security-note +# The absolute URL to the web client which / will redirect to. # #web_client_location: https://riot.example.com/ @@ -140,7 +134,7 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe # The default room version for newly created rooms. # # Known room versions are listed here: -# https://matrix.org/docs/spec/#complete-list-of-room-versions +# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions # # For example, for room version 1, default_room_version should be set # to "1". @@ -285,8 +279,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) # -# webclient: A web client. Requires web_client_location to be set. -# listeners: {% if matrix_synapse_metrics_enabled %} - type: metrics @@ -1535,6 +1527,21 @@ room_prejoin_state: #additional_event_types: # - org.example.custom.event.type +# We record the IP address of clients used to access the API for various +# reasons, including displaying it to the user in the "Where you're signed in" +# dialog. +# +# By default, when puppeting another user via the admin API, the client IP +# address is recorded against the user who created the access token (ie, the +# admin user), and *not* the puppeted user. +# +# Uncomment the following to also record the IP address against the puppeted +# user. (This also means that the puppeted user will count as an "active" user +# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc +# above.) +# +#track_puppeted_user_ips: true + # A list of application service config files to use # @@ -1900,10 +1907,13 @@ saml2_config: # Defaults to false. Avoid this in production. # # user_profile_method: Whether to fetch the user profile from the userinfo -# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'. +# endpoint, or to rely on the data returned in the id_token from the +# token_endpoint. +# +# Valid values are: 'auto' or 'userinfo_endpoint'. # -# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is -# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the +# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is +# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the # userinfo endpoint. # # allow_existing_users: set to 'true' to allow a user logging in via OIDC to From ad082b3b1bd906a0ec21a6e92c6c231f89c0dfe3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jan 2022 08:38:27 +0200 Subject: [PATCH 029/419] Fix self-building for Synapse v1.51.0 (requires BuildKit) Synapse v1.51.0 requires to be built with BuildKit since https://github.com/matrix-org/synapse/pull/11691 The `docker_image` Ansible module does not support BuildKit (https://github.com/ansible-collections/community.general/issues/514), so we had to switch to a `docker build` call. --- .../tasks/synapse/setup_install.yml | 44 +++++++++++-------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 09ec798d..8f96a54d 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -18,25 +18,33 @@ group: "{{ matrix_user_groupname }}" when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" -- name: Ensure Synapse repository is present on self-build - git: - repo: "{{ matrix_synapse_container_image_self_build_repo }}" - dest: "{{ matrix_synapse_docker_src_files_path }}" - version: "{{ matrix_synapse_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_synapse_git_pull_results - when: "matrix_synapse_container_image_self_build|bool" +- block: + - name: Ensure Synapse repository is present on self-build + git: + repo: "{{ matrix_synapse_container_image_self_build_repo }}" + dest: "{{ matrix_synapse_docker_src_files_path }}" + version: "{{ matrix_synapse_docker_image.split(':')[1] }}" + force: "yes" + register: matrix_synapse_git_pull_results -- name: Ensure Synapse Docker image is built - docker_image: - name: "{{ matrix_synapse_docker_image }}" - source: build - force_source: "{{ matrix_synapse_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_git_pull_results.changed }}" - build: - dockerfile: docker/Dockerfile - path: "{{ matrix_synapse_docker_src_files_path }}" - pull: yes + - name: Check if Synapse Docker image exists + command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + register: matrix_synapse_docker_image_check_result + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Synapse Docker image is built + shell: + chdir: "{{ matrix_synapse_docker_src_files_path }}" + cmd: | + {{ matrix_host_command_docker }} build \ + -t "{{ matrix_synapse_docker_image }}" \ + -f docker/Dockerfile \ + . + environment: + DOCKER_BUILDKIT: 1 + when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''" when: "matrix_synapse_container_image_self_build|bool" - name: Ensure Synapse Docker image is pulled From 11c0dcf2ac814ad113e73f3784f74502b86edb5d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jan 2022 15:16:50 +0200 Subject: [PATCH 030/419] Upgrade Cinny (1.6.1 -> 1.7.0) (untested change, but unlikely to cause breakage) --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 21ce09d4..15313950 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.6.1 +matrix_client_cinny_version: v1.7.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 7ae70c27e62b0e1bad3169dcb909108733544a2d Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Fri, 28 Jan 2022 01:00:27 +0000 Subject: [PATCH 031/419] feat(mx-puppet-slack): add support for OAuth client ID/secret The OAuth credentials method seems to be the only viable way to configure the mx-puppet-bridge now. Legacy tokens can no longer be created, and the other methods (xoxs and xoxc tokens) come with warnings about them being against Slack's terms of service. --- ...iguring-playbook-bridge-mx-puppet-slack.md | 31 +++++++++++++------ .../defaults/main.yml | 3 ++ .../templates/config.yaml.j2 | 4 +++ 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index e7d8dba2..0630270f 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -1,20 +1,33 @@ # Setting up MX Puppet Slack (optional) -**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. +**Note**: bridging to [Slack](https://slack.com) can also happen via the +[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) +bridge supported by the playbook. The playbook can install and configure [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. See the project page to learn what it does and why it might be useful to you. -To enable the [Slack](https://slack.com/) bridge just use the following -playbook configuration: - - -```yaml -matrix_mx_puppet_slack_enabled: true -``` - +## Setup + +To enable the [Slack](https://slack.com/) bridge: + +1. Follow the + [OAuth credentials](https://github.com/Sorunome/mx-puppet-slack#option-2-oauth) + instructions to create a new Slack app, setting the redirect URL to + `https://matrix.YOUR_DOMAIN/slack/oauth`. +2. Update your `vars.yml` with the following: + ```yaml + matrix_mx_puppet_slack_enabled: true + # Client ID must be quoted so YAML does not parse it as a float. + matrix_mx_puppet_slack_oauth_client_id: "" + matrix_mx_puppet_slack_oauth_client_secret: "" + ``` +3. Run playbooks with `setup-all` and `start` tags: + ``` + ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start + ``` ## Usage diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 30d42475..4b8af36a 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -3,6 +3,9 @@ matrix_mx_puppet_slack_enabled: true +matrix_mx_puppet_slack_oauth_client_id: '' +matrix_mx_puppet_slack_oauth_client_secret: '' + matrix_mx_puppet_slack_container_image_self_build: false matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index b1917b86..5e0b57a1 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -18,6 +18,10 @@ bridge: # Slack OAuth settings. Create a slack app at https://api.slack.com/apps oauth: enabled: true + # Slack app credentials. + # N.B. This must be quoted so YAML does not parse it as a float. + clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}' + clientSecret: '{{ matrix_mx_puppet_slack_oauth_client_secret }}' # Path where to listen for OAuth redirect callbacks. redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, From fce190099aba63c5b420ad947fb5b382c0c06b37 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jan 2022 08:15:23 +0200 Subject: [PATCH 032/419] Use |to_json for matrix_mx_puppet_slack_oauth_client_secret --- roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index 5e0b57a1..c7497a84 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -21,7 +21,7 @@ oauth: # Slack app credentials. # N.B. This must be quoted so YAML does not parse it as a float. clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}' - clientSecret: '{{ matrix_mx_puppet_slack_oauth_client_secret }}' + clientSecret: {{ matrix_mx_puppet_slack_oauth_client_secret|to_json }} # Path where to listen for OAuth redirect callbacks. redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, From 211b0ad3b5a8fccb6c6ee660f8832fe62a120684 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 29 Jan 2022 21:08:20 +0200 Subject: [PATCH 033/419] Update honoroit (v0.9.3 -> v0.9.4) --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index a9ea993f..2c4a3169 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.3 +matrix_bot_honoroit_version: v0.9.4 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From c264d670e81256f50da5550e5d40b9c9da495cfb Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:41:51 +0100 Subject: [PATCH 034/419] update hookshot config to generic hs variables --- group_vars/matrix_servers | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 39940a85..4d7518cc 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,13 +671,13 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false -matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" +matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" -matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" +matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" matrix_hookshot_systemd_wanted_services_list: | {{ - (['matrix-synapse.service'] if matrix_synapse_enabled else []) + (['matrix-' + matrix_homesever_implementation + '.service']) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} From 54d8d0ec381d6980f77b81d1c5c890cd45b618c4 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:43:08 +0100 Subject: [PATCH 035/419] simplify hookshot conditional for readability --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4d7518cc..f66cb74f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -690,7 +690,7 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping: matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_enabled else matrix_hookshot_container_http_host_bind_ports_defaultmapping }}" -matrix_hookshot_provisioning_enabled: "{{ true if matrix_hookshot_provisioning_secret and matrix_dimension_enabled else false }}" +matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" From 99802bc143354f5c0cae51607b714daba5c92c7e Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:44:22 +0100 Subject: [PATCH 036/419] escape hookshot variables using to_json --- .../templates/config.yml.j2 | 18 +++++++++--------- .../templates/registration.yml.j2 | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index 8be3b1d6..ce979b06 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -19,13 +19,13 @@ github: webhook: # Webhook settings for the GitHub app. # - secret: {{ matrix_hookshot_github_secret }} + secret: {{ matrix_hookshot_github_secret|to_json }} {% if matrix_hookshot_github_oauth_enabled %} oauth: # (Optional) Settings for allowing users to sign in via OAuth. # client_id: {{ matrix_hookshot_github_oauth_id }} - client_secret: {{ matrix_hookshot_github_oauth_secret }} + client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }} redirect_uri: {{ matrix_hookshot_github_oauth_uri }} {% endif %} defaultOptions: @@ -45,18 +45,18 @@ gitlab: instances: {{ matrix_hookshot_gitlab_instances }} webhook: - secret: {{ matrix_hookshot_gitlab_secret }} + secret: {{ matrix_hookshot_gitlab_secret|to_json }} {% endif %} {% if matrix_hookshot_jira_enabled %} jira: # (Optional) Configure this to enable Jira support # webhook: - secret: {{ matrix_hookshot_jira_secret }} + secret: {{ matrix_hookshot_jira_secret|to_json }} {% if matrix_hookshot_jira_oauth_enabled %} oauth: - client_id: {{ matrix_hookshot_jira_oauth_id }} - client_secret: {{ matrix_hookshot_jira_oauth_secret }} + client_id: {{ matrix_hookshot_jira_oauth_id|to_json }} + client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }} redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} {% endif %} {% endif %} @@ -67,7 +67,7 @@ generic: enabled: {{ matrix_hookshot_generic_enabled }} urlPrefix: {{ matrix_hookshot_generic_urlprefix }} allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} - userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix }} + userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} {% if matrix_hookshot_figma_enabled %} figma: @@ -80,7 +80,7 @@ figma: provisioning: # (Optional) Provisioning API for integration managers # - secret: {{ matrix_hookshot_provisioning_secret }} + secret: {{ matrix_hookshot_provisioning_secret|to_json }} {% endif %} passFile: # A passkey used to encrypt tokens stored inside the bridge. @@ -90,7 +90,7 @@ passFile: bot: # (Optional) Define profile information for the bot user # - displayname: {{ matrix_hookshot_bot_displayname }} + displayname: {{ matrix_hookshot_bot_displayname|to_json }} avatar: {{ matrix_hookshot_bot_avatar }} metrics: # (Optional) Prometheus metrics support diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 index e86426c8..ced3bd77 100644 --- a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" id: matrix-hookshot # This can be anything, but must be unique within your homeserver -as_token: {{ matrix_hookshot_appservice_token }} # This again can be a random string -hs_token: {{ matrix_hookshot_homeserver_token }} # ..as can this +as_token: {{ matrix_hookshot_appservice_token|to_json }} # This again can be a random string +hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this namespaces: rooms: [] users: From a3c84f78ca9c65a3d598b8486d96b0e0b5b328ed Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:44:59 +0100 Subject: [PATCH 037/419] update hookshot.service to ExecStopPost --- .../templates/systemd/matrix-hookshot.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index 16ff0592..5fa2278c 100644 --- a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_co {% endfor %} {{ matrix_hookshot_docker_image }} -ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} -ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +ExecStopPost=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStopPost=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} Restart=always RestartSec=30 SyslogIdentifier={{ matrix_hookshot_container_url }} From 29d0b277f4e9dd42042ebe435209eed3f230d578 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:45:28 +0100 Subject: [PATCH 038/419] fix hookshot missing figma config variable --- roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index ce979b06..d942eb83 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -73,7 +73,7 @@ generic: figma: # (Optional) Configure this to enable Figma support # - publicUrl: https://example.com/hookshot/ + publicUrl: {{ matrix_hookshot_figma_publicUrl }} instances: {{ matrix_hookshot_figma_instances }} {% endif %} {% if matrix_hookshot_provisioning_enabled %} From f47bfdfb4f80c5ffc8bb1c3080f71c65bbb4ce17 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:46:01 +0100 Subject: [PATCH 039/419] remove hookshot uninstall comments based on feedback --- roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml index 52e126e9..89ab01b4 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -23,6 +23,3 @@ service: daemon_reload: yes when: "matrix_hookshot_service_stat.stat.exists" - -# remove base_path? -# remove docker image? From 4477711e793445e5acbe9baf1516a57b6f374186 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 17:46:40 +0100 Subject: [PATCH 040/419] add some hookshot config validation --- roles/matrix-bridge-hookshot/tasks/main.yml | 6 ++ .../tasks/validate_config.yml | 59 +++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 roles/matrix-bridge-hookshot/tasks/validate_config.yml diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/matrix-bridge-hookshot/tasks/main.yml index 52d90aa1..85ab2589 100644 --- a/roles/matrix-bridge-hookshot/tasks/main.yml +++ b/roles/matrix-bridge-hookshot/tasks/main.yml @@ -2,6 +2,12 @@ tags: - always +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot + - import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup|bool and matrix_hookshot_enabled|bool" tags: diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml new file mode 100644 index 00000000..645f0aa8 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -0,0 +1,59 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_hookshot_appservice_token" + - "matrix_hookshot_homeserver_token" + +- name: Fail if required GitHub settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable GitHub. + when: "matrix_hookshot_github_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_github_id" + - "matrix_hookshot_github_secret" + +- name: Fail if required GitHub OAuth settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth. + when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_github_oauth_id" + - "matrix_hookshot_github_oauth_secret" + +- name: Fail if required Jira settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable Jira. + when: "matrix_hookshot_jira_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_jira_secret" + +- name: Fail if required Jira OAuth settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth. + when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_jira_oauth_id" + - "matrix_hookshot_jira_oauth_secret" + +- name: Fail if required Figma settings not defined + fail: + msg: >- + You need to define at least one Figma instance to enable Figma. + when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined" + +- name: Fail if required provisioning settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable provisioning. + when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_provisioning_secret" From f136c1fb8f8e088e915b31eb3f4e49bf159c71c2 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 18:53:57 +0100 Subject: [PATCH 041/419] fixup! add some hookshot config validation --- roles/matrix-bridge-hookshot/tasks/validate_config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml index 645f0aa8..5da8809e 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -15,7 +15,7 @@ You need to define a required configuration setting (`{{ item }}`) to enable GitHub. when: "matrix_hookshot_github_enabled and vars[item] == ''" with_items: - - "matrix_hookshot_github_id" + - "matrix_hookshot_github_appid" - "matrix_hookshot_github_secret" - name: Fail if required GitHub OAuth settings not defined From 5300dc7a8bf957d059f88a68f431f6ba80c95654 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 19:05:49 +0100 Subject: [PATCH 042/419] update hookshot/defaults/main.yml comments --- .../matrix-bridge-hookshot/defaults/main.yml | 47 ++++++++++--------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index a0ecb6ff..e32dba3b 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -14,44 +14,44 @@ matrix_hookshot_container_url: 'matrix-hookshot' matrix_hookshot_public_endpoint: /hookshot -# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_appservice_port: 9993 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" -# metrics work only in conjunction with matrix_synapse_metrics_enabled etc +# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc matrix_hookshot_metrics_enabled: true -# there is no need to edit ports. -# read the documentation to learn about using hookshot metrics with external Prometheus -# if you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +# There is no need to edit ports. +# Read the documentation to learn about using hookshot metrics with external Prometheus +# If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" -# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_webhook_port: 9000 matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhooks" -# you need to create a GitHub app to enable this and fill in the empty variables below +# You need to create a GitHub app to enable this and fill in the empty variables below # https://half-shot.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' -# set this variable to the contents of the generated and downloaded GitHub private key: +# Set this variable to the contents of the generated and downloaded GitHub private key: # matrix_hookshot_github_private_key: | # -----BEGIN RSA PRIVATE KEY----- # 0123456789ABCDEF... # -----END RSA PRIVATE KEY----- -# alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. +# Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. matrix_hookshot_github_private_key: '' matrix_hookshot_github_private_key_file: 'private-key.pem' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false -# you need to configure oauth settings only when you have enabled oauth (optional) +# You need to configure oauth settings only when you have enabled oauth (optional) matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page -# default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" +# Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" -# these are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration +# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_show_issue_room_link: false @@ -61,7 +61,7 @@ matrix_hookshot_github_excluding_labels: '' matrix_hookshot_gitlab_enabled: true -# optionally add your instances, e.g. +# Optionally add your instances, e.g. # matrix_hookshot_gitlab_instances: # gitlab.com: # url: https://gitlab.com @@ -71,36 +71,36 @@ matrix_hookshot_gitlab_instances: gitlab.com: url: https://gitlab.com -# this will be the "Secret token" you have to enter into all GitLab instances for authentication +# This will be the "Secret token" you have to enter into all GitLab instances for authentication matrix_hookshot_gitlab_secret: '' matrix_hookshot_jira_enabled: false -# get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth +# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth matrix_hookshot_jira_secret: '' matrix_hookshot_jira_oauth_enabled: false matrix_hookshot_jira_oauth_id: '' matrix_hookshot_jira_oauth_secret: '' -# default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" +# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" -# no need to change these +# No need to change these matrix_hookshot_generic_enabled: true -# default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" +# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false -# if you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap +# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap matrix_hookshot_generic_user_id_prefix: '_webhooks_' matrix_hookshot_figma_enabled: false -# default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" +# Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" -# to bridge figma webhooks, you need to configure one of multiple instances like this: +# To bridge figma webhooks, you need to configure one of multiple instances like this: # matrix_hookshot_figma_instances: # your-instance: # teamId: your-team-id @@ -108,10 +108,10 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksh # passcode: your-webhook-passcode -# there is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' -# provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it +# Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" @@ -152,6 +152,7 @@ matrix_hookshot_systemd_wanted_services_list: [] # Above example will bind the metrics port in the container to port 9999 on localhost. matrix_hookshot_container_http_host_bind_ports: [] +# These tokens will be set automatically matrix_hookshot_appservice_token: '' matrix_hookshot_homeserver_token: '' From 99cf6adf95f04d3c9957c5b90f7e378833605af7 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 19:21:26 +0100 Subject: [PATCH 043/419] fixup! update hookshot private key installation method --- roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index d942eb83..f58201f9 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -15,7 +15,7 @@ github: # Authentication for the GitHub App. # id: {{ matrix_hookshot_github_appid }} - privateKeyFile: /data/{{ matrix_hookshot_github_private_key }} + privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }} webhook: # Webhook settings for the GitHub app. # From 51baa40effa4dc1a09006068bed097648b0357a3 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 19:28:40 +0100 Subject: [PATCH 044/419] fixup! escape hookshot variables using to_json --- roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index f58201f9..fc04c755 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -90,7 +90,7 @@ passFile: bot: # (Optional) Define profile information for the bot user # - displayname: {{ matrix_hookshot_bot_displayname|to_json }} + displayname: {{ matrix_hookshot_bot_displayname }} avatar: {{ matrix_hookshot_bot_avatar }} metrics: # (Optional) Prometheus metrics support From 39d9ef43e9d1053cb691e20b4319c9600ec44141 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 30 Jan 2022 19:32:09 +0100 Subject: [PATCH 045/419] fixup! update hookshot config to generic hs variables --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 201159ec..3ab255cf 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -677,7 +677,7 @@ matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_se matrix_hookshot_systemd_wanted_services_list: | {{ - (['matrix-' + matrix_homesever_implementation + '.service']) + (['matrix-' + matrix_homeserver_implementation + '.service']) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} From d93b8bb57a8db3a886fae39a2cfffc44e5567cce Mon Sep 17 00:00:00 2001 From: AtomHare <29772841+AtomHare@users.noreply.github.com> Date: Sun, 30 Jan 2022 23:37:19 +0100 Subject: [PATCH 046/419] Upgrade Mautrix/Facebook (0.3.2 -> 0.3.3) Not tested but shouldn't break something --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5d83e9cc..e8b161e6 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -6,7 +6,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.2 +matrix_mautrix_facebook_version: v0.3.3 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" From 4a4d718f7c261d6190499fca1a9b7765e711c436 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jan 2022 16:52:49 +0200 Subject: [PATCH 047/419] Upgrade matrix-corporal (2.2.2 -> 2.2.3) and disable self-building on ARM32/ARM64 2.2.3 is the first container image tag that is available as a multi-arch image with support for linux/amd64, linux/arm64/v8 (arm64) and linux/arm/v7 (arm32), so self-building is no longer necessary on all these platforms. --- group_vars/matrix_servers | 2 +- roles/matrix-corporal/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 835b9245..c12ad127 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1059,7 +1059,7 @@ matrix_bot_mjolnir_systemd_required_services_list: | matrix_corporal_enabled: false -matrix_corporal_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index aede4d50..47f0b5af 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.2 +matrix_corporal_version: 2.2.3 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 4216807c86534665beadbcd69efacab60b484bfc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jan 2022 18:51:28 +0200 Subject: [PATCH 048/419] Upgrade Element (1.9.9 -> 1.10.0) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 15f401dd..70a0a0d2 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.9.9 +matrix_client_element_version: v1.10.0 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From e6c2dd204d3635fa64a9966415ac2f580e928809 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 1 Feb 2022 14:07:43 +0200 Subject: [PATCH 049/419] Update changelog and configuring-playbook.md This announces matrix-hookshot support that got added in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1505 --- CHANGELOG.md | 15 +++++++++++++++ docs/configuring-playbook.md | 2 ++ 2 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9f23468..c963238b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# 2022-02-01 + +## matrix-hookshot bridging support + +Thanks to [Kim Brose](https://github.com/HarHarLinks), the playbook can now install the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to multiple project management services, such as GitHub, GitLab and JIRA. +See our [Setting up matrix-hookshot](docs/configuring-playbook-bridge-hookshot.md) documentation to get started. + + +# 2022-01-31 + +## ARM support for matrix-corporal + +[matrix-corporal](https://github.com/devture/matrix-corporal) (as of version `2.2.3`) is now published to Docker Hub (see [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal)) as a multi-arch container image with support for all these platforms: `linux/amd64`, `linux/arm64/v8` and `linux/arm/v7`. The playbook no longer resorts to self-building matrix-corporal on these ARM architectures. + + # 2022-01-07 ## Dendrite support diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 31168d23..9b153883 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -117,6 +117,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional) +- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) + - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) From 00ea6bf3a433f85e6c3c49d52b2f05eb7c673219 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 1 Feb 2022 14:13:31 +0200 Subject: [PATCH 050/419] Adjust contribution author name reference --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c963238b..2c2077a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## matrix-hookshot bridging support -Thanks to [Kim Brose](https://github.com/HarHarLinks), the playbook can now install the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to multiple project management services, such as GitHub, GitLab and JIRA. +Thanks to [HarHarLinks](https://github.com/HarHarLinks), the playbook can now install the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to multiple project management services, such as GitHub, GitLab and JIRA. See our [Setting up matrix-hookshot](docs/configuring-playbook-bridge-hookshot.md) documentation to get started. From 009dcd9702096e2d2b1a3686c979ea5cb4931375 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 1 Feb 2022 13:22:03 +0100 Subject: [PATCH 051/419] Link hookshot to appservice-webhooks --- docs/configuring-playbook-bridge-hookshot.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 4e914791..19472920 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -2,8 +2,11 @@ The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. -See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does and why it might be useful to you. +Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. +See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. + +Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions From ea8fe2902b7e2e3d549fe2aca03fc51211ccf8e3 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 1 Feb 2022 13:25:02 +0100 Subject: [PATCH 052/419] Link appservice-webhooks to hookshot with deprecation notice --- docs/configuring-playbook-bridge-appservice-webhooks.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bridge-appservice-webhooks.md b/docs/configuring-playbook-bridge-appservice-webhooks.md index 3654bfa4..f4fbfbc0 100644 --- a/docs/configuring-playbook-bridge-appservice-webhooks.md +++ b/docs/configuring-playbook-bridge-appservice-webhooks.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. +Note: This bridge is no longer maintained. While not a 1:1 replacement, the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) as a replacement, which can also be installed using [this playbook](configuring-playbook-bridge-hookshot.md). + This bridge provides support for Slack-compatible webhooks. Setup Instructions: From c03f69fe93f8c7f04b18d63268af63be636a8b1f Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:00:33 +0100 Subject: [PATCH 053/419] Update Hydrogen from v0.2.23 to v0.2.25 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 61db1ba2..e73dea37 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.23 +matrix_client_hydrogen_version: v0.2.25 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From 1f21799782e2dc8572158792b779bedd42527562 Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:23:31 +0100 Subject: [PATCH 054/419] Update Mjolnir from v1.2.1 to v1.3.1 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 72c68502..7a39091d 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -3,7 +3,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.2.1" +matrix_bot_mjolnir_version: "v1.3.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 1099ccab43baede41411ebba74f75cb123405f4c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 1 Feb 2022 17:23:07 +0200 Subject: [PATCH 055/419] Upgrade devture/exim-relay (4.95-r0 -> 4.95-r0-1) and disable self-building on ARM32/ARM64 4.95-r0-1 is the first container image tag that is available as a multi-arch image with support for linux/amd64, linux/arm64/v8 (arm64) and linux/arm/v7 (arm32), so self-building is no longer necessary on all these platforms. --- group_vars/matrix_servers | 2 +- roles/matrix-mailer/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 859abb0d..aaec21e3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1320,7 +1320,7 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # Other services (like ma1sd), also use the mailer. matrix_mailer_enabled: true -matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" ###################################################################### # diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index f006568f..b2af9889 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0 +matrix_mailer_version: 4.95-r0-1 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From 94cf7a8cd5b8951bb26ab8dc47c1ef7a5ead550f Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 1 Feb 2022 16:32:08 +0100 Subject: [PATCH 056/419] add hookshot to README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index af02a3b0..6ae3ca0b 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation - (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation From 133d85fedfcc621d162beef28f2344afa784d6a5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 1 Feb 2022 18:26:56 +0200 Subject: [PATCH 057/419] Upgrade Element (1.10.0 -> 1.10.1) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 70a0a0d2..542821a4 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.0 +matrix_client_element_version: v1.10.1 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 45fbcc56daeaf5acd5edaea33184233b578ff286 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 1 Feb 2022 18:31:15 +0200 Subject: [PATCH 058/419] Upgrade devture/exim-relay (4.95-r0-1 -> 4.95-r0-2) 4.95-r0-1 was problematic, because `/etc/exim/exim.conf` in the container had the wrong permissions (writable by the `exim` user). Fixed in https://github.com/devture/exim-relay/commit/697f3cff7e3788aaa9bf6d1097863d863b257c86 which is built as 4.95-r0-2 --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index b2af9889..4d860552 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0-1 +matrix_mailer_version: 4.95-r0-2 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From 71e19e63b8c35d6ec1c820215e4ea049b0cd33f5 Mon Sep 17 00:00:00 2001 From: downeymj <56423146+downeymj@users.noreply.github.com> Date: Tue, 1 Feb 2022 21:43:04 +0000 Subject: [PATCH 059/419] Fixing 404 error in links to main.yml --- docs/configuring-playbook-bridge-hookshot.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 19472920..9a7f3f53 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -12,18 +12,18 @@ Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbo Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. -1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. +1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. -Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: -- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml)). +- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)). - somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. - use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. From 27ce3a0e06e20604a44e29b79f860cd0bfed8565 Mon Sep 17 00:00:00 2001 From: Pratik <68642400+pratikbalar@users.noreply.github.com> Date: Wed, 2 Feb 2022 12:35:12 +0530 Subject: [PATCH 060/419] docs: fix matrix-reminder-bot help menu command --- docs/configuring-playbook-bot-matrix-reminder-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-reminder-bot.md b/docs/configuring-playbook-bot-matrix-reminder-bot.md index c3c8e8bb..aaf5670c 100644 --- a/docs/configuring-playbook-bot-matrix-reminder-bot.md +++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md @@ -54,6 +54,6 @@ You can also add the bot to any existing Matrix room (`/invite @bot.matrix-remin Basic usage is like this: `!remindme in 2 minutes; This is a test` -Send `!help commands` to the room to see the bot's help menu for additional commands. +Send `!help reminders` to the room to see the bot's help menu for additional commands. You can also refer to the upstream [Usage documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage). From ccb85b31a4eda611f9105833e1d0525db9175187 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 5 Feb 2022 11:14:20 +0200 Subject: [PATCH 061/419] Upgrade devture/email2matrix (1.0.1 -> 1.0.2) and disable self-building on ARM32/ARM64 1.0.2 is the first container image tag that is available as a multi-arch image with support for linux/amd64, linux/arm64/v8 (arm64) and linux/arm/v7 (arm32), so self-building is no longer necessary on all these platforms. --- group_vars/matrix_servers | 2 +- roles/matrix-email2matrix/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index aaec21e3..159782eb 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1253,7 +1253,7 @@ matrix_dynamic_dns_enabled: false matrix_email2matrix_enabled: false -matrix_email2matrix_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" ###################################################################### # diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 3dfabc1a..3b5d5678 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -8,7 +8,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" -matrix_email2matrix_version: 1.0.1 +matrix_email2matrix_version: 1.0.2 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" From b4ecadcb2f5d050dbed011320c1fb9ef3a0f4bd4 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 5 Feb 2022 10:37:09 +0100 Subject: [PATCH 062/419] Updated: Heisenbridge to 1.10.1 --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 6772c364..5f3ce9a8 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -3,7 +3,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.0 +matrix_heisenbridge_version: 1.10.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 509466018be0de51739022459226082cc38abdad Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 5 Feb 2022 10:49:14 +0100 Subject: [PATCH 063/419] Updated: ddclient to v3.9.1-ls77 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 2be1a5ba..187aee26 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -4,7 +4,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls76 +matrix_dynamic_dns_version: v3.9.1-ls77 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From e27e0b28c8ba39c0625794c4f5383a128c08a656 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 5 Feb 2022 10:52:31 +0100 Subject: [PATCH 064/419] Updated: grafana to 8.3.4 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index f802d2e5..024251b1 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.3.3 +matrix_grafana_version: 8.3.4 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 33851f1dfad7860a45badec1747118c16942b1a6 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 5 Feb 2022 10:58:09 +0100 Subject: [PATCH 065/419] Updated: nginx to 1.21.6-alpine --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6932c8c0..9f170cae 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,5 @@ matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.5-alpine +matrix_nginx_proxy_version: 1.21.6-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but From e0a088dbe3bf29aaa67686a9527d91112cdb6598 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 5 Feb 2022 11:01:52 +0100 Subject: [PATCH 066/419] Updated: prometheus to v.2.33.1 --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index d76ce744..202bccdc 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.31.1 +matrix_prometheus_version: v2.33.1 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 86c36523df44bddffb25efba072355e091934f4b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 5 Feb 2022 11:47:39 +0200 Subject: [PATCH 067/419] Replace ExecStopPost with ExecStop Reverts b1b4ba501fdfaa, 90c9801c560b6, a3c84f78ca9c65a, .. I haven't really traced it (yet), but on some servers, I'm observing `ansible-playbook ... --tags=start` completing very slowly, waiting to stop services. I can't reproduce this on all Matrix servers I manage. I suspect that either the systemd version is to blame or that some specific service is not responding well to some `docker kill/rm` command. `ExecStop` seems to work great in all cases and it's what we've been using for a very long time, so I'm reverting to that. --- .../templates/systemd/matrix-bot-go-neb.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-honoroit.service.j2 | 4 ++-- .../systemd/matrix-bot-matrix-reminder-bot.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-mjolnir.service.j2 | 4 ++-- .../systemd/matrix-appservice-discord.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-irc.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-slack.service.j2 | 4 ++-- .../systemd/matrix-appservice-webhooks.service.j2 | 4 ++-- .../templates/systemd/matrix-beeper-linkedin.service.j2 | 4 ++-- .../templates/systemd/matrix-heisenbridge.service.j2 | 4 ++-- .../templates/systemd/matrix-hookshot.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-facebook.service.j2 | 4 ++-- .../systemd/matrix-mautrix-googlechat.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-instagram.service.j2 | 4 ++-- .../systemd/matrix-mautrix-signal-daemon.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-signal.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-telegram.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-twitter.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-whatsapp.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-groupme.service.j2 | 4 ++-- .../systemd/matrix-mx-puppet-instagram.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-skype.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-slack.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-steam.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-twitter.service.j2 | 4 ++-- .../templates/systemd/matrix-sms-bridge.service.j2 | 4 ++-- .../templates/systemd/matrix-client-cinny.service.j2 | 4 ++-- .../templates/systemd/matrix-client-element.service.j2 | 4 ++-- .../templates/systemd/matrix-client-hydrogen.service.j2 | 4 ++-- .../templates/systemd/matrix-corporal.service.j2 | 4 ++-- .../templates/systemd/matrix-coturn.service.j2 | 4 ++-- .../templates/dendrite/systemd/matrix-dendrite.service.j2 | 4 ++-- .../templates/systemd/matrix-dimension.service.j2 | 4 ++-- .../templates/systemd/matrix-dynamic-dns.service.j2 | 4 ++-- .../templates/systemd/matrix-email2matrix.service.j2 | 4 ++-- .../templates/systemd/matrix-etherpad.service.j2 | 4 ++-- .../templates/systemd/matrix-grafana.service.j2 | 4 ++-- .../templates/jicofo/matrix-jitsi-jicofo.service.j2 | 4 ++-- .../templates/jvb/matrix-jitsi-jvb.service.j2 | 4 ++-- .../templates/prosody/matrix-jitsi-prosody.service.j2 | 4 ++-- .../templates/web/matrix-jitsi-web.service.j2 | 4 ++-- .../templates/systemd/matrix-ma1sd.service.j2 | 4 ++-- .../templates/systemd/matrix-mailer.service.j2 | 4 ++-- .../templates/systemd/matrix-nginx-proxy.service.j2 | 4 ++-- .../templates/systemd/matrix-postgres-backup.service.j2 | 4 ++-- .../templates/systemd/matrix-postgres.service.j2 | 4 ++-- .../systemd/matrix-prometheus-node-exporter.service.j2 | 4 ++-- .../matrix-prometheus-postgres-exporter.service.j2 | 4 ++-- .../templates/systemd/matrix-prometheus.service.j2 | 4 ++-- .../templates/systemd/matrix-redis.service.j2 | 4 ++-- .../templates/systemd/matrix-registration.service.j2 | 4 ++-- .../templates/systemd/matrix-sygnal.service.j2 | 4 ++-- .../templates/systemd/matrix-synapse-admin.service.j2 | 4 ++-- .../templates/goofys/systemd/matrix-goofys.service.j2 | 8 ++++---- .../synapse/systemd/matrix-synapse-worker.service.j2 | 4 ++-- .../templates/synapse/systemd/matrix-synapse.service.j2 | 4 ++-- 58 files changed, 118 insertions(+), 118 deletions(-) diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 056447eb..eabf1137 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index c4eb1a94..a2ba1a98 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index 14b5fa45..b1fe3c32 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index b2298312..0b018f25 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 8f61bd9f..84dee801 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 2c26c782..8650bd8d 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 9bf73711..21ba27ef 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index a227387a..f27111b3 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 84e4a9c2..4498b4f0 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index 6a0750bf..e27b88f1 100644 --- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge +ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 SyslogIdentifier=matrix-heisenbridge diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index 5fa2278c..16ff0592 100644 --- a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_co {% endfor %} {{ matrix_hookshot_docker_image }} -ExecStopPost=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} -ExecStopPost=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} Restart=always RestartSec=30 SyslogIdentifier={{ matrix_hookshot_container_url }} diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 07ee8fb7..f3af4b9f 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index 5a6ab799..c56473be 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 66f34d94..60f0e055 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 0157accc..33a5bab3 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 314bba6d..6f128da3 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index 0d3eb9b8..a65895ed 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 3f5cbd00..d24e960e 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 55509b85..73bdbc86 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 77daa825..4a492492 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 58b01e20..6ffb87cd 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index 7e008aeb..dabafd18 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index b2921a4f..965bb41c 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index 4c604bb7..9a7986e4 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index f130c095..973771b3 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index c736b7ca..0772872b 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index efa3e4e3..7e1b1c32 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 404b5aab..46c3463f 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -35,8 +35,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endfor %} {{ matrix_sms_bridge_docker_image }} -ExecStopPost=-/usr/bin/docker kill matrix-sms-bridge -ExecStopPost=-/usr/bin/docker rm matrix-sms-bridge +ExecStop=-/usr/bin/docker kill matrix-sms-bridge +ExecStop=-/usr/bin/docker rm matrix-sms-bridge Restart=always RestartSec=30 SyslogIdentifier=matrix-sms-bridge diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index aa5a0432..f4ebd6a0 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index d4ad2b9e..fe2a3a86 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 7a72e876..c85aeb97 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 9c42f2b1..262e2e77 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 778f8185..a39030af 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -43,8 +43,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 7592fca8..e14734dd 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -53,8 +53,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index 0451231b..e27a5558 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index 31e106f0..dfdd2f72 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-dynamic-dns diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index b620a13f..c9226768 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 index e55c57c7..d96c4260 100644 --- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 +++ b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ --sessionkey /data/sessionkey.json --apikey /data/apijey.json -ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-etherpad +ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad +ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad Restart=always RestartSec=30 SyslogIdentifier=matrix-etherpad diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index 64d40a5c..a4f81e35 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index b4944c84..6ecafaa0 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 5be32210..2785795d 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 452ff954..5a4a81e5 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index ff577670..35bfca67 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index c3d5850f..8e5cc6dd 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index ee316469..bf5a2e42 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 03bc32af..1143efd4 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 index 52e12edb..97c9ae7f 100644 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -21,8 +21,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backu --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ {{ matrix_postgres_backup_docker_image_to_use }} -ExecStopPost=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres-backup diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 5ef3646d..d62a689a 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index 0139b916..210a0d97 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index 4c9a4eda..993ebac4 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 2070ece3..ad75d664 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 b/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 index 9f9d2902..5f6699f8 100644 --- a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 +++ b/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 @@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-redis \ {{ matrix_redis_docker_image_to_use }} \ redis-server /usr/local/etc/redis/redis.conf -ExecStopPost=-/usr/bin/docker stop matrix-redis -ExecStopPost=-/usr/bin/docker rm matrix-redis +ExecStop=-/usr/bin/docker stop matrix-redis +ExecStop=-/usr/bin/docker rm matrix-redis Restart=always RestartSec=30 SyslogIdentifier=matrix-redis diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 index 8de331bf..e73e3e5f 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 84c6f6ea..019ab40c 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 28fe08aa..4823d89c 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index f74cbad9..df4a4f23 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -27,10 +27,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' TimeoutStartSec=5min -ExecStopPost=-{{ matrix_host_command_docker }} stop %n -ExecStopPost=-{{ matrix_host_command_docker }} kill %n -ExecStopPost=-{{ matrix_host_command_docker }} rm %n -ExecStopPost=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} +ExecStop=-{{ matrix_host_command_docker }} stop %n +ExecStop=-{{ matrix_host_command_docker }} kill %n +ExecStop=-{{ matrix_host_command_docker }} rm %n +ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} Restart=always RestartSec=5 SyslogIdentifier=matrix-goofys diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 66a323f9..43dc42d1 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -46,8 +46,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} -ExecStopPost=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStopPost=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} ExecReload={{ matrix_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' Restart=always diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index bfc8dd61..188db5ef 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -63,8 +63,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 From b244ab477ccace8774c1bd83cc5befa52a073104 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 5 Feb 2022 13:58:15 +0200 Subject: [PATCH 068/419] Upgrade email2matrix (1.0.2 -> 1.0.3) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1605 Fixes a regression introduced in ccb85b31a4ed. The `docker.io/devture/email2matrix:1.0.2` container image was faulty due to this https://github.com/devture/email2matrix/commit/49f966d6cc789423b7ba7100ea5d3523193345f3 --- roles/matrix-email2matrix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 3b5d5678..887db967 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -8,7 +8,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" -matrix_email2matrix_version: 1.0.2 +matrix_email2matrix_version: 1.0.3 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" From 7e5b88c3b7ac42ba9f333867f985cf959834d0d3 Mon Sep 17 00:00:00 2001 From: Marko Weltzer Date: Sat, 5 Feb 2022 21:32:54 +0100 Subject: [PATCH 069/419] fix: all praise the allmighty yamllinter --- .github/FUNDING.yml | 1 + .yamllint | 5 + collections/requirements.yml | 2 +- docs/configuring-playbook-bot-go-neb.md | 6 +- docs/configuring-playbook-bot-mjolnir.md | 2 +- ...guring-playbook-bridge-mautrix-facebook.md | 2 +- ...ring-playbook-bridge-mautrix-googlechat.md | 2 +- ...guring-playbook-bridge-mautrix-hangouts.md | 2 +- ...figuring-playbook-bridge-mautrix-signal.md | 2 +- ...guring-playbook-bridge-mautrix-telegram.md | 2 +- ...guring-playbook-bridge-mautrix-whatsapp.md | 2 +- docs/configuring-playbook-dimension.md | 2 +- docs/configuring-playbook-email2matrix.md | 2 +- docs/updating-users-passwords.md | 2 +- examples/haproxy/docker-compose.yml | 3 +- examples/vars.yml | 1 + group_vars/matrix_servers | 22 +-- roles/matrix-aux/tasks/main.yml | 2 + roles/matrix-awx/defaults/main.yml | 2 + roles/matrix-awx/tasks/backup_server.yml | 11 +- .../tasks/bridge_discord_appservice.yml | 5 +- .../tasks/cache_matrix_variables.yml | 1 + .../matrix-awx/tasks/create_session_token.yml | 3 +- roles/matrix-awx/tasks/create_user.yml | 1 + .../tasks/customise_website_access_export.yml | 18 +- roles/matrix-awx/tasks/export_server.yml | 6 +- .../tasks/load_hosting_and_org_variables.yml | 6 +- .../tasks/load_matrix_variables.yml | 4 +- roles/matrix-awx/tasks/main.yml | 54 +++--- .../matrix-awx/tasks/purge_database_main.yml | 42 ++--- roles/matrix-awx/tasks/purge_media_main.yml | 27 +-- roles/matrix-awx/tasks/rotate_ssh.yml | 2 +- roles/matrix-awx/tasks/self_check.yml | 24 +-- .../tasks/set_variables_corporal.yml | 4 +- .../tasks/set_variables_dimension.yml | 14 +- .../tasks/set_variables_element.yml | 4 +- .../tasks/set_variables_element_subdomain.yml | 4 +- .../matrix-awx/tasks/set_variables_jitsi.yml | 6 +- .../matrix-awx/tasks/set_variables_ma1sd.yml | 9 +- .../matrix-awx/tasks/set_variables_mailer.yml | 4 +- .../tasks/set_variables_synapse.yml | 7 +- .../tasks/set_variables_synapse_admin.yml | 6 +- roles/matrix-awx/tasks/update_variables.yml | 4 +- roles/matrix-base/defaults/main.yml | 1 + .../matrix-base/tasks/clean_up_old_files.yml | 2 +- roles/matrix-base/tasks/main.yml | 2 + roles/matrix-base/tasks/server_base/setup.yml | 6 +- .../tasks/server_base/setup_archlinux.yml | 2 +- .../tasks/server_base/setup_centos.yml | 2 +- .../tasks/server_base/setup_centos8.yml | 4 +- .../tasks/server_base/setup_debian.yml | 6 +- .../tasks/server_base/setup_raspbian.yml | 6 +- roles/matrix-base/tasks/setup_matrix_user.yml | 4 +- roles/matrix-base/tasks/setup_well_known.yml | 1 + .../tasks/util/ensure_fuse_installed.yml | 2 +- .../tasks/util/ensure_openssl_installed.yml | 2 +- roles/matrix-base/vars/main.yml | 1 + roles/matrix-bot-go-neb/defaults/main.yml | 6 +- roles/matrix-bot-go-neb/tasks/init.yml | 2 + roles/matrix-bot-go-neb/tasks/main.yml | 2 + .../matrix-bot-go-neb/tasks/setup_install.yml | 8 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-bot-honoroit/defaults/main.yml | 1 + roles/matrix-bot-honoroit/tasks/init.yml | 2 + roles/matrix-bot-honoroit/tasks/main.yml | 2 + .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 2 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- roles/matrix-bot-mjolnir/tasks/init.yml | 1 + roles/matrix-bot-mjolnir/tasks/main.yml | 2 + .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 6 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/migrate_nedb_to_postgres.yml | 4 +- .../tasks/setup_install.yml | 14 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 63 +++---- .../tasks/main.yml | 2 + .../tasks/migrate_nedb_to_postgres.yml | 4 +- .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 67 +++---- .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 2 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 70 +++---- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 1 - .../defaults/main.yml | 7 +- .../matrix-bridge-heisenbridge/tasks/init.yml | 1 + .../matrix-bridge-heisenbridge/tasks/main.yml | 2 + .../tasks/setup_install.yml | 6 +- .../tasks/setup_uninstall.yml | 6 +- .../matrix-bridge-hookshot/defaults/main.yml | 8 +- roles/matrix-bridge-hookshot/tasks/init.yml | 171 +++++++++--------- roles/matrix-bridge-hookshot/tasks/main.yml | 2 + .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 63 +++---- .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 63 +++---- .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 15 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 2 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 6 +- .../tasks/setup_uninstall.yml | 10 +- .../defaults/main.yml | 3 +- .../tasks/init.yml | 63 +++---- .../tasks/main.yml | 1 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 2 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 14 +- .../tasks/setup_uninstall.yml | 4 +- .../defaults/main.yml | 3 +- .../tasks/init.yml | 1 + .../tasks/main.yml | 1 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 1 - .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 2 +- .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 63 +++---- .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 1 + .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- .../defaults/main.yml | 2 + .../tasks/init.yml | 63 +++---- .../tasks/main.yml | 2 + .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-bridge-sms/defaults/main.yml | 1 + roles/matrix-bridge-sms/tasks/init.yml | 2 + roles/matrix-bridge-sms/tasks/main.yml | 2 + .../matrix-bridge-sms/tasks/setup_install.yml | 4 +- .../tasks/setup_uninstall.yml | 4 +- .../tasks/validate_config.yml | 2 +- roles/matrix-client-cinny/defaults/main.yml | 2 + roles/matrix-client-cinny/tasks/init.yml | 1 + roles/matrix-client-cinny/tasks/main.yml | 2 + .../matrix-client-cinny/tasks/self_check.yml | 2 +- .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-client-element/defaults/main.yml | 2 + roles/matrix-client-element/tasks/init.yml | 2 + roles/matrix-client-element/tasks/main.yml | 2 + .../tasks/migrate_riot_web.yml | 6 +- .../tasks/prepare_themes.yml | 2 +- .../tasks/self_check.yml | 2 +- .../tasks/setup_install.yml | 10 +- .../tasks/setup_uninstall.yml | 6 +- .../matrix-client-hydrogen/defaults/main.yml | 2 + roles/matrix-client-hydrogen/tasks/init.yml | 1 + roles/matrix-client-hydrogen/tasks/main.yml | 2 + .../tasks/self_check.yml | 2 +- .../tasks/setup_install.yml | 16 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-common-after/defaults/main.yml | 1 + roles/matrix-common-after/tasks/awx_post.yml | 6 +- .../tasks/dump_runtime_results.yml | 1 + roles/matrix-common-after/tasks/main.yml | 5 +- roles/matrix-common-after/tasks/start.yml | 62 +++---- roles/matrix-corporal/defaults/main.yml | 3 +- roles/matrix-corporal/tasks/init.yml | 1 + roles/matrix-corporal/tasks/main.yml | 2 + .../tasks/self_check_corporal.yml | 2 +- .../matrix-corporal/tasks/setup_corporal.yml | 10 +- roles/matrix-coturn/defaults/main.yml | 2 + roles/matrix-coturn/tasks/init.yml | 1 + roles/matrix-coturn/tasks/main.yml | 2 + roles/matrix-coturn/tasks/setup_install.yml | 6 +- roles/matrix-coturn/tasks/setup_uninstall.yml | 10 +- roles/matrix-dendrite/defaults/main.yml | 3 +- .../matrix-dendrite/tasks/dendrite/setup.yml | 1 + .../tasks/dendrite/setup_install.yml | 4 +- .../tasks/dendrite/setup_uninstall.yml | 6 +- roles/matrix-dendrite/tasks/init.yml | 2 + roles/matrix-dendrite/tasks/main.yml | 2 + roles/matrix-dendrite/tasks/register_user.yml | 2 +- .../tasks/self_check_client_api.yml | 2 +- .../tasks/self_check_federation_api.yml | 2 +- .../matrix-dendrite/tasks/setup_dendrite.yml | 4 +- roles/matrix-dimension/defaults/main.yml | 2 + roles/matrix-dimension/tasks/init.yml | 1 + roles/matrix-dimension/tasks/main.yml | 2 + .../matrix-dimension/tasks/setup_install.yml | 4 +- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 1 + roles/matrix-dimension/vars/main.yml | 2 +- roles/matrix-dynamic-dns/defaults/main.yml | 1 + roles/matrix-dynamic-dns/tasks/init.yml | 1 + roles/matrix-dynamic-dns/tasks/install.yml | 10 +- roles/matrix-dynamic-dns/tasks/main.yml | 2 + roles/matrix-dynamic-dns/tasks/uninstall.yml | 6 +- roles/matrix-email2matrix/defaults/main.yml | 2 + roles/matrix-email2matrix/tasks/init.yml | 2 + roles/matrix-email2matrix/tasks/main.yml | 2 + .../tasks/setup_install.yml | 10 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-etherpad/defaults/main.yml | 2 + roles/matrix-etherpad/tasks/init.yml | 84 ++++----- roles/matrix-etherpad/tasks/main.yml | 2 + roles/matrix-etherpad/tasks/setup_install.yml | 2 +- .../matrix-etherpad/tasks/setup_uninstall.yml | 6 +- .../matrix-etherpad/tasks/validate_config.yml | 2 + roles/matrix-grafana/defaults/main.yml | 7 +- roles/matrix-grafana/tasks/init.yml | 4 +- roles/matrix-grafana/tasks/main.yml | 2 + roles/matrix-grafana/tasks/setup.yml | 9 +- roles/matrix-jitsi/defaults/main.yml | 4 +- roles/matrix-jitsi/tasks/init.yml | 2 + roles/matrix-jitsi/tasks/main.yml | 2 + roles/matrix-jitsi/tasks/setup_jitsi_base.yml | 2 +- .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 12 +- roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 12 +- .../tasks/setup_jitsi_prosody.yml | 14 +- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 17 +- .../tasks/util/setup_jitsi_auth.yml | 6 +- roles/matrix-jitsi/tasks/validate_config.yml | 1 - roles/matrix-ma1sd/defaults/main.yml | 1 + roles/matrix-ma1sd/tasks/init.yml | 1 + roles/matrix-ma1sd/tasks/main.yml | 2 + roles/matrix-ma1sd/tasks/migrate_mxisd.yml | 32 ++-- roles/matrix-ma1sd/tasks/self_check_ma1sd.yml | 2 +- roles/matrix-ma1sd/tasks/setup_install.yml | 100 +++++----- roles/matrix-ma1sd/tasks/setup_uninstall.yml | 6 +- roles/matrix-mailer/defaults/main.yml | 2 + roles/matrix-mailer/tasks/init.yml | 1 + roles/matrix-mailer/tasks/main.yml | 2 + roles/matrix-mailer/tasks/setup_mailer.yml | 14 +- roles/matrix-nginx-proxy/defaults/main.yml | 1 + roles/matrix-nginx-proxy/tasks/init.yml | 1 + roles/matrix-nginx-proxy/tasks/main.yml | 3 +- .../tasks/self_check_well_known_file.yml | 4 +- .../tasks/setup_nginx_proxy.yml | 8 +- .../tasks/setup_well_known.yml | 3 +- ...tup_ssl_lets_encrypt_obtain_for_domain.yml | 19 +- .../tasks/ssl/setup_ssl_manually_managed.yml | 2 +- ...ssl_manually_managed_verify_for_domain.yml | 2 +- .../matrix-postgres-backup/defaults/main.yml | 2 + roles/matrix-postgres-backup/tasks/init.yml | 2 + .../tasks/setup_postgres_backup.yml | 8 +- roles/matrix-postgres/defaults/main.yml | 2 + .../tasks/import_generic_sqlite_db.yml | 2 +- .../matrix-postgres/tasks/import_postgres.yml | 2 +- .../tasks/import_synapse_sqlite_db.yml | 4 +- roles/matrix-postgres/tasks/init.yml | 2 + roles/matrix-postgres/tasks/main.yml | 2 + .../tasks/migrate_postgres_data_directory.yml | 4 +- roles/matrix-postgres/tasks/run_vacuum.yml | 6 +- .../matrix-postgres/tasks/setup_postgres.yml | 8 +- .../tasks/upgrade_postgres.yml | 8 +- .../util/create_additional_databases.yml | 2 +- .../tasks/util/migrate_db_to_postgres.yml | 4 +- .../defaults/main.yml | 1 + .../tasks/init.yml | 4 +- .../tasks/main.yml | 2 + .../tasks/setup.yml | 8 +- .../defaults/main.yml | 7 +- .../tasks/init.yml | 4 +- .../tasks/main.yml | 2 + .../tasks/setup.yml | 8 +- roles/matrix-prometheus/defaults/main.yml | 1 + roles/matrix-prometheus/tasks/init.yml | 4 +- roles/matrix-prometheus/tasks/main.yml | 2 + .../matrix-prometheus/tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-redis/defaults/main.yml | 2 + roles/matrix-redis/tasks/init.yml | 2 + roles/matrix-redis/tasks/main.yml | 2 + roles/matrix-redis/tasks/setup_redis.yml | 10 +- roles/matrix-registration/defaults/main.yml | 1 + .../tasks/generate_token.yml | 8 +- roles/matrix-registration/tasks/init.yml | 79 ++++---- .../matrix-registration/tasks/list_tokens.yml | 8 +- roles/matrix-registration/tasks/main.yml | 2 + .../tasks/setup_install.yml | 12 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-sygnal/defaults/main.yml | 1 + roles/matrix-sygnal/tasks/init.yml | 2 + roles/matrix-sygnal/tasks/main.yml | 2 + roles/matrix-sygnal/tasks/setup_install.yml | 2 +- roles/matrix-sygnal/tasks/setup_uninstall.yml | 6 +- roles/matrix-sygnal/tasks/validate_config.yml | 2 + roles/matrix-synapse-admin/defaults/main.yml | 1 + roles/matrix-synapse-admin/tasks/init.yml | 63 +++---- roles/matrix-synapse-admin/tasks/main.yml | 2 + roles/matrix-synapse-admin/tasks/setup.yml | 10 +- roles/matrix-synapse/defaults/main.yml | 5 +- .../tasks/ext/ldap-auth/setup.yml | 2 + .../ext/mjolnir-antispam/setup_install.yml | 6 +- .../synapse-simple-antispam/setup_install.yml | 6 +- .../tasks/goofys/setup_install.yml | 6 +- .../tasks/goofys/setup_uninstall.yml | 8 +- .../tasks/import_media_store.yml | 16 +- roles/matrix-synapse/tasks/init.yml | 1 + roles/matrix-synapse/tasks/main.yml | 4 +- roles/matrix-synapse/tasks/register_user.yml | 2 +- .../compress_room.yml | 2 + .../rust-synapse-compress-state/main.yml | 11 +- .../tasks/self_check_client_api.yml | 2 +- .../tasks/self_check_federation_api.yml | 4 +- roles/matrix-synapse/tasks/setup_synapse.yml | 6 +- .../tasks/synapse/setup_install.yml | 52 +++--- .../tasks/synapse/setup_uninstall.yml | 8 +- .../tasks/synapse/workers/init.yml | 1 + .../tasks/synapse/workers/setup_uninstall.yml | 2 +- .../inject_systemd_services_for_worker.yml | 1 + .../workers/util/setup_files_for_worker.yml | 2 + .../tasks/update_user_password.yml | 4 +- roles/matrix-synapse/vars/workers.yml | 10 +- 373 files changed, 1570 insertions(+), 1301 deletions(-) create mode 100644 .yamllint diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 6e7102bf..463b7cd4 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,4 @@ +--- # These are supported funding model platforms # https://liberapay.com/s.pantaleev/ diff --git a/.yamllint b/.yamllint new file mode 100644 index 00000000..75da2b70 --- /dev/null +++ b/.yamllint @@ -0,0 +1,5 @@ +--- +extends: default + +rules: + line-length: disable diff --git a/collections/requirements.yml b/collections/requirements.yml index 9d365441..483ed156 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,4 +1,4 @@ --- collections: - name: community.general - - name: community.docker + - name: community.docker diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index 33ce4dd3..00072b77 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -28,7 +28,7 @@ If you use curl, you can get an access token like this: ``` curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "bot.go-neb" }, + "identifier": { "type": "m.id.user", "user": "bot.go-neb"}, "password": "a strong password", "type": "m.login.password" }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' @@ -198,8 +198,8 @@ matrix_bot_go_neb_services: # Each room will get the notification with the alert rendered with the given template rooms: "!someroomid:domain.tld": - text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" - html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" + text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" + html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" msg_type: "m.text" # Must be either `m.text` or `m.notice` ``` diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 5ddb2ad3..5c2e14e4 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -28,7 +28,7 @@ If you use curl, you can get an access token like this: ``` curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "bot.mjolnir" }, + "identifier": { "type": "m.id.user", "user": "bot.mjolnir"}, "password": "PASSWORD_FOR_THE_BOT", "type": "m.login.password" }' 'https://matrix.DOMAIN/_matrix/client/r0/login' diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 282865e7..69462cee 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -50,7 +50,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Facebook", "initial_device_display_name": "Mautrix-Facebook"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Facebook", "initial_device_display_name": "Mautrix-Facebook"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-googlechat.md b/docs/configuring-playbook-bridge-mautrix-googlechat.md index 381d1f29..d2b0fc1e 100644 --- a/docs/configuring-playbook-bridge-mautrix-googlechat.md +++ b/docs/configuring-playbook-bridge-mautrix-googlechat.md @@ -33,7 +33,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index f6129777..30f01506 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -35,7 +35,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index f47640b9..0aacb32f 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -77,7 +77,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 0ac6c103..c9260744 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -32,7 +32,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 2af38be1..a6c975a9 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -48,7 +48,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index b938a6a3..bc9d63e7 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -53,7 +53,7 @@ To get an access token for the Dimension user, you can follow one of two options ``` curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "YourDimensionUsername" }, + "identifier": { "type": "m.id.user", "user": "YourDimensionUsername"}, "password": "YourDimensionPassword", "type": "m.login.password" }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index 510a9dcc..734a0273 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -40,7 +40,7 @@ To do this, you can execute a command like this: ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "email2matrix"}, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 7d2f2832..0bf1e181 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -41,5 +41,5 @@ If you didn't make your account a server admin when you created it, you can use ### Example: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: ``` -curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix./_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token +curl -XPOST -d '{ "new_password": "correct_horse_battery_staple"}' "https://matrix./_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token ``` diff --git a/examples/haproxy/docker-compose.yml b/examples/haproxy/docker-compose.yml index 9177161d..b5c9aab7 100644 --- a/examples/haproxy/docker-compose.yml +++ b/examples/haproxy/docker-compose.yml @@ -1,7 +1,8 @@ +--- version: '3' services: nginx: - image: local/nginx + image: local/nginx ports: - 40888:80 volumes: diff --git a/examples/vars.yml b/examples/vars.yml index f5776962..3ca8f460 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -1,3 +1,4 @@ +--- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index aaec21e3..2def0597 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -265,7 +265,7 @@ matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" +matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true}}" matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" @@ -303,7 +303,7 @@ matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" +matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true}}" # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. @@ -427,7 +427,7 @@ matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_g matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" +matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true}}" # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. @@ -1367,7 +1367,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "matrix-mailer" matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025 matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0 -matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" matrix_ma1sd_systemd_required_services_list: | {{ @@ -1479,7 +1479,7 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" -matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" # OCSP stapling does not make sense when self-signed certificates are used. # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073 @@ -1886,7 +1886,7 @@ matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_r matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}" matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}" -matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}" @@ -1924,7 +1924,7 @@ matrix_client_hydrogen_container_http_host_bind_port: "{{ '' if matrix_nginx_pro matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}" -matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" ###################################################################### # @@ -1951,7 +1951,7 @@ matrix_client_cinny_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}" -matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" ###################################################################### # @@ -2042,7 +2042,7 @@ matrix_synapse_turn_uris: | matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}" -matrix_synapse_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_synapse_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" matrix_synapse_systemd_required_services_list: | {{ @@ -2228,7 +2228,7 @@ matrix_registration_shared_secret: |- matrix_registration_server_location: "{{ matrix_homeserver_container_url }}" -matrix_registration_api_validate_certs: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_registration_api_validate_certs: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2320,7 +2320,7 @@ matrix_dendrite_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_dendrite_disable_tls_validation: "{{ true if matrix_ssl_retrieval_method == 'self-signed' else false }}" -matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}" diff --git a/roles/matrix-aux/tasks/main.yml b/roles/matrix-aux/tasks/main.yml index ee93f63a..2585715b 100644 --- a/roles/matrix-aux/tasks/main.yml +++ b/roles/matrix-aux/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/setup.yml" when: run_stop|bool tags: diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml index 1b61797e..cb847325 100755 --- a/roles/matrix-awx/defaults/main.yml +++ b/roles/matrix-awx/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_awx_enabled: true # Defaults for 'Customise Website + Access Export' template diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index d33f0f70..553eb1b9 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -1,3 +1,4 @@ +--- - name: Record Backup Server variables locally on AWX delegate_to: 127.0.0.1 @@ -38,18 +39,18 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true tags: use-survey - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Copy new 'matrix_vars.yml' to target machine copy: @@ -58,8 +59,8 @@ mode: '0660' tags: use-survey -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" +- name: Run initial backup of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" with_items: - borgmatic -c /root/.config/borgmatic/config_1.yaml - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 diff --git a/roles/matrix-awx/tasks/bridge_discord_appservice.yml b/roles/matrix-awx/tasks/bridge_discord_appservice.yml index 7cb24028..3c124db3 100644 --- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml +++ b/roles/matrix-awx/tasks/bridge_discord_appservice.yml @@ -1,3 +1,4 @@ +--- - name: Record Bridge Discord AppService variables locally on AWX delegate_to: 127.0.0.1 @@ -33,7 +34,7 @@ - name: Copy new 'Bridge Discord Appservice' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json' - dest: '/matrix/awx/bridge_discord_appservice.json' + dest: '/matrix/awx/bridge_discord_appservice.json' mode: '0660' - name: Recreate 'Bridge Discord Appservice' job template @@ -54,4 +55,4 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml index a34b3792..ca41880a 100644 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ b/roles/matrix-awx/tasks/cache_matrix_variables.yml @@ -1,3 +1,4 @@ +--- - name: Collect current datetime set_fact: diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml index 9f22a37e..7d984b3d 100644 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ b/roles/matrix-awx/tasks/create_session_token.yml @@ -1,3 +1,4 @@ +--- - name: Create a AWX session token for executing modules awx.awx.tower_token: @@ -7,4 +8,4 @@ tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_master_token }}" register: awx_session_token - no_log: True + no_log: true diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml index fefec426..7d203ed0 100755 --- a/roles/matrix-awx/tasks/create_user.yml +++ b/roles/matrix-awx/tasks/create_user.yml @@ -1,3 +1,4 @@ +--- # # Create user and define if they are admin # diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index c9b96026..80d6d795 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -48,7 +48,7 @@ - name: Reload vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template delegate_to: 127.0.0.1 @@ -60,7 +60,7 @@ - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' + dest: '/matrix/awx/configure_website_access_export.json' mode: '0660' when: awx_customise_base_domain_website is defined @@ -74,7 +74,7 @@ - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' + dest: '/matrix/awx/access_export.json' mode: '0660' when: awx_customise_base_domain_website is undefined @@ -92,12 +92,12 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: awx_customise_base_domain_website is defined - name: Recreate 'Access Export' job template @@ -114,12 +114,12 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: awx_customise_base_domain_website is undefined - name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account @@ -153,7 +153,7 @@ user: name: sftp groups: sftp - append: yes + append: true when: awx_customise_base_domain_website is defined - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) @@ -208,7 +208,7 @@ group: sftp mode: '0644' when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - + - name: Remove any existing Subsystem lines lineinfile: path: /etc/ssh/sshd_config diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml index d779028e..a2b97e79 100644 --- a/roles/matrix-awx/tasks/export_server.yml +++ b/roles/matrix-awx/tasks/export_server.yml @@ -1,7 +1,7 @@ --- -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" +- name: Run export of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" with_items: - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 @@ -23,7 +23,7 @@ command: rm /chroot/export/matrix* count: 1 units: days - unique: yes + unique: true - name: Delete the AWX session token for executing modules awx.awx.tower_token: diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index 69b2aac8..6e8bb899 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -3,14 +3,14 @@ - name: Include vars in organisation.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: True + no_log: true - name: Include vars in hosting_vars.yml include_vars: file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: True + no_log: true - name: Include AWX master token from awx_tokens.yml include_vars: file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: True + no_log: true diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml index 34754efb..7a76f34b 100755 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ b/roles/matrix-awx/tasks/load_matrix_variables.yml @@ -3,9 +3,9 @@ - name: Include new vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true -- name: If include_vars succeeds overwrite the old matrix_vars.yml +- name: If include_vars succeeds overwrite the old matrix_vars.yml delegate_to: 127.0.0.1 shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 6ac39a49..b5e951c6 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -1,6 +1,6 @@ - +--- # Load initial hosting and organisation variables from AWX volume -- include_tasks: +- include_tasks: file: "load_hosting_and_org_variables.yml" apply: tags: always @@ -9,7 +9,7 @@ - always # Renames or updates the vars.yml if needed -- include_tasks: +- include_tasks: file: "update_variables.yml" apply: tags: always @@ -18,7 +18,7 @@ - always # Create AWX session token -- include_tasks: +- include_tasks: file: "create_session_token.yml" apply: tags: always @@ -27,7 +27,7 @@ - always # Perform a backup of the server -- include_tasks: +- include_tasks: file: "backup_server.yml" apply: tags: backup-server @@ -36,7 +36,7 @@ - backup-server # Perform a export of the server -- include_tasks: +- include_tasks: file: "export_server.yml" apply: tags: export-server @@ -45,7 +45,7 @@ - export-server # Create a user account if called -- include_tasks: +- include_tasks: file: "create_user.yml" apply: tags: create-user @@ -54,7 +54,7 @@ - create-user # Purge local/remote media if called -- include_tasks: +- include_tasks: file: "purge_media_main.yml" apply: tags: purge-media @@ -63,7 +63,7 @@ - purge-media # Purge Synapse database if called -- include_tasks: +- include_tasks: file: "purge_database_main.yml" apply: tags: purge-database @@ -72,7 +72,7 @@ - purge-database # Rotate SSH key if called -- include_tasks: +- include_tasks: file: "rotate_ssh.yml" apply: tags: rotate-ssh @@ -81,16 +81,16 @@ - rotate-ssh # Import configs, media repo from /chroot/backup import -- include_tasks: +- include_tasks: file: "import_awx.yml" apply: tags: import-awx when: run_setup|bool and matrix_awx_enabled|bool tags: - import-awx - + # Perform extra self-check functions -- include_tasks: +- include_tasks: file: "self_check.yml" apply: tags: self-check @@ -99,7 +99,7 @@ - self-check # Create cached matrix_vars.yml file -- include_tasks: +- include_tasks: file: "cache_matrix_variables.yml" apply: tags: always @@ -108,7 +108,7 @@ - always # Configure SFTP so user can upload a static website or access the servers export -- include_tasks: +- include_tasks: file: "customise_website_access_export.yml" apply: tags: setup-nginx-proxy @@ -117,7 +117,7 @@ - setup-nginx-proxy # Additional playbook to set the variable file during Element configuration -- include_tasks: +- include_tasks: file: "set_variables_element.yml" apply: tags: setup-client-element @@ -126,7 +126,7 @@ - setup-client-element # Additional playbook to set the variable file during Mailer configuration -- include_tasks: +- include_tasks: file: "set_variables_mailer.yml" apply: tags: setup-mailer @@ -135,7 +135,7 @@ - setup-mailer # Additional playbook to set the variable file during Element configuration -- include_tasks: +- include_tasks: file: "set_variables_element_subdomain.yml" apply: tags: setup-client-element-subdomain @@ -144,7 +144,7 @@ - setup-client-element-subdomain # Additional playbook to set the variable file during Synapse configuration -- include_tasks: +- include_tasks: file: "set_variables_synapse.yml" apply: tags: setup-synapse @@ -153,7 +153,7 @@ - setup-synapse # Additional playbook to set the variable file during Jitsi configuration -- include_tasks: +- include_tasks: file: "set_variables_jitsi.yml" apply: tags: setup-jitsi @@ -162,7 +162,7 @@ - setup-jitsi # Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: +- include_tasks: file: "set_variables_ma1sd.yml" apply: tags: setup-ma1sd @@ -171,7 +171,7 @@ - setup-ma1sd # Additional playbook to set the variable file during Corporal configuration -- include_tasks: +- include_tasks: file: "set_variables_corporal.yml" apply: tags: setup-corporal @@ -180,7 +180,7 @@ - setup-corporal # Additional playbook to set the variable file during Dimension configuration -- include_tasks: +- include_tasks: file: "set_variables_dimension.yml" apply: tags: setup-dimension @@ -189,7 +189,7 @@ - setup-dimension # Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: +- include_tasks: file: "set_variables_synapse_admin.yml" apply: tags: setup-synapse-admin @@ -198,7 +198,7 @@ - setup-synapse-admin # Additional playbook to set the variable file during Discord Appservice Bridge configuration -- include_tasks: +- include_tasks: file: "bridge_discord_appservice.yml" apply: tags: bridge-discord-appservice @@ -207,7 +207,7 @@ - bridge-discord-appservice # Delete AWX session token -- include_tasks: +- include_tasks: file: "delete_session_token.yml" apply: tags: always @@ -216,7 +216,7 @@ - always # Load newly formed matrix variables from AWX volume -- include_tasks: +- include_tasks: file: "load_matrix_variables.yml" apply: tags: always diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index f29061fb..9882f195 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -9,20 +9,20 @@ - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Ensure curl and jq intalled on target machine apt: pkg: - - curl - - jq + - curl + - jq state: present - name: Collect before shrink size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_before_stat when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True + no_log: true - name: Collect the internal IP of the matrix-synapse container shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" @@ -34,7 +34,7 @@ curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_janitors_token - no_log: True + no_log: true - name: Copy build_room_list.py script to target machine copy: @@ -55,7 +55,7 @@ fetch: src: /tmp/room_list_complete.json dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: yes + flat: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Remove complete room list from target machine @@ -80,7 +80,7 @@ - name: Setting host fact awx_room_list_no_local_users set_fact: awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: True + no_log: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Purge all rooms with no local users @@ -113,7 +113,7 @@ set_fact: awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: True + no_log: true - name: Purge all rooms with more then N users include_tasks: purge_database_users.yml @@ -138,7 +138,7 @@ set_fact: awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: True + no_log: true - name: Purge all rooms with more then N events include_tasks: purge_database_events.yml @@ -161,17 +161,17 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Execute rust-synapse-compress-state job template delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes + wait: true tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -190,14 +190,14 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Ensure matrix-synapse is stopped service: name: matrix-synapse state: stopped - daemon_reload: yes + daemon_reload: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Re-index Synapse database @@ -208,7 +208,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Adjust 'Deploy/Update a Server' job template @@ -227,17 +227,17 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Execute run-postgres-vacuum job template delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes + wait: true tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -256,7 +256,7 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Cleanup room_list files @@ -264,13 +264,13 @@ shell: | rm /tmp/{{ subscription_id }}_room_list* when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: yes + ignore_errors: true - name: Collect after shrink size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_after_stat when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True + no_log: true - name: Print total number of rooms processed debug: diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index c836d16c..bd7e7d1c 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -1,3 +1,4 @@ +--- - name: Ensure dateutils is installed in AWX delegate_to: 127.0.0.1 @@ -8,13 +9,13 @@ - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Ensure curl and jq intalled on target machine apt: pkg: - - curl - - jq + - curl + - jq state: present - name: Collect the internal IP of the matrix-synapse container @@ -25,7 +26,7 @@ shell: | curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' register: awx_janitors_token - no_log: True + no_log: true - name: Generate list of dates to purge to delegate_to: 127.0.0.1 @@ -37,16 +38,16 @@ register: awx_local_media_size_before when: awx_purge_media_type == "Local Media" async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate initial size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_before when: awx_purge_media_type == "Remote Media" - async: 600 - ignore_errors: yes - no_log: True + async: 600 + ignore_errors: true + no_log: true - name: Purge local media with loop include_tasks: purge_media_local.yml @@ -62,15 +63,15 @@ shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_after when: awx_purge_media_type == "Local Media" - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate final size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_after when: awx_purge_media_type == "Remote Media" - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Print size of local media repository before purge debug: diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml index 9596f504..bd59cbc1 100644 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ b/roles/matrix-awx/tasks/rotate_ssh.yml @@ -4,7 +4,7 @@ authorized_key: user: root state: present - exclusive: yes + exclusive: true key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - name: Delete the AWX session token for executing modules diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index a7b0cb3a..68e833a4 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -25,53 +25,53 @@ shell: | curl -s localhost:9000 | grep "^synapse_admin_mau_current " register: awx_mau_stat - no_log: True + no_log: true - name: Calculate CPU usage statistics shell: iostat -c register: awx_cpu_usage_stat - no_log: True + no_log: true - name: Calculate RAM usage statistics shell: free -mh register: awx_ram_usage_stat - no_log: True + no_log: true - name: Calculate free disk space shell: df -h register: awx_disk_space_stat - no_log: True + no_log: true - name: Calculate size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_stat - no_log: True + no_log: true - name: Calculate size of local media repository shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_stat async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_stat async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate docker container statistics shell: docker stats --all --no-stream register: awx_docker_stats - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Print size of remote media repository debug: msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" when: awx_remote_media_size_stat is defined - + - name: Print size of local media repository debug: msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index e911144d..007ae59f 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -235,9 +235,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index eee4e6f2..7d401114 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -3,18 +3,18 @@ - name: Include vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true - name: Install jq and curl on remote machine apt: - name: + name: - jq - curl state: present - name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX @@ -27,7 +27,7 @@ with_dict: 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"' - + - name: Set final users list if users are defined set_fact: awx_dimension_users_final: "{{ awx_dimension_users }}" @@ -80,7 +80,7 @@ - name: Copy new 'Configure Dimension' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' + dest: '/matrix/awx/configure_dimension.json' mode: '0660' - name: Recreate 'Configure Dimension' job template @@ -97,9 +97,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index 491c91b3..4b2ce859 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -172,9 +172,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml index 9e47be16..1c78b9e0 100644 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml @@ -9,7 +9,7 @@ insertafter: '# Element Settings Start' with_dict: 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - + - name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: @@ -40,4 +40,4 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 2e8f1f8e..b12391bf 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -20,7 +20,7 @@ - name: Copy new 'Configure Jitsi' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' + dest: '/matrix/awx/configure_jitsi.json' mode: '0660' - name: Recreate 'Configure Jitsi' job template @@ -37,9 +37,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index db5037d1..fba7225a 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -66,7 +66,7 @@ with_dict: 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: True + no_log: true - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template delegate_to: 127.0.0.1 @@ -77,7 +77,7 @@ - name: Copy new 'Configure ma1sd' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' + dest: '/matrix/awx/configure_ma1sd.json' mode: '0660' - name: Recreate 'Configure ma1sd (Advanced)' job template @@ -94,10 +94,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml index 2ae2d513..6581223d 100644 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -36,9 +36,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index f0fe2369..f749f03f 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -1,3 +1,4 @@ +--- - name: Limit max upload size to 200MB part 1 set_fact: @@ -197,7 +198,7 @@ - name: Copy new 'Configure Synapse' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' + dest: '/matrix/awx/configure_synapse.json' mode: '0660' - name: Recreate 'Configure Synapse' job template @@ -214,9 +215,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index 635befb5..1e63fb71 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -19,7 +19,7 @@ - name: Copy new 'Configure Synapse Admin' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' + dest: '/matrix/awx/configure_synapse_admin.json' mode: '0660' - name: Recreate 'Configure Synapse Admin' job template @@ -36,9 +36,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml index 9818a9c2..e072667f 100644 --- a/roles/matrix-awx/tasks/update_variables.yml +++ b/roles/matrix-awx/tasks/update_variables.yml @@ -12,7 +12,7 @@ command: | openssl rand -hex 16 register: generic_secret - no_log: True + no_log: true when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) - name: Add new matrix_homeserver_generic_secret_key variable @@ -22,5 +22,5 @@ line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}" insertbefore: '# Basic Settings End' mode: '0600' - state: present + state: present when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index be403de7..83238aa1 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -1,3 +1,4 @@ +--- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/matrix-base/tasks/clean_up_old_files.yml index 01d4a83d..03eb8bcc 100644 --- a/roles/matrix-base/tasks/clean_up_old_files.yml +++ b/roles/matrix-base/tasks/clean_up_old_files.yml @@ -6,4 +6,4 @@ state: absent with_items: - "{{ matrix_base_data_path }}/environment-variables" - - "{{ matrix_base_data_path }}/scratchpad" \ No newline at end of file + - "{{ matrix_base_data_path }}/scratchpad" diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index f9db37b3..1cdc0432 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/sanity_check.yml" tags: - always diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index 0869e501..909dd839 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -13,7 +13,7 @@ name: - lsb-release state: present - update_cache: yes + update_cache: true register: lsb_release_installation_result - name: Reread ansible_lsb facts if lsb-release got installed @@ -34,10 +34,10 @@ service: name: docker state: started - enabled: yes + enabled: true - name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" service: name: "{{ matrix_ntpd_service }}" state: started - enabled: yes + enabled: true diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/matrix-base/tasks/server_base/setup_archlinux.yml index 6c5cdff8..a4912a5d 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/matrix-base/tasks/server_base/setup_archlinux.yml @@ -6,7 +6,7 @@ - python-docker - python-dnspython state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed pacman: diff --git a/roles/matrix-base/tasks/server_base/setup_centos.yml b/roles/matrix-base/tasks/server_base/setup_centos.yml index cbf7fbc6..34113bd9 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos.yml +++ b/roles/matrix-base/tasks/server_base/setup_centos.yml @@ -22,7 +22,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed yum: diff --git a/roles/matrix-base/tasks/server_base/setup_centos8.yml b/roles/matrix-base/tasks/server_base/setup_centos8.yml index e6127f47..4b5b069d 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos8.yml +++ b/roles/matrix-base/tasks/server_base/setup_centos8.yml @@ -22,14 +22,14 @@ name: - epel-release state: latest - update_cache: yes + update_cache: true - name: Ensure yum packages are installed yum: name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed yum: diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index 1cd7ac41..5b169df7 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -7,7 +7,7 @@ - ca-certificates - gnupg state: present - update_cache: yes + update_cache: true - name: Ensure Docker's APT key is trusted apt_key: @@ -22,7 +22,7 @@ apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed @@ -30,7 +30,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed apt: diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index 4aed3c76..6a09f2fe 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -7,7 +7,7 @@ - ca-certificates - gnupg state: present - update_cache: yes + update_cache: true - name: Ensure Docker's APT key is trusted apt_key: @@ -22,7 +22,7 @@ apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed @@ -30,7 +30,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed apt: diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index ab5e8111..41604f87 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -18,8 +18,8 @@ state: present group: "{{ matrix_user_groupname }}" home: "{{ matrix_base_data_path }}" - create_home: no - system: yes + create_home: false + system: true register: matrix_user - name: Set Matrix Group UID Variable diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index 11ee48b9..3f475950 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -1,3 +1,4 @@ +--- # We need others to be able to read these directories too, # so that matrix-nginx-proxy's nginx user can access the files. # diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index 948c6082..7708cf2d 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -1,4 +1,4 @@ - +--- # This is for both CentOS 7 and 8 - name: Ensure fuse installed (CentOS) yum: diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml index 39442bca..047f1b52 100644 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -1,4 +1,4 @@ - +--- # This is for both CentOS 7 and 8 - name: Ensure openssl installed (CentOS) yum: diff --git a/roles/matrix-base/vars/main.yml b/roles/matrix-base/vars/main.yml index 8b99708b..28ac226a 100644 --- a/roles/matrix-base/vars/main.yml +++ b/roles/matrix-base/vars/main.yml @@ -1,3 +1,4 @@ +--- # This will contain a list of enabled services that the playbook is managing. # Each component is expected to append its service name to this list. matrix_systemd_services_list: [] diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index c5a1f636..fa57b109 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. # See: https://github.com/matrix-org/go-neb @@ -203,8 +204,8 @@ matrix_bot_go_neb_services: [] # # Each room will get the notification with the alert rendered with the given template # rooms: # "!someroomid:domain.tld": -# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" -# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" +# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" +# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" # msg_type: "m.text" # Must be either `m.text` or `m.notice` # Default configuration template which covers the generic use case. @@ -228,4 +229,3 @@ matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_e # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml index 169f5978..b046d494 100644 --- a/roles/matrix-bot-go-neb/tasks/init.yml +++ b/roles/matrix-bot-go-neb/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" when: matrix_bot_go_neb_enabled|bool diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/matrix-bot-go-neb/tasks/main.yml index 1a4fe70a..3c2ed9c5 100644 --- a/roles/matrix-bot-go-neb/tasks/main.yml +++ b/roles/matrix-bot-go-neb/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index e26be080..a390eb5e 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -11,9 +11,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_go_neb_config_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true } + - {path: "{{ matrix_bot_go_neb_config_path }}", when: true} + - {path: "{{ matrix_bot_go_neb_data_path }}", when: true} + - {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true} when: "item.when|bool" - name: Ensure go-neb image is pulled @@ -40,7 +40,7 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_go_neb_systemd_service_result.changed|bool" - name: Ensure matrix-bot-go-neb.service restarted, if necessary diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml index 3610eb44..a009badf 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-go-neb state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_go_neb_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - name: Ensure Matrix go-neb paths don't exist diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 2c4a3169..2c50a1f7 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -1,3 +1,4 @@ +--- # honoroit is a helpdesk bot # See: https://gitlab.com/etke.cc/honoroit diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/matrix-bot-honoroit/tasks/init.yml index 1b652e56..5ace015b 100644 --- a/roles/matrix-bot-honoroit/tasks/init.yml +++ b/roles/matrix-bot-honoroit/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" when: matrix_bot_honoroit_enabled|bool diff --git a/roles/matrix-bot-honoroit/tasks/main.yml b/roles/matrix-bot-honoroit/tasks/main.yml index bc5c1490..7d66177c 100644 --- a/roles/matrix-bot-honoroit/tasks/main.yml +++ b/roles/matrix-bot-honoroit/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 0d2d325b..81f2eabc 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -33,10 +33,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_honoroit_config_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_data_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_config_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_data_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure honoroit environment variables file created @@ -70,7 +70,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_bot_honoroit_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_honoroit_container_image_self_build|bool" - name: Ensure matrix-bot-honoroit.service installed @@ -82,7 +82,7 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_honoroit_systemd_service_result.changed|bool" - name: Ensure matrix-bot-honoroit.service restarted, if necessary diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml index afad2cc1..45bccabd 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-honoroit state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_honoroit_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_honoroit_service_stat.stat.exists|bool" - name: Ensure Matrix honoroit paths don't exist diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 419e3cca..76b153e7 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-reminder-bot is a bot for one-off and recurring reminders # See: https://github.com/anoadragon453/matrix-reminder-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml index 7fd12524..41496955 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" when: matrix_bot_matrix_reminder_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml index fc2afddb..d9a1df7e 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index bd33326f..e237bc21 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -34,10 +34,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure matrix-reminder-bot image is pulled @@ -65,7 +65,7 @@ build: dockerfile: docker/Dockerfile path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" - name: Ensure matrix-reminder-bot config installed @@ -85,7 +85,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index d7e41201..eb7543c5 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-matrix-reminder-bot state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - name: Ensure Matrix matrix-reminder-bot paths don't exist diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 7a39091d..9f45432c 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -1,3 +1,4 @@ +--- # A moderation tool for Matrix # See: https://github.com/matrix-org/mjolnir @@ -56,4 +57,3 @@ matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml index b8ab58f1..e09964ec 100644 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/matrix-bot-mjolnir/tasks/main.yml index eada8de5..a2a20914 100644 --- a/roles/matrix-bot-mjolnir/tasks/main.yml +++ b/roles/matrix-bot-mjolnir/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index e770b6d5..3f4d5d8f 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -11,10 +11,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" } + - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"} when: "item.when|bool" - name: Ensure mjolnir Docker image is pulled @@ -42,7 +42,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_mjolnir_container_image_self_build|bool" - name: Ensure matrix-bot-mjolnir config installed @@ -62,7 +62,7 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" - name: Ensure matrix-bot-mjolnir.service restarted, if necessary diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 7fff5e13..93585977 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-mjolnir state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - name: Ensure matrix-bot-mjolnir paths don't exist diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 92a51a31..daa83dea 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-discord is a Matrix <-> Discord bridge # See: https://github.com/Half-Shot/matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index ef64e78a..e16a6979 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml index bad5e320..5df7bfe2 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 546e5043..924531ad 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -54,8 +54,8 @@ service: name: matrix-appservice-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_appservice_discord_stat_db.stat.exists" @@ -105,7 +105,7 @@ - name: Ensure systemd reloaded after matrix-appservice-discord.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_discord_systemd_service_result.changed" - name: Ensure matrix-appservice-discord.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 5dd8075d..ab56c26b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" - name: Ensure matrix-appservice-discord.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-discord.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 25b0a241..fa861308 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Matrix Appservice IRC is a Matrix <-> IRC bridge # See: https://github.com/matrix-org/matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index b90d93a5..5e181412 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml index da92ecf0..339615ea 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 6b39ac62..d7fcaa07 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." @@ -16,7 +18,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 63ee6621..23c175c4 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -10,10 +10,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_irc_base_path }}", when: true } - - { path: "{{ matrix_appservice_irc_config_path }}", when: true } - - { path: "{{ matrix_appservice_irc_data_path }}", when: true } - - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" } + - {path: "{{ matrix_appservice_irc_base_path }}", when: true} + - {path: "{{ matrix_appservice_irc_config_path }}", when: true} + - {path: "{{ matrix_appservice_irc_data_path }}", when: true} + - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"} when: item.when|bool - name: Check if an old passkey file already exists @@ -26,7 +26,7 @@ service: name: matrix-appservice-irc state: stopped - daemon_reload: yes + daemon_reload: true failed_when: false - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory @@ -82,7 +82,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_appservice_irc_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed" - name: Ensure Matrix Appservice IRC config installed @@ -186,7 +186,7 @@ - name: Ensure systemd reloaded after matrix-appservice-irc.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_irc_systemd_service_result.changed" - name: Ensure matrix-appservice-irc.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 51507817..a4d95df5 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-irc state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" - name: Ensure matrix-appservice-irc.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-irc.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index b1c98d2a..e303f834 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-slack is a Matrix <-> Slack bridge # See: https://github.com/matrix-org/matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 7f251ec5..2ff7c942 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -39,40 +40,40 @@ when: "matrix_synapse_role_executed|default(False)" - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; - {% endif %} - } + - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_appservice_slack_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; + {% endif %} + } - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_slack_matrix_nginx_proxy_configuration] - }} + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_appservice_slack_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_appservice_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/matrix-bridge-appservice-slack/tasks/main.yml index acd03fff..06c3abb6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/main.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index fedad977..0bea65bc 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." @@ -16,7 +18,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 8c5a1eed..af2003fc 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -8,10 +8,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_slack_base_path }}", when: true } - - { path: "{{ matrix_appservice_slack_config_path }}", when: true } - - { path: "{{ matrix_appservice_slack_data_path }}", when: true } - - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" } + - {path: "{{ matrix_appservice_slack_base_path }}", when: true} + - {path: "{{ matrix_appservice_slack_config_path }}", when: true} + - {path: "{{ matrix_appservice_slack_data_path }}", when: true} + - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"} when: item.when|bool - set_fact: @@ -56,7 +56,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_appservice_slack_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed" - name: Ensure Matrix Appservice Slack config installed @@ -84,7 +84,7 @@ - name: Ensure systemd reloaded after matrix-appservice-slack.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_slack_systemd_service_result.changed" - name: Ensure matrix-appservice-slack.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 2dfe1c7b..dffe78b3 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" - name: Ensure matrix-appservice-slack.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-slack.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index f987c087..7a6db2d0 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-webhooks is a Matrix <-> webhook bridge # See: https://github.com/redoonetworks/matrix-appservice-webhooks diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 7f49e8b6..35d62ded 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed @@ -32,42 +33,42 @@ when: "matrix_synapse_role_executed|default(False)" - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_appservice_webhooks_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; - } - {% endif %} + - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; + proxy_pass http://$backend/$1; + } + {% else %} + {# Generic configuration for use outside of our container setup #} + location {{ matrix_appservice_webhooks_public_endpoint }}/ { + proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; + } + {% endif %} - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] - }} + - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_appservice_webhooks_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml index 216905f3..26a7e24c 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 1b276efc..1f40d731 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -8,10 +8,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_webhooks_base_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_config_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_data_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} + - {path: "{{ matrix_appservice_webhooks_base_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_config_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_data_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Appservice webhooks image is pulled @@ -40,7 +40,7 @@ build: dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_webhooks_container_image_self_build|bool" - name: Ensure Matrix Appservice webhooks config is installed @@ -84,5 +84,5 @@ - name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_webhooks_systemd_service_result.changed" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 81440b88..38235652 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-webhooks state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" - name: Ensure matrix-appservice-webhooks.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 34c9c3cb..e622522d 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -1,3 +1,4 @@ +--- # beeper-linkedin is a Matrix <-> LinkedIn bridge # See: https://gitlab.com/beeper/linkedin diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 755ac2f5..977db925 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml index 79c54f1a..920265fb 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c873d0c2..3cec1c1f 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -15,10 +15,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_beeper_linkedin_base_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_config_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_data_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}" } + - {path: "{{ matrix_beeper_linkedin_base_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_data_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"} when: "item.when|bool" @@ -31,38 +31,38 @@ when: "not matrix_beeper_linkedin_container_image_self_build|bool" - block: - - name: Ensure Beeper LinkedIn repository is present on self-build - git: - repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" - dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" - version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" - force: "yes" - register: matrix_beeper_linkedin_git_pull_results + - name: Ensure Beeper LinkedIn repository is present on self-build + git: + repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" + dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" + version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" + force: "yes" + register: matrix_beeper_linkedin_git_pull_results - # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. - # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 - - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image - command: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ - -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" + # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. + # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 + - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image + command: | + {{ matrix_host_command_docker }} run \ + --rm \ + --entrypoint=/bin/sh \ + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ + -w /work \ + docker.io/python:3.9.6-buster \ + -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" - - name: Ensure Beeper LinkedIn Docker image is built - docker_image: - name: "{{ matrix_beeper_linkedin_docker_image }}" - source: build - force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_beeper_linkedin_docker_src_files_path }}" - pull: yes - args: - TARGETARCH: "{{ matrix_architecture }}" + - name: Ensure Beeper LinkedIn Docker image is built + docker_image: + name: "{{ matrix_beeper_linkedin_docker_image }}" + source: build + force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_beeper_linkedin_docker_src_files_path }}" + pull: true + args: + TARGETARCH: "{{ matrix_architecture }}" when: "matrix_beeper_linkedin_container_image_self_build|bool" - name: Ensure beeper-linkedin config.yaml installed @@ -90,5 +90,5 @@ - name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 175613f0..befa2f61 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-beeper-linkedin state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" - name: Ensure matrix-beeper-linkedin.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml index fe33defa..d808de08 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -8,4 +8,3 @@ with_items: - "matrix_beeper_linkedin_appservice_token" - "matrix_beeper_linkedin_homeserver_token" - diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 6772c364..dddbb960 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -1,3 +1,4 @@ +--- # heisenbridge is a bouncer-style Matrix IRC bridge # See: https://github.com/hifi/heisenbridge @@ -34,13 +35,13 @@ matrix_heisenbridge_registration_yaml: id: heisenbridge url: http://matrix-heisenbridge:9898 as_token: "{{ matrix_heisenbridge_appservice_token }}" - hs_token: "{{ matrix_heisenbridge_homeserver_token }}" + hs_token: "{{ matrix_heisenbridge_homeserver_token }}" rate_limited: false sender_localpart: heisenbridge namespaces: users: - - regex: '@hbirc_.*' - exclusive: true + - regex: '@hbirc_.*' + exclusive: true aliases: [] rooms: [] diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index 18e89b68..a66d7199 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/matrix-bridge-heisenbridge/tasks/main.yml index 1358709d..a266643d 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/main.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 03cf9ec3..29b5842b 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -4,8 +4,8 @@ docker_image: name: "{{ matrix_heisenbridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" - name: Ensure heisenbridge paths exist file: @@ -34,5 +34,5 @@ - name: Ensure systemd reloaded after matrix-heisenbridge.service installation service: - daemon_reload: yes + daemon_reload: true when: matrix_heisenbridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index cf100a89..54d5bd67 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-heisenbridge state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" - name: Ensure matrix-heisenbridge.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-heisenbridge.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index e32dba3b..2db8ba77 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -1,3 +1,5 @@ +--- + # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. # https://github.com/Half-Shot/matrix-hookshot @@ -43,11 +45,11 @@ matrix_hookshot_github_appid: '' # Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. matrix_hookshot_github_private_key: '' matrix_hookshot_github_private_key_file: 'private-key.pem' -matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page +matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false # You need to configure oauth settings only when you have enabled oauth (optional) -matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page -matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page +matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page +matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 67b793d4..a2229c36 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed @@ -24,98 +25,98 @@ when: matrix_hookshot_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy - set_fact: - matrix_hookshot_matrix_nginx_proxy_configuration: | - location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_configuration: | + location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% if matrix_hookshot_provisioning_enabled %} + location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } {% endif %} - proxy_set_header Host $host; - } - {% if matrix_hookshot_provisioning_enabled %} - location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; - {% endif %} - proxy_set_header Host $host; - } - {% endif %} - location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; - {% endif %} - proxy_set_header Host $host; - } + location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } - - name: Register hookshot proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_hookshot_matrix_nginx_proxy_configuration] - }} + - name: Register hookshot proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_configuration] + }} - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy - set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | - {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} - location {{ matrix_hookshot_metrics_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; - proxy_pass http://$backend/metrics; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; - {% endif %} - proxy_set_header Host $host; - {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | + {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} + location {{ matrix_hookshot_metrics_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + proxy_set_header Host $host; + {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + {% endif %} + } {% endif %} - } - {% endif %} - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) - + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] - }} + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + }} tags: - - always + - always when: matrix_hookshot_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/matrix-bridge-hookshot/tasks/main.yml index 85ab2589..409b6175 100644 --- a/roles/matrix-bridge-hookshot/tasks/main.yml +++ b/roles/matrix-bridge-hookshot/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 059dd7b5..416db621 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -80,5 +80,5 @@ - name: Ensure systemd reloaded after matrix-hookshot.service installation service: - daemon_reload: yes + daemon_reload: true when: matrix_hookshot_systemd_service_result.changed diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml index 89ab01b4..d8efbb02 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-hookshot state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_hookshot_service_stat.stat.exists" - name: Ensure matrix-hookshot.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-hookshot.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_hookshot_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index e8b161e6..f781ba91 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-facebook is a Matrix <-> Facebook bridge # See: https://github.com/mautrix/facebook diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index cf67f227..d97a3230 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml index 54fb6f9d..b6e65fe2 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index d5230bca..3fa42970 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_facebook_base_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_config_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_data_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_facebook_base_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_config_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_data_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Facebook repository is present on self-build @@ -74,7 +74,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_facebook_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_facebook_container_image_self_build|bool" - name: Check if an old database file already exists @@ -86,8 +86,8 @@ service: name: matrix-mautrix-facebook state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_facebook_stat_database.stat.exists" @@ -120,7 +120,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Ensure matrix-mautrix-facebook.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index abbce350..1c8fbd3b 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-facebook state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" - name: Ensure matrix-mautrix-facebook.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 02bef16a..1b89bea6 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-googlechat is a Matrix <-> googlechat bridge # See: https://github.com/mautrix/googlechat diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index 5c8d82bf..e64cb44c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,39 +24,39 @@ when: matrix_mautrix_googlechat_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-googlechat:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] - }} + - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_googlechat_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-googlechat:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_googlechat_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml index defcd58a..16054e7b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 293e8817..9faf344f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_googlechat_base_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_config_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_data_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_googlechat_base_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_config_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_data_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_googlechat_container_image_self_build|bool" - name: Check if an old database file already exists @@ -85,8 +85,8 @@ service: name: matrix-mautrix-googlechat state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_googlechat_stat_database.stat.exists" @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_googlechat_systemd_service_result.changed" - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index bdcaa6e7..a315c0c8 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-googlechat state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" - name: Ensure matrix-mautrix-googlechat.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml index 7aa42870..083e8d34 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml @@ -11,4 +11,4 @@ - "matrix_mautrix_googlechat_homeserver_token" - debug: msg: - - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' + - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 013e1d14..911c81c6 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-hangouts is a Matrix <-> Hangouts bridge # See: https://github.com/mautrix/hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 59756ec9..65d4776e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,39 +24,39 @@ when: matrix_mautrix_hangouts_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-hangouts:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] - }} + - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_hangouts_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml index 0df0d0e3..b43ff478 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index fb5236fd..368ee5f8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_hangouts_base_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_config_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_data_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_hangouts_base_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_config_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_data_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_hangouts_container_image_self_build|bool" - name: Check if an old database file already exists @@ -85,8 +85,8 @@ service: name: matrix-mautrix-hangouts state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_hangouts_stat_database.stat.exists" @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_hangouts_systemd_service_result.changed" - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 34348cfd..8ce859c8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-hangouts state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" - name: Ensure matrix-mautrix-hangouts.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 8922bef4..0242ef16 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -11,4 +11,4 @@ - "matrix_mautrix_hangouts_homeserver_token" - debug: msg: - - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' + - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a3783328..9fc42cea 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-instagram is a Matrix <-> Instagram bridge # See: https://github.com/mautrix/instagram diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index c44855d8..d33acd09 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml index 7326e22d..b6ffcd06 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 38a7f62e..dc95af3a 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -23,13 +23,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_instagram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_data_path }}", when: true } - - { - path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", - when: "{{ matrix_mautrix_instagram_container_image_self_build }}", - } + - {path: "{{ matrix_mautrix_instagram_base_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_config_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_data_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", when: "{{ matrix_mautrix_instagram_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix instagram repository is present on self-build @@ -49,7 +46,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_instagram_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_instagram_container_image_self_build|bool" - name: Ensure mautrix-instagram config.yaml installed @@ -77,5 +74,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_instagram_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index 02e20b61..2cc0e0e9 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -8,8 +8,8 @@ service: name: matrix-mautrix-instagram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" - name: Ensure matrix-mautrix-instagram.service doesn't exist @@ -20,5 +20,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ceaa9b87..ca06c268 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-signal is a Matrix <-> Signal bridge # See: https://github.com/mautrix/signal diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 6133e865..21d52066 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/matrix-bridge-mautrix-signal/tasks/main.yml index edca20e6..643b94c9 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 1a9b2915..6fd0f813 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -34,7 +34,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_signal_container_image_self_build|bool" @@ -64,7 +64,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" - name: Ensure Mautrix Signal paths exist @@ -114,5 +114,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-signal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index b36ef81d..8ca2be3f 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -10,8 +10,8 @@ service: name: matrix-mautrix-signal-daemon state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist @@ -30,8 +30,8 @@ service: name: matrix-mautrix-signal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal.service doesn't exist @@ -43,5 +43,5 @@ # All services - name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index bcdcfdd8..f9e7f890 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-telegram is a Matrix <-> Telegram bridge # See: https://github.com/mautrix/telegram @@ -7,7 +8,7 @@ matrix_telegram_lottieconverter_container_image_self_build: false matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 662ea1c3..267658ef 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mautrix_telegram_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-telegram:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9006; - {% endif %} - } + - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_telegram_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-telegram:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9006; + {% endif %} + } - - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] - }} + - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_telegram_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml index 8a218ed8..018b30da 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 1e34e2cd..ceda10a5 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -42,10 +42,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_telegram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_data_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_telegram_base_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_config_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_data_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Telegram image is pulled @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build|bool" - name: Ensure matrix-mautrix-telegram repository is present when self-building @@ -107,8 +107,8 @@ service: name: matrix-mautrix-telegram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_telegram_stat_database.stat.exists" @@ -141,7 +141,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_telegram_systemd_service_result.changed" - name: Ensure matrix-mautrix-telegram.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index bc84edbb..a713898b 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-telegram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" - name: Ensure matrix-mautrix-telegram.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 6a72706b..f8fd29c8 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-twitter is a Matrix <-> Twitter bridge # See: https://github.com/mautrix/twitter diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 4f8df9e0..5b526bbd 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}" when: matrix_mautrix_twitter_enabled|bool diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml index 60eea099..6c0abe4f 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index c27eeccd..86134d2b 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -27,17 +27,17 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_twitter_base_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_config_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_data_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_twitter_base_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_config_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_data_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Twitter repository is present on self-build git: repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" -# version: "{{ matrix_coturn_docker_image.split(':')[1] }}" + # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" force: "yes" register: matrix_mautrix_twitter_git_pull_results when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build" @@ -50,7 +50,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_twitter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool" - name: Ensure mautrix-twitter config.yaml installed @@ -78,7 +78,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_systemd_service_result.changed" - name: Ensure matrix-mautrix-twitter.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 28819726..024603e7 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ service: name: matrix-mautrix-twitter state: stopped - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" - name: Ensure matrix-mautrix-twitter.service doesn't exist @@ -20,5 +20,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index aaa1f04a..adc30fc8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-whatsapp is a Matrix <-> Whatsapp bridge # See: https://github.com/mautrix/whatsapp @@ -77,7 +78,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: # Servers to always allow double puppeting from matrix_mautrix_whatsapp_bridge_double_puppet_server_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" + "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index f320bc74..57166386 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml index 188eae4a..0a963eb2 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index ddd49dd0..d33524f3 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -44,10 +44,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Whatsapp image is pulled @@ -76,7 +76,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_whatsapp_container_image_self_build|bool" - name: Check if an old database file exists @@ -93,8 +93,8 @@ service: name: matrix-mautrix-whatsapp state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_whatsapp_stat_database.stat.exists" @@ -131,7 +131,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 7dd4b402..3884f9e7 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-whatsapp state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - name: Ensure matrix-mautrix-whatsapp.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index 48314190..c983c4cc 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -8,4 +8,3 @@ with_items: - "matrix_mautrix_whatsapp_appservice_token" - "matrix_mautrix_whatsapp_homeserver_token" - diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 23d4ebf4..80734c25 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Discord is a Matrix <-> Discord bridge # See: https://github.com/matrix-discord/mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 6fa43037..69458093 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml index 3ca32335..e11a2db0 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index f9985ed8..3ef57cb7 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_discord_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}"} when: matrix_mx_puppet_discord_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -32,8 +32,8 @@ service: name: matrix-mx-puppet-discord state: stopped - daemon_reload: yes - failed_when: False + daemon_reload: true + failed_when: false - name: (Data relocation) Move mx-puppet-discord database file to ./data directory command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" @@ -90,7 +90,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" - name: Ensure mx-puppet-discord config.yaml installed @@ -118,7 +118,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_discord_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-discord.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index a0298ad9..b3ab8e39 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-discord.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 8b382605..0daf6dfc 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge # See: https://gitlab.com/robintown/mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index b4469ea1..db28f324 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml index 994e7e45..070f920b 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 3ed4867c..84802c4f 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}"} when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-groupme state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_groupme_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure mx-puppet-groupme config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_groupme_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index f9ecce58..24daf7be 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-groupme state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-groupme.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 27210360..3a73e0fe 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mx-puppet-instagram bridges instagram DMs # See: https://github.com/Sorunome/mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index a12885e7..d16e6be0 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -21,4 +22,3 @@ + {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} when: matrix_mx_puppet_instagram_enabled|bool - diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml index d0fe90e4..6abb281f 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index cdbaa18e..63f1878b 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -51,10 +51,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}"} when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool - name: Ensure mx-puppet-instagram repository is present on self build @@ -74,7 +74,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" - name: Ensure mx-puppet-instagram config.yaml installed @@ -102,7 +102,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_instagram_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index 9ad4e13d..e4435a3e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-instagram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-instagram.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 8dcb2faf..905e5086 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Skype is a Matrix <-> Skype bridge # See: https://github.com/Sorunome/mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index 5618821b..d28f6ca1 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml index 01ddd7d8..0793e994 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a39e7acf..28573533 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_skype_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_skype_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}"} when: matrix_mx_puppet_skype_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-skype state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_skype_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - name: Ensure mx-puppet-skype config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_skype_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-skype.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml index a1af7e33..838c3be5 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-skype state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_skype_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-skype.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 4b8af36a..bf5c6dfa 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Slack is a Matrix <-> Slack bridge # See: https://github.com/Sorunome/mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 74ec0350..897f3f8f 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mx_puppet_slack_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; - {% endif %} - } + - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_slack_redirect_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; + {% endif %} + } - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] - }} + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mx_puppet_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml index 6aa0fd0f..0e886d45 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 8ef8ac4e..eca29e9b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_slack_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}"} when: matrix_mx_puppet_slack_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_slack_stat_database.stat.exists" @@ -87,7 +87,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" - name: (Data relocation) Move mx-puppet-slack database file to ./data directory @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_slack_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-slack.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index f6e7d33e..3a119267 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-slack.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 2af4a32a..91675fce 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Steam is a Matrix <-> Steam bridge # See: https://github.com/matrix-steam/mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index c3218e89..efca4110 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml index cd6bb147..733cfa90 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index a92d63fb..a1786ba9 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_steam_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}"} when: matrix_mx_puppet_steam_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-steam state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_steam_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure mx-puppet-steam config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_steam_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-steam.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index 608bde73..2e152ef6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-steam state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-steam.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 0e37d51f..37be2be2 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -1,3 +1,5 @@ +--- + # Mx Puppet Twitter is a Matrix <-> Twitter bridge # See: https://github.com/Sorunome/mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 2054d23c..9d868bfe 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mx_puppet_twitter_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; - {% endif %} - } + - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } - - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] - }} + - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mx_puppet_twitter_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml index af355df3..7d65257c 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index a6250a16..8ca4f3f1 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}"} when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-twitter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_twitter_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure mx-puppet-twitter config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_twitter_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 1382ee58..56dcd9ce 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-twitter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-twitter.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index d3a686ce..82ffce6e 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-sms-bridge is a Matrix <-> SMS bridge # See: https://github.com/benkuly/matrix-sms-bridge diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index 5979d132..b8af8e60 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -1,3 +1,5 @@ +--- + # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/matrix-bridge-sms/tasks/main.yml index c1c499de..b06e1a54 100644 --- a/roles/matrix-bridge-sms/tasks/main.yml +++ b/roles/matrix-bridge-sms/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 61de923f..1f296043 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-sms-bridge.service installation service: - daemon_reload: yes - when: matrix_sms_bridge_systemd_service_result.changed \ No newline at end of file + daemon_reload: true + when: matrix_sms_bridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml index ad8442bc..d74476eb 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-sms-bridge state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_sms_bridge_service_stat.stat.exists" - name: Ensure matrix-sms-bridge.service doesn't exist diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml index f89b18fa..96e41755 100644 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ b/roles/matrix-bridge-sms/tasks/validate_config.yml @@ -13,4 +13,4 @@ - "matrix_sms_bridge_default_timezone" - "matrix_sms_bridge_provider_android_baseurl" - "matrix_sms_bridge_provider_android_username" - - "matrix_sms_bridge_provider_android_password" \ No newline at end of file + - "matrix_sms_bridge_provider_android_password" diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 15313950..1cb9b26f 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/matrix-client-cinny/tasks/init.yml index e6889e4d..04fbd8a2 100644 --- a/roles/matrix-client-cinny/tasks/init.yml +++ b/roles/matrix-client-cinny/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-client-cinny/tasks/main.yml b/roles/matrix-client-cinny/tasks/main.yml index 8a39c021..5c37d38e 100644 --- a/roles/matrix-client-cinny/tasks/main.yml +++ b/roles/matrix-client-cinny/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-cinny/tasks/self_check.yml b/roles/matrix-client-cinny/tasks/self_check.yml index df1241a8..d00408da 100644 --- a/roles/matrix-client-cinny/tasks/self_check.yml +++ b/roles/matrix-client-cinny/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_cinny_self_check_validate_certificates }}" register: matrix_client_cinny_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Cinny not working diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5d92f1d3..5571d8d0 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -7,16 +7,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_cinny_data_path }}", when: true } - - { path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}" } + - {path: "{{ matrix_client_cinny_data_path }}", when: true} + - {path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Cinny Docker image is pulled docker_image: - name: "{{ matrix_client_cinny_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" + name: "{{ matrix_client_cinny_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" - name: Ensure Cinny repository is present on self-build @@ -55,7 +55,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_cinny_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_cinny_container_image_self_build|bool" - name: Ensure matrix-client-cinny.service installed @@ -67,5 +67,5 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_cinny_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/matrix-client-cinny/tasks/setup_uninstall.yml index 2a3bffb5..507c5d70 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/matrix-client-cinny/tasks/setup_uninstall.yml @@ -8,8 +8,8 @@ service: name: matrix-client-cinny state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_cinny_service_stat.stat.exists|bool" @@ -21,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_cinny_service_stat.stat.exists|bool" - name: Ensure Cinny paths doesn't exist diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 542821a4..d5ada7ee 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/matrix-client-element/tasks/init.yml index 44fa1544..cb1df0b5 100644 --- a/roles/matrix-client-element/tasks/init.yml +++ b/roles/matrix-client-element/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}" when: matrix_client_element_enabled|bool diff --git a/roles/matrix-client-element/tasks/main.yml b/roles/matrix-client-element/tasks/main.yml index f020382a..28e23e8a 100644 --- a/roles/matrix-client-element/tasks/main.yml +++ b/roles/matrix-client-element/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/matrix-client-element/tasks/migrate_riot_web.yml index 304e9fbf..ee0fd446 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/matrix-client-element/tasks/migrate_riot_web.yml @@ -10,8 +10,8 @@ service: name: matrix-riot-web state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" @@ -23,7 +23,7 @@ - name: Ensure systemd reloaded after matrix-riot-web.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" - name: Check existence of /matrix/riot-web diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index 1453e37d..bfb9837b 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -25,7 +25,7 @@ - name: Load Element theme set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" + matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" with_items: "{{ matrix_client_element_theme_file_contents.results }}" run_once: true diff --git a/roles/matrix-client-element/tasks/self_check.yml b/roles/matrix-client-element/tasks/self_check.yml index 34b6b88b..d05644c8 100644 --- a/roles/matrix-client-element/tasks/self_check.yml +++ b/roles/matrix-client-element/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}" register: matrix_client_element_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Element not working diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index b14a0dd5..3b877e8e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -8,8 +8,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_element_data_path }}", when: true } - - { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" } + - {path: "{{ matrix_client_element_data_path }}", when: true} + - {path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Element Docker image is pulled @@ -37,7 +37,7 @@ path: "{{ matrix_client_element_docker_src_files_path }}/webpack.config.js" regexp: '(\s+)splitChunks: \{' line: '\1splitChunks: { maxSize: 100000,' - backrefs: yes + backrefs: true owner: root group: root mode: '0644' @@ -52,7 +52,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_element_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_element_container_image_self_build|bool" - name: Ensure Element configuration installed @@ -93,5 +93,5 @@ - name: Ensure systemd reloaded after matrix-client-element.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/matrix-client-element/tasks/setup_uninstall.yml index 82805b78..55bc20d6 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/matrix-client-element/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-client-element state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_element_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-client-element.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_service_stat.stat.exists|bool" - name: Ensure Element paths doesn't exist diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index e73dea37..64bb0ba9 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_hydrogen_enabled: true # Self building is used by default because the `config.json` file is only read at build time. diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml index 8116a003..c6801e51 100644 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ b/roles/matrix-client-hydrogen/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 8d5c493f..13d157cc 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index c7407dcd..28af9c78 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_hydrogen_self_check_validate_certificates }}" register: matrix_client_hydrogen_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Hydrogen not working diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index 2f949927..d8372768 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -8,16 +8,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_hydrogen_data_path }}", when: true } - - { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" } + - {path: "{{ matrix_client_hydrogen_data_path }}", when: true} + - {path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Hydrogen Docker image is pulled docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" + name: "{{ matrix_client_hydrogen_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure Hydrogen repository is present on self-build @@ -59,7 +59,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure matrix-client-hydrogen.service installed @@ -71,5 +71,5 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_hydrogen_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml index 64d20166..7aff2916 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-client-hydrogen state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_hydrogen_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_hydrogen_service_stat.stat.exists|bool" - name: Ensure Hydrogen paths doesn't exist diff --git a/roles/matrix-common-after/defaults/main.yml b/roles/matrix-common-after/defaults/main.yml index 8112191a..51c48c7d 100644 --- a/roles/matrix-common-after/defaults/main.yml +++ b/roles/matrix-common-after/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Specifies how long to wait between starting systemd services and checking if they're started. # # A too low value may lead to a failure, as services may not have enough time to start and potentially fail. diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 9c472ca3..ad0a0ee8 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -6,7 +6,7 @@ register: cmd when: not awx_janitor_user_created|bool no_log: false - + - name: Update AWX janitor user created variable delegate_to: 127.0.0.1 lineinfile: @@ -24,7 +24,7 @@ register: cmd when: not awx_dimension_user_created|bool no_log: false - + - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 lineinfile: @@ -42,7 +42,7 @@ register: cmd when: not awx_mjolnir_user_created|bool no_log: false - + - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 lineinfile: diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml index 9788bf84..44ae1a30 100644 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ b/roles/matrix-common-after/tasks/dump_runtime_results.yml @@ -1,3 +1,4 @@ +--- # Ansible outputs the message in the `item=` field. # It's unnecessary to output it again in the actual message, so we don't. - debug: diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index b4503ae1..75dee15d 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/start.yml" when: run_start|bool @@ -12,7 +13,7 @@ - import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" tags: - always - + - import_tasks: "{{ role_path }}/tasks/awx_post.yml" when: run_setup|bool and matrix_awx_enabled|bool tags: @@ -21,5 +22,3 @@ - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune - - diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index 64ab4d99..02fa672e 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -6,7 +6,7 @@ - name: Ensure systemd is reloaded service: - daemon_reload: yes + daemon_reload: true - name: Ensure Matrix services are stopped service: @@ -35,39 +35,39 @@ become: false - block: - - name: Populate service facts - service_facts: + - name: Populate service facts + service_facts: - - name: Fail if service isn't detected to be running - fail: - msg: >- - {{ item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. - If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. - You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. - See `roles/matrix-common-after/defaults/main.yml` for more details about that. - with_items: "{{ matrix_systemd_services_list }}" - when: - - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" + - name: Fail if service isn't detected to be running + fail: + msg: >- + {{ item }} was not detected to be running. + It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). + Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. + If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. + You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. + See `roles/matrix-common-after/defaults/main.yml` for more details about that. + with_items: "{{ matrix_systemd_services_list }}" + when: + - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" when: " ansible_distribution != 'Archlinux'" - block: - # Currently there is a bug in ansible that renders is incompatible with systemd. - # service_facts is not collecting the data successfully. - # Therefore iterating here manually - - name: Fetch systemd information - systemd: - name: "{{ item }}" - register: systemdstatus - with_items: "{{ matrix_systemd_services_list }}" + # Currently there is a bug in ansible that renders is incompatible with systemd. + # service_facts is not collecting the data successfully. + # Therefore iterating here manually + - name: Fetch systemd information + systemd: + name: "{{ item }}" + register: systemdstatus + with_items: "{{ matrix_systemd_services_list }}" - - name: Fail if service isn't detected to be running - fail: - msg: >- - {{ item.item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. - with_items: "{{ systemdstatus.results }}" - when: "item.status['ActiveState'] != 'active'" + - name: Fail if service isn't detected to be running + fail: + msg: >- + {{ item.item }} was not detected to be running. + It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). + Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. + with_items: "{{ systemdstatus.results }}" + when: "item.status['ActiveState'] != 'active'" when: "ansible_distribution == 'Archlinux'" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 47f0b5af..66896e0e 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-corporal is a reconciliator and gateway for a managed Matrix server. # See: https://github.com/devture/matrix-corporal @@ -25,7 +26,7 @@ matrix_corporal_systemd_required_services_list: ['docker.service'] matrix_corporal_version: 2.2.3 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility +matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index e5062c27..b2f50e93 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml index 90c8105c..7ff359d0 100644 --- a/roles/matrix-corporal/tasks/main.yml +++ b/roles/matrix-corporal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index f7c15109..b702c00f 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -8,7 +8,7 @@ url: "{{ corporal_client_api_url_endpoint_public }}" follow_redirects: none return_content: true - check_mode: no + check_mode: false register: result_corporal_client_api ignore_errors: true diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 8e007c4f..b8edc596 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -35,7 +35,7 @@ build: dockerfile: etc/docker/Dockerfile path: "{{ matrix_corporal_container_src_files_path }}" - pull: yes + pull: true when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" - name: Ensure Matrix Corporal Docker image is pulled @@ -65,7 +65,7 @@ - name: Ensure systemd reloaded after matrix-corporal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" @@ -83,8 +83,8 @@ service: name: matrix-corporal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" @@ -96,7 +96,7 @@ - name: Ensure systemd reloaded after matrix-corporal.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal files don't exist diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 4d7ccf6b..f1274657 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index a7d8a343..93e4fa3a 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/matrix-coturn/tasks/main.yml index 9794bcb3..76352df1 100644 --- a/roles/matrix-coturn/tasks/main.yml +++ b/roles/matrix-coturn/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index c31406b1..f5726e32 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -14,7 +14,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} + - {path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Coturn image is pulled @@ -43,7 +43,7 @@ build: dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_coturn_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_coturn_container_image_self_build|bool" - name: Ensure Coturn configuration path exists @@ -101,5 +101,5 @@ - name: Ensure systemd reloaded if systemd units changed service: - daemon_reload: yes + daemon_reload: true when: "matrix_coturn_systemd_service_change_results.changed" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/matrix-coturn/tasks/setup_uninstall.yml index b642c6d0..097ba873 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/matrix-coturn/tasks/setup_uninstall.yml @@ -10,16 +10,16 @@ service: name: matrix-coturn state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_coturn_service_stat.stat.exists|bool" - name: Ensure matrix-coturn-reload.timer is stopped service: name: matrix-coturn state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_coturn_service_stat.stat.exists|bool" @@ -35,7 +35,7 @@ - name: Ensure systemd reloaded after unit removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool" - name: Ensure Matrix coturn paths don't exist diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 23789540..ec3937c7 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Dendrite is a second-generation Matrix homeserver currently in Beta # See: https://github.com/matrix-org/dendrite @@ -127,7 +128,7 @@ matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] matrix_dendrite_turn_shared_secret: "" -matrix_dendrite_turn_allow_guests: False +matrix_dendrite_turn_allow_guests: false # Controls whether the self-check feature should validate TLS certificates. matrix_dendrite_disable_tls_validation: false diff --git a/roles/matrix-dendrite/tasks/dendrite/setup.yml b/roles/matrix-dendrite/tasks/dendrite/setup.yml index 8b669193..f988d918 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup.yml @@ -1,4 +1,5 @@ --- + - import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index 3e3b2199..7b3c12d5 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -4,7 +4,7 @@ stat: path: "{{ matrix_dendrite_media_store_path }}" register: local_path_media_store_stat - ignore_errors: yes + ignore_errors: true # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. @@ -67,7 +67,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dendrite_systemd_service_result.changed|bool" - name: Ensure matrix-dendrite-create-account script created diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index 7e953365..89d5481c 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-dendrite service stat: path: "{{ matrix_systemd_path }}/matrix-dendrite.service" @@ -7,7 +9,7 @@ service: name: matrix-dendrite state: stopped - daemon_reload: yes + daemon_reload: true register: stopping_result when: "matrix_dendrite_service_stat.stat.exists" @@ -19,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure Dendrite Docker image doesn't exist diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/matrix-dendrite/tasks/init.yml index 2e2e551a..524ef6ee 100644 --- a/roles/matrix-dendrite/tasks/init.yml +++ b/roles/matrix-dendrite/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/matrix-dendrite/tasks/main.yml index 815135d7..5483adec 100644 --- a/roles/matrix-dendrite/tasks/main.yml +++ b/roles/matrix-dendrite/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index 099d57e9..b8e3ae5e 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -13,7 +13,7 @@ service: name: matrix-dendrite state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Wait a while, so that Dendrite can manage to start diff --git a/roles/matrix-dendrite/tasks/self_check_client_api.yml b/roles/matrix-dendrite/tasks/self_check_client_api.yml index 7c2f6b5e..2470d818 100644 --- a/roles/matrix-dendrite/tasks/self_check_client_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_client_api.yml @@ -6,7 +6,7 @@ validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" register: result_matrix_dendrite_client_api ignore_errors: true - check_mode: no + check_mode: false - name: Fail if Matrix Client API not working fail: diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/matrix-dendrite/tasks/self_check_federation_api.yml index a7c60a67..0afca2cb 100644 --- a/roles/matrix-dendrite/tasks/self_check_federation_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_federation_api.yml @@ -6,7 +6,7 @@ validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" register: result_matrix_dendrite_federation_api ignore_errors: true - check_mode: no + check_mode: false - name: Fail if Matrix Federation API not working fail: diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index 04c3a7fe..cbe0cf84 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -7,8 +7,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } - - { path: "{{ matrix_dendrite_ext_path }}", when: true } + - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} + - {path: "{{ matrix_dendrite_ext_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 1ca5f5b8..c4da906d 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_dimension_enabled: false # You are required to specify an access token for Dimension to work. diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml index 85ca04ea..6336cb4d 100644 --- a/roles/matrix-dimension/tasks/init.yml +++ b/roles/matrix-dimension/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" when: matrix_dimension_enabled|bool diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml index aad55286..c2f01399 100644 --- a/roles/matrix-dimension/tasks/main.yml +++ b/roles/matrix-dimension/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index c75fc0b9..92c21c9e 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -111,7 +111,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_dimension_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_dimension_container_image_self_build|bool" - name: Ensure matrix-dimension.service installed @@ -123,7 +123,7 @@ - name: Ensure systemd reloaded after matrix-dimension.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dimension_systemd_service_result.changed|bool" - name: Ensure matrix-dimension.service restarted, if necessary diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml index 21f34df0..cdfbe07a 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/matrix-dimension/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-dimension state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_dimension_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-dimension.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dimension_service_stat.stat.exists|bool" - name: Ensure Dimension base directory doesn't exist diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml index ead8352b..8413c42f 100644 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -1,3 +1,4 @@ +--- - name: Fail if required Dimension settings not defined fail: msg: >- diff --git a/roles/matrix-dimension/vars/main.yml b/roles/matrix-dimension/vars/main.yml index 107bb4fa..131024cc 100644 --- a/roles/matrix-dimension/vars/main.yml +++ b/roles/matrix-dimension/vars/main.yml @@ -2,4 +2,4 @@ # Doing `|from_yaml` when the extension contains nothing yields an empty string (""). # We need to ensure it's a dictionary or `|combine` (when building `matrix_dimension_configuration`) will fail later. -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" \ No newline at end of file +matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 2be1a5ba..28f4fe0a 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Whether dynamic dns is enabled matrix_dynamic_dns_enabled: true diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index e7d33ff2..6ea6a60b 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index ac69ec89..e2e4f043 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -16,9 +16,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dynamic_dns_base_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_config_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}" } + - {path: "{{ matrix_dynamic_dns_base_path }}", when: true} + - {path: "{{ matrix_dynamic_dns_config_path }}", when: true} + - {path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}"} when: matrix_dynamic_dns_enabled|bool and item.when|bool - name: Ensure Dynamic DNS repository is present on self build @@ -38,7 +38,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_dynamic_dns_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" - name: Ensure Dynamic DNS ddclient.conf installed @@ -58,5 +58,5 @@ - name: Ensure systemd reloaded after matrix-dynamic-dns.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dynamic_dns_systemd_service_result.changed" diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/matrix-dynamic-dns/tasks/main.yml index f9aaab8f..8b8b306c 100644 --- a/roles/matrix-dynamic-dns/tasks/main.yml +++ b/roles/matrix-dynamic-dns/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml index 9d511051..80842c9c 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-dynamic-dns state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" - name: Ensure matrix-dynamic-dns.service doesn't exist @@ -21,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-dynamic-dns.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" # Intentionally not removing the Docker image when uninstalling. diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 3dfabc1a..767f0d1a 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_email2matrix_enabled: true matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml index 0c8ffc0c..5f582212 100644 --- a/roles/matrix-email2matrix/tasks/init.yml +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml index 77be7279..35bda4fa 100644 --- a/roles/matrix-email2matrix/tasks/main.yml +++ b/roles/matrix-email2matrix/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 7805c2c1..44f2ef7d 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_email2matrix_base_path }}", when: true } - - { path: "{{ matrix_email2matrix_config_dir_path }}", when: true } - - { path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} + - {path: "{{ matrix_email2matrix_base_path }}", when: true} + - {path: "{{ matrix_email2matrix_config_dir_path }}", when: true} + - {path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Email2Matrix configuration file created @@ -47,7 +47,7 @@ build: dockerfile: etc/docker/Dockerfile path: "{{ matrix_email2matrix_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_email2matrix_container_image_self_build|bool" - name: Ensure matrix-email2matrix.service installed @@ -59,5 +59,5 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_email2matrix_systemd_service_result.changed|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml index 270b9250..27d35f2d 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/matrix-email2matrix/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-email2matrix state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_email2matrix_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_email2matrix_service_stat.stat.exists|bool" - name: Ensure Email2Matrix data path doesn't exist diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index bcabc3dd..0daf24a3 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index c94e0817..b155064c 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -1,52 +1,54 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" when: matrix_etherpad_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-etherpad role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - set_fact: - matrix_etherpad_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; + - name: Generate Etherpad proxying configuration for matrix-nginx-proxy + set_fact: + matrix_etherpad_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; - location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-etherpad:9001/; - {# These are proxy directives needed specifically by Etherpad #} - proxy_buffering off; - proxy_http_version 1.1; # recommended with keepalive connections - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {# Generic configuration for use outside of our container setup #} - # A good guide for setting up your Etherpad behind nginx: - # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html - proxy_pass http://127.0.0.1:9001/; - {% endif %} - } + location {{ matrix_etherpad_public_endpoint }}/ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-etherpad:9001/; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; # recommended with keepalive connections + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } - - name: Register Etherpad proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) - + - [matrix_etherpad_matrix_nginx_proxy_configuration] - }} + - name: Register Etherpad proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) + + + [matrix_etherpad_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_etherpad_enabled|bool diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/matrix-etherpad/tasks/main.yml index 27548aaf..bf59d838 100644 --- a/roles/matrix-etherpad/tasks/main.yml +++ b/roles/matrix-etherpad/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index a93c28de..27832e14 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -32,5 +32,5 @@ - name: Ensure systemd reloaded after matrix-etherpad.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_etherpad_systemd_service_result.changed|bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml index a63d3fb1..ae1f2604 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-etherpad state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_etherpad_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-etherpad.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_etherpad_service_stat.stat.exists|bool" - name: Ensure Etherpad base directory doesn't exist diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml index c76dc3b5..f9438e7b 100644 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ b/roles/matrix-etherpad/tasks/validate_config.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Etherpad is enabled without the Dimension integrations manager fail: msg: >- diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index f802d2e5..d8438442 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-grafana is open source visualization and analytics software # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md @@ -11,8 +12,8 @@ matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith # they might still want to look at the old existing data. # So it would be silly to delete the dashboard in such case. matrix_grafana_dashboard_download_urls: -- "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" -- "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" + - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" + - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana" matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config" @@ -32,7 +33,7 @@ matrix_grafana_default_admin_user: admin matrix_grafana_default_admin_password: admin # Set to true to add the Content-Security-Policy header to your requests. -# CSP allows to control resources that the user agent can load and helps +# CSP allows to control resources that the user agent can load and helps # prevent XSS attacks. # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) matrix_grafana_content_security_policy: true diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/matrix-grafana/tasks/init.yml index 8a22e301..4c2cbf06 100644 --- a/roles/matrix-grafana/tasks/init.yml +++ b/roles/matrix-grafana/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" when: matrix_grafana_enabled|bool - - diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/matrix-grafana/tasks/main.yml index fb16c394..c93fd500 100644 --- a/roles/matrix-grafana/tasks/main.yml +++ b/roles/matrix-grafana/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index c5cee64c..5f9d21c1 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -77,7 +77,7 @@ - name: Ensure systemd reloaded after matrix-grafana.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed" # @@ -93,8 +93,8 @@ service: name: matrix-grafana state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" @@ -106,6 +106,5 @@ - name: Ensure systemd reloaded after matrix-grafana.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index a36a09fc..32f4be0d 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_jitsi_enabled: true matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" @@ -69,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false matrix_jitsi_version: stable-6726-2 -matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility +matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index 1f7a2d1c..efab8745 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml index e4f3508f..fe9da205 100644 --- a/roles/matrix-jitsi/tasks/main.yml +++ b/roles/matrix-jitsi/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml index 86e37212..4b390c18 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -14,7 +14,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_base_path }}", when: true } + - {path: "{{ matrix_jitsi_base_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when # diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 4e2be696..2bb781c1 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } + - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true} + - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-jicofo Docker image is pulled @@ -51,7 +51,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" # @@ -68,8 +68,8 @@ service: name: matrix-jitsi-jicofo state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure Matrix jitsi-jicofo paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 558a6cf1..3b3b8dbf 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } + - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true} + - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-jvb Docker image is pulled @@ -51,7 +51,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" # @@ -68,8 +68,8 @@ service: name: matrix-jitsi-jvb state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure Matrix jitsi-jvb paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index c1c7c7fc..437e1e9c 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -12,9 +12,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true } + - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-prosody Docker image is pulled @@ -42,7 +42,7 @@ - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - name: Ensure authentication is properly configured @@ -67,8 +67,8 @@ service: name: matrix-jitsi-prosody state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" @@ -80,7 +80,7 @@ - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure Matrix jitsi-prosody paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index bcb1b49e..0a4d43b0 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -12,10 +12,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_web_base_path }}", when: true } - - { path: "{{ matrix_jitsi_web_config_path }}", when: true } - - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } - - { path: "{{ matrix_jitsi_web_crontabs_path }}", when: true } + - {path: "{{ matrix_jitsi_web_base_path }}", when: true} + - {path: "{{ matrix_jitsi_web_config_path }}", when: true} + - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true} + - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-web Docker image is pulled @@ -53,7 +53,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-web.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" # @@ -70,8 +70,8 @@ service: name: matrix-jitsi-web state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" @@ -83,7 +83,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-web.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure Matrix jitsi-web paths doesn't exist @@ -94,4 +94,3 @@ # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. - diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 66fb7e5d..50973acb 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -21,18 +21,14 @@ - matrix_jitsi_auth_type == "internal" - matrix_jitsi_prosody_auth_internal_accounts|length > 0 - # # Tasks related to configuring other Jitsi authentication mechanisms # - - # # Tasks related to cleaning after Jitsi authentication configuration # - # # Stop Necessary Services # @@ -40,4 +36,4 @@ systemd: state: stopped name: matrix-jitsi-prosody - when: matrix_jitsi_prosody_start_result.changed|bool \ No newline at end of file + when: matrix_jitsi_prosody_start_result.changed|bool diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml index 4defe986..5131396d 100644 --- a/roles/matrix-jitsi/tasks/validate_config.yml +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -24,7 +24,6 @@ fail: msg: >- At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication. - If you're setting up Jitsi for the first time, you may have missed a step. Refer to our setup instructions (docs/configuring-playbook-jitsi.md). when: diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index f0e96eff..f1d57049 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -1,3 +1,4 @@ +--- # ma1sd is a Federated Matrix Identity Server # See: https://github.com/ma1uta/ma1sd diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index 04cc3a21..a7c914db 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/matrix-ma1sd/tasks/main.yml index 0b8a114e..2902c05d 100644 --- a/roles/matrix-ma1sd/tasks/main.yml +++ b/roles/matrix-ma1sd/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index c36c3de9..720afa76 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -23,8 +23,8 @@ service: name: matrix-mxisd state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" - name: Check existence of matrix-ma1sd service @@ -37,26 +37,26 @@ service: name: matrix-ma1sd state: stopped - daemon_reload: yes + daemon_reload: true when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists" # We use shell commands for the migration, because the Ansible copy module cannot # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. - block: - - name: Copy mxisd data files to ma1sd folder - command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" + - name: Copy mxisd data files to ma1sd folder + command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - - name: Check existence of mxisd.db file - stat: - path: "{{ matrix_ma1sd_data_path }}/mxisd.db" - register: matrix_ma1sd_mxisd_db_stat + - name: Check existence of mxisd.db file + stat: + path: "{{ matrix_ma1sd_data_path }}/mxisd.db" + register: matrix_ma1sd_mxisd_db_stat - - name: Rename database (mxisd.db -> ma1sd.db) - command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" - when: "matrix_ma1sd_mxisd_db_stat.stat.exists" + - name: Rename database (mxisd.db -> ma1sd.db) + command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" + when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - - name: Rename mxisd folder - command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" + - name: Rename mxisd folder + command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist @@ -67,7 +67,5 @@ - name: Ensure systemd reloaded after removing outdated matrix-mxisd.service service: - daemon_reload: yes + daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" - - diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml index b8a7faaa..4a4c7136 100644 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml @@ -8,7 +8,7 @@ url: "{{ ma1sd_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" - check_mode: no + check_mode: false register: result_ma1sd ignore_errors: true diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 3f319eef..c6f9f8e2 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_ma1sd_config_path }}", when: true } - - { path: "{{ matrix_ma1sd_data_path }}", when: true } - - { path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} + - {path: "{{ matrix_ma1sd_config_path }}", when: true} + - {path: "{{ matrix_ma1sd_data_path }}", when: true} + - {path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} when: "item.when|bool" - import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" @@ -54,52 +54,52 @@ when: "not matrix_ma1sd_container_image_self_build|bool" - block: - - name: Ensure gradle is installed for self-building (Debian) - apt: - name: - - gradle - state: present - update_cache: yes - when: (ansible_os_family == 'Debian') - - - name: Ensure gradle is installed for self-building (CentOS) - fail: - msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" - when: ansible_distribution == 'CentOS' - - - name: Ensure gradle is installed for self-building (Archlinux) - pacman: - name: - - gradle - state: latest - update_cache: yes - when: ansible_distribution == 'Archlinux' - - - name: Ensure ma1sd repository is present on self-build - git: - repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" - dest: "{{ matrix_ma1sd_docker_src_files_path }}" - version: "{{ matrix_ma1sd_container_image_self_build_branch }}" - force: "yes" - register: matrix_ma1sd_git_pull_results - - - name: Ensure ma1sd Docker image is built - shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" - args: - chdir: "{{ matrix_ma1sd_docker_src_files_path }}" - - - name: Ensure ma1sd Docker image is tagged correctly - docker_image: - # The build script always tags the image with 2 tags: - # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) - # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) - # - generic one: `ma1uta/ma1sd:latest-dev` - # - # It's hard to predict the first one, so we'll use the latter. - name: "ma1uta/ma1sd:latest-dev" - repository: "{{ matrix_ma1sd_docker_image }}" - force_tag: yes - source: local + - name: Ensure gradle is installed for self-building (Debian) + apt: + name: + - gradle + state: present + update_cache: true + when: (ansible_os_family == 'Debian') + + - name: Ensure gradle is installed for self-building (CentOS) + fail: + msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" + when: ansible_distribution == 'CentOS' + + - name: Ensure gradle is installed for self-building (Archlinux) + pacman: + name: + - gradle + state: latest + update_cache: true + when: ansible_distribution == 'Archlinux' + + - name: Ensure ma1sd repository is present on self-build + git: + repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" + dest: "{{ matrix_ma1sd_docker_src_files_path }}" + version: "{{ matrix_ma1sd_container_image_self_build_branch }}" + force: "yes" + register: matrix_ma1sd_git_pull_results + + - name: Ensure ma1sd Docker image is built + shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" + args: + chdir: "{{ matrix_ma1sd_docker_src_files_path }}" + + - name: Ensure ma1sd Docker image is tagged correctly + docker_image: + # The build script always tags the image with 2 tags: + # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) + # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) + # - generic one: `ma1uta/ma1sd:latest-dev` + # + # It's hard to predict the first one, so we'll use the latter. + name: "ma1uta/ma1sd:latest-dev" + repository: "{{ matrix_ma1sd_docker_image }}" + force_tag: true + source: local when: "matrix_ma1sd_container_image_self_build|bool" - name: Ensure ma1sd config installed @@ -157,7 +157,7 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_ma1sd_systemd_service_result.changed|bool" - name: Ensure matrix-ma1sd.service restarted, if necessary diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml index 153f6e08..30a1bfda 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-ma1sd state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_ma1sd_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_ma1sd_service_stat.stat.exists|bool" - name: Ensure Matrix ma1sd paths don't exist diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 4d860552..682126d2 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index d07380f0..c928d557 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/matrix-mailer/tasks/main.yml index f636614e..c69dad20 100644 --- a/roles/matrix-mailer/tasks/main.yml +++ b/roles/matrix-mailer/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index def17883..1ac4f339 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mailer_base_path }}", when: true } - - { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" } + - {path: "{{ matrix_mailer_base_path }}", when: true} + - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"} when: "matrix_mailer_enabled|bool and item.when" - name: Ensure mailer environment variables file created @@ -41,7 +41,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" - pull: yes + pull: true when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" - name: Ensure exim-relay image is pulled @@ -62,7 +62,7 @@ - name: Ensure systemd reloaded after matrix-mailer.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed" # @@ -79,8 +79,8 @@ service: name: matrix-mailer state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" @@ -92,7 +92,7 @@ - name: Ensure systemd reloaded after matrix-mailer.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure Matrix mailer environment variables path doesn't exist diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6932c8c0..ee241189 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,3 +1,4 @@ +--- matrix_nginx_proxy_enabled: true matrix_nginx_proxy_version: 1.21.5-alpine diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml index 0161da23..ddc8cb47 100644 --- a/roles/matrix-nginx-proxy/tasks/init.yml +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}" when: matrix_nginx_proxy_enabled|bool diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml index ad111951..74f8e8d1 100644 --- a/roles/matrix-nginx-proxy/tasks/main.yml +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always @@ -35,4 +36,4 @@ set_fact: matrix_nginx_proxy_role_executed: true tags: - - always + - always diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 6f831a29..588cd1e7 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -14,7 +14,7 @@ validate_certs: "{{ well_known_file_check.validate_certs }}" headers: Origin: example.com - check_mode: no + check_mode: false register: result_well_known_matrix ignore_errors: true @@ -44,7 +44,7 @@ validate_certs: "{{ well_known_file_check.validate_certs }}" headers: Origin: example.com - check_mode: no + check_mode: false register: result_well_known_identity ignore_errors: true diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index e5021468..373bc55b 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -195,7 +195,7 @@ - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed" @@ -213,8 +213,8 @@ service: name: matrix-nginx-proxy state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" @@ -226,7 +226,7 @@ - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted diff --git a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml index 3e43a8c6..1c85552c 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_well_known_file_path: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" @@ -21,4 +22,4 @@ dest: "{{ matrix_static_files_base_path }}/.well-known/matrix" mode: 0644 owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file + group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e820b0ed..e4dd53c2 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -1,3 +1,4 @@ +--- - debug: msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}" @@ -13,16 +14,16 @@ domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" - block: - - name: Ensure required service for obtaining is started - service: - name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" - state: started - register: matrix_ssl_pre_obtaining_required_service_start_result + - name: Ensure required service for obtaining is started + service: + name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" + state: started + register: matrix_ssl_pre_obtaining_required_service_start_result - - name: Wait some time, so that the required service for obtaining can start - wait_for: - timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" - when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" + - name: Wait some time, so that the required service for obtaining can start + wait_for: + timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" + when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" when: "domain_name_needs_cert|bool and matrix_ssl_pre_obtaining_required_service_name != ''" # This will fail if there is something running on port 80 (like matrix-nginx-proxy). diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index ea39f5e9..7bcd3d74 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -5,4 +5,4 @@ with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" loop_control: loop_var: domain_name - when: "matrix_ssl_retrieval_method == 'manually-managed'" \ No newline at end of file + when: "matrix_ssl_retrieval_method == 'manually-managed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml index be0444b1..2b5bb1f3 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml @@ -20,4 +20,4 @@ - fail: msg: "Failed finding a certificate key file (for domain `{{ domain_name }}`) at `{{ matrix_ssl_certificate_verification_cert_key_path }}`" - when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" \ No newline at end of file + when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index efce3656..59ae5076 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_postgres_backup_enabled: false matrix_postgres_backup_connection_hostname: "matrix-postgres" diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml index c6a9bd7e..f74cea06 100644 --- a/roles/matrix-postgres-backup/tasks/init.yml +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" when: matrix_postgres_backup_enabled|bool diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 68eae443..72329db3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -52,7 +52,7 @@ - name: Ensure systemd reloaded after matrix-postgres-backup.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" # @@ -69,8 +69,8 @@ service: name: matrix-postgres-backup state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure matrix-postgres-backup.service doesn't exist @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-postgres-backup.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Check existence of matrix-postgres-backup backup path diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 42413286..4d338e7d 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_postgres_enabled: true matrix_postgres_connection_hostname: "matrix-postgres" diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml index a42c6f55..2a673ee3 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -57,7 +57,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index b8e93219..948c4b3a 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -48,7 +48,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml index ea15c5a8..2dafba59 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -37,7 +37,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true - name: Ensure postgres data is wiped out file: @@ -56,7 +56,7 @@ service: name: matrix-postgres state: restarted - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml index a0f2ae60..e5ebd9c5 100644 --- a/roles/matrix-postgres/tasks/init.yml +++ b/roles/matrix-postgres/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}" when: matrix_postgres_enabled|bool diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/matrix-postgres/tasks/main.yml index b9c2ae7c..79890417 100644 --- a/roles/matrix-postgres/tasks/main.yml +++ b/roles/matrix-postgres/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index e62feee3..f927783f 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -29,7 +29,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" - name: Find files and directories in old Postgres data path @@ -68,5 +68,5 @@ - name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service service: - daemon_reload: yes + daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 19a27562..0b7a60f8 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -27,7 +27,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -71,7 +71,7 @@ service: name: matrix-synapse state: stopped - daemon_reload: yes + daemon_reload: true - name: Run Postgres vacuum command command: "{{ matrix_postgres_vacuum_command }}" @@ -86,5 +86,5 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_synapse_was_running|bool" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 96a20d25..dc170460 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -65,7 +65,7 @@ state: directory owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - recurse: yes + recurse: true when: matrix_postgres_enabled|bool - name: Ensure Postgres environment variables file created @@ -115,7 +115,7 @@ - name: Ensure systemd reloaded after matrix-postgres.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed" - include_tasks: @@ -158,7 +158,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure matrix-postgres.service doesn't exist @@ -169,7 +169,7 @@ - name: Ensure systemd reloaded after matrix-postgres.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Check existence of matrix-postgres local data path diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 564265d8..bf98d938 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -64,7 +64,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -107,9 +107,9 @@ - name: Ensure matrix-postgres autoruns and is restarted service: name: matrix-postgres - enabled: yes + enabled: true state: restarted - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -166,7 +166,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true - debug: msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/matrix-postgres/tasks/util/create_additional_databases.yml index 0ad460dd..de87f98c 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_databases.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_databases.yml @@ -4,7 +4,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index cf595ade..73acb433 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -66,7 +66,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" - pull: yes + pull: true when: "matrix_postgres_pgloader_container_image_self_build|bool" - name: Ensure pgloader Docker image is pulled @@ -91,7 +91,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 2ec0d23c..5e50a1d7 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics # See: https://prometheus.io/docs/guides/node-exporter/ diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index 2894b717..db44a7ab 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/matrix-prometheus-node-exporter/tasks/main.yml index 172b5721..71bbb8d7 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index fa8eb767..419f3592 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_systemd_service_result.changed" # @@ -38,8 +38,8 @@ service: name: matrix-prometheus-node-exporter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 338f58d3..c96a6ea8 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics # See: https://github.com/prometheus-community/postgres_exporter @@ -11,8 +12,8 @@ matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_promethe # A list of extra arguments to pass to the container matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true", - "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", - "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\"" ] + "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", + "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\""] # List of systemd services that matrix-prometheus-postgres-exporter.service depends on matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service'] @@ -46,4 +47,4 @@ matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_e matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' matrix_prometheus_postgres_exporter_dashboard_urls: -- "https://grafana.com/api/dashboards/9628/revisions/7/download" \ No newline at end of file + - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 2bd6904e..ddea23ab 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml index e3c364fa..e9497099 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index 37743b66..a6c49816 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" # @@ -38,8 +38,8 @@ service: name: matrix-prometheus-postgres-exporter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index d76ce744..ed52ea16 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-prometheus is an open-source systems monitoring and alerting toolkit # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/matrix-prometheus/tasks/init.yml index 12fae831..6587ddd9 100644 --- a/roles/matrix-prometheus/tasks/init.yml +++ b/roles/matrix-prometheus/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" when: matrix_prometheus_enabled|bool - - diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/matrix-prometheus/tasks/main.yml index 20f18cc3..c74918fa 100644 --- a/roles/matrix-prometheus/tasks/main.yml +++ b/roles/matrix-prometheus/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index 15a69279..80f3e5d7 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -46,5 +46,5 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_systemd_service_result.changed|bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index d99c1a8e..c9f07f52 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-prometheus state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_prometheus_service_stat.stat.exists|bool" @@ -22,5 +22,5 @@ - name: Ensure systemd reloaded after matrix-prometheus.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_service_stat.stat.exists|bool" diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 355679d0..88d3d739 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_redis_enabled: true matrix_redis_connection_password: "" diff --git a/roles/matrix-redis/tasks/init.yml b/roles/matrix-redis/tasks/init.yml index 49068851..99c52026 100644 --- a/roles/matrix-redis/tasks/init.yml +++ b/roles/matrix-redis/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" when: matrix_redis_enabled|bool diff --git a/roles/matrix-redis/tasks/main.yml b/roles/matrix-redis/tasks/main.yml index 595b09f5..430b6a64 100644 --- a/roles/matrix-redis/tasks/main.yml +++ b/roles/matrix-redis/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index f1f32238..a37174a3 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -33,7 +33,7 @@ state: directory owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - recurse: yes + recurse: true when: matrix_redis_enabled|bool - name: Ensure redis environment variables file created @@ -55,7 +55,7 @@ - name: Ensure systemd reloaded after matrix-redis.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_redis_enabled|bool and matrix_redis_systemd_service_result.changed" # @@ -72,8 +72,8 @@ service: name: matrix-redis state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Ensure matrix-redis.service doesn't exist @@ -84,7 +84,7 @@ - name: Ensure systemd reloaded after matrix-redis.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Check existence of matrix-redis local data path diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index 4705fb5e..d924551a 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-registration is a simple python application to have a token based matrix registration # See: https://zeratax.github.io/matrix-registration/ diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/matrix-registration/tasks/generate_token.yml index ae5bdf4c..4e337b01 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/matrix-registration/tasks/generate_token.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if playbook called incorrectly fail: msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars" @@ -23,7 +25,7 @@ "one_time": {{ 'true' if one_time == 'yes' else 'false' }}, "ex_date": {{ ex_date|to_json }} } - check_mode: no + check_mode: false register: matrix_registration_api_result - set_fact: @@ -37,7 +39,7 @@ Full token details are: {{ matrix_registration_api_result.json }} - check_mode: no + check_mode: false - name: Inject result message into matrix_playbook_runtime_results set_fact: @@ -47,4 +49,4 @@ + [matrix_registration_api_result_message] }} - check_mode: no + check_mode: false diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index 47220103..cae18258 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -10,49 +11,49 @@ when: matrix_registration_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-registration role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - set_fact: - matrix_registration_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; - rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; + - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy + set_fact: + matrix_registration_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; + rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; - location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-registration:5000"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8767/$1; - {% endif %} + location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-registration:5000"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8767/$1; + {% endif %} - {# - Workaround matrix-registration serving the background image at /static - (see https://github.com/ZerataX/matrix-registration/issues/47) - #} - sub_filter_once off; - sub_filter_types text/css; - sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; - } + {# + Workaround matrix-registration serving the background image at /static + (see https://github.com/ZerataX/matrix-registration/issues/47) + #} + sub_filter_once off; + sub_filter_types text/css; + sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; + } - - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_registration_matrix_nginx_proxy_configuration] - }} + - name: Register matrix-registration proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_registration_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_registration_enabled|bool diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/matrix-registration/tasks/list_tokens.yml index dea3eb31..9ef40d27 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/matrix-registration/tasks/list_tokens.yml @@ -1,3 +1,5 @@ +--- + - name: Call matrix-registration list all tokens API uri: url: "{{ matrix_registration_api_token_endpoint }}" @@ -8,7 +10,7 @@ Authorization: "SharedSecret {{ matrix_registration_admin_secret }}" method: GET body_format: json - check_mode: no + check_mode: false register: matrix_registration_api_result - set_fact: @@ -16,7 +18,7 @@ matrix-registration result: {{ matrix_registration_api_result.json | to_nice_json }} - check_mode: no + check_mode: false - name: Inject result message into matrix_playbook_runtime_results set_fact: @@ -26,4 +28,4 @@ + [matrix_registration_api_result_message] }} - check_mode: no + check_mode: false diff --git a/roles/matrix-registration/tasks/main.yml b/roles/matrix-registration/tasks/main.yml index 3324e083..ca574384 100644 --- a/roles/matrix-registration/tasks/main.yml +++ b/roles/matrix-registration/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 0d7da9ce..31e9c35d 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -39,10 +39,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_registration_base_path }}", when: true } - - { path: "{{ matrix_registration_config_path }}", when: true } - - { path: "{{ matrix_registration_data_path }}", when: true } - - { path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} + - {path: "{{ matrix_registration_base_path }}", when: true} + - {path: "{{ matrix_registration_config_path }}", when: true} + - {path: "{{ matrix_registration_data_path }}", when: true} + - {path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} when: "item.when|bool" - name: Ensure matrix-registration image is pulled @@ -71,7 +71,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_registration_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_registration_container_image_self_build|bool" - name: Ensure matrix-registration config installed @@ -91,7 +91,7 @@ - name: Ensure systemd reloaded after matrix-registration.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_registration_systemd_service_result.changed|bool" - name: Ensure matrix-registration.service restarted, if necessary diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml index 8afd1084..4b7c195f 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/matrix-registration/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-registration state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_registration_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-registration.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_registration_service_stat.stat.exists|bool" - name: Ensure matrix-registration Docker image doesn't exist diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 595f8022..15bce68c 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Sygnal is a reference Push Gateway for Matrix. # To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app. # Learn more here: https://github.com/matrix-org/sygnal diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/matrix-sygnal/tasks/init.yml index 559a3681..efa17a4d 100644 --- a/roles/matrix-sygnal/tasks/init.yml +++ b/roles/matrix-sygnal/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" when: matrix_sygnal_enabled|bool diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/matrix-sygnal/tasks/main.yml index c00862a4..38579822 100644 --- a/roles/matrix-sygnal/tasks/main.yml +++ b/roles/matrix-sygnal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index b85b6bff..cd54a51d 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -36,5 +36,5 @@ - name: Ensure systemd reloaded after matrix-sygnal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_sygnal_systemd_service_result.changed|bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml index f2b6133f..5a81a1b2 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/matrix-sygnal/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-sygnal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_sygnal_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-sygnal.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_sygnal_service_stat.stat.exists|bool" - name: Ensure Sygnal base directory doesn't exist diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index 1cf8357e..2121edf4 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if no Sygnal apps defined fail: msg: >- diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index db1024fa..6ad6bd16 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-synapse-admin is a web UI for mananging the Synapse Matrix server # See: https://github.com/Awesome-Technologies/synapse-admin diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index 3ce5a693..ccaa03f6 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -10,40 +11,40 @@ when: matrix_synapse_admin_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - set_fact: - matrix_synapse_admin_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; + - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy + set_fact: + matrix_synapse_admin_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; - location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-admin:80"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8766/$1; - {% endif %} - } + location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-admin:80"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8766/$1; + {% endif %} + } - - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_synapse_admin_matrix_nginx_proxy_configuration] - }} + - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_synapse_admin_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_synapse_admin_enabled|bool diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/matrix-synapse-admin/tasks/main.yml index b5cb1689..0095f753 100644 --- a/roles/matrix-synapse-admin/tasks/main.yml +++ b/roles/matrix-synapse-admin/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 9eac7f90..ab1e6d46 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -30,7 +30,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_synapse_admin_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" - name: Ensure matrix-synapse-admin.service installed @@ -43,7 +43,7 @@ - name: Ensure systemd reloaded after matrix-synapse-admin.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed" # @@ -59,8 +59,8 @@ service: name: matrix-synapse-admin state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" @@ -72,7 +72,7 @@ - name: Ensure systemd reloaded after matrix-synapse-admin.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin Docker image doesn't exist diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 364f26a5..80a1e0f2 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Synapse is a Matrix homeserver # See: https://github.com/matrix-org/synapse @@ -471,7 +472,7 @@ matrix_synapse_database_database: "synapse" matrix_synapse_turn_uris: [] matrix_synapse_turn_shared_secret: "" -matrix_synapse_turn_allow_guests: False +matrix_synapse_turn_allow_guests: false matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" @@ -582,7 +583,7 @@ matrix_synapse_spam_checker: [] matrix_synapse_modules: [] -matrix_synapse_encryption_enabled_by_default_for_room_type: off +matrix_synapse_encryption_enabled_by_default_for_room_type: false matrix_synapse_trusted_key_servers: - server_name: "matrix.org" diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index e760626d..374c9e55 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_synapse_password_providers_enabled: true diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index a416e42b..ec298ccd 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -5,7 +5,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) @@ -13,7 +13,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'Debian'" - name: Ensure git installed (Archlinux) @@ -21,7 +21,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_distribution == 'Archlinux'" - name: Clone mjolnir-antispam git repository diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 706cc588..740d9474 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -10,7 +10,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) @@ -18,7 +18,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'Debian'" - name: Ensure git installed (Archlinux) @@ -26,7 +26,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_distribution == 'Archlinux'" - name: Clone synapse-simple-antispam git repository diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 147efabf..9e3870e5 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" - name: Ensure Goofys Docker image is pulled @@ -12,7 +14,7 @@ stat: path: "{{ matrix_s3_media_store_path }}" register: local_path_matrix_s3_media_store_path_stat - ignore_errors: yes + ignore_errors: true - name: Ensure Matrix Goofys external storage mountpoint exists file: @@ -39,5 +41,5 @@ - name: Ensure systemd reloaded after matrix-goofys.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 317a5371..c00206ef 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-goofys service stat: path: "{{ matrix_systemd_path }}/matrix-goofys.service" @@ -7,8 +9,8 @@ service: name: matrix-goofys state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_goofys_service_stat.stat.exists" @@ -20,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-goofys.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_goofys_service_stat.stat.exists" - name: Ensure goofys environment variables file doesn't exist diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index 42455b44..8e962680 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -44,8 +44,8 @@ service: name: matrix-synapse state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result # This can only work with local files, not if the media store is on Amazon S3, @@ -54,11 +54,11 @@ synchronize: src: "{{ server_path_media_store }}/" dest: "{{ matrix_synapse_media_store_path }}" - delete: yes + delete: true # It's wasteful to preserve owner/group now. We chown below anyway. - owner: no - group: no - times: yes + owner: false + group: false + times: true delegate_to: "{{ inventory_hostname }}" # This is for the generic case and fails in other cases (remote file systems), @@ -68,7 +68,7 @@ path: "{{ matrix_synapse_media_store_path }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - recurse: yes + recurse: true when: "not matrix_s3_media_store_enabled|bool" # We don't chown for Goofys, because due to the way it's mounted, @@ -78,7 +78,7 @@ service: name: "{{ item }}" state: started - daemon_reload: yes + daemon_reload: true when: "stopping_result.changed" with_items: - matrix-synapse diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index bc23fc86..bee1783e 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 17eef9cc..55235843 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always @@ -52,4 +54,4 @@ set_fact: matrix_synapse_role_executed: true tags: - - always + - always diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 9c2a3ea0..2a1c5708 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -19,7 +19,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Wait a while, so that Synapse can manage to start diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 46cad808..36ef0a3a 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -1,3 +1,5 @@ +--- + - debug: msg: "Compressing room `{{ room_details.room_id }}` having {{ room_details.count }} state group rows" diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 106c59d5..ad8497cc 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -1,3 +1,4 @@ +--- # Pre-checks - name: Fail if Postgres not enabled @@ -80,12 +81,12 @@ # Row 3 contains a space when there's no result. - block: - - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" + - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" - - name: Fail if room find result is not what we expect - fail: - msg: >- - Expecting 4 lines in the "find rooms" result. + - name: Fail if room find result is not what we expect + fail: + msg: >- + Expecting 4 lines in the "find rooms" result. when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" - block: diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 30244d50..407a79ff 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,7 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true - check_mode: no + check_mode: false when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 57c9e56b..32249372 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,7 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true - check_mode: no + check_mode: false when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working @@ -17,7 +17,7 @@ - name: Fail if Matrix Federation API unexpectedly enabled fail: - msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." + msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index f8bc05a1..47e404f4 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_synapse_config_dir_path }}", when: true } - - { path: "{{ matrix_synapse_ext_path }}", when: true } - - { path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}" } + - {path: "{{ matrix_synapse_config_dir_path }}", when: true} + - {path: "{{ matrix_synapse_ext_path }}", when: true} + - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 8f96a54d..7838b624 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -5,7 +5,7 @@ stat: path: "{{ matrix_synapse_media_store_path }}" register: local_path_media_store_stat - ignore_errors: yes + ignore_errors: true # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. @@ -19,32 +19,32 @@ when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" - block: - - name: Ensure Synapse repository is present on self-build - git: - repo: "{{ matrix_synapse_container_image_self_build_repo }}" - dest: "{{ matrix_synapse_docker_src_files_path }}" - version: "{{ matrix_synapse_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_synapse_git_pull_results + - name: Ensure Synapse repository is present on self-build + git: + repo: "{{ matrix_synapse_container_image_self_build_repo }}" + dest: "{{ matrix_synapse_docker_src_files_path }}" + version: "{{ matrix_synapse_docker_image.split(':')[1] }}" + force: "yes" + register: matrix_synapse_git_pull_results - - name: Check if Synapse Docker image exists - command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" - register: matrix_synapse_docker_image_check_result + - name: Check if Synapse Docker image exists + command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + register: matrix_synapse_docker_image_check_result - # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, - # because the latter does not support BuildKit. - # See: https://github.com/ansible-collections/community.general/issues/514 - - name: Ensure Synapse Docker image is built - shell: - chdir: "{{ matrix_synapse_docker_src_files_path }}" - cmd: | - {{ matrix_host_command_docker }} build \ - -t "{{ matrix_synapse_docker_image }}" \ - -f docker/Dockerfile \ - . - environment: - DOCKER_BUILDKIT: 1 - when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''" + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Synapse Docker image is built + shell: + chdir: "{{ matrix_synapse_docker_src_files_path }}" + cmd: | + {{ matrix_host_command_docker }} build \ + -t "{{ matrix_synapse_docker_image }}" \ + -f docker/Dockerfile \ + . + environment: + DOCKER_BUILDKIT: 1 + when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''" when: "matrix_synapse_container_image_self_build|bool" - name: Ensure Synapse Docker image is pulled @@ -105,7 +105,7 @@ - name: Ensure systemd reloaded after matrix-synapse.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_systemd_service_result.changed" - name: Ensure matrix-synapse-register-user script created diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 070856e4..911d1285 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-synapse service stat: path: "{{ matrix_systemd_path }}/matrix-synapse.service" @@ -7,8 +9,8 @@ service: name: matrix-synapse state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_synapse_service_stat.stat.exists" @@ -20,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-synapse.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_service_stat.stat.exists" - name: Ensure Synapse Docker image doesn't exist diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index c6fc32c3..f59313bd 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -1,3 +1,4 @@ +--- # Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. # # set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index d0440d22..f0357611 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -8,7 +8,7 @@ name: "{{ item.key }}" state: stopped with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" - when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 + when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 - name: Find worker configs to be cleaned find: diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml index 62b42625..2669e149 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml @@ -1,3 +1,4 @@ +--- # The tasks below run before `validate_config.yml`. # To avoid failing with a cryptic error message, we'll do validation here. # diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index 93ed6575..2247cd89 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 78136785..fd348d9d 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -19,14 +19,14 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Ensure matrix-postgres is started service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: postgres_start_result diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 1a279ad6..7145e0fc 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -206,7 +206,7 @@ matrix_synapse_workers_generic_worker_endpoints: # You might also wish to investigate the `update_user_directory` and # `media_instance_running_background_jobs` settings. -# pusher worker (no API endpoints) [ + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the # shared configuration file to stop the main synapse sending push notifications. @@ -220,18 +220,18 @@ matrix_synapse_workers_generic_worker_endpoints: # - pusher_worker2 # ``` -# ] + # ] -# appservice worker (no API endpoints) [ + # appservice worker (no API endpoints) [ # Handles sending output traffic to Application Services. Doesn't handle any # REST endpoints itself, but you should set `notify_appservices: False` in the # shared configuration file to stop the main synapse sending appservice notifications. # Note this worker cannot be load-balanced: only one instance should be active. -# ] + # ] -# federation_sender worker (no API endpoints) [ + # federation_sender worker (no API endpoints) [ # Handles sending federation traffic to other servers. Doesn't handle any # REST endpoints itself, but you should set `send_federation: False` in the # shared configuration file to stop the main synapse sending this traffic. From 8de4e061e1fb09d982cb47321a43c94481cbd213 Mon Sep 17 00:00:00 2001 From: Marko Weltzer Date: Sat, 5 Feb 2022 21:36:11 +0100 Subject: [PATCH 070/419] feat: add yamllint gh action --- .github/workflows/matrix.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/matrix.yml diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml new file mode 100644 index 00000000..fe683f5b --- /dev/null +++ b/.github/workflows/matrix.yml @@ -0,0 +1,19 @@ +--- +name: Matrix CI + +# yamllint disable-line rule:truthy +on: + push: + pull_request: + schedule: + - cron: 0 12 * * * + +jobs: + yamllint: + name: 🧹 yamllint + runs-on: ubuntu-latest + steps: + - name: ⤵️ Check out configuration from GitHub + uses: actions/checkout@v2.4.0 + - name: 🚀 Run yamllint + uses: frenck/action-yamllint@v1.1.2 From de025425b53d3ab32b9f9c22d8e12db99031bae7 Mon Sep 17 00:00:00 2001 From: Marko Weltzer Date: Sun, 6 Feb 2022 11:30:38 +0100 Subject: [PATCH 071/419] fix: revert changes to .md files --- docs/configuring-playbook-bot-go-neb.md | 6 +++--- docs/configuring-playbook-bot-mjolnir.md | 2 +- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 +- docs/configuring-playbook-bridge-mautrix-googlechat.md | 2 +- docs/configuring-playbook-bridge-mautrix-hangouts.md | 2 +- docs/configuring-playbook-bridge-mautrix-signal.md | 2 +- docs/configuring-playbook-bridge-mautrix-telegram.md | 2 +- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 2 +- docs/configuring-playbook-dimension.md | 2 +- docs/configuring-playbook-email2matrix.md | 2 +- docs/updating-users-passwords.md | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index 00072b77..33ce4dd3 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -28,7 +28,7 @@ If you use curl, you can get an access token like this: ``` curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "bot.go-neb"}, + "identifier": { "type": "m.id.user", "user": "bot.go-neb" }, "password": "a strong password", "type": "m.login.password" }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' @@ -198,8 +198,8 @@ matrix_bot_go_neb_services: # Each room will get the notification with the alert rendered with the given template rooms: "!someroomid:domain.tld": - text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" - html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" + text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" + html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" msg_type: "m.text" # Must be either `m.text` or `m.notice` ``` diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 5c2e14e4..5ddb2ad3 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -28,7 +28,7 @@ If you use curl, you can get an access token like this: ``` curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "bot.mjolnir"}, + "identifier": { "type": "m.id.user", "user": "bot.mjolnir" }, "password": "PASSWORD_FOR_THE_BOT", "type": "m.login.password" }' 'https://matrix.DOMAIN/_matrix/client/r0/login' diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 69462cee..282865e7 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -50,7 +50,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Facebook", "initial_device_display_name": "Mautrix-Facebook"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Facebook", "initial_device_display_name": "Mautrix-Facebook"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-googlechat.md b/docs/configuring-playbook-bridge-mautrix-googlechat.md index d2b0fc1e..381d1f29 100644 --- a/docs/configuring-playbook-bridge-mautrix-googlechat.md +++ b/docs/configuring-playbook-bridge-mautrix-googlechat.md @@ -33,7 +33,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index 30f01506..f6129777 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -35,7 +35,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index 0aacb32f..f47640b9 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -77,7 +77,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index c9260744..0ac6c103 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -32,7 +32,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index a6c975a9..2af38be1 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -48,7 +48,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME"}, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index bc9d63e7..b938a6a3 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -53,7 +53,7 @@ To get an access token for the Dimension user, you can follow one of two options ``` curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "YourDimensionUsername"}, + "identifier": { "type": "m.id.user", "user": "YourDimensionUsername" }, "password": "YourDimensionPassword", "type": "m.login.password" }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index 734a0273..510a9dcc 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -40,7 +40,7 @@ To do this, you can execute a command like this: ``` curl \ ---data '{"identifier": {"type": "m.id.user", "user": "email2matrix"}, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ +--data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ https://matrix.DOMAIN/_matrix/client/r0/login ``` diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 0bf1e181..7d2f2832 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -41,5 +41,5 @@ If you didn't make your account a server admin when you created it, you can use ### Example: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: ``` -curl -XPOST -d '{ "new_password": "correct_horse_battery_staple"}' "https://matrix./_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token +curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix./_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token ``` From a095accce7f54aafb5248b19155c8aeb79bde0a6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 6 Feb 2022 18:05:25 +0200 Subject: [PATCH 072/419] Replace some CentOS references to support other RHEL derivatives Not hardcoding 'CentOS' and using the OS family ('RedHat') instead, we now behave better on Rockylinux and AlmaLinux, etc. With that said, we may or may not fully support CentOS/Rockylinux/AlmaLinux v8 yet. Certain things were improved in https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300. v8 support is discussed here: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300 Certain things (firewalld?) may still be problematic. This patch does not try to address those. If the remaining issues are confirmed to be fixed in the future, we can mark v8 as supported. --- roles/matrix-base/defaults/main.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup.yml | 8 ++++---- .../server_base/{setup_centos.yml => setup_redhat.yml} | 0 .../server_base/{setup_centos8.yml => setup_redhat8.yml} | 0 roles/matrix-base/tasks/util/ensure_fuse_installed.yml | 6 +++--- roles/matrix-base/tasks/util/ensure_openssl_installed.yml | 6 +++--- roles/matrix-ma1sd/tasks/setup_install.yml | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) rename roles/matrix-base/tasks/server_base/{setup_centos.yml => setup_redhat.yml} (100%) rename roles/matrix-base/tasks/server_base/{setup_centos8.yml => setup_redhat8.yml} (100%) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index be403de7..c6b0c1a5 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -98,8 +98,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index 0869e501..33e397f9 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,10 +1,10 @@ --- -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '8' -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7' - block: # ansible_lsb is only available if lsb-release is installed. diff --git a/roles/matrix-base/tasks/server_base/setup_centos.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml similarity index 100% rename from roles/matrix-base/tasks/server_base/setup_centos.yml rename to roles/matrix-base/tasks/server_base/setup_redhat.yml diff --git a/roles/matrix-base/tasks/server_base/setup_centos8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml similarity index 100% rename from roles/matrix-base/tasks/server_base/setup_centos8.yml rename to roles/matrix-base/tasks/server_base/setup_redhat8.yml diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index 948c6082..a0e1acf0 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -1,11 +1,11 @@ -# This is for both CentOS 7 and 8 -- name: Ensure fuse installed (CentOS) +# This is for both RedHat 7 and 8 +- name: Ensure fuse installed (RedHat) yum: name: - fuse state: latest - when: ansible_distribution == 'CentOS' + when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian - name: Ensure fuse installed (Debian/Raspbian) diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml index 39442bca..c6277d3c 100644 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -1,11 +1,11 @@ -# This is for both CentOS 7 and 8 -- name: Ensure openssl installed (CentOS) +# This is for both RedHat 7 and 8 +- name: Ensure openssl installed (RedHat) yum: name: - openssl state: latest - when: ansible_distribution == 'CentOS' + when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian - name: Ensure openssl installed (Debian/Raspbian) diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 3f319eef..cd82b129 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -62,10 +62,10 @@ update_cache: yes when: (ansible_os_family == 'Debian') - - name: Ensure gradle is installed for self-building (CentOS) + - name: Ensure gradle is installed for self-building (RedHat) fail: - msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" - when: ansible_distribution == 'CentOS' + msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" + when: ansible_os_family == 'RedHat' - name: Ensure gradle is installed for self-building (Archlinux) pacman: From 5163aa643a02b27dbde97c1eb7f24cee2ce20cbd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Feb 2022 15:13:41 +0200 Subject: [PATCH 073/419] Upgrade Synapse (1.51.0 -> 1.52.0) This also removes the `matrix_synapse_version_arm64` variable we've been dragging around for a long time. Since https://github.com/matrix-org/synapse/pull/11810, a multiarch Synapse container image (for AMD64 and ARM64) is released at the same time. --- roles/matrix-synapse/defaults/main.yml | 12 ++----- .../matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 34 ++++++++++++++++--- 3 files changed, 32 insertions(+), 15 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 364f26a5..9c6b1b1f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -8,16 +8,8 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -# The if statement below may look silly at times (leading to the same version being returned), -# but ARM-compatible container images are only released 1-7 hours after a release, -# so we may often be on different versions for different architectures when new Synapse releases come out. -# -# amd64 gets released first. -# arm32 relies on self-building, so the same version can be built immediately. -# arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.51.0 -matrix_synapse_version_arm64: v1.51.0 -matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" +matrix_synapse_version: v1.52.0 +matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 6dcb50ce..89107c0a 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -48,6 +48,7 @@ - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} + - {'old': 'matrix_synapse_version_arm64', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9c7c22f5..8cfb9b20 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -16,11 +16,11 @@ # documentation on how to configure or create custom modules for Synapse. # #modules: - # - module: my_super_module.MySuperClass - # config: - # do_thing: true - # - module: my_other_super_module.SomeClass - # config: {} + #- module: my_super_module.MySuperClass + # config: + # do_thing: true + #- module: my_other_super_module.SomeClass + # config: {} modules: {{ matrix_synapse_modules|to_json }} @@ -488,6 +488,20 @@ limit_remote_rooms: # #allow_per_room_profiles: false +# The largest allowed file size for a user avatar. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#max_avatar_size: 10M + +# The MIME types allowed for user avatars. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"] + # How long to keep redacted events in unredacted form in the database. After # this period redacted events get replaced with their redacted form in the DB. # @@ -1458,6 +1472,16 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json # #auto_join_rooms_for_guests: false +# Whether to inhibit errors raised when registering a new account if the user ID +# already exists. If turned on, that requests to /register/available will always +# show a user ID as available, and Synapse won't raise an error when starting +# a registration with a user ID that already exists. However, Synapse will still +# raise an error if the registration completes and the username conflicts. +# +# Defaults to false. +# +#inhibit_user_in_use_error: true + ## Metrics ### From 8e8bf55e159a664524db09ef97b9114c77441c17 Mon Sep 17 00:00:00 2001 From: Marko Weltzer Date: Wed, 9 Feb 2022 08:52:53 +0100 Subject: [PATCH 074/419] fix: missing spaces on closing } --- .github/dependabot.yaml | 7 +++++ .github/workflows/matrix.yml | 3 -- group_vars/matrix_servers | 59 +++++++----------------------------- 3 files changed, 18 insertions(+), 51 deletions(-) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000..b9c3cd49 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,7 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index fe683f5b..bb388e39 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -1,12 +1,9 @@ --- name: Matrix CI -# yamllint disable-line rule:truthy on: push: pull_request: - schedule: - - cron: 0 12 * * * jobs: yamllint: diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c2670afd..596fba13 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -265,7 +265,7 @@ matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true}}" +matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" @@ -303,7 +303,7 @@ matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true}}" +matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. @@ -427,7 +427,7 @@ matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_g matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true}}" +matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. @@ -1128,8 +1128,6 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati # ###################################################################### - - ###################################################################### # # matrix-coturn @@ -1164,8 +1162,6 @@ matrix_coturn_container_additional_volumes: | # ###################################################################### - - ###################################################################### # # matrix-dimension @@ -1243,8 +1239,6 @@ matrix_dynamic_dns_enabled: false # ###################################################################### - - ###################################################################### # # matrix-email2matrix @@ -1261,8 +1255,6 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in [ # ###################################################################### - - ###################################################################### # # matrix-jitsi @@ -1307,8 +1299,6 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # ###################################################################### - - ###################################################################### # # matrix-mailer @@ -1328,8 +1318,6 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64 # ###################################################################### - - ###################################################################### # # matrix-ma1sd @@ -1367,7 +1355,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "matrix-mailer" matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025 matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0 -matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" matrix_ma1sd_systemd_required_services_list: | {{ @@ -1393,8 +1381,6 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr # ###################################################################### - - ###################################################################### # # matrix-nginx-proxy @@ -1479,7 +1465,7 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" -matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" # OCSP stapling does not make sense when self-signed certificates are used. # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073 @@ -1570,8 +1556,6 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr # ###################################################################### - - ###################################################################### # # matrix-postgres @@ -1820,8 +1804,6 @@ matrix_postgres_import_databases_to_ignore: | # ###################################################################### - - ###################################################################### # # matrix-sygnal @@ -1842,8 +1824,6 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### - - ###################################################################### # # matrix-redis @@ -1858,8 +1838,6 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}" # ###################################################################### - - ###################################################################### # # matrix-client-element @@ -1886,7 +1864,7 @@ matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_r matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}" matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}" -matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}" @@ -1907,8 +1885,6 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr # ###################################################################### - - ###################################################################### # # matrix-client-hydrogen @@ -1924,7 +1900,7 @@ matrix_client_hydrogen_container_http_host_bind_port: "{{ '' if matrix_nginx_pro matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}" -matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" ###################################################################### # @@ -1932,8 +1908,6 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl # ###################################################################### - - ###################################################################### # # matrix-client-cinny @@ -1951,7 +1925,7 @@ matrix_client_cinny_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}" -matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" ###################################################################### # @@ -1959,8 +1933,6 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_re # ###################################################################### - - ###################################################################### # # matrix-synapse @@ -2042,7 +2014,7 @@ matrix_synapse_turn_uris: | matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}" -matrix_synapse_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_synapse_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" matrix_synapse_systemd_required_services_list: | {{ @@ -2071,8 +2043,6 @@ matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_re # ###################################################################### - - ###################################################################### # # matrix-synapse-admin @@ -2094,8 +2064,6 @@ matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd # ###################################################################### - - ###################################################################### # # matrix-prometheus-node-exporter @@ -2110,8 +2078,6 @@ matrix_prometheus_node_exporter_enabled: false # ###################################################################### - - ###################################################################### # # matrix-prometheus @@ -2145,7 +2111,6 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|s # ###################################################################### - ###################################################################### # # matrix-prometheus-postgres-exporter @@ -2201,8 +2166,6 @@ matrix_grafana_systemd_wanted_services_list: | # ###################################################################### - - ###################################################################### # # matrix-registration @@ -2228,7 +2191,7 @@ matrix_registration_shared_secret: |- matrix_registration_server_location: "{{ matrix_homeserver_container_url }}" -matrix_registration_api_validate_certs: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_registration_api_validate_certs: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2320,7 +2283,7 @@ matrix_dendrite_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_dendrite_disable_tls_validation: "{{ true if matrix_ssl_retrieval_method == 'self-signed' else false }}" -matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true}}" +matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}" From 5addb889b1c9052e5397b48f9b6cf9b56d08e9f3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 9 Feb 2022 10:27:12 +0200 Subject: [PATCH 075/419] Fix inconsistent spacing --- roles/matrix-awx/tasks/set_variables_dimension.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index 7d401114..d692e081 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -14,7 +14,7 @@ - name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX From 94c9780f7ae333c60c1cc6cce9dae755902ec59c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 9 Feb 2022 10:38:28 +0200 Subject: [PATCH 076/419] Fix matrix_synapse_encryption_enabled_by_default_for_room_type The value of `off` was taken to be a boolean, but it shouldn't be. Synapse expects a string (currently one of: `all`, `invite`, `off`). --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c3e1eefd..838058ea 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -575,7 +575,7 @@ matrix_synapse_spam_checker: [] matrix_synapse_modules: [] -matrix_synapse_encryption_enabled_by_default_for_room_type: false +matrix_synapse_encryption_enabled_by_default_for_room_type: "off" matrix_synapse_trusted_key_servers: - server_name: "matrix.org" From f92e6ad7b9ba5cb4b4c6078885ef2bddba01d24f Mon Sep 17 00:00:00 2001 From: Marko Weltzer Date: Wed, 9 Feb 2022 11:19:31 +0100 Subject: [PATCH 077/419] fix: disable yamllint on ci line, "on" is not always truthy --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index bb388e39..6445dc03 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -1,7 +1,7 @@ --- name: Matrix CI -on: +on: # yamllint disable-line rule:truthy push: pull_request: From e0df99a7de66e0fec8ba131605f3a39e60c51cd4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 9 Feb 2022 14:03:06 +0200 Subject: [PATCH 078/419] Fix typo --- roles/matrix-synapse/tasks/synapse/setup_install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 7838b624..bd7da90d 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -63,10 +63,10 @@ # We do this so that the signing key would get generated. # # This will also generate a default homeserver.yaml configuration file and a log configuration file. -# We don't care about those configuraiton files, as we replace them with our own anyway (see below). +# We don't care about those configuration files, as we replace them with our own anyway (see below). # # We don't use the `docker_container` module, because using it with `cap_drop` requires -# a very recent version, which is not available for a lot of people yet. +# a very recent docker-py version, which is not available for a lot of people yet. - name: Generate initial Synapse config and signing key command: | docker run From 43a7cd2efcfbf965438e7baea2eaa0d7b8855361 Mon Sep 17 00:00:00 2001 From: Marko Weltzer Date: Wed, 9 Feb 2022 15:03:39 +0100 Subject: [PATCH 079/419] fix: ignore generated file on yamllint --- .yamllint | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.yamllint b/.yamllint index 75da2b70..08b89afd 100644 --- a/.yamllint +++ b/.yamllint @@ -1,5 +1,8 @@ --- extends: default +ignore: | + roles/matrix-synapse/vars/workers.yml + rules: line-length: disable From 7330992b2098db3d96d12d1259cd628effac6789 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 9 Feb 2022 16:16:59 +0200 Subject: [PATCH 080/419] Do not compare ansible_distribution_major_version as a string Fedora 35 is: - `ansible_os_family = 'RedHat'` - `ansible_distribution_major_version = '35'` Our RedHat checks against v7/v8 are really for RHEL derivatives (CentOS, Rockylinux, AlmaLinux), but the same checks (by coincidence) apply for Fedora 35. The problem is that `'35' > '7'` (comparing these as strings) is `false`. This patch makes sure that we always cast `ansible_distribution_major_version` to an integer. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1610 --- roles/matrix-base/defaults/main.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 86886ff0..e83b6c95 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -99,8 +99,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index 45a61aea..b1f82cd0 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,10 +1,10 @@ --- - include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '8' + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8 - include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7' + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 - block: # ansible_lsb is only available if lsb-release is installed. From a24f7626bd3effd8f671eb1a23beda69d439ea97 Mon Sep 17 00:00:00 2001 From: Wunderharke <5105672+Wunderharke@users.noreply.github.com> Date: Wed, 9 Feb 2022 16:43:01 +0100 Subject: [PATCH 081/419] 7330992b2098db3d96d12d1259cd628effac6789 fixed the major_version compare and made foedora deployments to use setup_redhat8.yml. This however broke the script on fedora as there is no EPEL package. This commit add very basic fedora support. --- .../{docker-ce.repo => docker-ce-centos.repo} | 0 .../files/yum.repos.d/docker-ce-fedora.repo | 62 +++++++++++++++++++ roles/matrix-base/tasks/server_base/setup.yml | 5 +- .../tasks/server_base/setup_fedora.yml | 39 ++++++++++++ .../tasks/server_base/setup_redhat.yml | 4 +- .../tasks/server_base/setup_redhat8.yml | 4 +- 6 files changed, 109 insertions(+), 5 deletions(-) rename roles/matrix-base/files/yum.repos.d/{docker-ce.repo => docker-ce-centos.repo} (100%) create mode 100644 roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo create mode 100644 roles/matrix-base/tasks/server_base/setup_fedora.yml diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce.repo b/roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce.repo rename to roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo b/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo new file mode 100644 index 00000000..6f94e4fb --- /dev/null +++ b/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo @@ -0,0 +1,62 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-debuginfo] +name=Docker CE Stable - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-source] +name=Docker CE Stable - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test] +name=Docker CE Test - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-debuginfo] +name=Docker CE Test - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-source] +name=Docker CE Test - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly] +name=Docker CE Nightly - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-debuginfo] +name=Docker CE Nightly - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-source] +name=Docker CE Nightly - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index b1f82cd0..bbfa077c 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -4,7 +4,10 @@ when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8 - include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30 + +- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30 - block: # ansible_lsb is only available if lsb-release is installed. diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml new file mode 100644 index 00000000..7369b6ad --- /dev/null +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -0,0 +1,39 @@ +--- + +- name: Ensure Docker repository is enabled + template: + src: "{{ role_path }}/files/yum.repos.d/{{ item }}" + dest: "/etc/yum.repos.d/docker-ce.repo" + owner: "root" + group: "root" + mode: 0644 + with_items: + - docker-ce-fedora.repo + when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + +- name: Ensure Docker's RPM key is trusted + rpm_key: + state: present + key: https://download.docker.com/linux/fedora/gpg + when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + +- name: Ensure yum packages are installed + yum: + name: + - "{{ matrix_ntpd_package }}" + state: latest + update_cache: true + +- name: Ensure Docker is installed + yum: + name: + - "{{ matrix_docker_package_name }}" + - python3-pip + state: latest + when: matrix_docker_installation_enabled|bool + +- name: Ensure Docker-Py is installed + pip: + name: docker-py + state: latest + when: matrix_docker_installation_enabled|bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml index 34113bd9..87b2481c 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -3,12 +3,12 @@ - name: Ensure Docker repository is enabled template: src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" + dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 with_items: - - docker-ce.repo + - docker-ce-centos.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml index 4b5b069d..07e0694d 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -3,12 +3,12 @@ - name: Ensure Docker repository is enabled template: src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" + dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 with_items: - - docker-ce.repo + - docker-ce-centos.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted From 6576d4596e91a46e8053b992134885e2abec8158 Mon Sep 17 00:00:00 2001 From: ZzMzaw <89450172+ZzMzaw@users.noreply.github.com> Date: Fri, 11 Feb 2022 06:56:37 +0100 Subject: [PATCH 082/419] Add missing endpoints for SSL certificates Playbook is retrieving certificates for some endpoints which were not listed in the doc --- docs/configuring-playbook-ssl-certificates.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 2e288cc8..07e49c5a 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -67,8 +67,13 @@ By default, it obtains certificates for: - `matrix.` (`matrix_server_fqn_matrix`) - possibly for `element.`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false` - possibly for `riot.`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true` +- possibly for `hydrogen.`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md). +- possibly for `cinny.`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md). - possibly for `dimension.`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md). +- possibly for `goneb.`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md). - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). +- possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). +- possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. From 6c47b447e3a7f1a2bad448ec8eb08307167112f6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 11 Feb 2022 08:35:39 +0200 Subject: [PATCH 083/419] Do not use misleading with_items for a single file --- roles/matrix-base/tasks/server_base/setup_redhat.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml index 87b2481c..b4be1d08 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -2,13 +2,11 @@ - name: Ensure Docker repository is enabled template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" + src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 - with_items: - - docker-ce-centos.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted From e2e5db3b895a561798757ad7d40266f61831e443 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 11 Feb 2022 08:36:05 +0200 Subject: [PATCH 084/419] Do not use misleading with_items for a single file --- roles/matrix-base/tasks/server_base/setup_redhat8.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml index 07e0694d..d9dd6e23 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -2,13 +2,11 @@ - name: Ensure Docker repository is enabled template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" + src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 - with_items: - - docker-ce-centos.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted From 5a69c899a3f657d604dbfdfc465a81615ce330dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Nov 2021 17:25:01 +0200 Subject: [PATCH 085/419] Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2) For now, we disable the new `com.devture.shared_secret_auth` login type by default, because it causes problems with Element: https://github.com/vector-im/element-web/issues/19605 This also becomes the first module to use the new Synapse module system that got introduced in Synapse v1.46.0. Despite these upgrades, things should remain functionally identical as far as bridges, matrix-corporal or other consumers are concerned. --- roles/matrix-synapse/defaults/main.yml | 13 ++++++++++++- .../ext/shared-secret-auth/setup_install.yml | 17 ++++++++++++++++- roles/matrix-synapse/tasks/init.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 5 ----- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 838058ea..079ffb4b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -489,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals # Enable this to activate the Shared Secret Auth password provider module. # See: https://github.com/devture/matrix-synapse-shared-secret-auth matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false -matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" +matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true +# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605 +matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false +matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}" +matrix_synapse_ext_password_provider_shared_secret_config_yaml: | + shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} + m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|bool|to_json }} + com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }} # Enable this to activate LDAP password provider matrix_synapse_ext_password_provider_ldap_enabled: false @@ -573,6 +581,9 @@ matrix_synapse_default_room_version: "6" # If not, you can also control its value manually. matrix_synapse_spam_checker: [] +# Controls the Synapse `modules` list. +# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2` +# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. matrix_synapse_modules: [] matrix_synapse_encryption_enabled_by_default_for_room_type: "off" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index af92041d..f408e2f9 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -5,6 +5,11 @@ msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" +- name: Fail if no Shared Secret Auth login types enabled + fail: + msg: "Shared Secret Auth is enabled, but none of the login types are" + when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)" + - name: Download matrix-synapse-shared-secret-auth get_url: url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" @@ -15,7 +20,17 @@ group: "{{ matrix_user_groupname }}" - set_fact: - matrix_synapse_password_providers_enabled: true + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "shared_secret_authenticator.SharedSecretAuthProvider", + "config": matrix_synapse_ext_password_provider_shared_secret_config + } + ] + }} matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index bee1783e..88065049 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8cfb9b20..af6e3e13 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2586,11 +2586,6 @@ email: # #filter: "(objectClass=posixAccount)" {% if matrix_synapse_password_providers_enabled %} password_providers: -{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %} - - module: "shared_secret_authenticator.SharedSecretAuthenticator" - config: - sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} -{% endif %} {% if matrix_synapse_ext_password_provider_rest_auth_enabled %} - module: "rest_auth_provider.RestAuthProvider" config: From 85c66a944f7765d3783bfdaabbf457fd1e1465c9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 11 Feb 2022 20:05:32 +0200 Subject: [PATCH 086/419] Remove useless cast --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 079ffb4b..834d9866 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -497,7 +497,7 @@ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secre matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}" matrix_synapse_ext_password_provider_shared_secret_config_yaml: | shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} - m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|bool|to_json }} + m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|to_json }} com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }} # Enable this to activate LDAP password provider From cc412dfffe39df2e4c9d07afda1ee75c5f9d3504 Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Sat, 12 Feb 2022 00:37:40 +0100 Subject: [PATCH 087/419] Update Hydrogen from v0.2.25 to v0.2.26 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 64bb0ba9..4b91eb2b 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.25 +matrix_client_hydrogen_version: v0.2.26 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From f44ca0c7c295f205030c579ce2370fde7056d828 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 11 Feb 2022 20:06:11 +0200 Subject: [PATCH 088/419] Add support for matrix_encryption_disabler Related to https://github.com/matrix-org/synapse/issues/4401 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621 --- roles/matrix-synapse/defaults/main.yml | 17 ++++++++++ .../tasks/ext/encryption-disabler/setup.yml | 7 ++++ .../ext/encryption-disabler/setup_install.yml | 33 +++++++++++++++++++ .../encryption-disabler/setup_uninstall.yml | 6 ++++ roles/matrix-synapse/tasks/ext/setup.yml | 2 ++ 5 files changed, 65 insertions(+) create mode 100644 roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml create mode 100644 roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml create mode 100644 roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 834d9866..8111c40a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -542,6 +542,23 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] +# Enable this to activate the E2EE disabling Synapse module. +# See: https://github.com/digitalentity/matrix_encryption_disabler +matrix_synapse_ext_encryption_disabler_enabled: false +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/ee80beedc5084a5fabf3c91d8df6d59457d3a790/matrix_e2ee_filter.py" +# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. +# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. +matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] +# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list. +# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver. +# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them. +matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"] +matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}" +matrix_synapse_ext_encryption_config_yaml: | + deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }} + deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }} + + matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml new file mode 100644 index 00000000..8fda082d --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" + when: matrix_synapse_ext_encryption_disabler_enabled|bool + +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" + when: "not matrix_synapse_ext_encryption_disabler_enabled|bool" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml new file mode 100644 index 00000000..dfc15a20 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -0,0 +1,33 @@ +--- + +- name: Download matrix_encryption_disabler + get_url: + url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}" + dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" + force: true + mode: 0440 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- set_fact: + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "matrix_e2ee_filter.EncryptedRoomFilter", + "config": matrix_synapse_ext_encryption_config + } + ] + }} + + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml new file mode 100644 index 00000000..a532464d --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix_encryption_disabler doesn't exist + file: + path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" + state: absent diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 31637fa9..25c8809d 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml" + - import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" From fb4c6961e96e00721915fb559b4e8cb4eb240957 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 12 Feb 2022 09:38:53 +0200 Subject: [PATCH 089/419] Announce matrix_encryption_disabler support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c2077a7..c1ac92e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-02-12 + +## matrix_encryption_disabler support + +We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401). + +To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`. + + # 2022-02-01 ## matrix-hookshot bridging support From 5eeb0156b15ee60a3595ae94f2520169828fa42c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 12 Feb 2022 09:55:59 +0200 Subject: [PATCH 090/419] Bump matrix_encryption_disabler "version" --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 8111c40a..9d1f77a1 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -545,7 +545,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/ee80beedc5084a5fabf3c91d8df6d59457d3a790/matrix_e2ee_filter.py" +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/d1d2b22079ca511797f36edde5065b8fae5610e8/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 735eec92cc3e428424f61d567090a2cebe64ac4f Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 13 Feb 2022 17:23:57 +0100 Subject: [PATCH 091/419] update hookshot registration.yml based on comments in chat: https://matrix.to/#/!TlZdPIYrhwNvXlBiEk:half-shot.uk/$RbG6itEHVV8J_u5ry1HiFdC76n19M3vmopfQOyRmkKU?via=half-shot.uk&via=matrix.org&via=envs.net --- .../templates/registration.yml.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 index ced3bd77..d076ea10 100644 --- a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -5,8 +5,22 @@ hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this namespaces: rooms: [] users: +{% if matrix_hookshot_github_enabled %} - regex: "@_github_.*:{{ matrix_domain }}" exclusive: true +{% endif %} +{% if matrix_hookshot_gitlab_enabled %} + - regex: "@_gitlab_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain + exclusive: true +{% endif %} +{% if matrix_hookshot_jira_enabled %} + - regex: "@_jira_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain + exclusive: true +{% endif %} +{% if matrix_hookshot_generic_enabled %} + - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf + exclusive: true +{% endif %} aliases: - regex: "#github_.+:{{ matrix_domain }}" exclusive: true From cfba9b2cf5f210891ac95035f17e6dbafbf2a808 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 14 Feb 2022 10:39:14 +0200 Subject: [PATCH 092/419] Update matrix_encryption_disabler (patch_power_levels feature) Related to: - https://github.com/digitalentity/matrix_encryption_disabler/pull/4 - https://github.com/digitalentity/matrix_encryption_disabler/issues/5 - https://github.com/digitalentity/matrix_encryption_disabler/pull/6 --- roles/matrix-synapse/defaults/main.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 9d1f77a1..3f2a02a5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -545,7 +545,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/d1d2b22079ca511797f36edde5065b8fae5610e8/matrix_e2ee_filter.py" +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] @@ -553,10 +553,17 @@ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix # By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver. # Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them. matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"] +# Specifies whether the power levels event (setting) provided during room creation should be patched. +# This makes it impossible for anybody (locally or over federation) from enabling room encryption +# for the lifetime of rooms created while this setting is enabled (irreversible). +# Enabling this may have incompatiblity consequences with servers / clients. +# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler +matrix_synapse_ext_encryption_disabler_patch_power_levels: false matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}" matrix_synapse_ext_encryption_config_yaml: | deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }} deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }} + patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels|to_json }} matrix_s3_media_store_enabled: false From f0ab2ec50696a0108f4ac857b116ffb04f9cc236 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 15 Feb 2022 07:03:25 +0200 Subject: [PATCH 093/419] Add support for configuring allow_embedding for Grafana Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1626 --- roles/matrix-grafana/defaults/main.yml | 4 ++++ roles/matrix-grafana/templates/grafana.ini.j2 | 2 ++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index b1fba38f..25d796a2 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -22,6 +22,10 @@ matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data" # Allow viewing Grafana without logging in matrix_grafana_anonymous_access: false +# Allow `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame. +# Read more here: https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding +matrix_grafana_allow_embedding: false + # specify organization name that should be used for unauthenticated users # if you change this in the Grafana admin panel, this needs to be updated # to match to keep anonymous logins working diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2 index 8f4c88f0..1e06683e 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/matrix-grafana/templates/grafana.ini.j2 @@ -16,6 +16,8 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}" content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}""" {% endif %} +allow_embedding = {{ matrix_grafana_allow_embedding }} + [auth.anonymous] # enable anonymous access enabled = {{ matrix_grafana_anonymous_access }} From 241e21c70224924228006bcfa08fa0403a75f8fb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 15 Feb 2022 07:04:45 +0200 Subject: [PATCH 094/419] Fix typo --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 25d796a2..5536822c 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -22,7 +22,7 @@ matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data" # Allow viewing Grafana without logging in matrix_grafana_anonymous_access: false -# Allow `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame. +# When `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame. # Read more here: https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding matrix_grafana_allow_embedding: false From 8b3fad45f9f9897eb5ab1e15959be1b9f02ee399 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 15 Feb 2022 14:04:08 +0200 Subject: [PATCH 095/419] Upgrade Element (1.10.1 -> 1.10.3) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1627 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index d5ada7ee..ce9c4fff 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.1 +matrix_client_element_version: v1.10.3 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 1ed46f0a86e24ba1e4ce9192929abdd294bee24c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Feb 2022 09:36:33 +0200 Subject: [PATCH 096/419] Remove Jinja2 templating delimiters from when statement Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1629 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1505 --- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 416db621..66a452f0 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -69,7 +69,7 @@ mode: 0400 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: "{{ matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length }}" + when: matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length > 0 - name: Ensure matrix-hookshot.service installed template: From 6b4afd105170e4ff5e26ec1e70d097ab4c347988 Mon Sep 17 00:00:00 2001 From: iambeingtracked <94642304+iambeingtracked@users.noreply.github.com> Date: Wed, 16 Feb 2022 10:25:36 +0200 Subject: [PATCH 097/419] Update faq.md It had an extra dot, which resulted in a question mark and a dot after each other --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index 5181c6ea..d9c7a586 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -226,7 +226,7 @@ Using a separate domain name is easier to manage (although it's a little hard to We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method. -If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain). +If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain) ### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do? From f0e30c76f3d589e48324d534db73d23d4ab4244a Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 16 Feb 2022 09:22:25 +0000 Subject: [PATCH 098/419] Postgres Minor Updates (14.2, 13.6, 12.10, 11.15, 10.20) --- roles/matrix-postgres/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 4d338e7d..76529a82 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -20,11 +20,11 @@ matrix_postgres_architecture: amd64 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.19{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.14{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.9{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.5{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.1{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From fe389bd11a1a2ca946dbc732c5bd2b7ec916fbfb Mon Sep 17 00:00:00 2001 From: Petteri Pucilowski Date: Wed, 16 Feb 2022 19:48:41 +0200 Subject: [PATCH 099/419] Changed to: mautrix-whatsapp v0.2.4 tag --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index adc30fc8..54097ad8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.3 +matrix_mautrix_whatsapp_version: v0.2.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From d556952bb67d2aecccbf018be7d0f6182210da8a Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 16 Feb 2022 19:51:00 +0100 Subject: [PATCH 100/419] update hookshot to respect protocol and custom ports --- group_vars/matrix_servers | 4 ++++ roles/matrix-bridge-hookshot/defaults/main.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 596fba13..02e89176 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -695,6 +695,10 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" +matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" +matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled }}{{ matrix_hookshot_generic_endpoint }}" + ###################################################################### # # /matrix-bridge-hookshot diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 2db8ba77..f83865e8 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -92,6 +92,7 @@ matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksho matrix_hookshot_generic_enabled: true # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +# urlprefix gets updated with protocol & port in group_vars/matrix_servers matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap From a6e766a06a41ad05961bf58794024fac5295191a Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Fri, 18 Feb 2022 19:56:22 +0200 Subject: [PATCH 101/419] Upgrade Element (1.10.3 -> 1.10.4) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index ce9c4fff..51ddf1c2 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.3 +matrix_client_element_version: v1.10.4 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From cb5a8e87364fcc4d7055ccfd464a68dfa3745996 Mon Sep 17 00:00:00 2001 From: AnonyPla <86740652+AnonyPla@users.noreply.github.com> Date: Sat, 19 Feb 2022 10:49:31 +0000 Subject: [PATCH 102/419] Update for changing the federation port This is a proposed add to the documentation to inform users how to change the federation port using the ansible playbook for eventual use with third party services such as CDNs. --- docs/configuring-playbook-federation.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 2e6410ec..05518560 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -47,3 +47,20 @@ matrix_synapse_federation_port_enabled: false # This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false ``` + +## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports + +Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection. + +The following changes in the configuration file (`inventory/host_vars/matrix./vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other: + +``` +matrix_synapse_http_listener_resource_names: ["client","federation"] +# Any port can be used but in this case we use 443 +matrix_federation_public_port: 443 +matrix_synapse_federation_port_enabled: false +# Note tht the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true. +matrix_synapse_tls_federation_listener_enabled: false +``` + +**Use this at you own risk as all the possible side-effects of doing this are not fully known. However, it has been tested and works fine and passes all the tests on without issues.** From 31d370616645519d67e981ffcde0195bf266b6f1 Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Sun, 20 Feb 2022 11:56:03 +0100 Subject: [PATCH 103/419] fix typo --- docs/configuring-playbook-federation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 05518560..4650b5e2 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -59,7 +59,7 @@ matrix_synapse_http_listener_resource_names: ["client","federation"] # Any port can be used but in this case we use 443 matrix_federation_public_port: 443 matrix_synapse_federation_port_enabled: false -# Note tht the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true. +# Note that the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true. matrix_synapse_tls_federation_listener_enabled: false ``` From 906f192cf3c5d0601dfb8e0072342ddd96d3136c Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:33:55 +0100 Subject: [PATCH 104/419] Updated: mautrix-signal to v0.2.3 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ca06c268..0f91d6cc 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -8,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.2 -matrix_mautrix_signal_daemon_version: 0.16.1 +matrix_mautrix_signal_version: v0.2.3 +matrix_mautrix_signal_daemon_version: 0.17.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From a4ba2ba6018f8d5faaec53ff667e4a666ad747fa Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:37:11 +0100 Subject: [PATCH 105/419] Updated: mautrix-telegram v0.11.2 --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index f9e7f890..d1397b21 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -14,7 +14,7 @@ matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.1 +matrix_mautrix_telegram_version: v0.11.2 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" From 5b96dd609bfcccd307b953f31af36e9e5ae0c549 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:45:42 +0100 Subject: [PATCH 106/419] Updated: ddclient to v3.9.1-ls79 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index af571720..5d733eb3 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls77 +matrix_dynamic_dns_version: v3.9.1-ls79 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 0f251a21048a5a04a130620a1d5711582fbec91d Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:47:32 +0100 Subject: [PATCH 107/419] Updated: grafana to 8.4.1 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 5536822c..0ee7a86a 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.3.4 +matrix_grafana_version: 8.4.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From e53cc026d00ba0096eb6057354ab2cec3631e115 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:50:21 +0100 Subject: [PATCH 108/419] Updated: certbot to v1.23.0 --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index bf70efec..32702ec9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -477,7 +477,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.22.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From 728123b9ab1dfd51b16a05a97fac86c4a30542ae Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:52:00 +0100 Subject: [PATCH 109/419] Updated: prometheus to v2.33.3 --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 2c9a349f..843a90e8 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.33.1 +matrix_prometheus_version: v2.33.3 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 7f4d7444a395a0b8aae2b44bd6ad949a906a216e Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 12:54:31 +0100 Subject: [PATCH 110/419] Updated: synapse-admin to 0.8.5 --- roles/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index 6ad6bd16..0aa19e86 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_version: 0.8.4 +matrix_synapse_admin_version: 0.8.5 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" From b8f6f6a51a83b3677c2d0aa70cc8cfc6611ddc30 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Tue, 22 Feb 2022 13:08:28 +0100 Subject: [PATCH 111/419] Updated: jitsi to stable-6865 --- roles/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 32f4be0d..5f543d4a 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-6726-2 +matrix_jitsi_version: stable-6865 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" From ef7acce94b95d3705cccfac5d252dc702a1e0544 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Feb 2022 15:34:10 +0200 Subject: [PATCH 112/419] Upgrade Synapse (1.52.0 -> 1.53.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 20 +++++++++++++++---- roles/matrix-synapse/vars/workers.yml | 12 +++++------ 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 3f2a02a5..f1a3e457 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.52.0 +matrix_synapse_version: v1.53.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index af6e3e13..0308b406 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -776,11 +776,16 @@ caches: per_cache_factors: #get_users_who_share_room_with_user: 2.0 - # Controls how long an entry can be in a cache without having been - # accessed before being evicted. Defaults to None, which means - # entries are never evicted based on time. + # Controls whether cache entries are evicted after a specified time + # period. Defaults to true. Uncomment to disable this feature. # - #expiry_time: 30m + #expire_caches: false + + # If expire_caches is enabled, this flag controls how long an entry can + # be in a cache without having been accessed before being evicted. + # Defaults to 30m. Uncomment to set a different time to live for cache entries. + # + #cache_entry_ttl: 30m # Controls how long the results of a /sync request are cached for after # a successful response is returned. A higher duration can help clients with @@ -890,6 +895,9 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config" # - one for ratelimiting how often a user or IP can attempt to validate a 3PID. # - two for ratelimiting how often invites can be sent in a room or to a # specific user. +# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID +# such as an email address or a phone number) based on the account that's +# sending the invite. # # The defaults are as shown below. # @@ -944,6 +952,10 @@ rc_joins: {{ matrix_synapse_rc_joins|to_json }} # per_user: # per_second: 0.003 # burst_count: 5 +# +#rc_third_party_invite: +# per_second: 0.2 +# burst_count: 10 # Ratelimiting settings for incoming federation # diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 7145e0fc..48530312 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -64,7 +64,7 @@ matrix_synapse_workers_generic_worker_endpoints: # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ - - ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$ + - ^/_matrix/client/v1/register/m.login.registration_token/validity$ # Event sending requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact @@ -206,7 +206,7 @@ matrix_synapse_workers_generic_worker_endpoints: # You might also wish to investigate the `update_user_directory` and # `media_instance_running_background_jobs` settings. - # pusher worker (no API endpoints) [ +# pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the # shared configuration file to stop the main synapse sending push notifications. @@ -220,18 +220,18 @@ matrix_synapse_workers_generic_worker_endpoints: # - pusher_worker2 # ``` - # ] +# ] - # appservice worker (no API endpoints) [ +# appservice worker (no API endpoints) [ # Handles sending output traffic to Application Services. Doesn't handle any # REST endpoints itself, but you should set `notify_appservices: False` in the # shared configuration file to stop the main synapse sending appservice notifications. # Note this worker cannot be load-balanced: only one instance should be active. - # ] +# ] - # federation_sender worker (no API endpoints) [ +# federation_sender worker (no API endpoints) [ # Handles sending federation traffic to other servers. Doesn't handle any # REST endpoints itself, but you should set `send_federation: False` in the # shared configuration file to stop the main synapse sending this traffic. From c6407998642eb5f3eb954a7e1db3664d9f562526 Mon Sep 17 00:00:00 2001 From: PC-Admin Date: Wed, 23 Feb 2022 19:52:56 +0800 Subject: [PATCH 113/419] GoMatrixHosting v0.6.9 - stop re-writing of matrix_homeserver_generic_secret_key --- roles/matrix-awx/tasks/update_variables.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml index e072667f..b281a8c5 100644 --- a/roles/matrix-awx/tasks/update_variables.yml +++ b/roles/matrix-awx/tasks/update_variables.yml @@ -7,15 +7,21 @@ regexp: 'matrix_synapse_use_presence' replace: 'matrix_synapse_presence_enabled' -- name: Generate matrix_homeserver_generic_secret_key variable +- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml + delegate_to: 127.0.0.1 + register: presence + shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" + no_log: true + +- name: Generate matrix_homeserver_generic_secret_key variable if not present delegate_to: 127.0.0.1 command: | openssl rand -hex 16 register: generic_secret no_log: true - when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) + when: presence is not changed -- name: Add new matrix_homeserver_generic_secret_key variable +- name: Add new matrix_homeserver_generic_secret_key variable if not present delegate_to: 127.0.0.1 lineinfile: path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' @@ -23,4 +29,4 @@ insertbefore: '# Basic Settings End' mode: '0600' state: present - when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) + when: presence is not changed From ffa57055f471b9dfd6e5b9a855a9123f340ec977 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 24 Feb 2022 20:50:06 +0200 Subject: [PATCH 114/419] updated honoroit 0.9.4 -> 0.9.5 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 2c50a1f7..8495c6e1 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.4 +matrix_bot_honoroit_version: v0.9.5 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Max items in cache +matrix_bot_honoroit_cachesize: '' + # Text prefix: open matrix_bot_honoroit_text_prefix_open: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index fdd9b13d..37719d03 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -7,6 +7,7 @@ HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }} HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} +HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} From 3719abe0e69dafe6d7084f98273d9074bf33f03f Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Sat, 26 Feb 2022 14:56:51 +0100 Subject: [PATCH 115/419] Optimize signal bridge startup order bridge requires the daemon, so start it first --- roles/matrix-bridge-mautrix-signal/tasks/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 21d52066..a7fe8278 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal-daemon.service', 'matrix-mautrix-signal.service'] }}" when: matrix_mautrix_signal_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. From 4f1423365e6f1221016a87ce1de156d33984b5f7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 27 Feb 2022 10:17:15 +0200 Subject: [PATCH 116/419] Update issue templates Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1657 --- .github/ISSUE_TEMPLATE/bug_report.md | 57 ++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..2a05e3ce --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,57 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + + + +**To Reproduce** +My `vars.yml` file looks like this: + +```yaml +Paste your vars.yml file here. +Make sure to remove any secret values before posting your vars.yml file publicly. +``` + + + + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Matrix Server (please complete the following information):** + - OS: [e.g. Ubuntu 21.04] + - Architecture [e.g. amd64, arm32, arm64] + +**Ansible (please complete the following information):** +If your problem appears to be with Ansible, tell us: +- where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?) +- what version of Ansible you're running (see `ansible --version`) + + + +**Client (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + + + +**Additional context** +Add any other context about the problem here. From 85a47d645d81e0f24f83c0cc39aca118f04b10c0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 27 Feb 2022 10:25:55 +0200 Subject: [PATCH 117/419] Add Feature request issue template --- .github/ISSUE_TEMPLATE/feature_request.md | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..3fb2ffe2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,28 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + + + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From 238838c31b47b51946235d9b7be4e1ad9997c7c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 27 Feb 2022 10:33:42 +0200 Subject: [PATCH 118/419] Add an "I need help" custom issue template Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1657 --- .github/ISSUE_TEMPLATE/bug_report.md | 6 ++-- .github/ISSUE_TEMPLATE/i-need-help.md | 49 +++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/i-need-help.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 2a05e3ce..9dffaee8 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -28,11 +28,11 @@ Make sure to remove any secret values before posting your vars.yml file publicly **Expected behavior** A clear and concise description of what you expected to happen. -**Matrix Server (please complete the following information):** +**Matrix Server:** - OS: [e.g. Ubuntu 21.04] - Architecture [e.g. amd64, arm32, arm64] -**Ansible (please complete the following information):** +**Ansible:** If your problem appears to be with Ansible, tell us: - where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?) - what version of Ansible you're running (see `ansible --version`) @@ -42,7 +42,7 @@ The above is only applicable if you're hitting a problem with Ansible itself. We don't need this information in most cases. Delete this section if not applicable. --> -**Client (please complete the following information):** +**Client:** - Device: [e.g. iPhone6] - OS: [e.g. iOS8.1] - Browser [e.g. stock browser, safari] diff --git a/.github/ISSUE_TEMPLATE/i-need-help.md b/.github/ISSUE_TEMPLATE/i-need-help.md new file mode 100644 index 00000000..6e862463 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/i-need-help.md @@ -0,0 +1,49 @@ +--- +name: I need help +about: Get support from our community +title: '' +labels: '' +assignees: '' + +--- + + + +**Playbook Configuration**: + +My `vars.yml` file looks like this: + +```yaml +Paste your vars.yml file here. +Make sure to remove any secret values before posting your vars.yml file publicly. +``` + +**Matrix Server:** + - OS: [e.g. Ubuntu 21.04] + - Architecture [e.g. amd64, arm32, arm64] + +**Ansible:** +If your problem appears to be with Ansible, tell us: +- where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?) +- what version of Ansible you're running (see `ansible --version`) + +**Problem description**: + +Describe what you're doing, what you expect to happen and what happens instead here. +Tell us what you've tried and what you're aiming to achieve. + +**Client (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + + + +**Additional context** +Add any other context about the problem here. From 28f6091ed41232461e2b4992607fb673ecef019c Mon Sep 17 00:00:00 2001 From: GoMatrixHosting Date: Sun, 27 Feb 2022 17:40:20 +0800 Subject: [PATCH 119/419] GoMatrixHosting v0.7.0 --- README.md | 2 - docs/configuring-awx-system.md | 1 + .../surveys/configure_mjolnir.json.j2 | 29 ++++++++ roles/matrix-awx/tasks/main.yml | 9 +++ .../tasks/set_variables_dimension.yml | 4 +- .../matrix-awx/tasks/set_variables_ma1sd.yml | 10 +-- .../tasks/set_variables_mjolnir.yml | 68 +++++++++++++++++++ .../tasks/init.yml | 2 +- .../matrix-postgres/tasks/setup_postgres.yml | 7 ++ .../matrix-postgres-cli-non-interactive.j2 | 12 ++++ 10 files changed, 134 insertions(+), 10 deletions(-) create mode 100644 roles/matrix-awx/surveys/configure_mjolnir.json.j2 create mode 100755 roles/matrix-awx/tasks/set_variables_mjolnir.yml create mode 100644 roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 diff --git a/README.md b/README.md index 6ae3ca0b..e1e901d0 100644 --- a/README.md +++ b/README.md @@ -152,5 +152,3 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w ## Services by the community - [etke.cc](https://etke.cc) - matrix-docker-ansible-deploy and system stuff "as a service". That service will create your matrix homeserver on your domain and server (doesn't matter if it's cloud provider or on an old laptop in the corner of your room), (optional) maintains it (server's system updates, cleanup, security adjustments, tuning, etc.; matrix homeserver updates & maintenance) and (optional) provide full-featured email service for your domain - -- [GoMatrixHosting](https://gomatrixhosting.com) - matrix-docker-ansible-deploy "as a service" with [Ansible AWX](https://github.com/ansible/awx). Members can be assigned a server from DigitalOcean, or they can connect their on-premises server. This AWX system can manage the updates, configuration, import and export, backups, and monitoring on its own. For more information [see our GitLab group](https://gitlab.com/GoMatrixHosting) or come [visit us on Matrix](https://matrix.to/#/#general:gomatrixhosting.com). diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index c33664c2..3819a0d3 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -10,6 +10,7 @@ The AWX system is arranged into 'members' each with their own 'subscriptions'. A This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). +Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.** ## Other Required Playbooks diff --git a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 new file mode 100644 index 00000000..5e1d78f4 --- /dev/null +++ b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 @@ -0,0 +1,29 @@ +{ + "name": "Configure Mjolnir", + "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.", + "spec": [ + { + "question_name": "Enable Mjolnir", + "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.", + "required": true, + "min": null, + "max": null, + "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_bot_mjolnir_enabled", + "type": "multiplechoice" + }, + { + "question_name": "Mjolnir Management Room", + "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'", + "required": true, + "min": null, + "max": null, + "default": "{{ matrix_bot_mjolnir_management_room }}", + "new_question": true, + "variable": "matrix_bot_mjolnir_management_room", + "type": "text" + } + ] +} \ No newline at end of file diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index b5e951c6..93128713 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -170,6 +170,15 @@ tags: - setup-ma1sd +# Additional playbook to set the variable file during Mjolnir Bot configuration +- include_tasks: + file: "set_variables_mjolnir.yml" + apply: + tags: setup-bot-mjolnir + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - setup-bot-mjolnir + # Additional playbook to set the variable file during Corporal configuration - include_tasks: file: "set_variables_corporal.yml" diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index d692e081..8d8f9c44 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -14,7 +14,7 @@ - name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX @@ -26,7 +26,7 @@ insertafter: '# Dimension Settings Start' with_dict: 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' - 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"' + 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"' - name: Set final users list if users are defined set_fact: diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index fba7225a..d46d797f 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -38,22 +38,22 @@ replace: path: '{{ awx_cached_matrix_vars }}' regexp: '^.*\n' - after: '# Start ma1sd Extension' - before: '# End ma1sd Extension' + after: '# ma1sd Extension Start' + before: '# ma1sd Extension End' - name: Replace conjoined ma1sd configuration extension limiters delegate_to: 127.0.0.1 replace: path: '{{ awx_cached_matrix_vars }}' - regexp: '^# Start ma1sd Extension# End ma1sd Extension' - replace: '# Start ma1sd Extension\n# End ma1sd Extension' + regexp: '^# ma1sd Extension Start# ma1sd Extension End' + replace: '# ma1sd Extension Start\n# ma1sd Extension End' - name: Insert/Update ma1sd configuration extension variables delegate_to: 127.0.0.1 blockinfile: path: '{{ awx_cached_matrix_vars }}' marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" - insertafter: '# Start ma1sd Extension' + insertafter: '# ma1sd Extension Start' block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}' - name: Record ma1sd Custom variables locally on AWX diff --git a/roles/matrix-awx/tasks/set_variables_mjolnir.yml b/roles/matrix-awx/tasks/set_variables_mjolnir.yml new file mode 100755 index 00000000..6e3bb153 --- /dev/null +++ b/roles/matrix-awx/tasks/set_variables_mjolnir.yml @@ -0,0 +1,68 @@ +--- + +- name: Include vars in matrix_vars.yml + include_vars: + file: '{{ awx_cached_matrix_vars }}' + no_log: true + +- name: Collect the internal IP of the matrix-synapse container + shell: | + /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse + register: matrix_synapse_ip + +- name: Collect access token of @admin-mjolnir user + shell: | + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token' + register: awx_mjolnir_user_access_token + no_log: true + +- name: Record Mjolnir Bot variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Mjolnir Settings Start' + with_dict: + 'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}' + 'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}' + 'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"' + no_log: true + +- name: Remove Synapse rate-limiting for admin-mjolnir user + shell: | + /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);" + ignore_errors: true + +- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' + +- name: Copy new 'Configure Mjolnir' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' + dest: '/matrix/awx/configure_mjolnir.json' + mode: '0660' + +- name: Recreate 'Configure Mjolnir Bot' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot" + description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-bot-mjolnir" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}" + become_enabled: true + state: present + verbosity: 1 + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + validate_certs: true diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index a7fe8278..21d52066 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal-daemon.service', 'matrix-mautrix-signal.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" when: matrix_mautrix_signal_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index dc170460..46186a4d 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -85,6 +85,13 @@ mode: 0755 when: matrix_postgres_enabled|bool +- name: Ensure matrix-postgres-cli-non-interactive script created + template: + src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2" + dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive" + mode: 0755 + when: matrix_postgres_enabled|bool + - name: Ensure matrix-change-user-admin-status script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 new file mode 100644 index 00000000..012bb327 --- /dev/null +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 @@ -0,0 +1,12 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +docker run \ + --rm \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ + --network {{ matrix_docker_network }} \ + {{ matrix_postgres_docker_image_to_use }} \ + psql -h {{ matrix_postgres_connection_hostname }} \ + "$@" From 73847729574443ee61ee12a95fc18d46ba9f161a Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Tue, 1 Mar 2022 02:50:17 -0500 Subject: [PATCH 120/419] Upgrade Element (1.10.4 -> 1.10.5) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 51ddf1c2..7f9441a0 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.4 +matrix_client_element_version: v1.10.5 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 42a8fb3a3c2afdf064d11f299d2e8b7e5565f5c5 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Tue, 1 Mar 2022 17:30:15 -0500 Subject: [PATCH 121/419] Upgrade Element (1.10.5 -> 1.10.6) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 7f9441a0..94b28d9e 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.5 +matrix_client_element_version: v1.10.6 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From c934480832bf7c7eb1b38bccbf53658cd00c8721 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Mar 2022 17:20:17 +0000 Subject: [PATCH 122/419] Bump actions/checkout from 2.4.0 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 6445dc03..f58fe75f 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - name: ⤵️ Check out configuration from GitHub - uses: actions/checkout@v2.4.0 + uses: actions/checkout@v3 - name: 🚀 Run yamllint uses: frenck/action-yamllint@v1.1.2 From 58771a9c65bb59bdf0d29301d59d05c1a50fea02 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 2 Mar 2022 20:58:11 +0100 Subject: [PATCH 123/419] hookshot moved to matrix-org namespace --- docs/configuring-playbook-bridge-hookshot.md | 8 ++++---- roles/matrix-bridge-hookshot/defaults/main.yml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 9a7f3f53..ed96de99 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -1,22 +1,22 @@ # Setting up Hookshot (optional) -The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. +The playbook can install and configure [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) for you. Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. -See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. +See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions -Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. +Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 2db8ba77..6ac5711b 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -1,7 +1,7 @@ --- # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. -# https://github.com/Half-Shot/matrix-hookshot +# https://github.com/matrix-org/matrix-hookshot matrix_hookshot_enabled: true @@ -34,7 +34,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # You need to create a GitHub app to enable this and fill in the empty variables below -# https://half-shot.github.io/matrix-hookshot/setup/github.html +# https://matrix-org.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' # Set this variable to the contents of the generated and downloaded GitHub private key: @@ -53,7 +53,7 @@ matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App pag # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" -# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration +# These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_show_issue_room_link: false @@ -78,7 +78,7 @@ matrix_hookshot_gitlab_secret: '' matrix_hookshot_jira_enabled: false -# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth +# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth matrix_hookshot_jira_secret: '' matrix_hookshot_jira_oauth_enabled: false matrix_hookshot_jira_oauth_id: '' @@ -117,7 +117,7 @@ matrix_hookshot_provisioning_secret: '' matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" -# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions +# You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. # Example: # matrix_hookshot_permissions: From 3d47b44d64214dc7785d130c246e4dd53d31773c Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 2 Mar 2022 21:28:52 +0100 Subject: [PATCH 124/419] avoid namespace collisions between webhook bridges --- docs/configuring-playbook-bridge-hookshot.md | 4 ++++ roles/matrix-bridge-appservice-webhooks/defaults/main.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 9a7f3f53..cc55dab0 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -45,3 +45,7 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). + +### Collision with matrix-appservice-webhooks + +If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`). diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 7a6db2d0..223b9c0b 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -24,7 +24,7 @@ matrix_appservice_webhooks_public_endpoint: /appservice-webhooks matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}" matrix_appservice_webhooks_bot_name: 'webhookbot' -matrix_appservice_webhooks_user_prefix: '_webhook' +matrix_appservice_webhooks_user_prefix: '_webhook_' # Controls the webhooks_PORT and MATRIX_PORT of the installation matrix_appservice_webhooks_matrix_port: 6789 From 09d45b854ba44bf0e1e30a524c475b58f034f027 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 2 Mar 2022 20:39:23 +0000 Subject: [PATCH 125/419] Upgrade Mjolnir (1.3.1 -> 1.3.2) --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 9f45432c..cfb0d06d 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.1" +matrix_bot_mjolnir_version: "v1.3.2" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 4ec24ec34439e85a79379eedd5ccaf487391be9d Mon Sep 17 00:00:00 2001 From: Alejo Diaz <49624607+xlejo@users.noreply.github.com> Date: Thu, 3 Mar 2022 13:15:39 -0300 Subject: [PATCH 126/419] Add support for obtain ECDSA keys (#1667) * Add support for obtain ECDSA keys * Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type --- docs/configuring-playbook-ssl-certificates.md | 9 +++++++++ roles/matrix-nginx-proxy/defaults/main.yml | 4 ++++ roles/matrix-nginx-proxy/tasks/ssl/main.yml | 5 +++++ .../ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml | 2 ++ .../matrix-ssl-lets-encrypt-certificates-renew.j2 | 3 ++- 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 07e49c5a..eae584e7 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -100,3 +100,12 @@ For automated certificate renewal to work, each port `80` vhost for each domain See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf` Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers. + + +## Specify the SSL private key algorithm + +If you'd like to [specify the private key type](https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys) used with Let's Encrypt, define your own custom configuration like this: + +```yaml +matrix_ssl_lets_encrypt_key_type: ecdsa +``` diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 32702ec9..4b1810ea 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -489,6 +489,10 @@ matrix_ssl_lets_encrypt_support_email: ~ # If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`) matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80' +# Specify key type of the private key algorithm. +# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys +matrix_ssl_lets_encrypt_key_type: rsa + matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml index 6c060818..6b843c7b 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -5,6 +5,11 @@ msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value" when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" +- name: Fail if using unsupported private key type + fail: + msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value" + when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']" + # Common tasks, required by almost any method below. diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e4dd53c2..12a21257 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -45,6 +45,7 @@ --http-01-port 8080 {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} --standalone --preferred-challenges http --agree-tos @@ -74,6 +75,7 @@ --http-01-port 8080 {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} --standalone --preferred-challenges http --agree-tos diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 index bc45e85e..89113629 100644 --- a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 +++ b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 @@ -22,8 +22,9 @@ docker run \ --work-dir=/tmp \ --http-01-port 8080 \ {% if matrix_ssl_lets_encrypt_staging %} - --staging \ + --staging \ {% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} \ --standalone \ --preferred-challenges http \ --agree-tos \ From 648001875e0b4da1855d80a14e59f36683c11df8 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Thu, 3 Mar 2022 20:49:57 +0100 Subject: [PATCH 127/419] Fix for old jinja versions Co-authored-by: Procuria <37988494+Procuria@users.noreply.github.com> --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 02e89176..97b7cf70 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -697,7 +697,7 @@ matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_s matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" ###################################################################### # From 211f05abbea850b62eb25fe7c87a09875b8e403d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20Sch=C3=BCmann?= Date: Thu, 3 Mar 2022 22:21:21 +0100 Subject: [PATCH 128/419] add $is_args$args to proxy url params in GET requests --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index a2229c36..041bb764 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -68,10 +68,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; - proxy_pass http://$backend/$1; + proxy_pass http://$backend/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; {% endif %} proxy_set_header Host $host; } From f62279581d6a1ad006907011353f4dee6ac16678 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Fri, 4 Mar 2022 16:54:17 +0100 Subject: [PATCH 129/419] Upgrade Hookshot (1.1.0 -> 1.2.0) all features were actually already silently supported :tada: upstream changelog: https://github.com/matrix-org/matrix-hookshot/releases/tag/1.2.0 --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index d7a443cd..e6be626e 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.1.0 +matrix_hookshot_version: 1.2.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From 584e50d117a0075ebabf46e6915a13dc9fbcdccd Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 4 Mar 2022 14:40:05 -0300 Subject: [PATCH 130/419] fix hookshot provisioning url in nginx Hello, this PR should fix Hookshot container not receiving API calls with the right path because nginx proxy was stripping the /v1 from it. --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 041bb764..8bd2d5a0 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/$1; + proxy_pass http://$backend/v1/$1; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1; {% endif %} proxy_set_header Host $host; } From 833ac506fe904f21e2350c72560220a3fea19e26 Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 4 Mar 2022 15:08:16 -0300 Subject: [PATCH 131/419] pass GET parameters too This fixes parameters not being passed to the provisioning api --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 8bd2d5a0..25204f04 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/v1/$1; + proxy_pass http://$backend/v1/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args; {% endif %} proxy_set_header Host $host; } From ba68d2ad36100a62330d54aacbd03ad7f0b5c864 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:49:32 +0100 Subject: [PATCH 132/419] Remove deprecated community options "Community" support - has been removed from mautrix/facebook in v0.3.3: https://github.com/mautrix/facebook/commit/31cac6fb5e75667d272bf0daae094578add09a1f - has been removed from mautrix/signal in v0.2.2: https://github.com/mautrix/signal/commit/1f27a608a661118e17e2ef89412fd7ee2735b15c - will be removed in the next mautrix/instagram release: https://github.com/mautrix/instagram/commit/e2ae1ca503e7ab05e1f9dd703c26e4a5a2d4e517 - will be removed in the next mautrix/twitter release: https://github.com/mautrix/twitter/commit/3893075265fc78021be773acc58203619ffaa067 --- ...guring-playbook-bridge-mautrix-facebook.md | 25 ------------------- .../templates/config.yaml.j2 | 6 ----- .../templates/config.yaml.j2 | 6 ----- .../templates/config.yaml.j2 | 6 ----- .../templates/config.yaml.j2 | 6 ----- 5 files changed, 49 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 282865e7..1845682f 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -70,31 +70,6 @@ If you run into trouble, check the [Troubleshooting](#troubleshooting) section b After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. -## Set up community-grouping - -This is an **optional feature** that you may wish to enable. - -The Facebook bridge can create a Matrix community for you, which would contain all your chats and contacts. - -For this to work, the bridge's bot needs to have permissions to create communities (also referred to as groups). -Since the bot is a non-admin user, you need to enable such group-creation for non-privileged users in [Synapse's settings](configuring-playbook-synapse.md). - -Here's an example configuration: - -```yaml -matrix_synapse_configuration_extension_yaml: | - enable_group_creation: true - group_creation_prefix: "unofficial/" - -matrix_mautrix_facebook_configuration_extension_yaml: | - bridge: - community_template: "unofficial/facebook_{localpart}={server}" -``` - -Once the bridge is restarted, it would create a community and invite you to it. You need to accept the community invitation manually. -If you don't see all your contacts, you may wish to send a `sync` message to the bot. - - ## Troubleshooting ### Facebook rejecting login attempts and forcing you to change password diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 628db713..0b178e43 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -66,12 +66,6 @@ bridge: # Localpart template of MXIDs for Facebook users. # {userid} is replaced with the user ID of the Facebook user. username_template: "facebook_{userid}" - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # - # `facebook_{localpart}={server}` is a good value. - community_template: null # Displayname template for Facebook users. # {displayname} is replaced with the display name of the Facebook user # as defined below in displayname_preference. diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index ac14754c..8df2020f 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -46,12 +46,6 @@ appservice: bot_displayname: Instagram bridge bot bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+instagram:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0498d6ea..493aa5b1 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -56,12 +56,6 @@ appservice: bot_displayname: Signal bridge bot bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+signal:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 9bfa3123..12e45f18 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -54,12 +54,6 @@ appservice: bot_displayname: Twitter bridge bot bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+twitter:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. From a5e95c42b2907d577fc21a304321e227804d8b74 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Sun, 6 Mar 2022 01:46:09 +0000 Subject: [PATCH 133/419] feat(appservice-discord): add disablePortalBridging bridge option This allows disabling the automatic portal bridging, meaning bridges must be manually setup via self-servicing, by setting: matrix_appservice_discord_bridge_enableSelfServiceBridging: true --- roles/matrix-bridge-appservice-discord/defaults/main.yml | 1 + roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index daa83dea..b2ef2cdf 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -42,6 +42,7 @@ matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}" matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" matrix_appservice_discord_bridge_disablePresence: false matrix_appservice_discord_bridge_enableSelfServiceBridging: false +matrix_appservice_discord_bridge_disablePortalBridging: false # Database-related configuration fields. # diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 index 6286a5d4..569a3030 100644 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -28,6 +28,8 @@ bridge: disableJoinLeaveNotifications: false # Disable Invite echos from matrix disableInviteNotifications: false + # Disable portal briding (automatic room creation) + disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} # Auto-determine the language of code blocks (this can be CPU-intensive) determineCodeLanguage: false # Authentication configuration for the discord bot. From 620e3b1b0d7229e856b96a4e3aa052f02e90b91e Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Sun, 6 Mar 2022 01:48:28 +0000 Subject: [PATCH 134/419] docs(appservice-discord): improve and expand bridging method docs --- ...ring-playbook-bridge-appservice-discord.md | 52 ++++++++++++++----- 1 file changed, 38 insertions(+), 14 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 82a2edc2..e25686bf 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -23,31 +23,55 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" ``` 5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -6. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). -7. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. -8. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. +## Self-Service Bridging (Manual) -## Getting Administrator access in a room +Self-service bridging allows you to bridge specific and existing Matrix rooms to specific Discord rooms. This is disabled by default, so it must be enabled by adding this to your `vars.yml`: -By default, you won't have Administrator access in rooms created by the bridge. +```yaml +matrix_appservice_discord_bridge_enableSelfServiceBridging: true +``` -To [adjust room access privileges](#adjusting-room-access-privileges) or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator. +_Note: If self-service bridging is not enabled, `!discord help` commands will return no results._ -There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server: +Once self-service is enabled: -```sh -docker exec -it matrix-appservice-discord \ -/bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100' +1. Start a chat with `@_discord_bot:` and say `!discord help bridge`. +2. Follow the instructions in the help output message. If the bot is not already in the Discord server, follow the provided invite link. This may require you to be a administrator of the Discord server. + +_Note: Encrypted Matrix rooms are not supported as of writing._ + +On the Discord side, you can say `!matrix help` to get a list of available commands to manage the bridge and Matrix users. + +## Portal Bridging (Automatic) + +Through portal bridging, Matrix rooms will automatically be created by the bot and bridged to the relevant Discord room. This is done by simply joining a room with a specific name pattern (`#_discord__`). + +All Matrix rooms created this way are **listed publicly** by default, and you will not have admin permissions to change this. To get more control, [make yourself a room Administrator](#getting-administrator-access-in-a-portal-bridged-room). You can then unlist the room from the directory and change the join rules. + +If you want to disable portal bridging, set the following in `vars.yml`: + +```yaml +matrix_appservice_discord_bridge_disablePortalBridging: true ``` +To get started with Portal Bridging: -## Adjusting room access privileges +1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). +2. Room addresses follow this syntax: `#_discord__`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels//`. +3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. -All rooms created by the bridge are **listed publicly** in your server's directory and **joinable by everyone** by default. +## Getting Administrator access in a portal bridged room -To get more control of them, [make yourself a room Administrator](#getting-administrator-access-in-a-room) first. +By default, you won't have Administrator access in rooms created by the bridge. + +To adjust room access privileges or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator. -You can then unlist the room from the directory and change the join rules. +There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server: + +```sh +docker exec -it matrix-appservice-discord \ +/bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100' +``` From 2c861c90bcc5dd4b8527ff48052d823b02ca4cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:07:43 +0100 Subject: [PATCH 135/419] bridge-mautrix-facebook: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index f781ba91..1b53a416 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -33,6 +33,9 @@ matrix_mautrix_facebook_systemd_wanted_services_list: [] matrix_mautrix_facebook_appservice_token: '' matrix_mautrix_facebook_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_facebook_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 0b178e43..f04b0cff 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -141,6 +141,9 @@ bridge: delivery_receipts: false # Whether to allow inviting arbitrary mxids to portal rooms allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_facebook_federate_rooms|to_json }} # Settings for backfilling messages from Facebook. backfill: # Whether or not the Facebook users of logged in Matrix users should be From d6df1e7135d0a43c850157767d6f9ff350e03fac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:08:37 +0100 Subject: [PATCH 136/419] bridge-mautrix-googlechat: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 1b89bea6..168d08f7 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -41,6 +41,9 @@ matrix_mautrix_googlechat_systemd_wanted_services_list: [] matrix_mautrix_googlechat_appservice_token: '' matrix_mautrix_googlechat_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_googlechat_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index c54ffac2..e2af8830 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -93,6 +93,9 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_googlechat_federate_rooms|to_json }} # Public website and API configs web: # Auth server config From 5c083b638502ca2a8a765be00d13634aaf0f2377 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:09:01 +0100 Subject: [PATCH 137/419] bridge-mautrix-instagram: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 9fc42cea..c4d90e6b 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -34,6 +34,9 @@ matrix_mautrix_instagram_systemd_wanted_services_list: [] matrix_mautrix_instagram_appservice_token: '' matrix_mautrix_instagram_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_instagram_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 8df2020f..cb74d5c1 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -110,7 +110,7 @@ bridge: update_avatar_initial_sync: true # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_instagram_federate_rooms|to_json }} # Settings for backfilling messages from Instagram. backfill: # Whether or not the Instagram users of logged in Matrix users should be From d1d68417ffb29cbeba27635c09ed34622892e938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:09:21 +0100 Subject: [PATCH 138/419] bridge-mautrix-signal: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 0f91d6cc..4e95f1f9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -56,6 +56,10 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_signal_federate_rooms: true + # Database-related configuration fields # # This bridge only supports postgres. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 493aa5b1..2f427b90 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -147,7 +147,7 @@ bridge: {{ matrix_mautrix_signal_homeserver_domain }}: {{ matrix_mautrix_signal_login_shared_secret|to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_signal_federate_rooms|to_json }} # End-to-bridge encryption support options. You must install the e2be optional dependency for # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption encryption: From 5789b3bbabc5a600f3bbf6cdae50a21517fc8bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:09:36 +0100 Subject: [PATCH 139/419] bridge-mautrix-telegram: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index d1397b21..a88c0bac 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -40,6 +40,10 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_telegram_federate_rooms: true + # Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 94694351..10e6e32e 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -160,7 +160,7 @@ bridge: parallel_file_transfer: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_telegram_federate_rooms|to_json }} # Settings for converting animated stickers. animated_sticker: # Format to which animated stickers should be converted. From 3c6c8db5d50961e185f40ddba1a7debe5960227e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:10:00 +0100 Subject: [PATCH 140/419] bridge-mautrix-twitter: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index f8fd29c8..c7130f3f 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -34,6 +34,9 @@ matrix_mautrix_twitter_systemd_wanted_services_list: [] matrix_mautrix_twitter_appservice_token: '' matrix_mautrix_twitter_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_twitter_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 12e45f18..f0ae69b2 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -105,7 +105,7 @@ bridge: login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_twitter_federate_rooms|to_json }} # Settings for backfilling messages from Twitter. # # Missed message backfilling is currently based on receiving them from the Twitter polling API, From 338b4cebd2a5f92ebbb6caa1dc3dc84b4738f4ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:10:24 +0100 Subject: [PATCH 141/419] bridge-mautrix-whatsapp: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 54097ad8..68634746 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -37,6 +37,10 @@ matrix_mautrix_whatsapp_homeserver_token: '' matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_whatsapp_federate_rooms: true + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 394f16a6..0e3b855c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -136,7 +136,7 @@ bridge: allow_user_invite: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. command_prefix: "!wa" From 8c25ade9fb6d3badfdfd673acbd39e67cfef0fa9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Mar 2022 08:10:40 +0200 Subject: [PATCH 142/419] Rework matrix_mautrix_twitter_database_* variables a bit Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682 Previously, when matrix-postgres was disabled, we were setting `matrix_mautrix_twitter_database_engine` to an invalid empty value. Now, we always hardcode `matrix_mautrix_twitter_database_engine: postgres`, but set/unset the database hostname and password values instead. --- group_vars/matrix_servers | 6 ++---- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 4 ++-- .../tasks/validate_config.yml | 10 ++-------- 3 files changed, 6 insertions(+), 14 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 97b7cf70..4301ae7e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -558,10 +558,8 @@ matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_ke matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain -# and point them to a migration path. -matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}" +matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index f8fd29c8..4ab1303d 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -42,8 +42,8 @@ matrix_mautrix_twitter_homeserver_token: '' matrix_mautrix_twitter_database_engine: 'postgres' matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter' -matrix_mautrix_twitter_database_password: 'some-password' -matrix_mautrix_twitter_database_hostname: 'matrix-postgres' +matrix_mautrix_twitter_database_password: '' +matrix_mautrix_twitter_database_hostname: '' matrix_mautrix_twitter_database_port: 5432 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter' diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml index 114fd2cf..5b6e3d02 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml @@ -8,11 +8,5 @@ with_items: - "matrix_mautrix_twitter_appservice_token" - "matrix_mautrix_twitter_homeserver_token" - -- name: Fail if database is not defined - fail: - msg: >- - You need to define a need to set `matrix_mautrix_twitter_database_engine: postgres` and redefine the other `matrix_mautrix_twitter_database_*` variables - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_twitter_database_engine" + - "matrix_mautrix_twitter_database_hostname" + - "matrix_mautrix_twitter_database_password" From d5de1e8352fb90f15cc7264cd5a08b3324ba6d5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Mar 2022 09:28:48 +0200 Subject: [PATCH 143/419] Document that using an external Postgres server has serious downsides Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682 - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1679 --- docs/configuring-playbook-external-postgres.md | 8 +++++++- roles/matrix-postgres/defaults/main.yml | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index 0becc8ff..eef3cbac 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -5,7 +5,9 @@ If that's alright, you can skip this. If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file (`inventory/host_vars/matrix./vars.yml`). -It should be something like this: +**NOTE**: using **an external Postgres server is currently [not very seamless](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682#issuecomment-1061461683) when it comes to enabling various other playbook services** - you will need to create a new database/credentials for each service and to point each service to its corresponding database using custom `vars.yml` configuration. **For the best experience with the playbook, stick to using the integrated Postgres server**. + +If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: ```yaml matrix_postgres_enabled: false @@ -15,6 +17,10 @@ matrix_synapse_database_host: "your-postgres-server-hostname" matrix_synapse_database_user: "your-postgres-server-username" matrix_synapse_database_password: "your-postgres-server-password" matrix_synapse_database_database: "your-postgres-server-database-name" + +# Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server. +# Each service expects to have its own dedicated database on the Postgres server +# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity. ``` The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 76529a82..8593bb83 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,5 +1,8 @@ --- +# Controls if the Postgres server managed by the playbook is enabled. +# You can turn it off and use an external Postgres server by setting this to `false`. +# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more. matrix_postgres_enabled: true matrix_postgres_connection_hostname: "matrix-postgres" From 9c43c0e806118d6a3b27e16d7b94c0830eb2a750 Mon Sep 17 00:00:00 2001 From: tctovsli Date: Tue, 8 Mar 2022 09:11:04 +0100 Subject: [PATCH 144/419] Riot is now named Element --- docs/configuring-playbook-bridge-appservice-slack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md index 7d45d34d..fc2bf166 100644 --- a/docs/configuring-playbook-bridge-appservice-slack.md +++ b/docs/configuring-playbook-bridge-appservice-slack.md @@ -11,7 +11,7 @@ See the project's [documentation](https://github.com/matrix-org/matrix-appservic loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup) 1. Create a new Matrix room to act as the administration control room. Note its internal room ID. This can -be done in Riot by making a message, opening the options for that message and choosing "view source". The +be done in Element by making a message, opening the options for that message and choosing "view source". The room ID will be displayed near the top. 2. Enable the bridge with the following configuration in your `vars.yml` file: From fabbc91cfa9f7999b50233fb8cdfec80511fe9d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Tue, 8 Mar 2022 13:04:55 +0100 Subject: [PATCH 145/419] client-cinny: update to v1.8.0 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 1cb9b26f..392b7502 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.7.0 +matrix_client_cinny_version: v1.8.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From a05bcc98b08cc79e838f94f6b8acdf93e777a84e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Mar 2022 16:56:42 +0200 Subject: [PATCH 146/419] Upgrade Synapse (1.53.0 -> 1.54.0) --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 3e3ee121..c7be1b43 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.53.0 +matrix_synapse_version: v1.54.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -69,7 +69,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-synapse.service wants matrix_synapse_systemd_wanted_services_list: [] -matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages" +matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages" # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste From 1895b0181082fd31416330bf08f0fc3191ccd4e3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Mar 2022 11:28:25 +0200 Subject: [PATCH 147/419] Move matrix_container_global_registry_prefix to matrix-base Various roles depend on this. It makes sense to make it part of the `matrix-base` role. --- group_vars/matrix_servers | 2 -- roles/matrix-base/defaults/main.yml | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4301ae7e..8858a054 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -9,8 +9,6 @@ # You can also override ANY variable (seen here or in any given role), # by re-defining it in your own configuration file (`inventory/host_vars/matrix.`). -matrix_container_global_registry_prefix: "docker.io/" - ###################################################################### # # matrix-base diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index e83b6c95..983a29a0 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -65,6 +65,8 @@ matrix_architecture: amd64 # We just remap from our `matrix_architecture` values to what Debian and possibly other distros call things. matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_architecture }}" +matrix_container_global_registry_prefix: "docker.io/" + matrix_user_username: "matrix" matrix_user_groupname: "matrix" From 69d2da4d4484f730c9b3eb86672b6d054b2e36d0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Mar 2022 11:41:41 +0200 Subject: [PATCH 148/419] Fix whitespace inconsistency --- group_vars/matrix_servers | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8858a054..c1974500 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -710,7 +710,7 @@ matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabl # We don't enable bridges by default. matrix_mx_puppet_skype_enabled: false -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_skype_systemd_required_services_list: | {{ @@ -749,7 +749,7 @@ matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_mx_puppet_slack_enabled: false -matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_slack_systemd_required_services_list: | {{ @@ -787,7 +787,7 @@ matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_mx_puppet_twitter_enabled: false -matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_twitter_systemd_required_services_list: | {{ @@ -828,7 +828,7 @@ matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_instagram_enabled: false -matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_instagram_systemd_required_services_list: | {{ @@ -866,7 +866,7 @@ matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserve # We don't enable bridges by default. matrix_mx_puppet_discord_enabled: false -matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_discord_systemd_required_services_list: | {{ @@ -904,7 +904,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_steam_systemd_required_services_list: | {{ @@ -942,7 +942,7 @@ matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_mx_puppet_groupme_enabled: false -matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_groupme_systemd_required_services_list: | {{ @@ -1070,7 +1070,7 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en # We don't enable bots by default. matrix_bot_mjolnir_enabled: false -matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_bot_mjolnir_systemd_required_services_list: | {{ @@ -1136,7 +1136,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" From d8a19e5bf9526e7eb2cc0f1247c877aab7c19e1f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Mar 2022 12:27:53 +0200 Subject: [PATCH 149/419] Switch to the Beeper-maintained fork of mx-puppet-discord Building mx-puppet-discord appears to have been broken for a while. Related to: - https://github.com/matrix-discord/mx-puppet-discord/issues/201 - https://github.com/matrix-discord/mx-puppet-discord/issues/202 - https://github.com/matrix-discord/mx-puppet-discord/issues/203 We'd rather use a fork that is maintained better and by someone who cares about whether their software works or not, so we'll be using the Beeper-maintained for from now on. In the future, we should probably do the same for the Slack bridge which is also part of the same monorepo (https://gitlab.com/beeper/mx-puppet-monorepo). --- ...figuring-playbook-bridge-mx-puppet-discord.md | 2 ++ .../defaults/main.yml | 16 ++++++++++++---- .../tasks/setup_install.yml | 3 ++- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 1a48f05b..2be7f206 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -7,6 +7,8 @@ The playbook can install and configure See the project page to learn what it does and why it might be useful to you. +**Note**: we actually use the [Beeper](https://www.beeper.com/)-maintained [fork of mx-puppet-discord](https://gitlab.com/beeper/mx-puppet-monorepo), because `matrix-discord/mx-puppet-discord` is a low-quality and poorly maintained project. + To enable the [Discord](https://discordapp.com/) bridge just use the following playbook configuration: diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 80734c25..34b03e03 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,11 +1,19 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://github.com/matrix-discord/mx-puppet-discord +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord) +# +# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See: +# - https://github.com/matrix-discord/mx-puppet-discord/issues/201 +# - https://github.com/matrix-discord/mx-puppet-discord/issues/202 +# - https://github.com/matrix-discord/mx-puppet-discord/issues/203 +# - (other similar issues in the past) matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/matrix-discord/mx-puppet-discord.git" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). # @@ -13,8 +21,8 @@ matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/ma matrix_mx_puppet_discord_container_http_host_bind_port: '' matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" -matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo:{{ matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ef57cb7..31a10be0 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -78,6 +78,7 @@ repo: "{{ matrix_mx_puppet_discord_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_discord_container_image_self_build_version }}" register: matrix_mx_puppet_discord_git_pull_results when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" @@ -88,7 +89,7 @@ force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" From 65f92f043a9b4edc3a5be920c90038dcba8dd361 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Mar 2022 20:14:59 +0200 Subject: [PATCH 150/419] Fix mx-puppet-discord container image repository URL Fixup for d8a19e5bf9526e7eb2cc0 --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 34b03e03..52257689 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -21,7 +21,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc matrix_mx_puppet_discord_container_http_host_bind_port: '' matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo:{{ matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" From 9cc3c5be76e62717eb8b9ba002aee1399d2656b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 12 Mar 2022 15:47:59 +0100 Subject: [PATCH 151/419] Fix warning about reverse-proxying when built-in proxy is disabled `matrix_nginx_proxy_enabled` is usually set to false by users, this is when the warning should be displayed. --- roles/matrix-bridge-appservice-slack/tasks/init.yml | 2 +- roles/matrix-bridge-appservice-webhooks/tasks/init.yml | 2 +- roles/matrix-bridge-hookshot/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-googlechat/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-hangouts/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-telegram/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml | 2 +- roles/matrix-etherpad/tasks/init.yml | 2 +- roles/matrix-registration/tasks/init.yml | 2 +- roles/matrix-synapse-admin/tasks/init.yml | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 2ff7c942..8cbc7182 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -84,4 +84,4 @@ Please make sure that you're proxying the `{{ something }}` URL endpoint to the matrix-appservice-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_appservice_slack_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 35d62ded..b888c51f 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -79,4 +79,4 @@ Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` URL endpoint to the matrix-appservice-webhooks container. You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. - when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_appservice_webhooks_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 25204f04..a0f9df97 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -127,4 +127,4 @@ Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` URL endpoint to the matrix-hookshot container. You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. - when: "matrix_hookshot_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_hookshot_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index e64cb44c..f458df1b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -67,4 +67,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` URL endpoint to the matrix-mautrix-googlechat container. You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. - when: "matrix_mautrix_googlechat_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" + when: "matrix_mautrix_googlechat_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 65d4776e..680dcd88 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -67,4 +67,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` URL endpoint to the matrix-mautrix-hangouts container. You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. - when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" + when: "matrix_mautrix_hangouts_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 267658ef..764d403d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -68,4 +68,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` URL endpoint to the matrix-mautrix-telegram container. You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "matrix_mautrix_telegram_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_mautrix_telegram_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 897f3f8f..66d51784 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -68,4 +68,4 @@ Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` URL endpoint to the matrix-mx-puppet-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_mx_puppet_slack_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 9d868bfe..757f1f41 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -68,4 +68,4 @@ Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` URL endpoint to the matrix-mx-puppet-twitter container. You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_mx_puppet_twitter_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index b155064c..392addd0 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -61,4 +61,4 @@ Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}` URL endpoint to the matrix-etherpad container. You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable. - when: "matrix_etherpad_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_etherpad_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index cae18258..44a887d1 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -66,4 +66,4 @@ Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` URL endpoint to the matrix-registration container. You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. - when: "matrix_registration_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_registration_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index ccaa03f6..de8c0046 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -57,4 +57,4 @@ Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` URL endpoint to the matrix-synapse-admin container. You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. - when: "matrix_synapse_admin_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_synapse_admin_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" From 9de677942de7dbec017aae8a380e2a9d4d1e09d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Tue, 8 Mar 2022 18:19:28 +0100 Subject: [PATCH 152/419] bridge-mautrix-facebook: add support for web-based login --- group_vars/matrix_servers | 4 ++ .../defaults/main.yml | 12 +++++ .../tasks/init.yml | 48 +++++++++++++++++++ .../tasks/validate_config.yml | 1 + .../templates/config.yaml.j2 | 10 ++-- .../matrix-mautrix-facebook.service.j2 | 3 ++ 6 files changed, 71 insertions(+), 7 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c1974500..842c9c02 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -299,6 +299,10 @@ matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}" +matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook') | to_uuid }}" + +matrix_mautrix_facebook_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9008' }}" + matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 1b53a416..c9eaa148 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -17,9 +17,16 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" +# Whether or not the public-facing endpoints should be enabled (web-based login) +matrix_mautrix_facebook_appservice_public_enabled: true + +# Mautrix Facebook public endpoint to log in to Facebook +matrix_mautrix_facebook_public_endpoint: '' + matrix_mautrix_facebook_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319' +matrix_mautrix_facebook_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_facebook_public_endpoint }}' # A list of extra arguments to pass to the container matrix_mautrix_facebook_container_extra_arguments: [] @@ -37,6 +44,11 @@ matrix_mautrix_facebook_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_facebook_federate_rooms: true +# Controls whether the matrix-mautrix-facebook container exposes its HTTP port. +# +# Takes an ":" or "" value (e.g. "127.0.0.1:9008"), or empty string to not expose. +matrix_mautrix_facebook_container_http_host_bind_port: '' + # Database-related configuration fields. # # To use SQLite: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index d97a3230..200e9846 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -22,3 +22,51 @@ + {{ ["/matrix-mautrix-facebook-registration.yaml"] }} when: matrix_mautrix_facebook_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_facebook_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:29319"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9008; + {% endif %} + } + + - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] + }} + + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` + URL endpoint to the matrix-mautrix-facebook container. + You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled|default(False)|bool" + + tags: + - always + when: matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_appservice_public_enabled|bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 1e482efb..7fcd6bea 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -6,6 +6,7 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: + - "matrix_mautrix_facebook_public_endpoint" - "matrix_mautrix_facebook_appservice_token" - "matrix_mautrix_facebook_homeserver_token" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index f04b0cff..55881632 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -32,16 +32,12 @@ appservice: # Public part of web server for out-of-Matrix interaction with the bridge. public: # Whether or not the public-facing endpoints should be enabled. - enabled: false + enabled: {{ matrix_mautrix_facebook_appservice_public_enabled|to_json }} # The prefix to use in the public-facing endpoints. - prefix: /public + prefix: {{ matrix_mautrix_facebook_public_endpoint|to_json }} # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://example.com/public - # Shared secret for integration managers such as mautrix-manager. - # If set to "generate", a random string will be generated on the next startup. - # If null, integration manager access to the API will not be possible. - shared_secret: generate + external: {{ matrix_mautrix_facebook_appservice_public_external|to_json }} # The unique ID of this appservice. id: facebook diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index f3af4b9f..2899dd0d 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -24,6 +24,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_mautrix_facebook_appservice_public_enabled and matrix_mautrix_facebook_container_http_host_bind_port %} + -p {{ matrix_mautrix_facebook_container_http_host_bind_port }}:29319 \ + {% endif %} -v {{ matrix_mautrix_facebook_config_path }}:/config:z \ -v {{ matrix_mautrix_facebook_data_path }}:/data:z \ {% for arg in matrix_mautrix_facebook_container_extra_arguments %} From 4359e5774cf7f93f9403c1135d4cfec8f5c3be52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 12 Mar 2022 19:14:08 +0100 Subject: [PATCH 153/419] bridge-mautrix-telegram: add option to enable/disable web-based login --- .../defaults/main.yml | 3 +++ .../tasks/init.yml | 22 +++++++++---------- .../templates/config.yaml.j2 | 2 +- .../matrix-mautrix-telegram.service.j2 | 2 +- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index a88c0bac..eb70d3fa 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -28,6 +28,9 @@ matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' matrix_mautrix_telegram_bot_token: disabled +# Whether or not the public-facing endpoints should be enabled (web-based login) +matrix_mautrix_telegram_appservice_public_enabled: true + # Mautrix telegram public endpoint to log in to telegram # Use an uuid so it's not easily discoverable. # Example: /741a0483-ba17-4682-9900-30bd7269f1cc diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 764d403d..a97dcd8e 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -56,16 +56,16 @@ + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] }} + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` + URL endpoint to the matrix-mautrix-telegram container. + You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled|default(False)|bool" + tags: - always - when: matrix_mautrix_telegram_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` - URL endpoint to the matrix-mautrix-telegram container. - You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "matrix_mautrix_telegram_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: matrix_mautrix_telegram_enabled|bool and matrix_mautrix_telegram_appservice_public_enabled|bool diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 10e6e32e..6569ce87 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -34,7 +34,7 @@ appservice: # the HS database. public: # Whether or not the public-facing endpoints should be enabled. - enabled: true + enabled: {{ matrix_mautrix_telegram_appservice_public_enabled|to_json }} # The prefix to use in the public-facing endpoints. prefix: {{ matrix_mautrix_telegram_public_endpoint|to_json }} # The base URL where the public-facing endpoints are available. The prefix is not added diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index d24e960e..459a0fec 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -24,7 +24,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ - {% if matrix_mautrix_telegram_container_http_host_bind_port %} + {% if matrix_mautrix_telegram_appservice_public_enabled and matrix_mautrix_telegram_container_http_host_bind_port %} -p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \ {% endif %} -v {{ matrix_mautrix_telegram_config_path }}:/config:z \ From 26e95a0fdf7c92b87ed9c500db299db41f5df301 Mon Sep 17 00:00:00 2001 From: Yan Minagawa Date: Sun, 13 Mar 2022 14:12:48 +0700 Subject: [PATCH 154/419] beeing a bit more specific how to access the dimension server admin interface --- docs/configuring-playbook-dimension.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index b938a6a3..e4b04740 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -22,7 +22,7 @@ matrix_dimension_enabled: true ## Define admin users -These users can modify the integrations this Dimension supports. Admin interface is accessible at `https://dimension./riot-app/admin` after logging in to element. +These users can modify the integrations this Dimension supports. Add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml @@ -31,6 +31,7 @@ matrix_dimension_admins: - "@user2:{{ matrix_domain }}" ``` +Admin interface is accessible at `https://dimension./riot-app/admin` after logging in to element and opening it in any room via "Edit widgets, bridges & bots" and then clicking the "settings"-icon in the upper right corner. ## Access token From f0588c7fd0ab8c9c6f44e0a133c893b7766a9014 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Mon, 14 Mar 2022 03:32:25 +0100 Subject: [PATCH 155/419] bridge-mautrix-facebook: disable temporary disconnect notices https://github.com/mautrix/facebook/issues/215 --- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index f04b0cff..7111fbff 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -176,7 +176,7 @@ bridge: # Whether or not temporary disconnections should send notices to the notice room. # If this is false, disconnections will never send messages and connections will only send # messages if it was disconnected for more than resync_max_disconnected_time seconds. - temporary_disconnect_notices: true + temporary_disconnect_notices: false # Whether or not the bridge should try to "refresh" the connection if a normal reconnection # attempt fails. refresh_on_reconnection_fail: false From ebfa5115157b8c0d49b11166d90d7119295b7238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Mon, 14 Mar 2022 03:45:46 +0100 Subject: [PATCH 156/419] synapse: do not expose plain federation port when it's disabled matrix_synapse_federation_port_enabled can be disabled by users, for example, when one wants to use the same port for client and federation requests (docs/configuring-playbook-federation.md). --- .../templates/synapse/systemd/matrix-synapse.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 188db5ef..e69ffa61 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -43,7 +43,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_tls_port }} \ {% endif %} - {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} + {% if matrix_synapse_federation_enabled and matrix_synapse_federation_port_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_api_plain_port }} \ {% endif %} {% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %} From 9c58f2a98aaa55397b788126a1bd2bee908b0209 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Mon, 14 Mar 2022 14:07:06 +0100 Subject: [PATCH 157/419] default matrix_prometheus_scraper_hookshot_enabled --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 97b7cf70..c3491cae 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2106,7 +2106,7 @@ matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:91 matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" -matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled }}" +matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|bool }}" matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### From 5eb514b08b8abf8d0db6a3b08753032075c5b05a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 15 Mar 2022 17:01:00 +0200 Subject: [PATCH 158/419] Use |default instead of merely casting to bool --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c3491cae..f2976e72 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2106,7 +2106,7 @@ matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:91 matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" -matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|bool }}" +matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}" matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### From 332fda6b02a54aa96d8bc60f18f7c8be6e279745 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 15 Mar 2022 18:20:13 +0000 Subject: [PATCH 159/419] Update Element 1.10.6 -> 1.10.7 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 94b28d9e..edaa189c 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.6 +matrix_client_element_version: v1.10.7 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 981dafa2253b84eaa972c972569ade7fbf53885d Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 15 Mar 2022 18:21:09 +0000 Subject: [PATCH 160/419] Update Cinny 1.8.0 -> 1.8.1 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 392b7502..ec3febc7 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.8.0 +matrix_client_cinny_version: v1.8.1 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 36d4d1f66e6b5b58d3f58bc32a44673458294b5c Mon Sep 17 00:00:00 2001 From: Sweeny <26363103+Sweeny42@users.noreply.github.com> Date: Tue, 15 Mar 2022 23:50:06 +0000 Subject: [PATCH 161/419] Add check for ma1sd repo changes on image self build Adding when clause to ma1sd image build task to avoid image being built if not needed. --- roles/matrix-ma1sd/tasks/setup_install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 6fc6902a..b8cc64d6 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -87,6 +87,7 @@ shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" args: chdir: "{{ matrix_ma1sd_docker_src_files_path }}" + when: matrix_ma1sd_git_pull_results.changed - name: Ensure ma1sd Docker image is tagged correctly docker_image: From eeca3c8dcad75bdd06ef7cbf4898eaf00608a014 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Wed, 16 Mar 2022 01:02:44 +0000 Subject: [PATCH 162/419] fix: avoid yaml being wrapped at column 80 via to_nice_yaml The `to_nice_yaml` helper will by default wrap any string YAML values on the first space after column 80. This can in worst case yield invalid YAML syntax. More details in Ansible's documentation here: https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#formatting-data-yaml-and-json In short, you need to explicitly provide a custom width argument of a high number of some kind to avoid the line wrapping. --- roles/matrix-bot-go-neb/tasks/setup_install.yml | 2 +- roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml | 2 +- roles/matrix-bot-mjolnir/tasks/setup_install.yml | 2 +- .../matrix-bridge-appservice-discord/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-appservice-slack/tasks/setup_install.yml | 4 ++-- .../matrix-bridge-appservice-webhooks/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-heisenbridge/tasks/setup_install.yml | 2 +- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 4 ++-- .../matrix-bridge-mautrix-googlechat/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml | 4 ++-- .../matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml | 4 ++-- roles/matrix-bridge-sms/tasks/setup_install.yml | 4 ++-- roles/matrix-dendrite/tasks/dendrite/setup_install.yml | 2 +- roles/matrix-dimension/tasks/setup_install.yml | 2 +- roles/matrix-ma1sd/tasks/setup_install.yml | 2 +- roles/matrix-prometheus/tasks/setup_install.yml | 2 +- roles/matrix-registration/tasks/setup_install.yml | 2 +- roles/matrix-sygnal/tasks/setup_install.yml | 2 +- roles/matrix-synapse/tasks/synapse/setup_install.yml | 2 +- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 34 files changed, 56 insertions(+), 56 deletions(-) diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index a390eb5e..2291f51b 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -25,7 +25,7 @@ - name: Ensure go-neb config installed copy: - content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}" + content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index e237bc21..cf4f594c 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -70,7 +70,7 @@ - name: Ensure matrix-reminder-bot config installed copy: - content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml }}" + content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index 3f4d5d8f..cf158230 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -47,7 +47,7 @@ - name: Ensure matrix-bot-mjolnir config installed copy: - content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml }}" + content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 924531ad..665db276 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -69,7 +69,7 @@ - name: Ensure AppService Discord config.yaml installed copy: - content: "{{ matrix_appservice_discord_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -77,7 +77,7 @@ - name: Ensure AppService Discord registration.yaml installed copy: - content: "{{ matrix_appservice_discord_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_discord_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 23c175c4..33af5954 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -87,7 +87,7 @@ - name: Ensure Matrix Appservice IRC config installed copy: - content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_irc_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -171,7 +171,7 @@ - name: Ensure Appservice IRC registration.yaml installed copy: - content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_irc_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index af2003fc..3eb83bb0 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -61,7 +61,7 @@ - name: Ensure Matrix Appservice Slack config installed copy: - content: "{{ matrix_appservice_slack_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -69,7 +69,7 @@ - name: Ensure appservice-slack registration.yaml installed copy: - content: "{{ matrix_appservice_slack_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_slack_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 1f40d731..84535bdd 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -45,7 +45,7 @@ - name: Ensure Matrix Appservice webhooks config is installed copy: - content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -69,7 +69,7 @@ - name: Ensure appservice-webhooks registration.yaml installed copy: - content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 3cec1c1f..c1057fe7 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -67,7 +67,7 @@ - name: Ensure beeper-linkedin config.yaml installed copy: - content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" + content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -75,7 +75,7 @@ - name: Ensure beeper-linkedin registration.yaml installed copy: - content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}" + content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 29b5842b..41dd9ef7 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -19,7 +19,7 @@ - name: Ensure heisenbridge registration.yaml installed if provided copy: - content: "{{ matrix_heisenbridge_registration|to_nice_yaml }}" + content: "{{ matrix_heisenbridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 66a452f0..425deebc 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -32,7 +32,7 @@ - name: Ensure hookshot config.yml installed if provided copy: - content: "{{ matrix_hookshot_configuration|to_nice_yaml }}" + content: "{{ matrix_hookshot_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/config.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -56,7 +56,7 @@ - name: Ensure hookshot registration.yml installed if provided copy: - content: "{{ matrix_hookshot_registration|to_nice_yaml }}" + content: "{{ matrix_hookshot_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/registration.yml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 3fa42970..95109e49 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -97,7 +97,7 @@ - name: Ensure mautrix-facebook config.yaml installed copy: - content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -105,7 +105,7 @@ - name: Ensure mautrix-facebook registration.yaml installed copy: - content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 9faf344f..f6c97389 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mautrix-googlechat config.yaml installed copy: - content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mautrix-googlechat registration.yaml installed copy: - content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 368ee5f8..3d3670b2 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mautrix-hangouts config.yaml installed copy: - content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mautrix-hangouts registration.yaml installed copy: - content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index dc95af3a..93dbcaad 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -51,7 +51,7 @@ - name: Ensure mautrix-instagram config.yaml installed copy: - content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -59,7 +59,7 @@ - name: Ensure mautrix-instagram registration.yaml installed copy: - content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 6fd0f813..cf846d74 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -84,7 +84,7 @@ - name: Ensure mautrix-signal config.yaml installed copy: - content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -92,7 +92,7 @@ - name: Ensure mautrix-signal registration.yaml installed copy: - content: "{{ matrix_mautrix_signal_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_signal_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index ceda10a5..0de05a1d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -118,7 +118,7 @@ - name: Ensure mautrix-telegram config.yaml installed copy: - content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -126,7 +126,7 @@ - name: Ensure mautrix-telegram registration.yaml installed copy: - content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 86134d2b..144c6408 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -55,7 +55,7 @@ - name: Ensure mautrix-twitter config.yaml installed copy: - content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -63,7 +63,7 @@ - name: Ensure mautrix-twitter registration.yaml installed copy: - content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index d33524f3..79bc039a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -108,7 +108,7 @@ - name: Ensure mautrix-whatsapp config.yaml installed copy: - content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -116,7 +116,7 @@ - name: Ensure mautrix-whatsapp registration.yaml installed copy: - content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 31a10be0..3ac916a1 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mx-puppet-discord config.yaml installed copy: - content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mx-puppet-discord discord-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 84802c4f..1a04766b 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mx-puppet-groupme config.yaml installed copy: - content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mx-puppet-groupme groupme-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 63f1878b..045e17f7 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -79,7 +79,7 @@ - name: Ensure mx-puppet-instagram config.yaml installed copy: - content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -87,7 +87,7 @@ - name: Ensure mx-puppet-instagram-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index 28573533..a97986bd 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mx-puppet-skype config.yaml installed copy: - content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_skype_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mx-puppet-skype skype-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_skype_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index eca29e9b..bb57c270 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mx-puppet-slack config.yaml installed copy: - content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mx-puppet-slack slack-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index a1786ba9..1f0dd234 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mx-puppet-steam config.yaml installed copy: - content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mx-puppet-steam steam-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 8ca4f3f1..5436c189 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -96,7 +96,7 @@ - name: Ensure mx-puppet-twitter config.yaml installed copy: - content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +104,7 @@ - name: Ensure mx-puppet-twitter twitter-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 1f296043..c09bb5cc 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -19,7 +19,7 @@ - name: Ensure matrix-sms-bridge application.yml installed copy: - content: "{{ matrix_sms_bridge_configuration|to_nice_yaml }}" + content: "{{ matrix_sms_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/application.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -27,7 +27,7 @@ - name: Ensure matrix-sms-bridge registration.yaml installed copy: - content: "{{ matrix_sms_bridge_registration|to_nice_yaml }}" + content: "{{ matrix_sms_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index 7b3c12d5..b2f6834d 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -52,7 +52,7 @@ - name: Ensure Dendrite configuration installed copy: - content: "{{ matrix_dendrite_configuration|to_nice_yaml }}" + content: "{{ matrix_dendrite_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dendrite_config_dir_path }}/dendrite.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 92c21c9e..4225da3f 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -78,7 +78,7 @@ - name: Ensure Dimension config installed copy: - content: "{{ matrix_dimension_configuration|to_nice_yaml }}" + content: "{{ matrix_dimension_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dimension_base_path }}/config.yaml" mode: 0640 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 6fc6902a..e8b6891e 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -104,7 +104,7 @@ - name: Ensure ma1sd config installed copy: - content: "{{ matrix_ma1sd_configuration|to_nice_yaml }}" + content: "{{ matrix_ma1sd_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_ma1sd_config_path }}/ma1sd.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index 80f3e5d7..d3512f1b 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -31,7 +31,7 @@ - name: Ensure prometheus.yml installed copy: - content: "{{ matrix_prometheus_configuration|to_nice_yaml }}" + content: "{{ matrix_prometheus_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_prometheus_config_path }}/prometheus.yml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 31e9c35d..ac9a4e67 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -76,7 +76,7 @@ - name: Ensure matrix-registration config installed copy: - content: "{{ matrix_registration_configuration|to_nice_yaml }}" + content: "{{ matrix_registration_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_registration_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index cd54a51d..0be6fbe0 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -21,7 +21,7 @@ - name: Ensure Sygnal config installed copy: - content: "{{ matrix_sygnal_configuration|to_nice_yaml }}" + content: "{{ matrix_sygnal_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml" mode: 0640 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index bd7da90d..731be003 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -84,7 +84,7 @@ - name: Ensure Synapse homeserver config installed copy: - content: "{{ matrix_synapse_configuration|to_nice_yaml }}" + content: "{{ matrix_synapse_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 0308b406..29986c2e 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1414,7 +1414,7 @@ account_threepid_delegates: # - "#example:example.com" {% if matrix_synapse_auto_join_rooms|length > 0 %} auto_join_rooms: -{{ matrix_synapse_auto_join_rooms|to_nice_yaml }} +{{ matrix_synapse_auto_join_rooms|to_nice_yaml(indent=2, width=999999) }} {% endif %} # Where auto_join_rooms are specified, setting this flag ensures that the From 701591e87ea4d59a3b7f2d14bbb04d497f9d8b71 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 19:04:38 +0200 Subject: [PATCH 163/419] Added retries to the docker pulls --- roles/matrix-base/defaults/main.yml | 4 ++++ roles/matrix-bot-go-neb/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-honoroit/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-mjolnir/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-slack/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-webhooks/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-heisenbridge/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-hookshot/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mautrix-googlechat/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-sms/tasks/setup_install.yml | 4 ++++ roles/matrix-client-cinny/tasks/setup_install.yml | 4 ++++ roles/matrix-client-element/tasks/setup_install.yml | 4 ++++ roles/matrix-client-hydrogen/tasks/setup_install.yml | 4 ++++ roles/matrix-corporal/tasks/setup_corporal.yml | 4 ++++ roles/matrix-coturn/tasks/setup_install.yml | 4 ++++ roles/matrix-dendrite/tasks/dendrite/setup_install.yml | 4 ++++ roles/matrix-dimension/tasks/setup_install.yml | 3 +++ roles/matrix-dynamic-dns/tasks/install.yml | 4 ++++ roles/matrix-email2matrix/tasks/setup_install.yml | 4 ++++ roles/matrix-etherpad/tasks/setup_install.yml | 4 ++++ roles/matrix-grafana/tasks/setup.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-ma1sd/tasks/setup_install.yml | 4 ++++ roles/matrix-mailer/tasks/setup_mailer.yml | 4 ++++ roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 4 ++++ roles/matrix-postgres/tasks/setup_postgres.yml | 4 ++++ roles/matrix-prometheus-node-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus-postgres-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus/tasks/setup_install.yml | 4 ++++ roles/matrix-redis/tasks/setup_redis.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 4 ++++ roles/matrix-sygnal/tasks/setup_install.yml | 4 ++++ roles/matrix-synapse-admin/tasks/setup.yml | 4 ++++ roles/matrix-synapse/tasks/goofys/setup_install.yml | 4 ++++ .../matrix-synapse/tasks/rust-synapse-compress-state/main.yml | 4 ++++ roles/matrix-synapse/tasks/synapse/setup_install.yml | 4 ++++ 58 files changed, 231 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 983a29a0..f8e01ba3 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,6 +67,10 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" +# Each docker pull will retry on failed attemt 10 times with deplay of 10 seconds between each attempt. +matrix_container_retries_count: 10 +matrix_container_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index 2291f51b..ef2dfbb0 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure go-neb config installed copy: diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 81f2eabc..303c5f8b 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure honoroit repository is present on self-build git: diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index cf4f594c..ffb38ffc 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -47,6 +47,10 @@ force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build git: diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index cf158230..f3b031fa 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mjolnir repository is present on self-build git: diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 665db276..a06d38ac 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,6 +32,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure AppService Discord paths exist file: diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 33af5954..1b317464 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -64,6 +64,10 @@ force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 3eb83bb0..2dcc23c6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,6 +38,10 @@ force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 84535bdd..6759bca8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Appservice webhooks repository is present on self-build diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c1057fe7..575b22c1 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -29,6 +29,10 @@ force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Beeper LinkedIn repository is present on self-build diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 41dd9ef7..f24bf926 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure heisenbridge paths exist file: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 425deebc..b4e44c9c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure hookshot paths exist file: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 95109e49..c37b9e10 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Facebook paths exist file: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f6c97389..daab10e3 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix googlechat paths exist file: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 3d3670b2..d2b7157e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Hangouts paths exist file: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 93dbcaad..4e531615 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -14,6 +14,10 @@ force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix instagram paths exist file: diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index cf846d74..840cbd6e 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -15,6 +15,10 @@ force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Signal repository is present on self-build diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 0de05a1d..1960288d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -55,6 +55,10 @@ force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure lottieconverter is present when self-building git: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 144c6408..6e587900 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Twitter paths exist file: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 79bc039a..8f27ac2a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -57,6 +57,10 @@ force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build git: diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ac916a1..26a7c0c3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -72,6 +72,10 @@ force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 1a04766b..0d43a0d0 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 045e17f7..cb613074 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -42,6 +42,10 @@ force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mx-puppet-instagram paths exist file: diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a97986bd..c3776c70 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Skype repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index bb57c270..23301eab 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -69,6 +69,10 @@ force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 1f0dd234..b8b3f737 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 5436c189..485900a8 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build git: diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index c09bb5cc..412c26fe 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -4,6 +4,10 @@ docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-sms-bridge paths exist file: diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5571d8d0..48865008 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Cinny repository is present on self-build git: diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 3b877e8e..e9c7096e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Element repository is present on self-build git: diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index d8372768..0e4868f6 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Hydrogen repository is present on self-build git: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index b8edc596..6c520ee0 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -45,6 +45,10 @@ force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Matrix Corporal config installed copy: diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index f5726e32..621177e5 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Coturn repository is present on self-build diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index b2f6834d..a18ad065 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -23,6 +23,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Dendrite signing key exists stat: diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 4225da3f..1ba4f2d4 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -92,6 +92,9 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build|bool" register: matrix_dimension_pull_results + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build git: diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index e2e4f043..4dffe681 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -7,6 +7,10 @@ force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Dynamic DNS paths exist file: diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 44f2ef7d..74e7c676 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -28,6 +28,10 @@ force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Email2Matrix repository is present on self-build git: diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index 27832e14..6f276e05 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-etherpad.service installed template: diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 5f9d21c1..95a0ba53 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure grafana paths exists file: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 2bb781c1..d85e0703 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jicofo environment variables file created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 3b3b8dbf..b007ede8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jvb configuration files created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 437e1e9c..301fa82f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-prosody environment variables file is created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 0a4d43b0..ea831490 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -25,6 +25,10 @@ force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-web environment variables file created template: diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 27e74d10..c56c81f9 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure gradle is installed for self-building (Debian) diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 1ac4f339..5ad02a57 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -51,6 +51,10 @@ force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-mailer.service installed template: diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 373bc55b..92454e96 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -184,6 +184,10 @@ force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-nginx-proxy.service installed template: diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 72329db3..701d8dd3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres backup paths exist file: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 46186a4d..43192475 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -43,6 +43,10 @@ force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres paths exist file: diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 419f3592..21d0b55d 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed template: diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index a6c49816..08ffe708 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index d3512f1b..e0fe8cf6 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Prometheus paths exists file: diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index a37174a3..df1d1736 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure redis paths exist file: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index ac9a4e67..2b5beafa 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-registration repository is present when self-building git: diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index 0be6fbe0..1a6ce186 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Sygnal paths exists file: diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index ab1e6d46..2243706b 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building git: diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9e3870e5..d3781520 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index ad8497cc..1aaf3a81 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -48,6 +48,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Generate rust-synapse-compress-state room find command set_fact: diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 731be003..deedd7bd 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -54,6 +54,10 @@ force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Synapse signing key exists stat: From 1c1b705b22465c3a3aa0c54b81a7142667f4041b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 17:32:20 +0200 Subject: [PATCH 164/419] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index f8e01ba3..ae39d00a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,7 +67,7 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" -# Each docker pull will retry on failed attemt 10 times with deplay of 10 seconds between each attempt. +# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. matrix_container_retries_count: 10 matrix_container_retries_delay: 10 From 2da3768b2014628886811c8d1a640357d5dc6917 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 17 Mar 2022 15:37:11 +0000 Subject: [PATCH 165/419] Added retries to the docker pulls (#1701) --- roles/matrix-base/defaults/main.yml | 4 ++++ roles/matrix-bot-go-neb/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-honoroit/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-mjolnir/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-slack/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-webhooks/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-heisenbridge/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-hookshot/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mautrix-googlechat/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-sms/tasks/setup_install.yml | 4 ++++ roles/matrix-client-cinny/tasks/setup_install.yml | 4 ++++ roles/matrix-client-element/tasks/setup_install.yml | 4 ++++ roles/matrix-client-hydrogen/tasks/setup_install.yml | 4 ++++ roles/matrix-corporal/tasks/setup_corporal.yml | 4 ++++ roles/matrix-coturn/tasks/setup_install.yml | 4 ++++ roles/matrix-dendrite/tasks/dendrite/setup_install.yml | 4 ++++ roles/matrix-dimension/tasks/setup_install.yml | 3 +++ roles/matrix-dynamic-dns/tasks/install.yml | 4 ++++ roles/matrix-email2matrix/tasks/setup_install.yml | 4 ++++ roles/matrix-etherpad/tasks/setup_install.yml | 4 ++++ roles/matrix-grafana/tasks/setup.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-ma1sd/tasks/setup_install.yml | 4 ++++ roles/matrix-mailer/tasks/setup_mailer.yml | 4 ++++ roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 4 ++++ roles/matrix-postgres/tasks/setup_postgres.yml | 4 ++++ roles/matrix-prometheus-node-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus-postgres-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus/tasks/setup_install.yml | 4 ++++ roles/matrix-redis/tasks/setup_redis.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 4 ++++ roles/matrix-sygnal/tasks/setup_install.yml | 4 ++++ roles/matrix-synapse-admin/tasks/setup.yml | 4 ++++ roles/matrix-synapse/tasks/goofys/setup_install.yml | 4 ++++ .../matrix-synapse/tasks/rust-synapse-compress-state/main.yml | 4 ++++ roles/matrix-synapse/tasks/synapse/setup_install.yml | 4 ++++ 58 files changed, 231 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 983a29a0..ae39d00a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,6 +67,10 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" +# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. +matrix_container_retries_count: 10 +matrix_container_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index 2291f51b..ef2dfbb0 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure go-neb config installed copy: diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 81f2eabc..303c5f8b 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure honoroit repository is present on self-build git: diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index cf4f594c..ffb38ffc 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -47,6 +47,10 @@ force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build git: diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index cf158230..f3b031fa 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mjolnir repository is present on self-build git: diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 665db276..a06d38ac 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,6 +32,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure AppService Discord paths exist file: diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 33af5954..1b317464 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -64,6 +64,10 @@ force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 3eb83bb0..2dcc23c6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,6 +38,10 @@ force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 84535bdd..6759bca8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Appservice webhooks repository is present on self-build diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c1057fe7..575b22c1 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -29,6 +29,10 @@ force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Beeper LinkedIn repository is present on self-build diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 41dd9ef7..f24bf926 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure heisenbridge paths exist file: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 425deebc..b4e44c9c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure hookshot paths exist file: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 95109e49..c37b9e10 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Facebook paths exist file: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f6c97389..daab10e3 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix googlechat paths exist file: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 3d3670b2..d2b7157e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Hangouts paths exist file: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 93dbcaad..4e531615 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -14,6 +14,10 @@ force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix instagram paths exist file: diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index cf846d74..840cbd6e 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -15,6 +15,10 @@ force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Signal repository is present on self-build diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 0de05a1d..1960288d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -55,6 +55,10 @@ force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure lottieconverter is present when self-building git: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 144c6408..6e587900 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Twitter paths exist file: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 79bc039a..8f27ac2a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -57,6 +57,10 @@ force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build git: diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ac916a1..26a7c0c3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -72,6 +72,10 @@ force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 1a04766b..0d43a0d0 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 045e17f7..cb613074 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -42,6 +42,10 @@ force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mx-puppet-instagram paths exist file: diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a97986bd..c3776c70 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Skype repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index bb57c270..23301eab 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -69,6 +69,10 @@ force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 1f0dd234..b8b3f737 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 5436c189..485900a8 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build git: diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index c09bb5cc..412c26fe 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -4,6 +4,10 @@ docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-sms-bridge paths exist file: diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5571d8d0..48865008 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Cinny repository is present on self-build git: diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 3b877e8e..e9c7096e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Element repository is present on self-build git: diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index d8372768..0e4868f6 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Hydrogen repository is present on self-build git: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index b8edc596..6c520ee0 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -45,6 +45,10 @@ force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Matrix Corporal config installed copy: diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index f5726e32..621177e5 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Coturn repository is present on self-build diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index b2f6834d..a18ad065 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -23,6 +23,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Dendrite signing key exists stat: diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 4225da3f..1ba4f2d4 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -92,6 +92,9 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build|bool" register: matrix_dimension_pull_results + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build git: diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index e2e4f043..4dffe681 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -7,6 +7,10 @@ force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Dynamic DNS paths exist file: diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 44f2ef7d..74e7c676 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -28,6 +28,10 @@ force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Email2Matrix repository is present on self-build git: diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index 27832e14..6f276e05 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-etherpad.service installed template: diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 5f9d21c1..95a0ba53 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure grafana paths exists file: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 2bb781c1..d85e0703 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jicofo environment variables file created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 3b3b8dbf..b007ede8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jvb configuration files created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 437e1e9c..301fa82f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-prosody environment variables file is created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 0a4d43b0..ea831490 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -25,6 +25,10 @@ force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-web environment variables file created template: diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 27e74d10..c56c81f9 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure gradle is installed for self-building (Debian) diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 1ac4f339..5ad02a57 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -51,6 +51,10 @@ force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-mailer.service installed template: diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 373bc55b..92454e96 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -184,6 +184,10 @@ force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-nginx-proxy.service installed template: diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 72329db3..701d8dd3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres backup paths exist file: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 46186a4d..43192475 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -43,6 +43,10 @@ force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres paths exist file: diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 419f3592..21d0b55d 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed template: diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index a6c49816..08ffe708 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index d3512f1b..e0fe8cf6 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Prometheus paths exists file: diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index a37174a3..df1d1736 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure redis paths exist file: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index ac9a4e67..2b5beafa 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-registration repository is present when self-building git: diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index 0be6fbe0..1a6ce186 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Sygnal paths exists file: diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index ab1e6d46..2243706b 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building git: diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9e3870e5..d3781520 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index ad8497cc..1aaf3a81 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -48,6 +48,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Generate rust-synapse-compress-state room find command set_fact: diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 731be003..deedd7bd 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -54,6 +54,10 @@ force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Synapse signing key exists stat: From abff35ea97deb73fcf98844b23d1477d8deae8f1 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 17 Mar 2022 15:39:47 +0000 Subject: [PATCH 166/419] Update Cinny 1.8.1 -> 1.8.2 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index ec3febc7..2ded4048 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.8.1 +matrix_client_cinny_version: v1.8.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 958d089b68d46d1810b3b508234bfc4809522f68 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Mar 2022 17:58:59 +0200 Subject: [PATCH 167/419] Do not install the ma1sd identity server by default As mentioned in the changelog, this is a breaking change. --- CHANGELOG.md | 17 +++++++++++++++++ README.md | 2 +- docs/configuring-dns.md | 4 ++-- docs/configuring-playbook-ma1sd.md | 16 +++++++--------- docs/configuring-playbook.md | 5 +++-- docs/container-images.md | 4 ++-- group_vars/matrix_servers | 13 ++++++++++--- 7 files changed, 42 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1ac92e5..0196a1b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# 2022-03-17 + +## (Compatibility Break) ma1sd identity server no longer installed by default + +The playbook no longer installs the [ma1sd](https://github.com/ma1uta/ma1sd) identity server by default. The next time you run the playbook, ma1sd will be uninstalled from your server, unless you explicitly enable the ma1sd service (see how below). + +The main reason we used to install ma1sd by default in the past was to prevent Element from talking to the `matrix.org` / `vector.im` identity servers, by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead, thus preventing contact list leaks. + +Since Element no longer defaults to using a public identity server if another one is not provided, we can stop installing ma1sd. + +If you need to install the ma1sd identity server for some reason, you can explicitly enable it by adding this to your `vars.yml` file: + +```yaml +matrix_ma1sd_enabled: true +``` + + # 2022-02-12 ## matrix_encryption_disabler support diff --git a/README.md b/README.md index e1e901d0..0e6bc51b 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Using this playbook, you can get the following services configured on your serve - (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default -- (optional, default) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server +- (optional) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server - (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 4416c3bc..c16ab2fc 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -62,11 +62,11 @@ The `cinny.` subdomain may be necessary, because this playbook coul ## `_matrix-identity._tcp` SRV record setup -To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this: +To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: - Name: `_matrix-identity._tcp` (use this text as-is) - Content: `10 0 443 matrix.` (replace `` with your own) -This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. +This is an optional feature for the optionally-installed [ma1sd service](configuring-playbook-ma1sd.md). See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index 70c507cb..e18a51c5 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -1,24 +1,22 @@ # Adjusting ma1sd Identity Server configuration (optional) -By default, this playbook configures an [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. +The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. + +ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). This server is private by default, potentially at the expense of user discoverability. *ma1sd is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.* -**Note**: enabling ma1sd (which is also the default), means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). +**Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). - -## Disabling ma1sd - -ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). - -If you'd like for the playbook to not install ma1sd (or to uninstall it if it was previously installed), you can disable it in your configuration file (`inventory/host_vars/matrix./vars.yml`): +To enable ma1sd, use the following additional configuration in your `vars.yml` file: ```yaml -matrix_ma1sd_enabled: false +matrix_ma1sd_enabled: true ``` + ## Matrix.org lookup forwarding To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 9b153883..3d5e6c2c 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -47,8 +47,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional) -- [Adjusting ma1sd Identity Server configuration](configuring-playbook-ma1sd.md) (optional) - - [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) (optional, advanced) - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) @@ -69,11 +67,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Adjusting email-sending settings](configuring-playbook-email.md) (optional) - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional) + - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional) ### Authentication and user-related +- [Setting up an ma1sd Identity Server](configuring-playbook-ma1sd.md) (optional) + - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional) - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index cf680d21..bf5885e0 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -15,8 +15,6 @@ These services are enabled and used by default, but you can turn them off, if yo - [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional) -- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) - - [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional) - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) @@ -30,6 +28,8 @@ These services are enabled and used by default, but you can turn them off, if yo These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later): +- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) + - [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d938c76d..32be903a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1328,9 +1328,16 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64 # ###################################################################### -# By default, this playbook installs the ma1sd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`). -# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. -matrix_ma1sd_enabled: true +# We no longer install the ma1sd identity server by default. +# +# The main reason we used to install ma1sd by default in the past was to +# prevent Element from talking to the `matrix.org` / `vector.im` identity servers, +# by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead, +# thus preventing contact list leaks. +# +# Since Element no longer defaults to using a public identity server if another one is not provided, +# we can stop installing ma1sd. +matrix_ma1sd_enabled: false matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" From dc82c1a0e6c3214ecb8edea4a0de96d4f2bdadc8 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Thu, 17 Mar 2022 17:21:18 +0100 Subject: [PATCH 168/419] Update IRC appservice bridge --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index fa861308..5dfe3623 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.32.1 +matrix_appservice_irc_version: release-0.33.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From c741a7485334f6feeda8b08469359f6cacce531d Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 18:41:05 +0200 Subject: [PATCH 169/419] Switch mx-puppet-slack to the beeper fork --- docs/configuring-playbook-bridge-mx-puppet-slack.md | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 ++++++---- .../tasks/setup_install.yml | 3 ++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index 0630270f..8db159d7 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -4,8 +4,8 @@ [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. -The playbook can install and configure -[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. +The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of +[mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bf5c6dfa..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,7 +8,9 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # @@ -16,8 +18,8 @@ matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Soru matrix_mx_puppet_slack_container_http_host_bind_port: '' matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 23301eab..b064ee83 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -79,6 +79,7 @@ repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" @@ -89,7 +90,7 @@ force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" From 5ed23e81ef95f9377393a680c6987fa0ccf6ecc5 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Thu, 17 Mar 2022 18:37:37 +0100 Subject: [PATCH 170/419] Fix index in external_prometheus.yml.example.j2 For an unknown reason prometheus ignored the given "numeric" index and replaced it by 1. This made it not work properly, plus multiple workers of same types were not differentiable. With a "string" index, it works as intended. --- .../templates/prometheus/external_prometheus.yml.example.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 index 01a39ffa..cbb2e6f3 100644 --- a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 @@ -22,7 +22,7 @@ scrape_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] labels: job: "master" - index: 1 + index: "0" {% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics @@ -36,5 +36,5 @@ scrape_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] labels: job: "{{ worker.type }}" - index: {{ worker.instanceId }} + index: "{{ worker.instanceId }}" {% endfor %} From 95cfbf02566bf15a1003fe021d4d215eb3a8202e Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 17 Mar 2022 20:16:17 +0000 Subject: [PATCH 171/419] Switch mx-puppet-slack to the beeper fork (#1704) --- docs/configuring-playbook-bridge-mx-puppet-slack.md | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 ++++++---- .../tasks/setup_install.yml | 3 ++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index 0630270f..8db159d7 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -4,8 +4,8 @@ [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. -The playbook can install and configure -[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. +The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of +[mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bf5c6dfa..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,7 +8,9 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # @@ -16,8 +18,8 @@ matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Soru matrix_mx_puppet_slack_container_http_host_bind_port: '' matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 23301eab..b064ee83 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -79,6 +79,7 @@ repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" @@ -89,7 +90,7 @@ force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" From d5a79538a6779a1bda2b058e8cefba2947b9d66a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iikka=20J=C3=A4rvenp=C3=A4=C3=A4?= <41309685+iikkart@users.noreply.github.com> Date: Thu, 17 Mar 2022 20:20:43 +0000 Subject: [PATCH 172/419] Improved documentation about permissions More info: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1699 --- ...onfiguring-playbook-bridge-mautrix-telegram.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 0ac6c103..924de8ca 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -49,4 +49,19 @@ If you want to use the relay-bot feature ([relay bot documentation](https://docs ```yaml matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN +matrix_mautrix_telegram_configuration_extension_yaml: | + bridge: + permissions: + '*': relaybot ``` + +You might also want to give permissions to administrate the bot: +```yaml +matrix_mautrix_telegram_configuration_extension_yaml: | + bridge: + permissions: + '@user:DOMAIN': admin +``` + +More details about permissions in this example: +https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410 From 5c34353d87b880ccdb7edb3ae62ab91532509d1f Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Fri, 18 Mar 2022 14:52:25 -0600 Subject: [PATCH 173/419] Update configuring-playbook-dimension.md --- docs/configuring-playbook-dimension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index e4b04740..73a7fc0e 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -31,7 +31,7 @@ matrix_dimension_admins: - "@user2:{{ matrix_domain }}" ``` -Admin interface is accessible at `https://dimension./riot-app/admin` after logging in to element and opening it in any room via "Edit widgets, bridges & bots" and then clicking the "settings"-icon in the upper right corner. +The admin interface is accessible within Element by accessing it in any room and clicking the cog wheel/settings icon in the top right. Currently, Dimension can be opened in Element by the "Add widgets, bridges, & bots" link in the room information. ## Access token From b242559df50c0f23c35c83ecf83ec43b27c0c701 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 22 Mar 2022 12:56:04 +0100 Subject: [PATCH 174/419] add detailed docs about hookshot's URLs --- docs/configuring-playbook-bridge-hookshot.md | 21 +++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 0df0036b..f4cc232d 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,10 +16,29 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +### URLs for bridges setup + +All of the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). + +| Listener | default path | variable | used as | +|---|---|---|---| +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | GitHub "Webhook URL" | +| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | +| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | +| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | +| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | +| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | GitHub "Webhook URL" | +| metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | | | not supported | + +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). + +The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. + ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: From 81d198b5b68fb2107f91563c0fa95cc490589d21 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 22 Mar 2022 12:59:12 +0100 Subject: [PATCH 175/419] !fixup add detailed docs about hookshot's URLs --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index f4cc232d..5639f159 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -31,7 +31,7 @@ All of the following endpoints are reachable on your `matrix.` subdomain (if the | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | -| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | GitHub "Webhook URL" | +| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | | metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | | widgets | | | not supported | From 41f948c48bfebee0ece70386ad6be3ae3030c2d5 Mon Sep 17 00:00:00 2001 From: Peter Date: Tue, 22 Mar 2022 13:34:05 +0100 Subject: [PATCH 176/419] Update mautrix-whatsapp 0.2.4 -> 0.3.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 68634746..6aae2015 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.4 +matrix_mautrix_whatsapp_version: v0.3.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From d04162b275386d7d754ca534a25a2b32606e150f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Mar 2022 19:35:21 +0200 Subject: [PATCH 177/419] Upgrade Synapse (1.54.0 -> 1.55.0) `roles/matrix-synapse/vars/workers.yml` has not been updated here, because running `roles/matrix-synapse/files/workers-doc-to-yaml.awk` seems to cause some trouble with the current `workers.md` file available at https://github.com/matrix-org/synapse/raw/master/docs/workers.md, namely lots of: > FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually lines and commented out regex lines. This is something that remains to be investigated/fixed. --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 42 ++++++++++++++++++- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c7be1b43..80f2781b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.54.0 +matrix_synapse_version: v1.55.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 29986c2e..63e3b7ad 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1977,8 +1977,14 @@ saml2_config: # # localpart_template: Jinja2 template for the localpart of the MXID. # If this is not set, the user will be prompted to choose their -# own username (see 'sso_auth_account_details.html' in the 'sso' -# section of this file). +# own username (see the documentation for the +# 'sso_auth_account_details.html' template). This template can +# use the 'localpart_from_email' filter. +# +# confirm_localpart: Whether to prompt the user to validate (or +# change) the generated localpart (see the documentation for the +# 'sso_auth_account_details.html' template), instead of +# registering the account right away. # # display_name_template: Jinja2 template for the display name to set # on first login. If unset, no displayname will be set. @@ -3013,4 +3019,36 @@ redis: password: {{ matrix_synapse_redis_password }} +## Background Updates ## + +# Background updates are database updates that are run in the background in batches. +# The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to +# sleep can all be configured. This is helpful to speed up or slow down the updates. +# +background_updates: + # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set + # a time to change the default. + # + #background_update_duration_ms: 500 + + # Whether to sleep between updates. Defaults to True. Uncomment to change the default. + # + #sleep_enabled: false + + # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment + # and set a duration to change the default. + # + #sleep_duration_ms: 300 + + # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and + # set a size to change the default. + # + #min_batch_size: 10 + + # The batch size to use for the first iteration of a new background update. The default is 100. + # Uncomment and set a size to change the default. + # + #default_batch_size: 50 + + # vim:ft=yaml From 07e68d48de5e1795913a77d6b72601581af6f01f Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 22 Mar 2022 20:37:40 +0100 Subject: [PATCH 178/419] Update Mjolnir from 1.3.2 to 1.4.1 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index cfb0d06d..0093576c 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.2" +matrix_bot_mjolnir_version: "v1.4.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 97865484bd8d33b6c399f7326b8651a27a049499 Mon Sep 17 00:00:00 2001 From: pulmonarycosignerkindness <70479260+pulmonarycosignerkindness@users.noreply.github.com> Date: Wed, 23 Mar 2022 19:17:54 +0000 Subject: [PATCH 179/419] Update mjolnir antispam commit hash Changed the commit hash in matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version to latest. Fixes a Synapse ImportError with mjolnir v1.4.1 leading to a Synapse crash-loop. --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 80f2781b..f028de98 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -525,7 +525,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve # See: https://github.com/matrix-org/mjolnir#synapse-module matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir" -matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "70f353fbbad0af469b1001080dea194d512b2815" +matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58" matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true # Flag messages sent by servers/users in the ban lists as spam. Currently # this means that spammy messages will appear as empty to users. Default From 38f2dc45534e36d7bc6fc9f890c156699c29a864 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Thu, 24 Mar 2022 15:54:36 -0400 Subject: [PATCH 180/419] Synapse 1.55.0 -> Synapse 1.55.2 This is a minor hotfix, needs to be bumped though or new deploys will break (existing deploys not affected by bug). --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f028de98..65ca3e10 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.55.0 +matrix_synapse_version: v1.55.2 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 85627b59adc9e057d7988aba1ae28edaad830f73 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Mar 2022 10:04:21 +0200 Subject: [PATCH 181/419] Make synapse-compress-state in-container binary path configurable This makes it easier to use another container image for rust-synapse-compress-state, which may be storing the binary at another path. --- roles/matrix-synapse/defaults/main.yml | 1 + .../tasks/rust-synapse-compress-state/compress_room.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 65ca3e10..0008de3d 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -624,6 +624,7 @@ matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-c matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/synapse-compress-state" # Default Synapse configuration template which covers the generic use case. diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 36ef0a3a..e1386c75 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -12,7 +12,7 @@ --network={{ matrix_docker_network }} --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work {{ matrix_synapse_rust_synapse_compress_state_docker_image }} - /synapse-compress-state -t -o /work/state-compressor.sql + {{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql -p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}" -r '{{ room_details.room_id }}' From dac4df738497018ea0b7f48ab8d464ae600ba012 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Mar 2022 10:31:05 +0200 Subject: [PATCH 182/419] Add arm64 support for rust-synapse-compress-state by switching container image This switches the playbook from devture/rust-synapse-compress-state (a container image which wraps the upstream-prebuilt amd64 binary of rust-synapse-compress-state) to registry.gitlab.com/mb-saces/rust-synapse-compress-state (https://gitlab.com/mb-saces/rust-synapse-compress-state), which builds rust-synapse-compress-state from source and provides a multi-arch image that currently works on amd64 and arm64. Ideally, we'll stop using `:latest` and arm32 support will be made available upstream as well at some point. Discussed here: https://gitlab.com/mb-saces/rust-synapse-compress-state/-/issues/1 --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 0008de3d..4cba18fa 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -620,11 +620,11 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0" +matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest" matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" -matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" # Default Synapse configuration template which covers the generic use case. From fc1e15baffc9782d61587cc4382f37f437989eaa Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 26 Mar 2022 12:09:42 +0100 Subject: [PATCH 183/419] Updated: to v0.3.1 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 168d08f7..e334e8d6 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: latest +matrix_mautrix_googlechat_version: v0.3.1 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From f29f51a54c4e58199cfc4a9da76eaf9798e4fd6e Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Mon, 28 Mar 2022 13:52:44 -0400 Subject: [PATCH 184/419] Update Element 1.10.7 -> 1.10.8 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index edaa189c..c395efb7 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.7 +matrix_client_element_version: v1.10.8 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 9b0323432351c4ee793ad81bccf4f8347204c8ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 29 Mar 2022 22:14:44 +0200 Subject: [PATCH 185/419] Fix Facebook presence config key --- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 1f71286e..49c49be8 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -106,7 +106,9 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }} - presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }} + # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, + # so it might be more suspicious to Facebook. + presence_from_facebook: {{ matrix_mautrix_facebook_bridge_presence|to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true # End-to-bridge encryption support options. These require matrix-nio to be installed with pip From 326b1090b75f9fab81b282db5becce35374cd084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 29 Mar 2022 22:26:29 +0200 Subject: [PATCH 186/419] Add note about Prometheus retention policy --- docs/configuring-playbook-prometheus-grafana.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 892bffb2..f178def2 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -25,6 +25,8 @@ matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you" By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.`. +The retention policy of Prometheus metrics is [15 days by default](https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects). Older data gets deleted automatically. + ## What does it do? From 0103d92df4a28bef7182e161ce3ca9cc4ff596f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Mar 2022 09:02:17 +0300 Subject: [PATCH 187/419] Temporarily switch to Myned-maintained fork of mx-puppet-discord/mx-puppet-slack Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1719 We're using a pinned commit of this fork, which patches up the npm/yarn lock files, so that self-building of the Discord and Slack bridges can work after GitHub's deprecation of the `git://` and `ssh://` protocols (https://github.blog/2021-09-01-improving-git-protocol-security-github/). When the issue gets fixed in the Beeper fork (via https://gitlab.com/beeper/mx-puppet-monorepo/-/merge_requests/35 or otherwise), we'll get back on it. --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 52257689..03bac4e5 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" @@ -20,7 +20,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: latest +matrix_mx_puppet_discord_version: 40f3142032bacec6333f4bbc051d5e30af88de9c matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8..63549bc4 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Docke # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_version: 40f3142032bacec6333f4bbc051d5e30af88de9c matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From ea358e208c36ceabf2bd6441677c5fd026cdde3c Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Wed, 30 Mar 2022 14:18:21 +0200 Subject: [PATCH 188/419] Upgrade Hookshot (1.2.0 -> 1.3.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index e6be626e..01dd43b0 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.2.0 +matrix_hookshot_version: 1.3.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From 999c717cf452efc94ef72f125ec6c2aa1a7c43f4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 31 Mar 2022 08:37:24 +0300 Subject: [PATCH 189/419] Revert "Temporarily switch to Myned-maintained fork of mx-puppet-discord/mx-puppet-slack" This reverts commit 0103d92df4a28bef7182e161ce3ca9cc4ff596f0. The same fix has now been merged upstream (https://gitlab.com/beeper/mx-puppet-monorepo/-/merge_requests/35), so we don't need to use a fork anymore. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1719 --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 03bac4e5..52257689 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" @@ -20,7 +20,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: 40f3142032bacec6333f4bbc051d5e30af88de9c +matrix_mx_puppet_discord_version: latest matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 63549bc4..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Docke # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: 40f3142032bacec6333f4bbc051d5e30af88de9c +matrix_mx_puppet_slack_version: latest matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 5f0ece0c28b3c4ee510d51de63e2ba67c2009de5 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 3 Apr 2022 00:49:57 +0300 Subject: [PATCH 190/419] fix permissions --- roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 2 ++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 2 ++ roles/matrix-postgres/tasks/setup_postgres.yml | 2 ++ 6 files changed, 18 insertions(+) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index d85e0703..0cb7043f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jicofo/env.j2" dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -39,6 +41,8 @@ template: src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - sip-communicator.properties diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index b007ede8..90bf4a69 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jvb/{{ item }}.j2" dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-sip-communicator.properties @@ -42,6 +44,8 @@ template: src: "{{ role_path }}/templates/jvb/env.j2" dest: "{{ matrix_jitsi_jvb_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 301fa82f..6db954b8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -33,6 +33,8 @@ template: src: "{{ role_path }}/templates/prosody/env.j2" dest: "{{ matrix_jitsi_prosody_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index ea831490..feda4ace 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -34,6 +34,8 @@ template: src: "{{ role_path }}/templates/web/env.j2" dest: "{{ matrix_jitsi_web_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -41,6 +43,8 @@ template: src: "{{ role_path }}/templates/web/{{ item }}.j2" dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-config.js diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 701d8dd3..73341033 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -41,6 +41,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_backup_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-backup" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 43192475..04763a32 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -76,6 +76,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_base_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-psql" From b3176957c3cf1e0797a8d1f1796d14b91ed3d1ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 17:10:46 +0700 Subject: [PATCH 191/419] Add hookshot self build for arm64 and amd64 --- docs/self-building.md | 1 + group_vars/matrix_servers | 2 + .../matrix-bridge-hookshot/defaults/main.yml | 11 ++++- .../tasks/setup_install.yml | 42 +++++++++++++++---- 4 files changed, 46 insertions(+), 10 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..4ec5bb86 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-dimension` - `matrix-ma1sd` - `matrix-mailer` +- `matrix-bridge-hookshot` - `matrix-bridge-appservice-irc` - `matrix-bridge-appservice-slack` - `matrix-bridge-appservice-webhooks` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 32be903a..8673bb7b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,6 +671,8 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 01dd43b0..6dab5cd6 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,12 +5,21 @@ matrix_hookshot_enabled: true + +matrix_hookshot_container_image_self_build: false +matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" +matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" + matrix_hookshot_version: 1.3.0 -matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" + +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" +matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" +matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src" + matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_hookshot_container_url: 'matrix-hookshot' diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index b4e44c9c..cac9fdca 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -2,26 +2,50 @@ - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- name: Ensure hookshot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_hookshot_base_path }}", when: true } + - { path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}" } + when: item.when|bool + - name: Ensure hookshot image is pulled docker_image: name: "{{ matrix_hookshot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + when: not matrix_hookshot_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" until: result is not failed -- name: Ensure hookshot paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_hookshot_base_path }}" +- name: Ensure hookshot repository is present on self-build + git: + repo: "{{ matrix_hookshot_container_image_self_build_repo }}" + dest: "{{ matrix_hookshot_docker_src_files_path }}" + version: "{{ matrix_hookshot_container_image_self_build_branch }}" + force: "yes" + register: matrix_hookshot_git_pull_results + when: "matrix_hookshot_container_image_self_build|bool" + +- name: Ensure hookshot Docker image is built + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: build + force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_hookshot_docker_src_files_path }}" + pull: yes + when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists stat: From cfd8a9c0f8287065dde2d040e55608ac157373ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 17:19:35 +0700 Subject: [PATCH 192/419] [HOOKSHOT] Fix yamllint --- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index cac9fdca..38dc62a3 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -9,9 +9,9 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_hookshot_base_path }}", when: true } - - { path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}" } + with_items: + - {path: "{{ matrix_hookshot_base_path }}", when: true} + - {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"} when: item.when|bool - name: Ensure hookshot image is pulled @@ -44,7 +44,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_hookshot_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists From b38c7371a912132a82ce52177311379de0518c15 Mon Sep 17 00:00:00 2001 From: RoiArthurB Date: Sun, 3 Apr 2022 17:34:27 +0700 Subject: [PATCH 193/419] [STEAM] Move docker source from icewind1991 to tilosp fixed repo --- docs/self-building.md | 1 + group_vars/matrix_servers | 12 ++++++------ .../matrix-bridge-mx-puppet-steam/defaults/main.yml | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..a86f03af 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -33,6 +33,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mx-puppet-skype` +- `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` - `matrix-bot-honoroit` - `matrix-bot-matrix-reminder-bot` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 32be903a..f01444f2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -908,7 +908,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_mx_puppet_steam_systemd_required_services_list: | {{ @@ -1552,11 +1552,11 @@ matrix_ssl_domains_to_obtain_certificates_for: | }} matrix_ssl_architecture: "{{ - { - 'amd64': 'amd64', - 'arm32': 'arm32v6', - 'arm64': 'arm64v8', - }[matrix_architecture] + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] }}" matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 91675fce..4e3d6bc6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # From 1ce891fc70ce7711008675aa159bb6105f3a3383 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 23:42:29 +0700 Subject: [PATCH 194/419] Revert group_var wrong part reindent --- group_vars/matrix_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f01444f2..26485d68 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,11 +1552,11 @@ matrix_ssl_domains_to_obtain_certificates_for: | }} matrix_ssl_architecture: "{{ - { - 'amd64': 'amd64', - 'arm32': 'arm32v6', - 'arm64': 'arm64v8', - }[matrix_architecture] + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] }}" matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" From e7978dbdca91351e235d36ae25a74a0a7266f155 Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Tue, 5 Apr 2022 03:40:37 +0100 Subject: [PATCH 195/419] Dendrite 0.7.0 --- group_vars/matrix_servers | 14 +- roles/matrix-dendrite/defaults/main.yml | 11 +- .../matrix-dendrite/tasks/setup_dendrite.yml | 1 + .../templates/dendrite/dendrite.yaml.j2 | 176 ++++++++---------- .../systemd/matrix-dendrite.service.j2 | 1 + 5 files changed, 83 insertions(+), 120 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 26485d68..de81e2a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1592,15 +1592,11 @@ matrix_postgres_additional_databases: | }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([{ - 'name': matrix_dendrite_naffka_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, - },{ 'name': matrix_dendrite_appservice_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_federationsender_database, + 'name': matrix_dendrite_federationapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ @@ -1615,20 +1611,16 @@ matrix_postgres_additional_databases: | 'name': matrix_dendrite_room_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, - },{ - 'name': matrix_dendrite_singingkeyserver_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, },{ 'name': matrix_dendrite_syncapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_account_database, + 'name': matrix_dendrite_userapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_device_database, + 'name': matrix_dendrite_pushserver_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index ec3937c7..99ceb1a0 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,13 +6,14 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.5.1" +matrix_dendrite_docker_image_tag: "v0.7.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config" matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage" matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" +matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" # By default, we make Dendrite only serve HTTP (not HTTPS). @@ -114,16 +115,14 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "matrix-postgres" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" -matrix_dendrite_naffka_database: "dendrite_naffka" matrix_dendrite_appservice_database: "dendrite_appservice" -matrix_dendrite_federationsender_database: "dendrite_federationsender" +matrix_dendrite_federationapi_database: "dendrite_federationapi" matrix_dendrite_keyserver_database: "dendrite_keyserver" matrix_dendrite_mediaapi_database: "dendrite_mediaapi" matrix_dendrite_room_database: "dendrite_room" -matrix_dendrite_singingkeyserver_database: "dendrite_sigingkeyserver" matrix_dendrite_syncapi_database: "dendrite_syncapi" -matrix_dendrite_account_database: "dendrite_account" -matrix_dendrite_device_database: "dendrite_device" +matrix_dendrite_userapi_database: "dendrite_userapi" +matrix_dendrite_pushserver_database: "dendrite_pushserver" matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index cbe0cf84..fc306759 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -9,6 +9,7 @@ with_items: - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} - {path: "{{ matrix_dendrite_ext_path }}", when: true} + - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 102dd2f5..01bb72f7 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -28,7 +28,7 @@ # connection can be idle in seconds - a negative value is unlimited. # The version of the configuration file. -version: 1 +version: 2 # Global Matrix configuration. This configuration applies to all components. global: @@ -66,34 +66,40 @@ global: # to other servers and the federation API will not be exposed. disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }} - # Configuration for Kafka/Naffka. - kafka: - # List of Kafka broker addresses to connect to. This is not needed if using - # Naffka in monolith mode. - addresses: [] - - # The prefix to use for Kafka topic names for this homeserver. Change this only if - # you are running more than one Dendrite homeserver on the same Kafka deployment. + # Server notices allows server admins to send messages to all users. + server_notices: + enabled: false + # The server localpart to be used when sending notices, ensure this is not yet taken + local_part: "_server" + # The displayname to be used when sending notices + display_name: "Server alerts" + # The mxid of the avatar to use + avatar_url: "" + # The roomname to be used when creating messages + room_name: "Server Alerts" + + # Configuration for NATS JetStream + jetstream: + # A list of NATS Server addresses to connect to. If none are specified, an + # internal NATS server will be started automatically when running Dendrite + # in monolith mode. It is required to specify the address of at least one + # NATS Server node if running in polylith mode. + addresses: + # - jetstream:4222 + + # Keep all NATS streams in memory, rather than persisting it to the storage + # path below. This option is present primarily for integration testing and + # should not be used on a real world Dendrite deployment. + in_memory: false + + # Persistent directory to store JetStream streams in. This directory + # should be preserved across Dendrite restarts. + storage_path: "/matrix-nats-store" + + # The prefix to use for stream names for this homeserver - really only + # useful if running more than one Dendrite on the same NATS deployment. topic_prefix: Dendrite - # Whether to use Naffka instead of Kafka. This is only available in monolith - # mode, but means that you can run a single-process server without requiring - # Kafka. - use_naffka: true - - # The max size a Kafka message is allowed to use. - # You only need to change this value, if you encounter issues with too large messages. - # Must be less than/equal to "max.message.bytes" configured in Kafka. - # Defaults to 8388608 bytes. - # max_message_bytes: 8388608 - - # Naffka database options. Not required when using Kafka. - naffka_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - # Configuration for Prometheus metric collection. metrics: # Whether or not Prometheus metrics are enabled. @@ -126,11 +132,6 @@ app_service_api: max_idle_conns: 2 conn_max_lifetime: -1 - # Disable the validation of TLS certificates of appservices. This is - # not recommended in production since it may allow appservice traffic - # to be sent to an unverified endpoint. - disable_tls_validation: false - # Appservice configuration files to load into this homeserver. config_files: {{ matrix_dendrite_app_service_config_files|to_json }} @@ -146,6 +147,10 @@ client_api: # using the registration shared secret below. registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }} + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }} @@ -175,12 +180,6 @@ client_api: threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} -# Configuration for the EDU server. -edu_server: - internal_api: - listen: http://0.0.0.0:7778 - connect: http://edu_server:7778 - # Configuration for the Federation API. federation_api: internal_api: @@ -188,20 +187,8 @@ federation_api: connect: http://federation_api:7772 external_api: listen: http://0.0.0.0:8072 - - # List of paths to X.509 certificates to be used by the external federation listeners. - # These certificates will be used to calculate the TLS fingerprints and other servers - # will expect the certificate to match these fingerprints. Certificates must be in PEM - # format. - federation_certificates: [] - -# Configuration for the Federation Sender. -federation_sender: - internal_api: - listen: http://0.0.0.0:7775 - connect: http://federation_sender:7775 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -221,6 +208,22 @@ federation_sender: host: localhost port: 8080 + # Perspective keyservers to use as a backup when direct key fetches fail. This may + # be required to satisfy key requests for servers that are no longer online when + # joining some rooms. + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + + # This option will control whether Dendrite will prefer to look up keys directly + # or whether it should try perspective servers first, using direct fetches as a + # last resort. + prefer_direct_fetch: false + # Configuration for the Key Server (for end-to-end encryption). key_server: internal_api: @@ -261,15 +264,15 @@ media_api: # A list of thumbnail sizes to be generated for media content. thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale + - width: 32 + height: 32 + method: crop + - width: 96 + height: 96 + method: crop + - width: 640 + height: 480 + method: scale # Configuration for experimental MSC's mscs: @@ -295,40 +298,13 @@ room_server: max_idle_conns: 2 conn_max_lifetime: -1 -# Configuration for the Signing Key Server (for server signing keys). -signing_key_server: - internal_api: - listen: http://0.0.0.0:7780 - connect: http://signing_key_server:7780 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - # Configuration for the Sync API. sync_api: internal_api: listen: http://0.0.0.0:7773 connect: http://sync_api:7773 external_api: - listen: http://0.0.0.0:8073 + listen: http://0.0.0.0:8073 database: connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable max_open_conns: 10 @@ -343,31 +319,25 @@ sync_api: # Configuration for the User API. user_api: - # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 - # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. - # Setting this lower makes registration/login consume less CPU resources at the cost of security - # should the database be compromised. Setting this higher makes registration/login consume more - # CPU resources but makes it harder to brute force password hashes. - # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds) - # bcrypt_cost: 10 internal_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 account_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_userapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - device_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable + +# Configuration for the Push Server API. +push_server: + internal_api: + listen: http://localhost:7782 + connect: http://localhost:7782 + database: + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - # The length of time that a token issued for a relying party from - # /_matrix/client/r0/user/{userId}/openid/request_token endpoint - # is considered to be valid in milliseconds. - # The default lifetime is 3600000ms (60 minutes). - # openid_token_lifetime_ms: 3600000 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index e14734dd..e1c42cbc 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -37,6 +37,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} --mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \ --mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_dendrite_nats_storage_path }},dst=/matrix-nats-store,bind-propagation=slave \ {% for volume in matrix_dendrite_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} From a5a3769ca9ceff0a8d8616318fb687b35b82bc07 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Apr 2022 11:37:27 +0000 Subject: [PATCH 196/419] add borg backup (#1727) * add borg backup * lint fix * add exlclude patterns * missed in the #1726 fix for honoroit * feedback * Fix indentation * feedback * feedback * feedback Co-authored-by: Slavi Pantaleev --- README.md | 2 + docs/configuring-playbook-backup-borg.md | 56 +++++++++++ group_vars/matrix_servers | 21 ++++ roles/matrix-backup-borg/defaults/main.yml | 63 ++++++++++++ roles/matrix-backup-borg/tasks/init.yml | 4 + roles/matrix-backup-borg/tasks/main.yml | 23 +++++ .../tasks/setup_install.yml | 97 +++++++++++++++++++ .../tasks/setup_uninstall.yml | 41 ++++++++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 32 ++++++ roles/matrix-backup-borg/templates/passwd.j2 | 29 ++++++ roles/matrix-backup-borg/templates/sshkey.j2 | 1 + .../systemd/matrix-backup-borg.service.j2 | 58 +++++++++++ .../systemd/matrix-backup-borg.timer.j2 | 10 ++ .../tasks/setup_install.yml | 2 + setup.yml | 1 + 16 files changed, 450 insertions(+) create mode 100644 docs/configuring-playbook-backup-borg.md create mode 100644 roles/matrix-backup-borg/defaults/main.yml create mode 100644 roles/matrix-backup-borg/tasks/init.yml create mode 100644 roles/matrix-backup-borg/tasks/main.yml create mode 100644 roles/matrix-backup-borg/tasks/setup_install.yml create mode 100644 roles/matrix-backup-borg/tasks/setup_uninstall.yml create mode 100644 roles/matrix-backup-borg/tasks/validate_config.yml create mode 100644 roles/matrix-backup-borg/templates/config.yaml.j2 create mode 100644 roles/matrix-backup-borg/templates/passwd.j2 create mode 100644 roles/matrix-backup-borg/templates/sshkey.j2 create mode 100644 roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 create mode 100644 roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 diff --git a/README.md b/README.md index 0e6bc51b..631dc297 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation +- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md new file mode 100644 index 00000000..7ca962c8 --- /dev/null +++ b/docs/configuring-playbook-backup-borg.md @@ -0,0 +1,56 @@ +# Setting up borg backup (optional) + +The playbook can install and configure [borgbackup](https://www.borgbackup.org/) with [borgmatic](https://torsion.org/borgmatic/) for you. +BorgBackup is a deduplicating backup program with optional compression and encryption. +That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service. + +The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day + +## Prerequisites + +1. Create ssh key on any machine: + +```bash +ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix +``` + +2. Add public part of that ssh key to your borg provider / server: + +```bash +# example to append the new PUBKEY contents, where: +# PUBKEY is path to the public key, +# USER is a ssh user on a provider / server +# HOST is a ssh host of a provider / server +cat PUBKEY | ssh USER@HOST 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' +``` + +## Adjusting the playbook configuration + +Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable borg backup: + +```yaml +matrix_backup_borg_enabled: true +matrix_backup_borg_location_repositories: + - USER@HOST:REPO +matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" +matrix_backup_borg_ssh_key_private: | + PRIVATE KEY +``` + +where: + +* USER - ssh user of a provider / server +* HOST - ssh host of a provider / server +* REPO - borg repository name, it will be initialized on backup start, eg: `matrix` +* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager +* PRIVATE KEY - the content of the public part of the ssh key you created before + +Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 54f0ad38..15032cab 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1095,6 +1095,27 @@ matrix_bot_mjolnir_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-backup-borg +# +###################################################################### + +matrix_backup_borg_enabled: false +matrix_backup_borg_location_source_directories: + - "{{ matrix_base_data_path }}" +matrix_backup_borg_location_exclude_patterns: | + {{ + { + 'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"], + }[matrix_homeserver_implementation] + }} + +###################################################################### +# +# /matrix-backup-borg +# +###################################################################### ###################################################################### # diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml new file mode 100644 index 00000000..c8a09f7f --- /dev/null +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -0,0 +1,63 @@ +--- +matrix_backup_borg_enabled: true + +matrix_backup_borg_container_image_self_build: false +matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" +matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src" + +matrix_backup_borg_version: latest +matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" +matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}" + +matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" +matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_backup_borg_container_extra_arguments: [] + +# List of systemd services that matrix-backup-borg.service depends on +matrix_backup_borg_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-backup-borg.service wants +matrix_backup_borg_systemd_wanted_services_list: [] + +# systemd calendar configuration for backup job +matrix_backup_borg_schedule: "*-*-* 04:00:00" + +# what directories should be added to backup +matrix_backup_borg_location_source_directories: [] + +# target repositories +matrix_backup_borg_location_repositories: [] + +# exclude following paths: +matrix_backup_borg_location_exclude_patterns: [] + +# borg encryption mode, only repokey-* is supported +matrix_backup_borg_encryption: repokey-blake2 + +# private ssh key used to connect to the borg repo +matrix_backup_borg_ssh_key_private: "" + +# borg ssh command with ssh key +matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey + +# compression algorithm +matrix_backup_borg_storage_compression: lz4 + +# archive name format +matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" + +# repository passphrase +matrix_backup_borg_storage_encryption_passphrase: "" + +# retention configuration +matrix_backup_borg_retention_keep_hourly: 0 +matrix_backup_borg_retention_keep_daily: 7 +matrix_backup_borg_retention_keep_weekly: 4 +matrix_backup_borg_retention_keep_monthly: 12 +matrix_backup_borg_retention_keep_yearly: 2 + +# retention prefix +matrix_backup_borg_retention_prefix: "matrix-" diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml new file mode 100644 index 00000000..0a90a2e8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -0,0 +1,4 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + when: matrix_backup_borg_enabled|bool diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/matrix-backup-borg/tasks/main.yml new file mode 100644 index 00000000..0dbf54e1 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml new file mode 100644 index 00000000..f2c65a16 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -0,0 +1,97 @@ +--- +- name: Ensure borg paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_backup_borg_config_path }}", when: true} + - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure borg config is created + template: + src: "{{ role_path }}/templates/config.yaml.j2" + dest: "{{ matrix_backup_borg_config_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg passwd is created + template: + src: "{{ role_path }}/templates/passwd.j2" + dest: "{{ matrix_backup_borg_config_path }}/passwd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg ssh key is created + template: + src: "{{ role_path }}/templates/sshkey.j2" + dest: "{{ matrix_backup_borg_config_path }}/sshkey" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + +- name: Ensure borg image is pulled + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" + when: "not matrix_backup_borg_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure borg repository is present on self-build + git: + repo: "{{ matrix_backup_borg_docker_repo }}" + dest: "{{ matrix_backup_borg_docker_src_files_path }}" + force: "yes" + register: matrix_backup_borg_git_pull_results + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure borg image is built + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: build + force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_backup_borg_docker_src_files_path }}" + pull: true + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure matrix-backup-borg.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + mode: 0644 + register: matrix_backup_borg_systemd_service_result + +- name: Ensure matrix-backup-borg.timer installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + mode: 0644 + register: matrix_backup_borg_systemd_timer_result + +- name: Ensure systemd reloaded after matrix-backup-borg.service installation + service: + daemon_reload: true + when: "matrix_backup_borg_systemd_service_result.changed|bool" + +- name: Ensure matrix-backup-borg.service enabled + service: + enabled: true + name: matrix-backup-borg.service + +- name: Ensure matrix-backup-borg.timer enabled + service: + enabled: true + name: matrix-backup-borg.timer diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/matrix-backup-borg/tasks/setup_uninstall.yml new file mode 100644 index 00000000..faad44f7 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- +- name: Check existence of matrix-backup-borg service + stat: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + register: matrix_backup_borg_service_stat + +- name: Ensure matrix-backup-borg is stopped + service: + name: matrix-backup-borg + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.timer doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-backup-borg.service removal + service: + daemon_reload: true + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure Matrix borg paths don't exist + file: + path: "{{ matrix_backup_borg_base_path }}" + state: absent + +- name: Ensure borg Docker image doesn't exist + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml new file mode 100644 index 00000000..4d3fb1c8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_backup_borg_ssh_key_private" + - "matrix_backup_borg_location_repositories" + - "matrix_backup_borg_storage_encryption_passphrase" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 new file mode 100644 index 00000000..89b6ab7d --- /dev/null +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" + +location: + source_directories: {{ matrix_backup_borg_location_source_directories|to_json }} + repositories: {{ matrix_backup_borg_location_repositories|to_json }} + one_file_system: true + exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }} + +storage: + compression: {{ matrix_backup_borg_storage_compression }} + ssh_command: {{ matrix_backup_borg_storage_ssh_command }} + archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}' + encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }} + +retention: + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} + prefix: '{{ matrix_backup_borg_retention_prefix }}' + +consistency: + checks: + - repository + - archives + +hooks: + after_backup: + - echo "Backup created." + on_error: + - echo "Error while creating a backup." diff --git a/roles/matrix-backup-borg/templates/passwd.j2 b/roles/matrix-backup-borg/templates/passwd.j2 new file mode 100644 index 00000000..d3665cf4 --- /dev/null +++ b/roles/matrix-backup-borg/templates/passwd.j2 @@ -0,0 +1,29 @@ +{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #} +root:x:0:0:root:/root:/bin/ash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/mail:/sbin/nologin +news:x:9:13:news:/usr/lib/news:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +man:x:13:15:man:/usr/man:/sbin/nologin +postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin +cron:x:16:16:cron:/var/spool/cron:/sbin/nologin +ftp:x:21:21::/var/lib/ftp:/sbin/nologin +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin +squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin +xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin +games:x:35:35:games:/usr/games:/sbin/nologin +cyrus:x:85:12::/usr/cyrus:/sbin/nologin +vpopmail:x:89:89::/var/vpopmail:/sbin/nologin +ntp:x:123:123:NTP:/var/empty:/sbin/nologin +smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin +guest:x:405:100:guest:/dev/null:/sbin/nologin +{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash +nobody:x:65534:65534:nobody:/:/sbin/nologin diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/matrix-backup-borg/templates/sshkey.j2 new file mode 100644 index 00000000..999cf38d --- /dev/null +++ b/roles/matrix-backup-borg/templates/sshkey.j2 @@ -0,0 +1 @@ +{{ matrix_backup_borg_ssh_key_private }} diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 new file mode 100644 index 00000000..977673ee --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -0,0 +1,58 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Borg Backup +{% for service in matrix_backup_borg_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_backup_borg_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=oneshot +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} \ + sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +SyslogIdentifier=matrix-backup-borg + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 new file mode 100644 index 00000000..541d0020 --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Matrix Borg Backup timer + +[Timer] +Unit=matrix-backup-borg.service +OnCalendar={{ matrix_backup_borg_schedule }} +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 303c5f8b..f3ad9b63 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -43,6 +43,8 @@ template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_honoroit_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 - name: Ensure honoroit image is pulled diff --git a/setup.yml b/setup.yml index 68740b4a..197d313e 100755 --- a/setup.yml +++ b/setup.yml @@ -14,6 +14,7 @@ - matrix-postgres - matrix-redis - matrix-corporal + - matrix-backup-borg - matrix-bridge-appservice-discord - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks From 627333d82bf1d9b902c44e209a7caadc20227553 Mon Sep 17 00:00:00 2001 From: Luke <19363185+mochman@users.noreply.github.com> Date: Tue, 5 Apr 2022 12:42:38 +0000 Subject: [PATCH 197/419] fix container image --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 6dab5cd6..78eacdb1 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -12,7 +12,7 @@ matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot matrix_hookshot_version: 1.3.0 -matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From db4b6efb5da80629987672a55a87c4ef370f8bcf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Apr 2022 16:08:11 +0300 Subject: [PATCH 198/419] Force self-building of matrix-hookshot on arm64 The `halfshot/matrix-hookshot` container images published to Docker Hub (as of 2022-04-05, at least) are only available for `amd64`, not for `arm64`. Self-building on arm64 is necessary. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1728 It should be noted that a `roiarthurb/matrix-hookshot` container image is available, which is available for the arm64 platform, but that's non-official and doesn't contain an amd64 build, so it's of limited use. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 15032cab..17acd5e1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,7 +671,7 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false -matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" From 7559eb99a77cbb40e82ba566db9dbeb0ae9bc23a Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 5 Apr 2022 20:48:15 +0300 Subject: [PATCH 199/419] Update Synapse 1.55.2 -> 1.56.0 --- roles/matrix-synapse/defaults/main.yml | 4 +- .../templates/synapse/homeserver.yaml.j2 | 254 +++++------------- 2 files changed, 74 insertions(+), 184 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 4cba18fa..ec58f233 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.55.2 +matrix_synapse_version: v1.56.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -202,6 +202,8 @@ matrix_synapse_include_profile_data_on_invite: true # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# Controls whether people with access to the homeserver can register by themselves without verification (email/msisdn/token) +matrix_synapse_enable_registration_without_verification: false # reCAPTCHA API for validating registration attempts matrix_synapse_enable_registration_captcha: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 63e3b7ad..8a701c4d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -35,7 +35,7 @@ modules: {{ matrix_synapse_modules|to_json }} # In most cases you should avoid using a matrix specific subdomain such as # matrix.example.com or synapse.example.com as the server_name for the same # reasons you wouldn't use user@email.example.com as your email address. -# See https://github.com/matrix-org/synapse/blob/master/docs/delegate.md +# See https://matrix-org.github.io/synapse/latest/delegate.html # for information on how to host Synapse on a subdomain while preserving # a clean server_name. # @@ -232,9 +232,9 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # 'all local interfaces'. # # type: the type of listener. Normally 'http', but other valid options are: -# 'manhole' (see docs/manhole.md), -# 'metrics' (see docs/metrics-howto.md), -# 'replication' (see docs/workers.md). +# 'manhole' (see https://matrix-org.github.io/synapse/latest/manhole.html), +# 'metrics' (see https://matrix-org.github.io/synapse/latest/metrics-howto.html), +# 'replication' (see https://matrix-org.github.io/synapse/latest/workers.html). # # tls: set to true to enable TLS for this listener. Will use the TLS # key/cert specified in tls_private_key_path / tls_certificate_path. @@ -259,8 +259,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # client: the client-server API (/_matrix/client), and the synapse admin # API (/_synapse/admin). Also implies 'media' and 'static'. # -# consent: user consent forms (/_matrix/consent). See -# docs/consent_tracking.md. +# consent: user consent forms (/_matrix/consent). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # federation: the server-server API (/_matrix/federation). Also implies # 'media', 'keys', 'openid' @@ -269,12 +269,13 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # # media: the media API (/_matrix/media). # -# metrics: the metrics interface. See docs/metrics-howto.md. +# metrics: the metrics interface. +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # openid: OpenID authentication. # -# replication: the HTTP replication API (/_synapse/replication). See -# docs/workers.md. +# replication: the HTTP replication API (/_synapse/replication). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) @@ -431,9 +432,16 @@ manhole_settings: # sign up in a short space of time never to return after their initial # session. # +# 'mau_limit_alerting' is a means of limiting client side alerting +# should the mau limit be reached. This is useful for small instances +# where the admin has 5 mau seats (say) for 5 specific people and no +# interest increasing the mau limit further. Defaults to True, which +# means that alerting is enabled +# #limit_usage_by_mau: False #max_mau_value: 50 #mau_trial_days: 2 +#mau_limit_alerting: false # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -560,6 +568,15 @@ templates: # #custom_template_directory: /path/to/custom/templates/ +# List of rooms to exclude from sync responses. This is useful for server +# administrators wishing to group users into a room without these users being able +# to see it from their client. +# +# By default, no room is excluded. +# +#exclude_rooms_from_sync: +# - !foo:example.com + # Message retention policy at the server level. # @@ -808,6 +825,12 @@ caches: # 'txn_limit' gives the maximum number of transactions to run per connection # before reconnecting. Defaults to 0, which means no limit. # +# 'allow_unsafe_locale' is an option specific to Postgres. Under the default behavior, Synapse will refuse to +# start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended) +# by setting 'allow_unsafe_locale' to true. Note that doing so may corrupt your database. You can find more information +# here: https://matrix-org.github.io/synapse/latest/postgres.html#fixing-incorrect-collate-or-ctype and here: +# https://wiki.postgresql.org/wiki/Locale_data_changes +# # 'args' gives options which are passed through to the database engine, # except for options starting 'cp_', which are used to configure the Twisted # connection pool. For a reference to valid arguments, see: @@ -1020,7 +1043,7 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # # If you are using a reverse proxy you may also need to set this value in # your reverse proxy's config. Notably Nginx has a small max body size by default. -# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html. +# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" @@ -1171,6 +1194,26 @@ max_spider_size: 10M url_preview_accept_language: {{ matrix_url_preview_accept_language|to_json }} +# oEmbed allows for easier embedding content from a website. It can be +# used for generating URLs previews of services which support it. +# +oembed: + # A default list of oEmbed providers is included with Synapse. + # + # Uncomment the following to disable using these default oEmbed URLs. + # Defaults to 'false'. + # + #disable_default_providers: true + # Additional files with oEmbed configuration (each should be in the + # form of providers.json). + # + # By default, this list is empty (so only the default providers.json + # is used). + # + #additional_providers: + # - oembed/my_providers.json + + ## Captcha ## # See docs/CAPTCHA_SETUP.md for full details of configuring this. @@ -1230,10 +1273,18 @@ turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }} # Registration can be rate-limited using the parameters in the "Ratelimiting" # section of this file. -# Enable registration for new users. +# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, +# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration +# without any verification, you must also set `enable_registration_without_verification`, found below. # enable_registration: {{ matrix_synapse_enable_registration|to_json }} +# Enable registration without email or captcha verification. Note: this option is *not* recommended, +# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect +# unless `enable_registration` is also enabled. +# +enable_registration_without_verification: {{ matrix_synapse_enable_registration_without_verification|to_json }} + # Time that a user's session remains valid for, after they log in. # # Note that this is not currently compatible with guest logins. @@ -1283,8 +1334,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} # #nonrefreshable_access_token_lifetime: 24h -# The user must provide all of the below types of 3PID when registering. - # The user must provide all of the below types of 3PID when registering. # #registrations_require_3pid: @@ -1962,7 +2011,7 @@ saml2_config: # # module: The class name of a custom mapping module. Default is # 'synapse.handlers.oidc.JinjaOidcMappingProvider'. -# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers +# See https://matrix-org.github.io/synapse/latest/sso_mapping_providers.html#openid-mapping-providers # for information on implementing a custom mapping provider. # # config: Configuration for the mapping provider module. This section will @@ -2019,7 +2068,7 @@ saml2_config: # - attribute: groups # value: "admin" # -# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md +# See https://matrix-org.github.io/synapse/latest/openid.html # for information on how to configure these options. # # For backwards compatibility, it is also possible to configure a single OIDC @@ -2044,6 +2093,7 @@ oidc_providers: # token_endpoint: "https://accounts.example.com/oauth2/token" # userinfo_endpoint: "https://accounts.example.com/userinfo" # jwks_uri: "https://accounts.example.com/.well-known/jwks.json" + # skip_verification: true # user_mapping_provider: # config: # subject_claim: "id" @@ -2121,169 +2171,6 @@ sso: # #update_profile_information: true - # Directory in which Synapse will try to find the template files below. - # If not set, or the files named below are not found within the template - # directory, default templates from within the Synapse package will be used. - # - # Synapse will look for the following templates in this directory: - # - # * HTML page to prompt the user to choose an Identity Provider during - # login: 'sso_login_idp_picker.html'. - # - # This is only used if multiple SSO Identity Providers are configured. - # - # When rendering, this template is given the following variables: - # * redirect_url: the URL that the user will be redirected to after - # login. - # - # * server_name: the homeserver's name. - # - # * providers: a list of available Identity Providers. Each element is - # an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # The rendered HTML page should contain a form which submits its results - # back as a GET request, with the following query parameters: - # - # * redirectUrl: the client redirect URI (ie, the `redirect_url` passed - # to the template) - # - # * idp: the 'idp_id' of the chosen IDP. - # - # * HTML page to prompt new users to enter a userid and confirm other - # details: 'sso_auth_account_details.html'. This is only shown if the - # SSO implementation (with any user_mapping_provider) does not return - # a localpart. - # - # When rendering, this template is given the following variables: - # - # * server_name: the homeserver's name. - # - # * idp: details of the SSO Identity Provider that the user logged in - # with: an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # * user_attributes: an object containing details about the user that - # we received from the IdP. May have the following attributes: - # - # * display_name: the user's display_name - # * emails: a list of email addresses - # - # The template should render a form which submits the following fields: - # - # * username: the localpart of the user's chosen user id - # - # * HTML page allowing the user to consent to the server's terms and - # conditions. This is only shown for new users, and only if - # `user_consent.require_at_registration` is set. - # - # When rendering, this template is given the following variables: - # - # * server_name: the homeserver's name. - # - # * user_id: the user's matrix proposed ID. - # - # * user_profile.display_name: the user's proposed display name, if any. - # - # * consent_version: the version of the terms that the user will be - # shown - # - # * terms_url: a link to the page showing the terms. - # - # The template should render a form which submits the following fields: - # - # * accepted_version: the version of the terms accepted by the user - # (ie, 'consent_version' from the input variables). - # - # * HTML page for a confirmation step before redirecting back to the client - # with the login token: 'sso_redirect_confirm.html'. - # - # When rendering, this template is given the following variables: - # - # * redirect_url: the URL the user is about to be redirected to. - # - # * display_url: the same as `redirect_url`, but with the query - # parameters stripped. The intention is to have a - # human-readable URL to show to users, not to use it as - # the final address to redirect to. - # - # * server_name: the homeserver's name. - # - # * new_user: a boolean indicating whether this is the user's first time - # logging in. - # - # * user_id: the user's matrix ID. - # - # * user_profile.avatar_url: an MXC URI for the user's avatar, if any. - # None if the user has not set an avatar. - # - # * user_profile.display_name: the user's display name. None if the user - # has not set a display name. - # - # * HTML page which notifies the user that they are authenticating to confirm - # an operation on their account during the user interactive authentication - # process: 'sso_auth_confirm.html'. - # - # When rendering, this template is given the following variables: - # * redirect_url: the URL the user is about to be redirected to. - # - # * description: the operation which the user is being asked to confirm - # - # * idp: details of the Identity Provider that we will use to confirm - # the user's identity: an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # * HTML page shown after a successful user interactive authentication session: - # 'sso_auth_success.html'. - # - # Note that this page must include the JavaScript which notifies of a successful authentication - # (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback). - # - # This template has no additional variables. - # - # * HTML page shown after a user-interactive authentication session which - # does not map correctly onto the expected user: 'sso_auth_bad_user.html'. - # - # When rendering, this template is given the following variables: - # * server_name: the homeserver's name. - # * user_id_to_verify: the MXID of the user that we are trying to - # validate. - # - # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database) - # attempts to login: 'sso_account_deactivated.html'. - # - # This template has no additional variables. - # - # * HTML page to display to users if something goes wrong during the - # OpenID Connect authentication process: 'sso_error.html'. - # - # When rendering, this template is given two variables: - # * error: the technical name of the error - # * error_description: a human-readable message for the error - # - # You can see the default templates at: - # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates - # - #template_dir: "res/templates" - # JSON web token integration. The following settings can be used to make # Synapse JSON web tokens for authentication, instead of its internal @@ -2298,7 +2185,7 @@ sso: # Note that this is a non-standard login type and client support is # expected to be non-existent. # -# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md. +# See https://matrix-org.github.io/synapse/latest/jwt.html. # #jwt_config: # Uncomment the following to enable authorization using JSON web @@ -2477,7 +2364,8 @@ email: #app_name: my_branded_matrix_server app_name: Matrix - # Enable sending emails for messages that the user has missed + # Uncomment the following to enable sending emails for messages that the user + # has missed. Disabled by default. # #enable_notifs: false enable_notifs: true @@ -2754,7 +2642,7 @@ user_directory: # User Consent configuration # # for detailed instructions, see -# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md +# https://matrix-org.github.io/synapse/latest/consent_tracking.html # # Parts of this section are required if enabling the 'consent' resource under # 'listeners', in particular 'template_dir' and 'version'. @@ -2804,7 +2692,7 @@ user_directory: # Settings for local room and user statistics collection. See -# docs/room_and_user_statistics.md. +# https://matrix-org.github.io/synapse/latest/room_and_user_statistics.html. # stats: # Uncomment the following to disable room and user statistics. Note that doing @@ -2919,7 +2807,7 @@ opentracing: #enabled: true # The list of homeservers we wish to send and receive span contexts and span baggage. - # See docs/opentracing.rst. + # See https://matrix-org.github.io/synapse/latest/opentracing.html. # # This is a list of regexes which are matched against the server_name of the # homeserver. From a86757a18d11ff8270ecdbf9dc268fb809187159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Thu, 7 Apr 2022 01:16:54 +0200 Subject: [PATCH 200/419] mautrix-facebook: update to v0.4.0 --- .../defaults/main.yml | 2 +- .../templates/config.yaml.j2 | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index c9eaa148..d1469863 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.3 +matrix_mautrix_facebook_version: v0.4.0 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 49c49be8..c3cb1932 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -12,6 +12,9 @@ homeserver: # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically # updating m.direct. asmux: false + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -38,6 +41,11 @@ appservice: # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. external: {{ matrix_mautrix_facebook_appservice_public_external|to_json }} + # Allow logging in within Matrix. If false, users can only log in using the web interface. + allow_matrix_login: true + # Segment API key to enable analytics tracking for web server endpoints. Set to null to disable. + # Currently the only events are login start, success and fail. + segment_key: null # The unique ID of this appservice. id: facebook @@ -171,6 +179,8 @@ bridge: # and missed message backfilling when reconnecting. # Set to 0 to always re-sync, or -1 to never re-sync automatically. resync_max_disconnected_time: 5 + # Should the bridge do a resync on startup? + sync_on_startup: true # Whether or not temporary disconnections should send notices to the notice room. # If this is false, disconnections will never send messages and connections will only send # messages if it was disconnected for more than resync_max_disconnected_time seconds. @@ -194,6 +204,34 @@ bridge: permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + relay: + # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to Messenger via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: '$sender_displayname sent a file' + m.image: '$sender_displayname sent an image' + m.audio: '$sender_displayname sent an audio file' + m.video: '$sender_displayname sent a video' + m.location: '$sender_displayname sent a location' + +facebook: + device_seed: generate + default_region_hint: ODN + connection_type: WIFI + carrier: Verizon + hni: 311390 + # Python logging configuration. # # See section 16.7.2 of the Python documentation for more info: From 17f8fd003d674eadcb9d3f3396d21cd3fbe74aff Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Thu, 7 Apr 2022 20:01:26 +0800 Subject: [PATCH 201/419] bump mautrix instagram version to 0.1.3 --- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index c4d90e6b..4ae2d374 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_instagram_enabled: true matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" -matrix_mautrix_instagram_version: v0.1.2 +matrix_mautrix_instagram_version: v0.1.3 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" From ab3e02c7fd54b1af0c500a77a5ab422d5c1a65a4 Mon Sep 17 00:00:00 2001 From: PC-Admin Date: Sat, 9 Apr 2022 08:48:02 +0800 Subject: [PATCH 202/419] Remove matrix-awx sections --- docs/configuring-awx-system.md | 39 --- group_vars/matrix_servers | 21 -- roles/matrix-awx/defaults/main.yml | 8 - .../scripts/matrix_build_room_list.py | 29 -- .../matrix-awx/surveys/access_export.json.j2 | 42 --- .../matrix-awx/surveys/backup_server.json.j2 | 18 - .../surveys/bridge_discord_appservice.json.j2 | 66 ---- .../surveys/configure_corporal.json.j2 | 88 ----- .../surveys/configure_dimension.json.j2 | 30 -- .../surveys/configure_element.json.j2 | 114 ------- .../configure_element_subdomain.json.j2 | 18 - .../surveys/configure_email_relay.json.j2 | 19 -- .../surveys/configure_jitsi.json.j2 | 31 -- .../surveys/configure_ma1sd.json.j2 | 41 --- .../surveys/configure_mjolnir.json.j2 | 29 -- .../surveys/configure_synapse.json.j2 | 198 ----------- .../surveys/configure_synapse_admin.json.j2 | 18 - .../configure_website_access_export.json.j2 | 54 --- roles/matrix-awx/tasks/backup_server.yml | 101 ------ .../tasks/bridge_discord_appservice.yml | 58 ---- .../tasks/cache_matrix_variables.yml | 13 - .../matrix-awx/tasks/create_session_token.yml | 11 - roles/matrix-awx/tasks/create_user.yml | 41 --- .../tasks/customise_website_access_export.yml | 267 --------------- .../matrix-awx/tasks/delete_session_token.yml | 10 - roles/matrix-awx/tasks/export_server.yml | 43 --- roles/matrix-awx/tasks/import_awx.yml | 7 - .../tasks/load_hosting_and_org_variables.yml | 16 - .../tasks/load_matrix_variables.yml | 16 - roles/matrix-awx/tasks/main.yml | 234 ------------- .../tasks/purge_database_events.yml | 14 - .../matrix-awx/tasks/purge_database_main.yml | 320 ------------------ .../tasks/purge_database_no_local.yml | 14 - .../matrix-awx/tasks/purge_database_users.yml | 14 - roles/matrix-awx/tasks/purge_media_local.yml | 19 -- roles/matrix-awx/tasks/purge_media_main.yml | 111 ------ roles/matrix-awx/tasks/purge_media_remote.yml | 19 -- roles/matrix-awx/tasks/rotate_ssh.yml | 25 -- roles/matrix-awx/tasks/self_check.yml | 108 ------ .../tasks/set_variables_corporal.yml | 243 ------------- .../tasks/set_variables_dimension.yml | 105 ------ .../tasks/set_variables_element.yml | 180 ---------- .../tasks/set_variables_element_subdomain.yml | 43 --- .../matrix-awx/tasks/set_variables_jitsi.yml | 45 --- .../matrix-awx/tasks/set_variables_ma1sd.yml | 102 ------ .../matrix-awx/tasks/set_variables_mailer.yml | 44 --- .../tasks/set_variables_mjolnir.yml | 68 ---- .../tasks/set_variables_synapse.yml | 223 ------------ .../tasks/set_variables_synapse_admin.yml | 44 --- roles/matrix-awx/tasks/update_variables.yml | 32 -- roles/matrix-common-after/tasks/awx_post.yml | 77 ----- roles/matrix-common-after/tasks/main.yml | 5 - setup.yml | 1 - 53 files changed, 3536 deletions(-) delete mode 100644 docs/configuring-awx-system.md delete mode 100755 roles/matrix-awx/defaults/main.yml delete mode 100644 roles/matrix-awx/scripts/matrix_build_room_list.py delete mode 100644 roles/matrix-awx/surveys/access_export.json.j2 delete mode 100644 roles/matrix-awx/surveys/backup_server.json.j2 delete mode 100644 roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_corporal.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_dimension.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_element.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_element_subdomain.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_email_relay.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_jitsi.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_ma1sd.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_mjolnir.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_synapse.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_synapse_admin.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_website_access_export.json.j2 delete mode 100644 roles/matrix-awx/tasks/backup_server.yml delete mode 100644 roles/matrix-awx/tasks/bridge_discord_appservice.yml delete mode 100644 roles/matrix-awx/tasks/cache_matrix_variables.yml delete mode 100644 roles/matrix-awx/tasks/create_session_token.yml delete mode 100755 roles/matrix-awx/tasks/create_user.yml delete mode 100755 roles/matrix-awx/tasks/customise_website_access_export.yml delete mode 100644 roles/matrix-awx/tasks/delete_session_token.yml delete mode 100644 roles/matrix-awx/tasks/export_server.yml delete mode 100644 roles/matrix-awx/tasks/import_awx.yml delete mode 100644 roles/matrix-awx/tasks/load_hosting_and_org_variables.yml delete mode 100755 roles/matrix-awx/tasks/load_matrix_variables.yml delete mode 100755 roles/matrix-awx/tasks/main.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_events.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_main.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_no_local.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_users.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_local.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_main.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_remote.yml delete mode 100644 roles/matrix-awx/tasks/rotate_ssh.yml delete mode 100644 roles/matrix-awx/tasks/self_check.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_corporal.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_dimension.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_element.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_element_subdomain.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_jitsi.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_ma1sd.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_mailer.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_mjolnir.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_synapse.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_synapse_admin.yml delete mode 100644 roles/matrix-awx/tasks/update_variables.yml delete mode 100644 roles/matrix-common-after/tasks/awx_post.yml diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md deleted file mode 100644 index 3819a0d3..00000000 --- a/docs/configuring-awx-system.md +++ /dev/null @@ -1,39 +0,0 @@ -# Configuring AWX System (optional) - -An AWX setup for managing multiple Matrix servers. - -This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers. - -Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context. - -The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server. - -This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). - -Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.** - -## Other Required Playbooks - -The following repositories allow you to copy and use this setup: - -[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you. - -[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers. - -[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server. - -[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental. - - -## Does I need an AWX setup to use this? How do I configure it? - -Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). - -For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md). - - -## Does I need a front-end WordPress site? And a DigitalOcean account? - -You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context. - -You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 17acd5e1..a1cadd12 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -45,27 +45,6 @@ matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if m ###################################################################### -###################################################################### -# -# matrix-awx -# -###################################################################### - -# We don't enable AWX support by default. -matrix_awx_enabled: false - -matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}" -matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}" -matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}" -matrix_nginx_proxy_base_domain_create_directory: "{{ not matrix_awx_enabled }}" - -###################################################################### -# -# /matrix-awx -# -###################################################################### - - ###################################################################### # # matrix-bridge-appservice-discord diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml deleted file mode 100755 index cb847325..00000000 --- a/roles/matrix-awx/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -matrix_awx_enabled: true - -# Defaults for 'Customise Website + Access Export' template -awx_sftp_auth_method: 'Disabled' -awx_sftp_password: '' -awx_sftp_public_key: '' diff --git a/roles/matrix-awx/scripts/matrix_build_room_list.py b/roles/matrix-awx/scripts/matrix_build_room_list.py deleted file mode 100644 index 94779ca7..00000000 --- a/roles/matrix-awx/scripts/matrix_build_room_list.py +++ /dev/null @@ -1,29 +0,0 @@ - -import sys -import requests -import json - -janitor_token = sys.argv[1] -synapse_container_ip = sys.argv[2] -synapse_container_port = sys.argv[3] - -# collect total amount of rooms - -rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms' -rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} -rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) -rooms_raw_python = json.loads(rooms_raw.text) -total_rooms = rooms_raw_python["total_rooms"] - -# build complete room list file - -room_list_file = open("/tmp/room_list_complete.json", "w") - -for i in range(0, total_rooms, 100): - rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i) - rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) - room_list_file.write(rooms_inc.text) - -room_list_file.close() - -print(total_rooms) diff --git a/roles/matrix-awx/surveys/access_export.json.j2 b/roles/matrix-awx/surveys/access_export.json.j2 deleted file mode 100644 index d5e1f945..00000000 --- a/roles/matrix-awx/surveys/access_export.json.j2 +++ /dev/null @@ -1,42 +0,0 @@ -{ - "name": "Access Export", - "description": "Access the services export.", - "spec": [ - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 deleted file mode 100644 index 559daade..00000000 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Backup Server", - "description": "Performs a backup of the entire service to a remote location.", - "spec": [ - { - "question_name": "Enable Backup", - "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_backup_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_backup_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 b/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 deleted file mode 100644 index 85b00a5f..00000000 --- a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 +++ /dev/null @@ -1,66 +0,0 @@ -{ - "name": "Bridge Discord Appservice", - "description": "Enables a private bridge you can use to connect Matrix rooms to Discord.", - "spec": [ - { - "question_name": "Enable Discord AppService Bridge", - "question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_appservice_discord_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_appservice_discord_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Discord OAuth2 Client ID", - "question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications", - "required": true, - "min": 0, - "max": 128, - "default": "{{ matrix_appservice_discord_client_id | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_appservice_discord_client_id", - "type": "text" - }, - { - "question_name": "Discord Bot Token", - "question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications", - "required": true, - "min": 0, - "max": 256, - "default": "{{ matrix_appservice_discord_bot_token | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_appservice_discord_bot_token", - "type": "password" - }, - { - "question_name": "Auto-Admin Matrix User", - "question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.", - "required": false, - "min": 0, - "max": 1024, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_appservice_discord_admin_user", - "type": "text" - }, - { - "question_name": "Auto-Admin Rooms", - "question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.", - "required": false, - "min": 0, - "max": 4096, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_appservice_discord_admin_rooms", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_corporal.json.j2 b/roles/matrix-awx/surveys/configure_corporal.json.j2 deleted file mode 100755 index dc8cd4fd..00000000 --- a/roles/matrix-awx/surveys/configure_corporal.json.j2 +++ /dev/null @@ -1,88 +0,0 @@ -{ - "name": "Configure Matrix Corporal", - "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.", - "spec": [ - { - "question_name": "Enable Corporal", - "question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_corporal_enabled|string|lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_corporal_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Corporal Policy Provider", - "question_description": "Controls what provider policy is used with Matrix Corporal.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_corporal_policy_provider_mode }}", - "choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)", - "new_question": true, - "variable": "awx_corporal_policy_provider_mode", - "type": "multiplechoice" - }, - { - "question_name": "Simple Static File Configuration", - "question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.", - "required": false, - "min": 0, - "max": 65536, - "default": "", - "new_question": true, - "variable": "awx_corporal_simple_static_config", - "type": "textarea" - }, - { - "question_name": "HTTP Pull Mode URI", - "question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.", - "required": false, - "min": 0, - "max": 4096, - "default": "{{ awx_corporal_pull_mode_uri }}", - "new_question": true, - "variable": "awx_corporal_pull_mode_uri", - "type": "text" - }, - { - "question_name": "HTTP Pull Mode Authentication Token", - "question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ awx_corporal_pull_mode_token }}", - "choices": "", - "new_question": true, - "variable": "awx_corporal_pull_mode_token", - "type": "password" - }, - { - "question_name": "Corporal API Authentication Token", - "question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_corporal_http_api_auth_token }}", - "choices": "", - "new_question": true, - "variable": "matrix_corporal_http_api_auth_token", - "type": "password" - }, - { - "question_name": "Raise Synapse Ratelimits", - "question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_corporal_raise_ratelimits }}", - "choices": "Normal\nRaised", - "new_question": true, - "variable": "awx_corporal_raise_ratelimits", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 deleted file mode 100644 index 5f79cfd0..00000000 --- a/roles/matrix-awx/surveys/configure_dimension.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "Configure Dimension", - "description": "Configure Dimension, the self-hosted integrations server.", - "spec": [ - { - "question_name": "Enable Dimension", - "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_dimension_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_dimension_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Dimension Users", - "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_dimension_users_final | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_dimension_users", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element.json.j2 b/roles/matrix-awx/surveys/configure_element.json.j2 deleted file mode 100755 index b4021732..00000000 --- a/roles/matrix-awx/surveys/configure_element.json.j2 +++ /dev/null @@ -1,114 +0,0 @@ -{ - "name": "Configure Element", - "description": "Configure Element web client, Element is the most developed Matrix client software.", - "spec": [ - { - "question_name": "Enable Element-Web", - "question_description": "Set if Element web client is enabled or not.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_client_element_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Theme for Web Client", - "question_description": "Sets the default theme for the web client, can be changed later by individual users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_default_theme }}", - "choices": "light\ndark", - "new_question": true, - "variable": "matrix_client_element_default_theme", - "type": "multiplechoice" - }, - { - "question_name": "Set Branding for Web Client", - "question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_client_element_brand | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_brand", - "type": "text" - }, - { - "question_name": "Set Welcome Page Background", - "question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_branding_welcomeBackgroundUrl", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo", - "question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo URL", - "question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo_link | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo_link", - "type": "text" - }, - { - "question_name": "Set Welcome Page Headline", - "question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'", - "required": false, - "min": 0, - "max": 512, - "default": "{{ awx_matrix_client_element_welcome_headline | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_headline", - "type": "text" - }, - { - "question_name": "Set Welcome Page Text", - "question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_matrix_client_element_welcome_text | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_text", - "type": "text" - }, - { - "question_name": "Show Registration Button", - "question_description": "If you show the registration button on the welcome page.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_registration_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_registration_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 b/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 deleted file mode 100644 index 8e6aaf28..00000000 --- a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Element Subdomain", - "description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)", - "spec": [ - { - "question_name": "Set Element Subdomain", - "question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_element_subdomain }}", - "choices": "", - "new_question": true, - "variable": "awx_element_subdomain", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_email_relay.json.j2 b/roles/matrix-awx/surveys/configure_email_relay.json.j2 deleted file mode 100644 index 65c21a94..00000000 --- a/roles/matrix-awx/surveys/configure_email_relay.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "Configure Email Relay", - "description": "Enable MailGun relay to increase verification email reliability.", - "spec": [ - { - "question_name": "Enable Email Relay", - "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_mailer_relay_use | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_mailer_relay_use", - "type": "multiplechoice" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_jitsi.json.j2 b/roles/matrix-awx/surveys/configure_jitsi.json.j2 deleted file mode 100755 index 9cb3044d..00000000 --- a/roles/matrix-awx/surveys/configure_jitsi.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "Configure Jitsi", - "description": "Configure Jitsi conferencing settings.", - "spec": [ - { - "question_name": "Enable Jitsi", - "question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_jitsi_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_jitsi_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Default Language", - "question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes", - "required": false, - "min": 0, - "max": 2, - "default": "{{ matrix_jitsi_web_config_defaultLanguage }}", - "choices": "", - "new_question": true, - "variable": "matrix_jitsi_web_config_defaultLanguage", - "type": "text" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 deleted file mode 100644 index 055e817c..00000000 --- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 +++ /dev/null @@ -1,41 +0,0 @@ -{ - "name": "Configure ma1sd", - "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.", - "spec": [ - { - "question_name": "Enable ma1sd", - "question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_ma1sd_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_ma1sd_enabled", - "type": "multiplechoice" - }, - { - "question_name": "ma1sd Authentication Mode", - "question_description": "Set the source of user account authentication credentials with the ma1sd.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_matrix_ma1sd_auth_store }}", - "choices": "Synapse Internal\nLDAP/AD", - "new_question": true, - "variable": "awx_matrix_ma1sd_auth_store", - "type": "multiplechoice" - }, - { - "question_name": "LDAP/AD Configuration", - "question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }}, - "new_question": true, - "variable": "awx_matrix_ma1sd_configuration_extension_yaml", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 deleted file mode 100644 index 5e1d78f4..00000000 --- a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "name": "Configure Mjolnir", - "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.", - "spec": [ - { - "question_name": "Enable Mjolnir", - "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_bot_mjolnir_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Mjolnir Management Room", - "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_bot_mjolnir_management_room }}", - "new_question": true, - "variable": "matrix_bot_mjolnir_management_room", - "type": "text" - } - ] -} \ No newline at end of file diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 deleted file mode 100755 index 7a4e711d..00000000 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ /dev/null @@ -1,198 +0,0 @@ -{ - "name": "Configure Synapse", - "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.", - "spec": [ - { - "question_name": "Enable Public Registration", - "question_description": "Controls whether people with access to the homeserver can register by themselves.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_registration | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_registration", - "type": "multiplechoice" - }, - { - "question_name": "Enable Federation", - "question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_federation_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_federation_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Allow Public Rooms Over Federation", - "question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_public_rooms_over_federation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Community Creation", - "question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_group_creation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_group_creation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Synapse Presence", - "question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_presence_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_presence_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable URL Previews", - "question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_url_preview_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable Guest Access", - "question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_guest_access | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_guest_access", - "type": "multiplechoice" - }, - { - "question_name": "Registration Requires Email", - "question_description": "Controls whether an email address is required to register on the server.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_registrations_require_3pid | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_registrations_require_3pid", - "type": "multiplechoice" - }, - { - "question_name": "Registration Shared Secret", - "question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_matrix_synapse_registration_shared_secret", - "type": "password" - }, - { - "question_name": "Synapse Max Upload Size", - "question_description": "Sets the maximum size for uploaded files in MB.", - "required": false, - "min": 0, - "max": 3, - "default": "{{ matrix_synapse_max_upload_size_mb }}", - "choices": "", - "new_question": true, - "variable": "awx_synapse_max_upload_size_mb", - "type": "text" - }, - { - "question_name": "URL Preview Languages", - "question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_url_preview_accept_language_default | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_url_preview_accept_language", - "type": "textarea" - }, - { - "question_name": "Federation Whitelist", - "question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_federation_whitelist | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_federation_whitelist", - "type": "textarea" - }, - { - "question_name": "Synapse Auto-Join Rooms", - "question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_synapse_auto_join_rooms | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_synapse_auto_join_rooms", - "type": "textarea" - }, - { - "question_name": "Enable ReCaptcha on Registration", - "question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_enable_registration_captcha | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_enable_registration_captcha", - "type": "multiplechoice" - }, - { - "question_name": "Recaptcha Public Key", - "question_description": "Sets the Google ReCaptcha public key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_public_key", - "type": "text" - }, - { - "question_name": "Recaptcha Private Key", - "question_description": "Sets the Google ReCaptcha private key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_private_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_private_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 deleted file mode 100644 index 8845b83a..00000000 --- a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Synapse Admin", - "description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.", - "spec": [ - { - "question_name": "Enable Synapse Admin", - "question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_admin_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_admin_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 b/roles/matrix-awx/surveys/configure_website_access_export.json.j2 deleted file mode 100755 index d35fb839..00000000 --- a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Configure Website Access Backup", - "description": "Configure base domain website settings and access the services backup.", - "spec": [ - { - "question_name": "Customise Base Domain Website", - "question_description": "Set if you want to adjust the base domain website using SFTP.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_customise_base_domain_website | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_customise_base_domain_website", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml deleted file mode 100644 index 553eb1b9..00000000 --- a/roles/matrix-awx/tasks/backup_server.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- - -- name: Record Backup Server variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# AWX Settings Start' - with_dict: - 'awx_backup_enabled': '{{ awx_backup_enabled }}' - tags: use-survey - -- name: Save new 'Backup Server' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/backup_server.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - tags: use-survey - -- name: Copy new 'Backup Server' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - dest: '/matrix/awx/backup_server.json' - mode: '0660' - tags: use-survey - -- name: Recreate 'Backup Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Backup Server" - description: "Performs a backup of the entire service to a remote location." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "backup-server,use-survey" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - tags: use-survey - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - tags: use-survey - -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - borgmatic -c /root/.config/borgmatic/config_1.yaml - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - register: _create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - when: awx_backup_enabled|bool - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: _jobs - until: _jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ _create_instances.results }}" - when: awx_backup_enabled|bool - -- name: Perform borg backup of postgres dump - command: borgmatic -c /root/.config/borgmatic/config_2.yaml - when: awx_backup_enabled|bool - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/bridge_discord_appservice.yml b/roles/matrix-awx/tasks/bridge_discord_appservice.yml deleted file mode 100644 index 3c124db3..00000000 --- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- - -- name: Record Bridge Discord AppService variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Bridge Discord AppService Start' - with_dict: - 'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}' - 'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}' - 'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}' - -- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list - set_fact: - awx_appservice_discord_admin_rooms_array: |- - {{ awx_appservice_discord_admin_rooms.splitlines() | to_json }} - when: awx_appservice_discord_admin_rooms | trim | length > 0 - -- name: Promote user to administer (PL100) of each room - command: | - docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100' - with_indexed_items: - - "{{ awx_appservice_discord_admin_rooms_array }}" - when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined ) - -- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json' - -- name: Copy new 'Bridge Discord Appservice' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json' - dest: '/matrix/awx/bridge_discord_appservice.json' - mode: '0660' - -- name: Recreate 'Bridge Discord Appservice' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 3 - Bridge Discord AppService" - description: "Enables a private bridge you can use to connect Matrix rooms to Discord." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,bridge-discord-appservice" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml deleted file mode 100644 index ca41880a..00000000 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Collect current datetime - set_fact: - awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" - -- name: Create cached matrix_vars.yml file location - set_fact: - awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' - -- name: Create cached matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml deleted file mode 100644 index 7d984b3d..00000000 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Create a AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: present - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_master_token }}" - register: awx_session_token - no_log: true diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml deleted file mode 100755 index 7d203ed0..00000000 --- a/roles/matrix-awx/tasks/create_user.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# -# Create user and define if they are admin -# -# /usr/local/bin/matrix-synapse-register-user -# - -- name: Set admin bool to zero - set_fact: - awx_admin_bool: 0 - when: awx_admin_access == 'false' - -- name: Examine if server admin set - set_fact: - awx_admin_bool: 1 - when: awx_admin_access == 'true' - -- name: Create user account - command: | - /usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }} - register: awx_cmd_output - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: Result - debug: msg="{{ awx_cmd_output.stdout }}" - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml deleted file mode 100755 index 80d6d795..00000000 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ /dev/null @@ -1,267 +0,0 @@ ---- - -- name: Enable index.html creation if user doesn't wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' - when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool - -- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' - when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"' - 'awx_sftp_password': '"{{ awx_sftp_password }}"' - 'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"' - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}' - when: awx_customise_base_domain_website is defined - -- name: Reload vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - when: awx_customise_base_domain_website is defined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is defined - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - when: awx_customise_base_domain_website is undefined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is undefined - -- name: Recreate 'Configure Website + Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" - description: "Configure base domain website settings and access the servers export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: awx_customise_base_domain_website is defined - -- name: Recreate 'Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Access Export" - description: "Access the services export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: awx_customise_base_domain_website is undefined - -- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: '*' - update_password: always - when: awx_sftp_password|length == 0 - -- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: "{{ awx_sftp_password | password_hash('sha512') }}" - update_password: always - when: awx_sftp_password|length > 0 - -- name: Ensure group "sftp" exists - group: - name: sftp - state: present - -- name: adding existing user 'sftp' to group matrix - user: - name: sftp - groups: sftp - append: true - when: awx_customise_base_domain_website is defined - -- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) - file: - path: /chroot - state: directory - owner: root - group: root - mode: '1755' - -- name: Ensure /chroot/website location exists. - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Ensure /chroot/export location exists - file: - path: /chroot/export - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/.ssh location exists - file: - path: /home/sftp/.ssh - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/authorized_keys exists - file: - path: /home/sftp/.ssh/authorized_keys - state: touch - owner: sftp - group: sftp - mode: '0644' - -- name: Clear authorized_keys file - shell: echo "" > /home/sftp/.ssh/authorized_keys - -- name: Insert public SSH key into authorized_keys file - lineinfile: - path: /home/sftp/.ssh/authorized_keys - line: "{{ awx_sftp_public_key }}" - owner: sftp - group: sftp - mode: '0644' - when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - -- name: Remove any existing Subsystem lines - lineinfile: - path: /etc/ssh/sshd_config - state: absent - regexp: '^Subsystem' - -- name: Set SSH Subsystem State - lineinfile: - path: /etc/ssh/sshd_config - insertafter: "^# override default of no subsystems" - line: "Subsystem sftp internal-sftp" - -- name: Add SSH Match User section for disabled auth - blockinfile: - path: /etc/ssh/sshd_config - state: absent - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "Disabled" - -- name: Add SSH Match User section for password auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - when: awx_sftp_auth_method == "Password" - -- name: Add SSH Match User section for publickey auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "SSH Key" - -- name: Restart service ssh.service - service: - name: ssh.service - state: restarted diff --git a/roles/matrix-awx/tasks/delete_session_token.yml b/roles/matrix-awx/tasks/delete_session_token.yml deleted file mode 100644 index a6a52e48..00000000 --- a/roles/matrix-awx/tasks/delete_session_token.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml deleted file mode 100644 index a2b97e79..00000000 --- a/roles/matrix-awx/tasks/export_server.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 - register: awx_create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: awx_jobs - until: awx_jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ awx_create_instances.results }}" - -- name: Schedule deletion of the export in 24 hours - at: - command: rm /chroot/export/matrix* - count: 1 - units: days - unique: true - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml deleted file mode 100644 index b2154c7a..00000000 --- a/roles/matrix-awx/tasks/import_awx.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Ensure correct ownership of /matrix/awx - shell: chown -R matrix:matrix /matrix/awx - -- name: Ensure correct ownership of /matrix/synapse - shell: chown -R matrix:matrix /matrix/synapse diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml deleted file mode 100644 index 6e8bb899..00000000 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include vars in organisation.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: true - -- name: Include vars in hosting_vars.yml - include_vars: - file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: true - -- name: Include AWX master token from awx_tokens.yml - include_vars: - file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: true diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml deleted file mode 100755 index 7a76f34b..00000000 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include new vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: If include_vars succeeds overwrite the old matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml deleted file mode 100755 index 93128713..00000000 --- a/roles/matrix-awx/tasks/main.yml +++ /dev/null @@ -1,234 +0,0 @@ ---- -# Load initial hosting and organisation variables from AWX volume -- include_tasks: - file: "load_hosting_and_org_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Renames or updates the vars.yml if needed -- include_tasks: - file: "update_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Create AWX session token -- include_tasks: - file: "create_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Perform a backup of the server -- include_tasks: - file: "backup_server.yml" - apply: - tags: backup-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - backup-server - -# Perform a export of the server -- include_tasks: - file: "export_server.yml" - apply: - tags: export-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - export-server - -# Create a user account if called -- include_tasks: - file: "create_user.yml" - apply: - tags: create-user - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - create-user - -# Purge local/remote media if called -- include_tasks: - file: "purge_media_main.yml" - apply: - tags: purge-media - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-media - -# Purge Synapse database if called -- include_tasks: - file: "purge_database_main.yml" - apply: - tags: purge-database - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-database - -# Rotate SSH key if called -- include_tasks: - file: "rotate_ssh.yml" - apply: - tags: rotate-ssh - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - rotate-ssh - -# Import configs, media repo from /chroot/backup import -- include_tasks: - file: "import_awx.yml" - apply: - tags: import-awx - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - import-awx - -# Perform extra self-check functions -- include_tasks: - file: "self_check.yml" - apply: - tags: self-check - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - self-check - -# Create cached matrix_vars.yml file -- include_tasks: - file: "cache_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Configure SFTP so user can upload a static website or access the servers export -- include_tasks: - file: "customise_website_access_export.yml" - apply: - tags: setup-nginx-proxy - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-nginx-proxy - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element.yml" - apply: - tags: setup-client-element - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element - -# Additional playbook to set the variable file during Mailer configuration -- include_tasks: - file: "set_variables_mailer.yml" - apply: - tags: setup-mailer - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-mailer - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element_subdomain.yml" - apply: - tags: setup-client-element-subdomain - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element-subdomain - -# Additional playbook to set the variable file during Synapse configuration -- include_tasks: - file: "set_variables_synapse.yml" - apply: - tags: setup-synapse - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse - -# Additional playbook to set the variable file during Jitsi configuration -- include_tasks: - file: "set_variables_jitsi.yml" - apply: - tags: setup-jitsi - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-jitsi - -# Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: - file: "set_variables_ma1sd.yml" - apply: - tags: setup-ma1sd - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-ma1sd - -# Additional playbook to set the variable file during Mjolnir Bot configuration -- include_tasks: - file: "set_variables_mjolnir.yml" - apply: - tags: setup-bot-mjolnir - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-bot-mjolnir - -# Additional playbook to set the variable file during Corporal configuration -- include_tasks: - file: "set_variables_corporal.yml" - apply: - tags: setup-corporal - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-corporal - -# Additional playbook to set the variable file during Dimension configuration -- include_tasks: - file: "set_variables_dimension.yml" - apply: - tags: setup-dimension - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-dimension - -# Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: - file: "set_variables_synapse_admin.yml" - apply: - tags: setup-synapse-admin - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse-admin - -# Additional playbook to set the variable file during Discord Appservice Bridge configuration -- include_tasks: - file: "bridge_discord_appservice.yml" - apply: - tags: bridge-discord-appservice - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - bridge-discord-appservice - -# Delete AWX session token -- include_tasks: - file: "delete_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Load newly formed matrix variables from AWX volume -- include_tasks: - file: "load_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always diff --git a/roles/matrix-awx/tasks/purge_database_events.yml b/roles/matrix-awx/tasks/purge_database_events.yml deleted file mode 100644 index 586bc17c..00000000 --- a/roles/matrix-awx/tasks/purge_database_events.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N events - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml deleted file mode 100644 index 9882f195..00000000 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ /dev/null @@ -1,320 +0,0 @@ ---- - -- name: Ensure dateutils and curl is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect before shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_before_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: true - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_synapse_container_ip - -- name: Collect access token for @admin-janitor user - shell: | - curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_janitors_token - no_log: true - -- name: Copy build_room_list.py script to target machine - copy: - src: ./roles/matrix-awx/scripts/matrix_build_room_list.py - dest: /usr/local/bin/matrix_build_room_list.py - owner: matrix - group: matrix - mode: '0755' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Run build_room_list.py script - shell: | - runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }} - register: awx_rooms_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Fetch complete room list from target machine - fetch: - src: /tmp/room_list_complete.json - dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Remove complete room list from target machine - file: - path: /tmp/room_list_complete.json - state: absent - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Generate list of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Count number of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }' - register: awx_rooms_no_local_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Setting host fact awx_room_list_no_local_users - set_fact: - awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Purge all rooms with no local users - include_tasks: purge_database_no_local.yml - loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Collect epoche time from date - delegate_to: 127.0.0.1 - shell: | - date -d '{{ awx_purge_date }}' +"%s" - when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_purge_epoche_time - -- name: Generate list of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Count number of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }' - register: awx_rooms_join_members_total - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Setting host fact awx_room_list_joined_members - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: true - -- name: Purge all rooms with more then N users - include_tasks: purge_database_users.yml - loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Generate list of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Count number of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }' - register: awx_rooms_state_events_total - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Setting host fact awx_room_list_state_events - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: true - -- name: Purge all rooms with more then N events - include_tasks: purge_database_events.yml - loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "rust-synapse-compress-state" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Execute rust-synapse-compress-state job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: true - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Ensure matrix-synapse is stopped - service: - name: matrix-synapse - state: stopped - daemon_reload: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Re-index Synapse database - shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse' - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Ensure matrix-synapse is started - service: - name: matrix-synapse - state: started - daemon_reload: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "run-postgres-vacuum,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Execute run-postgres-vacuum job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: true - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Cleanup room_list files - delegate_to: 127.0.0.1 - shell: | - rm /tmp/{{ subscription_id }}_room_list* - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: true - -- name: Collect after shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_after_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: true - -- name: Print total number of rooms processed - debug: - msg: '{{ awx_rooms_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with no local users - debug: - msg: '{{ awx_rooms_no_local_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with more then N users - debug: - msg: '{{ awx_rooms_join_members_total.stdout }}' - when: awx_purge_mode.find("Number of users") != -1 - -- name: Print the number of rooms purged with more then N events - debug: - msg: '{{ awx_rooms_state_events_total.stdout }}' - when: awx_purge_mode.find("Number of events") != -1 - -- name: Print before purge size of Synapse database - debug: - msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}" - when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 ) - -- name: Print after purge size of Synapse database - debug: - msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}" - when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_database_no_local.yml b/roles/matrix-awx/tasks/purge_database_no_local.yml deleted file mode 100644 index e464f56d..00000000 --- a/roles/matrix-awx/tasks/purge_database_no_local.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with no local users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_users.yml b/roles/matrix-awx/tasks/purge_database_users.yml deleted file mode 100644 index d315a9ef..00000000 --- a/roles/matrix-awx/tasks/purge_database_users.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml deleted file mode 100644 index 7ef79eca..00000000 --- a/roles/matrix-awx/tasks/purge_media_local.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge local media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml deleted file mode 100644 index bd7e7d1c..00000000 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- - -- name: Ensure dateutils is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - register: awx_synapse_container_ip - -- name: Collect access token for @admin-janitor user - shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' - register: awx_janitors_token - no_log: true - -- name: Generate list of dates to purge to - delegate_to: 127.0.0.1 - shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}" - register: awx_purge_dates - -- name: Calculate initial size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_before - when: awx_purge_media_type == "Local Media" - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate initial size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_before - when: awx_purge_media_type == "Remote Media" - async: 600 - ignore_errors: true - no_log: true - -- name: Purge local media with loop - include_tasks: purge_media_local.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Local Media" - -- name: Purge remote media with loop - include_tasks: purge_media_remote.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Remote Media" - -- name: Calculate final size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_after - when: awx_purge_media_type == "Local Media" - ignore_errors: true - no_log: true - -- name: Calculate final size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_after - when: awx_purge_media_type == "Remote Media" - ignore_errors: true - no_log: true - -- name: Print size of local media repository before purge - debug: - msg: "{{ awx_local_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of local media repository after purge - debug: - msg: "{{ awx_local_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of remote media repository before purge - debug: - msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Print size of remote media repository after purge - debug: - msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml deleted file mode 100644 index 5bb71918..00000000 --- a/roles/matrix-awx/tasks/purge_media_remote.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge remote media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml deleted file mode 100644 index bd59cbc1..00000000 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Set the new authorized key taken from file - authorized_key: - user: root - state: present - exclusive: true - key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml deleted file mode 100644 index 68e833a4..00000000 --- a/roles/matrix-awx/tasks/self_check.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- - -- name: Install prerequisite apt packages on target - apt: - name: - - sysstat - - curl - state: present - -- name: Install prerequisite yum packages on AWX - delegate_to: 127.0.0.1 - yum: - name: - - bind-utils - state: present - -- name: Install prerequisite pip packages on AWX - delegate_to: 127.0.0.1 - pip: - name: - - dnspython - state: present - -- name: Calculate MAU value - shell: | - curl -s localhost:9000 | grep "^synapse_admin_mau_current " - register: awx_mau_stat - no_log: true - -- name: Calculate CPU usage statistics - shell: iostat -c - register: awx_cpu_usage_stat - no_log: true - -- name: Calculate RAM usage statistics - shell: free -mh - register: awx_ram_usage_stat - no_log: true - -- name: Calculate free disk space - shell: df -h - register: awx_disk_space_stat - no_log: true - -- name: Calculate size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_stat - no_log: true - -- name: Calculate size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_stat - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_stat - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate docker container statistics - shell: docker stats --all --no-stream - register: awx_docker_stats - ignore_errors: true - no_log: true - -- name: Print size of remote media repository - debug: - msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" - when: awx_remote_media_size_stat is defined - -- name: Print size of local media repository - debug: - msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" - when: awx_local_media_size_stat is defined - -- name: Print size of Synapse database - debug: - msg: "{{ awx_db_size_stat.stdout.split('\n') }}" - when: awx_db_size_stat is defined - -- name: Print free disk space - debug: - msg: "{{ awx_disk_space_stat.stdout.split('\n') }}" - when: awx_disk_space_stat is defined - -- name: Print RAM usage statistics - debug: - msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}" - when: awx_ram_usage_stat is defined - -- name: Print CPU usage statistics - debug: - msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}" - when: awx_cpu_usage_stat is defined - -- name: Print MAU value - debug: - msg: "{{ awx_mau_stat.stdout.split('\n') }}" - when: awx_mau_stat is defined - -- name: Print docker container statistics - debug: - msg: "{{ awx_docker_stats.stdout.split('\n') }}" - when: awx_docker_stats is defined diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml deleted file mode 100755 index 007ae59f..00000000 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ /dev/null @@ -1,243 +0,0 @@ ---- - -- name: Record Corporal Enabled/Disabled variable - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - -- name: Enable Shared Secret Auth if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Shared Secret Auth if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Enable Rest Auth Endpoint if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Rest Auth Endpoint if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Disable Corporal API if Simple Static File mode selected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'false' - when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) - -- name: Enable Corporal API if Push/Pull mode delected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'true' - when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) - -- name: Record Corporal API Access Token if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}' - when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" ) - -- name: Record 'Simple Static File' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: "# Corporal Policy Provider Settings End" - marker_begin: "Corporal" - marker_end: "Corporal" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "static_file", - "Path": "/etc/matrix-corporal/corporal-policy.json" - } - when: awx_corporal_policy_provider_mode == "Simple Static File" - -- name: Touch the /matrix/corporal/ directory - file: - path: "/matrix/corporal/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/config/ directory - file: - path: "/matrix/corporal/config/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/cache/ directory - file: - path: "/matrix/corporal/cache/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the corporal-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/corporal-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Touch the last-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/last-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Record 'Simple Static File' configuration content in corporal-policy.json - copy: - content: "{{ awx_corporal_simple_static_config | string }}" - dest: "/matrix/corporal/config/corporal-policy.json" - owner: matrix - group: matrix - mode: '660' - when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0) - -- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "http", - "Uri": "{{ awx_corporal_pull_mode_uri }}", - "AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}", - "CachePath": "/var/cache/matrix-corporal/last-policy.json", - "ReloadIntervalSeconds": 1800, - "TimeoutMilliseconds": 30000 - } - when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0) - -- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "last_seen_store_policy", - "CachePath": "/var/cache/matrix-corporal/last-policy.json" - } - when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)") - -- name: Lower RateLimit if set to 'Normal' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - when: awx_corporal_raise_ratelimits == "Normal" - -- name: Raise RateLimit if set to 'Raised' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - when: awx_corporal_raise_ratelimits == "Raised" - -- name: Save new 'Configure Corporal' survey.json to the AWX tower - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_corporal.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - -- name: Copy new 'Configure Corporal' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - dest: '/matrix/awx/configure_corporal.json' - mode: '0660' - -- debug: - msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}" - -- debug: - msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}" - -- debug: - msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}" - -- debug: - msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" - -- name: Recreate 'Configure Corporal (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" - description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-corporal" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml deleted file mode 100644 index 8d8f9c44..00000000 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Install jq and curl on remote machine - apt: - name: - - jq - - curl - state: present - -- name: Collect access token of @admin-dimension user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token' - register: awx_dimension_user_access_token - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Dimension Settings Start' - with_dict: - 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' - 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"' - -- name: Set final users list if users are defined - set_fact: - awx_dimension_users_final: "{{ awx_dimension_users }}" - when: awx_dimension_users | length > 0 - -- name: Set final users list if no users are defined - set_fact: - awx_dimension_users_final: '@dimension:{{ matrix_domain }}' - when: awx_dimension_users | length == 0 - -- name: Remove Dimension Users - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - .*\n' - after: 'matrix_dimension_admins:' - before: '# Dimension Settings End' - -- name: Set Dimension Users Header - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: '# Dimension Settings End' - line: "matrix_dimension_admins:" - -- name: Set Dimension Users - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_dimension_admins:' - line: ' - "{{ item }}"' - with_items: "{{ awx_dimension_users_final.splitlines() }}" - -- name: Record Dimension Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Dimension Settings End' - with_dict: - 'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}' - -- name: Save new 'Configure Dimension' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' - -- name: Copy new 'Configure Dimension' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' - mode: '0660' - -- name: Recreate 'Configure Dimension' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Dimension" - description: "Configure Dimension, the self-hosted integrations server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-dimension" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml deleted file mode 100755 index 4b2ce859..00000000 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ /dev/null @@ -1,180 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' - 'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}' - 'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}' - 'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}' - 'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}' - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}' - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}' - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}' - -- name: Record Element-Web custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertbefore: '# Element Settings End' - with_dict: - 'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}' - 'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}' - -- name: Set Element-Web custom branding locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_brand': "{{ matrix_client_element_brand }}" - when: matrix_client_element_brand | trim | length > 0 - -- name: Remove Element-Web custom branding locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_brand: " - state: absent - when: matrix_client_element_brand | trim | length == 0 - -- name: Set fact for 'https' string - set_fact: - awx_https_string: "https" - -- name: Set Element-Web custom logo locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}' - when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 ) - -- name: Remove Element-Web custom logo locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo: " - state: absent - when: matrix_client_element_welcome_logo | trim | length == 0 - -- name: Set Element-Web custom logo link locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}' - when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 ) - -- name: Remove Element-Web custom logo link locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo_link: " - state: absent - when: matrix_client_element_welcome_logo_link | trim | length == 0 - -- name: Set Element-Web custom headline locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}' - when: awx_matrix_client_element_welcome_headline | trim | length > 0 - -- name: Remove Element-Web custom headline locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_headline: " - state: absent - when: awx_matrix_client_element_welcome_headline | trim | length == 0 - -- name: Set Element-Web custom text locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}' - when: awx_matrix_client_element_welcome_text | trim | length > 0 - -- name: Remove Element-Web custom text locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_text: " - state: absent - when: awx_matrix_client_element_welcome_text | trim | length == 0 - -- name: Set Element-Web background locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0 - -- name: Remove Element-Web background locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: " - state: absent - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0 - -- name: Save new 'Configure Element' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - -- name: Copy new 'Configure Element' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - dest: '/matrix/awx/configure_element.json' - mode: '0660' - -- name: Recreate 'Configure Element' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element" - description: "Configure Element client via survey." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-client-element" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml deleted file mode 100644 index 1c78b9e0..00000000 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - -- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - -- name: Copy new 'Configure Element Subdomain' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - dest: '/matrix/awx/configure_element_subdomain.json' - mode: '0660' - -- name: Recreate 'Configure Element Subdomain' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" - description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-client-element-subdomain" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml deleted file mode 100755 index b12391bf..00000000 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Record Jitsi variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Jitsi Settings Start' - with_dict: - 'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' - 'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}' - -- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - -- name: Copy new 'Configure Jitsi' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' - mode: '0660' - -- name: Recreate 'Configure Jitsi' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Jitsi" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-jitsi" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml deleted file mode 100755 index d46d797f..00000000 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- - -- name: Record ma1sd variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# ma1sd Settings Start' - with_dict: - 'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' - -- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false' - when: awx_matrix_ma1sd_auth_store == 'Synapse Internal' - -- name: Enable REST auth if using external LDAP/AD with ma1sd - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' - 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"' - when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' - -- name: Remove entire ma1sd configuration extension - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^.*\n' - after: '# ma1sd Extension Start' - before: '# ma1sd Extension End' - -- name: Replace conjoined ma1sd configuration extension limiters - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^# ma1sd Extension Start# ma1sd Extension End' - replace: '# ma1sd Extension Start\n# ma1sd Extension End' - -- name: Insert/Update ma1sd configuration extension variables - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" - insertafter: '# ma1sd Extension Start' - block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}' - -- name: Record ma1sd Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# ma1sd Settings End' - with_dict: - 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' - 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: true - -- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - -- name: Copy new 'Configure ma1sd' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' - mode: '0660' - -- name: Recreate 'Configure ma1sd (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-ma1sd" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml deleted file mode 100644 index 6581223d..00000000 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Mailer variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Email Settings Start' - with_dict: - 'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' - -- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - -- name: Copy new 'Configure Email Relay' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - dest: '/matrix/awx/configure_email_relay.json' - mode: '0660' - -- name: Recreate 'Configure Email Relay' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Email Relay" - description: "Enable MailGun relay to increase verification email reliability." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-mailer" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mjolnir.yml b/roles/matrix-awx/tasks/set_variables_mjolnir.yml deleted file mode 100755 index 6e3bb153..00000000 --- a/roles/matrix-awx/tasks/set_variables_mjolnir.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Collect the internal IP of the matrix-synapse container - shell: | - /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse - register: matrix_synapse_ip - -- name: Collect access token of @admin-mjolnir user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token' - register: awx_mjolnir_user_access_token - no_log: true - -- name: Record Mjolnir Bot variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Mjolnir Settings Start' - with_dict: - 'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}' - 'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}' - 'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"' - no_log: true - -- name: Remove Synapse rate-limiting for admin-mjolnir user - shell: | - /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);" - ignore_errors: true - -- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' - -- name: Copy new 'Configure Mjolnir' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' - dest: '/matrix/awx/configure_mjolnir.json' - mode: '0660' - -- name: Recreate 'Configure Mjolnir Bot' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot" - description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-bot-mjolnir" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml deleted file mode 100755 index f749f03f..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ /dev/null @@ -1,223 +0,0 @@ ---- - -- name: Limit max upload size to 200MB part 1 - set_fact: - matrix_synapse_max_upload_size_mb: "200" - when: awx_synapse_max_upload_size_mb | int >= 200 - -- name: Limit max upload size to 200MB part 2 - set_fact: - matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}" - when: awx_synapse_max_upload_size_mb | int < 200 - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' - 'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' - 'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}' - 'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}' - 'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}' - 'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}' - 'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}' - 'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}' - -- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_synapse_auto_join_rooms: .*$" - replace: "matrix_synapse_auto_join_rooms: []" - when: awx_synapse_auto_join_rooms | length == 0 - -- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list - set_fact: - awx_synapse_auto_join_rooms_array: |- - {{ awx_synapse_auto_join_rooms.splitlines() | to_json }} - when: awx_synapse_auto_join_rooms | length > 0 - -- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - "matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}" - when: awx_synapse_auto_join_rooms | length > 0 - -- name: Record Synapse Shared Secret if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}' - when: awx_matrix_synapse_registration_shared_secret | length > 0 - -- name: Record registations_require_3pid extra variable if true - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - with_items: - - " registrations_require_3pid:" - - " - email" - when: awx_registrations_require_3pid | bool - -- name: Remove registrations_require_3pid extra variable if false - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - state: absent - with_items: - - " registrations_require_3pid:" - - " - email" - when: not awx_registrations_require_3pid | bool - -- name: Remove URL Languages - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n' - after: ' url_preview_accept_language:' - before: '# Synapse Extension End' - -- name: Set URL languages default if raw inputs empty - set_fact: - awx_url_preview_accept_language_default: 'en' - when: awx_url_preview_accept_language | length == 0 - -- name: Set URL languages default if raw inputs not empty - set_fact: - awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}" - when: awx_url_preview_accept_language|length > 0 - -- name: Set URL languages if raw inputs empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ awx_url_preview_accept_language_default }}" - when: awx_url_preview_accept_language|length == 0 - -- name: Set URL languages if raw inputs not empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ item }}" - with_items: "{{ awx_url_preview_accept_language.splitlines() }}" - when: awx_url_preview_accept_language | length > 0 - -- name: Remove Federation Whitelisting 1 - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n' - after: ' federation_domain_whitelist:' - before: '# Synapse Extension End' - -- name: Remove Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - line: " federation_domain_whitelist:" - state: absent - -- name: Set Federation Whitelisting 1 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_synapse_configuration_extension_yaml: \|' - line: " federation_domain_whitelist:" - when: awx_federation_whitelist | length > 0 - -- name: Set Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ federation_domain_whitelist:' - line: " - {{ item }}" - with_items: "{{ awx_federation_whitelist.splitlines() }}" - when: awx_federation_whitelist | length > 0 - -- name: Set awx_recaptcha_public_key to a 'public-key' if undefined - set_fact: awx_recaptcha_public_key="public-key" - when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0) - -- name: Set awx_recaptcha_private_key to a 'private-key' if undefined - set_fact: awx_recaptcha_private_key="private-key" - when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0) - -- name: Record Synapse Extension variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Extension End' - with_dict: - ' enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - ' recaptcha_public_key': '{{ awx_recaptcha_public_key }}' - ' recaptcha_private_key': '{{ awx_recaptcha_private_key }}' - -- name: Record Synapse Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Settings End' - with_dict: - 'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}' - 'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}' - 'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - 'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"' - 'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"' - -- name: Save new 'Configure Synapse' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json' - -- name: Copy new 'Configure Synapse' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' - mode: '0660' - -- name: Recreate 'Configure Synapse' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse" - description: "Configure Synapse (homeserver) settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-synapse" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml deleted file mode 100644 index 1e63fb71..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Synapse Admin variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Admin Settings Start' - with_dict: - 'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' - -- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - -- name: Copy new 'Configure Synapse Admin' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' - mode: '0660' - -- name: Recreate 'Configure Synapse Admin' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" - description: "Configure 'Synapse Admin', a moderation tool to help you manage your server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml deleted file mode 100644 index b281a8c5..00000000 --- a/roles/matrix-awx/tasks/update_variables.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -- name: Rename synapse presence variable - delegate_to: 127.0.0.1 - replace: - path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - regexp: 'matrix_synapse_use_presence' - replace: 'matrix_synapse_presence_enabled' - -- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml - delegate_to: 127.0.0.1 - register: presence - shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - no_log: true - -- name: Generate matrix_homeserver_generic_secret_key variable if not present - delegate_to: 127.0.0.1 - command: | - openssl rand -hex 16 - register: generic_secret - no_log: true - when: presence is not changed - -- name: Add new matrix_homeserver_generic_secret_key variable if not present - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}" - insertbefore: '# Basic Settings End' - mode: '0600' - state: present - when: presence is not changed diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml deleted file mode 100644 index ad0a0ee8..00000000 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - -- name: Create user account @admin-janitor - command: | - /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1 - register: cmd - when: not awx_janitor_user_created|bool - no_log: false - -- name: Update AWX janitor user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_janitor_user_created': 'true' - when: not awx_janitor_user_created|bool - -- name: Create user account @admin-dimension - command: | - /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0 - register: cmd - when: not awx_dimension_user_created|bool - no_log: false - -- name: Update AWX dimension user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_dimension_user_created': 'true' - when: not awx_dimension_user_created|bool - -- name: Create user account @admin-mjolnir - command: | - /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0 - register: cmd - when: not awx_mjolnir_user_created|bool - no_log: false - -- name: Update AWX dimension user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_mjolnir_user_created': 'true' - when: not awx_mjolnir_user_created|bool - -- name: Ensure /chroot/website location has correct permissions - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Collect Discord AppService bot invite link if file exists - command: - cat /matrix/appservice-discord/config/invite_link - register: awx_discord_appservice_link - when: awx_appservice_discord_admin_user is defined - args: - removes: /matrix/appservice-discord/config/invite_link - -- name: Print Discord AppService bot link for user - debug: - msg: "{{ awx_discord_appservice_link.stdout }}" - when: awx_discord_appservice_link.stdout is defined diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index 75dee15d..f3ccf3a5 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -14,11 +14,6 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/awx_post.yml" - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/setup.yml b/setup.yml index 197d313e..52079e32 100755 --- a/setup.yml +++ b/setup.yml @@ -7,7 +7,6 @@ - roles/matrix-synapse/vars/workers.yml roles: - - matrix-awx - matrix-base - matrix-dynamic-dns - matrix-mailer From 6925e26960246d54efa03d798b7363c12b01ac46 Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Sat, 9 Apr 2022 02:55:48 +0100 Subject: [PATCH 203/419] Dendrite 0.8.1 --- roles/matrix-dendrite/defaults/main.yml | 2 +- .../templates/dendrite/dendrite.yaml.j2 | 54 ++++++++++++++----- 2 files changed, 41 insertions(+), 15 deletions(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 99ceb1a0..7f2e629a 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.7.0" +matrix_dendrite_docker_image_tag: "v0.8.1" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 01bb72f7..308ee3f3 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -66,6 +66,13 @@ global: # to other servers and the federation API will not be exposed. disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }} + # Configures the handling of presence events. + presence: + # Whether inbound presence events are allowed, e.g. receiving presence events from other servers + enable_inbound: false + # Whether outbound presence events are allowed, e.g. sending presence events to other servers + enable_outbound: false + # Server notices allows server admins to send messages to all users. server_notices: enabled: false @@ -132,6 +139,11 @@ app_service_api: max_idle_conns: 2 conn_max_lifetime: -1 + # Disable the validation of TLS certificates of appservices. This is + # not recommended in production since it may allow appservice traffic + # to be sent to an unverified endpoint. + disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} + # Appservice configuration files to load into this homeserver. config_files: {{ matrix_dendrite_app_service_config_files|to_json }} @@ -201,12 +213,13 @@ federation_api: # enable this option in production as it presents a security risk! disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} + # Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml # Use the following proxy server for outbound federation traffic. - proxy_outbound: - enabled: false - protocol: http - host: localhost - port: 8080 + #proxy_outbound: + # enabled: false + # protocol: http + # host: localhost + # port: 8080 # Perspective keyservers to use as a backup when direct key fetches fail. This may # be required to satisfy key requests for servers that are no longer online when @@ -319,6 +332,13 @@ sync_api: # Configuration for the User API. user_api: + # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 + # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. + # Setting this lower makes registration/login consume less CPU resources at the cost of security + # should the database be compromised. Setting this higher makes registration/login consume more + # CPU resources but makes it harder to brute force password hashes. + # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds) + # bcrypt_cost: 10 internal_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 @@ -327,17 +347,23 @@ user_api: max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 + # The length of time that a token issued for a relying party from + # /_matrix/client/r0/user/{userId}/openid/request_token endpoint + # is considered to be valid in milliseconds. + # The default lifetime is 3600000ms (60 minutes). + # openid_token_lifetime_ms: 3600000 +# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml (DB is created just in case) # Configuration for the Push Server API. -push_server: - internal_api: - listen: http://localhost:7782 - connect: http://localhost:7782 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 +#push_server: +# internal_api: +# listen: http://localhost:7782 +# connect: http://localhost:7782 +# database: +# connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable +# max_open_conns: 10 +# max_idle_conns: 2 +# conn_max_lifetime: -1 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on From b982733a8a518e5db82182e6851993e9c7332709 Mon Sep 17 00:00:00 2001 From: Yan Minagawa Date: Sat, 9 Apr 2022 19:41:48 +0700 Subject: [PATCH 204/419] fix typo in document path for the proxy --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 4b1810ea..de1a3146 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -11,7 +11,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image. matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data" matrix_nginx_proxy_data_path_in_container: "/nginx-data" -matrix_nginx_proxy_data_path_extension: "/matrix_domain" +matrix_nginx_proxy_data_path_extension: "/matrix-domain" matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d" # List of systemd services that matrix-nginx-proxy.service depends on From 515792790ae0b6dd821a786c49518496f94c4bdc Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Sat, 9 Apr 2022 21:41:35 +0100 Subject: [PATCH 205/419] uncomment push_server config --- .../templates/dendrite/dendrite.yaml.j2 | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 308ee3f3..fcede405 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -353,17 +353,17 @@ user_api: # The default lifetime is 3600000ms (60 minutes). # openid_token_lifetime_ms: 3600000 -# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml (DB is created just in case) +# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml # Configuration for the Push Server API. -#push_server: -# internal_api: -# listen: http://localhost:7782 -# connect: http://localhost:7782 -# database: -# connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable -# max_open_conns: 10 -# max_idle_conns: 2 -# conn_max_lifetime: -1 +push_server: + internal_api: + listen: http://localhost:7782 + connect: http://localhost:7782 + database: + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable + max_open_conns: 10 + max_idle_conns: 2 + conn_max_lifetime: -1 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on From 29847627f1aee22c4810699d92a61d1f4b63aea8 Mon Sep 17 00:00:00 2001 From: heftyzauk <80178101+heftyzauk@users.noreply.github.com> Date: Sun, 10 Apr 2022 21:51:03 +0100 Subject: [PATCH 206/419] Multi-IP coturn Add support for multiple external turn IP addresses, this allows for better comptability with dualstack ipv4/ipv6 hosts, and is supported as per the documentation (point 6 here: https://matrix-org.github.io/synapse/latest/turn-howto.html#configuration) --- group_vars/matrix_servers | 2 +- roles/matrix-coturn/defaults/main.yml | 2 +- roles/matrix-coturn/templates/turnserver.conf.j2 | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a1cadd12..92df1bd4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1144,7 +1144,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" -matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" +matrix_coturn_turn_external_ip_address: ["{{ ansible_host }}"] matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index f1274657..c4743089 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -64,7 +64,7 @@ matrix_coturn_turn_udp_max_port: 49172 matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. -matrix_coturn_turn_external_ip_address: '' +matrix_coturn_turn_external_ip_address: [] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index ba662587..dfa9f4cc 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,9 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -external-ip={{ matrix_coturn_turn_external_ip_address }} +{% for ip in matrix_coturn_turn_external_ip_address %} +external-ip={{ ip }} +{% endfor %} log-file=stdout pidfile=/var/tmp/turnserver.pid From 0364c6c6341ba69f9fa0bd5d94b6339c27ab9b35 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 Apr 2022 09:05:33 +0300 Subject: [PATCH 207/419] Suppress old container cleanup (kill/rm) failures People often report and ask about these "failures". More-so previously, when the `docker kill/rm` output was collected, but it still happens now when people do `systemctl status matrix-something` and notice that it says "FAILURE". Suppressing to avoid further time being wasted on saying "this is expected". --- .../templates/systemd/matrix-backup-borg.service.j2 | 8 ++++---- .../templates/systemd/matrix-bot-go-neb.service.j2 | 8 ++++---- .../templates/systemd/matrix-bot-honoroit.service.j2 | 8 ++++---- .../systemd/matrix-bot-matrix-reminder-bot.service.j2 | 8 ++++---- .../templates/systemd/matrix-bot-mjolnir.service.j2 | 8 ++++---- .../systemd/matrix-appservice-discord.service.j2 | 8 ++++---- .../templates/systemd/matrix-appservice-irc.service.j2 | 8 ++++---- .../templates/systemd/matrix-appservice-slack.service.j2 | 8 ++++---- .../systemd/matrix-appservice-webhooks.service.j2 | 8 ++++---- .../templates/systemd/matrix-beeper-linkedin.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-facebook.service.j2 | 8 ++++---- .../systemd/matrix-mautrix-googlechat.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-instagram.service.j2 | 8 ++++---- .../systemd/matrix-mautrix-signal-daemon.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-signal.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-telegram.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-twitter.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-whatsapp.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-groupme.service.j2 | 8 ++++---- .../systemd/matrix-mx-puppet-instagram.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-skype.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-slack.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-steam.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-twitter.service.j2 | 8 ++++---- .../templates/systemd/matrix-client-cinny.service.j2 | 8 ++++---- .../templates/systemd/matrix-client-element.service.j2 | 8 ++++---- .../templates/systemd/matrix-client-hydrogen.service.j2 | 8 ++++---- .../templates/systemd/matrix-corporal.service.j2 | 8 ++++---- .../templates/systemd/matrix-coturn.service.j2 | 8 ++++---- .../templates/dendrite/systemd/matrix-dendrite.service.j2 | 8 ++++---- .../templates/systemd/matrix-dimension.service.j2 | 8 ++++---- .../templates/systemd/matrix-dynamic-dns.service.j2 | 8 ++++---- .../templates/systemd/matrix-email2matrix.service.j2 | 8 ++++---- .../templates/systemd/matrix-grafana.service.j2 | 8 ++++---- .../templates/jicofo/matrix-jitsi-jicofo.service.j2 | 8 ++++---- .../templates/jvb/matrix-jitsi-jvb.service.j2 | 8 ++++---- .../templates/prosody/matrix-jitsi-prosody.service.j2 | 8 ++++---- .../templates/web/matrix-jitsi-web.service.j2 | 8 ++++---- .../templates/systemd/matrix-ma1sd.service.j2 | 8 ++++---- .../templates/systemd/matrix-mailer.service.j2 | 8 ++++---- .../templates/systemd/matrix-nginx-proxy.service.j2 | 8 ++++---- .../templates/systemd/matrix-postgres-backup.service.j2 | 4 ++-- .../templates/systemd/matrix-postgres.service.j2 | 8 ++++---- .../systemd/matrix-prometheus-node-exporter.service.j2 | 8 ++++---- .../matrix-prometheus-postgres-exporter.service.j2 | 8 ++++---- .../templates/systemd/matrix-prometheus.service.j2 | 8 ++++---- .../templates/systemd/matrix-registration.service.j2 | 8 ++++---- .../templates/systemd/matrix-sygnal.service.j2 | 8 ++++---- .../templates/systemd/matrix-synapse-admin.service.j2 | 8 ++++---- .../templates/synapse/systemd/matrix-synapse.service.j2 | 8 ++++---- 52 files changed, 204 insertions(+), 204 deletions(-) diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 index 977673ee..76217250 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=oneshot Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ @@ -50,8 +50,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ {% endfor %} {{ matrix_backup_borg_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' SyslogIdentifier=matrix-backup-borg [Install] diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index eabf1137..83eb3c7d 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ --log-driver=none \ @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index a2ba1a98..2bb14109 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index b1fe3c32..a9cf8bb8 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 0b018f25..7ea6be37 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 84dee801..0a527c0c 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 8650bd8d..4bbda18e 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 21ba27ef..017f352f 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index f27111b3..556467b4 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 4498b4f0..37b4f67d 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 2899dd0d..2103dd05 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index c56473be..930b58c2 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 60f0e055..10402a51 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 33a5bab3..d2a6aece 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 6f128da3..0ee05d7d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -15,8 +15,8 @@ Wants={{ service }} Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index a65895ed..d1ef85f3 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -14,8 +14,8 @@ Wants={{ service }} [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 459a0fec..8b21ee2b 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 73bdbc86..0ce9a123 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 4a492492..ae44d342 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 6ffb87cd..7a4c4a38 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index dabafd18..afb46ecb 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 965bb41c..262518fc 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index 9a7986e4..ec06485a 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 973771b3..118d0369 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index 0772872b..f1079e3f 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 7e1b1c32..5d7cfca6 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index f4ebd6a0..3f15ac19 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ --log-driver=none \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index fe2a3a86..8d3dec57 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \ --log-driver=none \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index c85aeb97..0196d35b 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 262e2e77..d5661b5a 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ --log-driver=none \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index a39030af..54bd015e 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ --log-driver=none \ @@ -43,8 +43,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index e1c42cbc..0457917a 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' {% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %} # Dendrite is too quick to start in relation to its matrix-postgres dependency. @@ -54,8 +54,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index e27a5558..e514a74a 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' # Fixup database ownership if it got changed somehow (during a server migration, etc.) {% if matrix_dimension_database_engine == 'sqlite' %} @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index dfdd2f72..6f2ff101 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ --log-driver=none \ --network={{ matrix_docker_network }} \ @@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dynamic-dns diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index c9226768..47c15117 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ --log-driver=none \ @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index a4f81e35..e0f58076 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index 6ecafaa0..694fdc7f 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ --log-driver=none \ @@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 2785795d..f0b141fc 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ --log-driver=none \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 5a4a81e5..0c3a3932 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ --log-driver=none \ @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index 35bfca67..8f29bfa8 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 8e5cc6dd..427f6c9f 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index bf5a2e42..83cd298e 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' # --hostname gives us a friendlier hostname than the default. # The real hostname is passed via a `HOSTNAME` environment variable though. @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 1143efd4..172a83bc 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --log-driver=none \ @@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 index 97c9ae7f..4ecf3745 100644 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -9,7 +9,7 @@ DefaultDependencies=no Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ --log-driver=none \ @@ -22,7 +22,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backu {{ matrix_postgres_backup_docker_image_to_use }} ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres-backup diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index d62a689a..b30c5ef2 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' # We need /dev/shm to be larger than the default to allow VACUUM to work. # See: @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index 210a0d97..e38b42e3 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index 993ebac4..ff8c2ce4 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index ad75d664..8de57201 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 index e73e3e5f..8acbd3a5 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 019ab40c..ae7e889d 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 4823d89c..6ed9eaae 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index e69ffa61..2b59748f 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -21,8 +21,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. # Mounting can happen later too, but if we start writing, @@ -63,8 +63,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 From 268b079374a74b418a87f6fd05ea90d56511cab9 Mon Sep 17 00:00:00 2001 From: heftyzauk <80178101+heftyzauk@users.noreply.github.com> Date: Mon, 11 Apr 2022 11:50:41 +0100 Subject: [PATCH 208/419] Revert Coturn Address Change, add new Addresses var (#2) --- group_vars/matrix_servers | 3 ++- roles/matrix-coturn/defaults/main.yml | 3 ++- roles/matrix-coturn/templates/turnserver.conf.j2 | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 92df1bd4..49f1f091 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1144,7 +1144,8 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" -matrix_coturn_turn_external_ip_address: ["{{ ansible_host }}"] +matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" +matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index c4743089..39790bac 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -64,7 +64,8 @@ matrix_coturn_turn_udp_max_port: 49172 matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. -matrix_coturn_turn_external_ip_address: [] +matrix_coturn_turn_external_ip_address: '' +matrix_coturn_turn_external_ip_addresses: [] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index dfa9f4cc..2b1ee4f6 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -{% for ip in matrix_coturn_turn_external_ip_address %} +{% for ip in matrix_coturn_turn_external_ip_addresses %} external-ip={{ ip }} {% endfor %} From 03d2dcc996d6c197819348fc844a9b0fe07bac7b Mon Sep 17 00:00:00 2001 From: Hefty Zauk Date: Mon, 11 Apr 2022 11:20:09 +0000 Subject: [PATCH 209/419] Move into coturn defaults --- group_vars/matrix_servers | 1 - roles/matrix-coturn/defaults/main.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 49f1f091..a1cadd12 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1145,7 +1145,6 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" -matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 39790bac..df9e53fe 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -65,7 +65,7 @@ matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. matrix_coturn_turn_external_ip_address: '' -matrix_coturn_turn_external_ip_addresses: [] +matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] From f4ba995d9b85b527205bcb32c266f5e98f4ef9d3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 Apr 2022 15:38:35 +0300 Subject: [PATCH 210/419] Fix validation and prevent empty "external-ip=" lines in Coturn config We no longer validate that there's an IP address defined. Seems like Coturn can start without one as well, so there's no need to require it. If people populate `matrix_coturn_turn_external_ip_addresses` directly to specify multiple addresses, they can leave `matrix_coturn_turn_external_ip_address` empty. We use the "select not equal to empty string" thing in the for loop to avoid `matrix_coturn_turn_external_ip_address` leading to `matrix_coturn_turn_external_ip_addresses: ['']` leading to `external-ip=` in the Coturn configuration. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1741 --- roles/matrix-coturn/defaults/main.yml | 2 +- roles/matrix-coturn/tasks/validate_config.yml | 1 - roles/matrix-coturn/templates/turnserver.conf.j2 | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index df9e53fe..8ea7d3a5 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -65,7 +65,7 @@ matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. matrix_coturn_turn_external_ip_address: '' -matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] +matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/tasks/validate_config.yml b/roles/matrix-coturn/tasks/validate_config.yml index d8276d3a..637f720d 100644 --- a/roles/matrix-coturn/tasks/validate_config.yml +++ b/roles/matrix-coturn/tasks/validate_config.yml @@ -6,5 +6,4 @@ You need to define a required configuration setting (`{{ item }}`) for using Coturn. when: "vars[item] == ''" with_items: - - "matrix_coturn_turn_external_ip_address" - "matrix_coturn_turn_static_auth_secret" diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index 2b1ee4f6..1bdf310a 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -{% for ip in matrix_coturn_turn_external_ip_addresses %} +{% for ip in matrix_coturn_turn_external_ip_addresses|select('ne', '') %} external-ip={{ ip }} {% endfor %} From ceb2f54970611e40e2916ebfbe31222420ef0fbc Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Mon, 11 Apr 2022 16:45:33 +0200 Subject: [PATCH 211/419] Make hookshot hardcoded public URLs dynamic --- group_vars/matrix_servers | 6 ++-- .../matrix-bridge-hookshot/defaults/main.yml | 33 ++++++++++--------- roles/matrix-bridge-hookshot/tasks/init.yml | 4 +-- .../templates/config.yml.j2 | 14 ++++---- 4 files changed, 29 insertions(+), 28 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a1cadd12..a4e63028 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -676,9 +676,9 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" -matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" -matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" +matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" +matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" ###################################################################### # diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 78eacdb1..9a0f5456 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -61,7 +61,7 @@ matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" -matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}" # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' @@ -86,6 +86,18 @@ matrix_hookshot_gitlab_instances: matrix_hookshot_gitlab_secret: '' +matrix_hookshot_figma_enabled: false +# Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" +matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" +matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_figma_endpoint }}" +# To bridge figma webhooks, you need to configure one of multiple instances like this: +# matrix_hookshot_figma_instances: +# your-instance: +# teamId: your-team-id +# accessToken: your-personal-access-token +# passcode: your-webhook-passcode + + matrix_hookshot_jira_enabled: false # Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth matrix_hookshot_jira_secret: '' @@ -94,7 +106,7 @@ matrix_hookshot_jira_oauth_id: '' matrix_hookshot_jira_oauth_secret: '' # Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" -matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" +matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}" # No need to change these @@ -102,30 +114,19 @@ matrix_hookshot_generic_enabled: true # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" # urlprefix gets updated with protocol & port in group_vars/matrix_servers -matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap matrix_hookshot_generic_user_id_prefix: '_webhooks_' -matrix_hookshot_figma_enabled: false -# Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" -matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" -matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" -# To bridge figma webhooks, you need to configure one of multiple instances like this: -# matrix_hookshot_figma_instances: -# your-instance: -# teamId: your-team-id -# accessToken: your-personal-access-token -# passcode: your-webhook-passcode - - # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' # Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it matrix_hookshot_provisioning_enabled: false -matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" +matrix_hookshot_provisioning_internal: "/v1" +matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index a0f9df97..55dde6ef 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/v1/$1$is_args$args; + proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; {% endif %} proxy_set_header Host $host; } diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index fc04c755..bb05f42c 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -47,6 +47,13 @@ gitlab: webhook: secret: {{ matrix_hookshot_gitlab_secret|to_json }} {% endif %} +{% if matrix_hookshot_figma_enabled %} +figma: + # (Optional) Configure this to enable Figma support + # + publicUrl: {{ matrix_hookshot_figma_publicUrl }} + instances: {{ matrix_hookshot_figma_instances }} +{% endif %} {% if matrix_hookshot_jira_enabled %} jira: # (Optional) Configure this to enable Jira support @@ -69,13 +76,6 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} -{% if matrix_hookshot_figma_enabled %} -figma: - # (Optional) Configure this to enable Figma support - # - publicUrl: {{ matrix_hookshot_figma_publicUrl }} - instances: {{ matrix_hookshot_figma_instances }} -{% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers From a9e6538ef8ac01fa81885487f69eb15e2579ce4c Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Mon, 11 Apr 2022 16:48:50 +0200 Subject: [PATCH 212/419] Upgrade Hookshot (1.3.0 -> 1.4.0) https://github.com/matrix-org/matrix-hookshot/releases/tag/1.4.0 --- docs/configuring-playbook-bridge-hookshot.md | 10 ++--- group_vars/matrix_servers | 2 +- .../matrix-bridge-hookshot/defaults/main.yml | 40 ++++++++++++++++++- roles/matrix-bridge-hookshot/tasks/init.yml | 14 +++++++ .../templates/config.yml.j2 | 26 +++++++++++- 5 files changed, 83 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 5639f159..38e13a8a 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -22,18 +22,18 @@ Other configuration options are available via the `matrix_hookshot_configuration ### URLs for bridges setup -All of the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). +Unless indicated otherwise, the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). -| Listener | default path | variable | used as | +| listener | default path | variable | used as | |---|---|---|---| -| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | GitHub "Webhook URL" | +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | -| widgets | | | not supported | +| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a4e63028..85b8a701 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -678,7 +678,7 @@ matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_s matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}" ###################################################################### # diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 9a0f5456..a55b995d 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.3.0 +matrix_hookshot_version: 1.4.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -65,10 +65,11 @@ matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hook # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' -matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_showIssueRoomLink: false matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' +matrix_hookshot_github_hotlink_prefix: "#" matrix_hookshot_gitlab_enabled: true @@ -128,6 +129,41 @@ matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_internal: "/v1" matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" + +matrix_hookshot_widgets_enabled: true +matrix_hookshot_widgets_port: 9003 +matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature +matrix_hookshot_widgets_roomSetupWidget_enabled: true +matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false +# `disallowedIpRanges` describes which IP ranges should be disallowed when resolving homeserver IP addresses (for security reasons). Unless you know what you are doing, it is recommended to not include this key. The following IPs are blocked by default, unless you supply another list. +# matrix_hookshot_widgets_disallowedIpRanges: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 172.16.0.0/12 +# - 192.168.0.0/16 +# - 100.64.0.0/10 +# - 192.0.0.0/24 +# - 169.254.0.0/16 +# - 192.88.99.0/24 +# - 198.18.0.0/15 +# - 192.0.2.0/24 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 224.0.0.0/4 +# - ::1/128 +# - fe80::/10 +# - fc00::/7 +# - 2001:db8::/32 +# - ff00::/8 +# - fec0::/10 +matrix_hookshot_widgets_disallowedIpRanges: '' +matrix_hookshot_widgets_internal: "/widgetapi" +# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" +matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" +matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" + + # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. # Example: diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 55dde6ef..384f6d3b 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -63,6 +63,20 @@ proxy_set_header Host $host; } {% endif %} + {% if matrix_hookshot_widgets_enabled %} + location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index bb05f42c..c1771509 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -33,10 +33,12 @@ github: # ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" - showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }} prDiff: {{ matrix_hookshot_github_pr_diff }} includingLabels:{{ matrix_hookshot_github_including_labels }} excludingLabels: {{ matrix_hookshot_github_excluding_labels }} + hotlinkIssues: + prefix: "{{ matrix_hookshot_github_hotlink_prefix }}" {% endif %} {% if matrix_hookshot_gitlab_enabled %} gitlab: @@ -100,6 +102,22 @@ logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # level: info +{% if matrix_hookshot_widgets_enabled %} +widgets: + # (Optional) EXPERIMENTAL support for complimentary widgets + # + addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }} +{% if matrix_hookshot_widgets_roomSetupWidget_enabled %} + roomSetupWidget: + addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }} +{% endif %} +{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %} + disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }} +{% endif %} + publicUrl: {{ matrix_hookshot_widgets_publicUrl }} + branding: + widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }} +{% endif %} {% if matrix_hookshot_permissions %} permissions: {{ matrix_hookshot_permissions }} {% endif %} @@ -125,3 +143,9 @@ listeners: resources: - provisioning {% endif %} +{% if matrix_hookshot_widgets_enabled %} + - port: {{ matrix_hookshot_widgets_port }} + bindAddress: 0.0.0.0 + resources: + - widgets +{% endif %} From f6cb59116b93bc826fdb2a7b8999046eaa08e0d6 Mon Sep 17 00:00:00 2001 From: Yan Minagawa Date: Tue, 12 Apr 2022 14:31:49 +0700 Subject: [PATCH 213/419] This adds a variable for requiring MSC3231 token for registration --- roles/matrix-synapse/defaults/main.yml | 5 +++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ec58f233..9e332669 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -210,6 +210,11 @@ matrix_synapse_enable_registration_captcha: false matrix_synapse_recaptcha_public_key: '' matrix_synapse_recaptcha_private_key: '' +# Requires an MSC3231 token for registration. Note that `matrix_synapse_enable_registration` must be set to `true`. +# Tokens can be created via the API or through synapse-admin. +# Disabling this option will not delete any tokens previously generated. +matrix_synapse_registration_requires_token: false + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8a701c4d..37cad10f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1373,7 +1373,9 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} # Disabling this option will not delete any tokens previously generated. # Defaults to false. Uncomment the following to require tokens: # -#registration_requires_token: true +registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }} + + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. From 10c6c24c160e4b956c455161a14708c0a4b6ff47 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Apr 2022 11:15:11 +0000 Subject: [PATCH 214/419] Update element 1.10.8 -> 1.10.9 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index c395efb7..34cf22a7 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.8 +matrix_client_element_version: v1.10.9 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From ac1bd494940e1d476b7f63625968f7ee7bee1e33 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Apr 2022 11:16:36 +0000 Subject: [PATCH 215/419] Update coturn 4.5.2-r8 -> 4.5.2-r11 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 8ea7d3a5..46492e21 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r8 +matrix_coturn_version: 4.5.2-r11 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 9c606d1fcb2b5f921ec2a0bd46fbed15b6b0be97 Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 12 Apr 2022 17:00:07 +0300 Subject: [PATCH 216/419] Update jitsi to version 7001 Tested, works without any configuration changes. --- roles/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 5f543d4a..c3268267 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-6865 +matrix_jitsi_version: stable-7001 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" From b9bf20c761eedb612d51b5fe4654d336142189ae Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Apr 2022 15:52:49 +0000 Subject: [PATCH 217/419] Update honoroit 0.9.5 -> 0.9.6 This update brings stable threads support --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 8495c6e1..90bfa269 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.5 +matrix_bot_honoroit_version: v0.9.6 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From 23d0832e85a3e35f4c6ecc3f90cc6ec4c166ba8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 12 Apr 2022 20:14:12 +0200 Subject: [PATCH 218/419] Improve borg backup instructions --- docs/configuring-playbook-backup-borg.md | 26 ++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 7ca962c8..2bcc14ce 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -4,17 +4,23 @@ The playbook can install and configure [borgbackup](https://www.borgbackup.org/) BorgBackup is a deduplicating backup program with optional compression and encryption. That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service. -The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day +You will need a remote server where borg will store the backups. There are hosted, borg compatible solutions available, such as [BorgBase](https://www.borgbase.com). + +The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day. ## Prerequisites -1. Create ssh key on any machine: +1. Create a new SSH key: ```bash ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix ``` -2. Add public part of that ssh key to your borg provider / server: +This can be done on any machine and you don't need to place the key in the `.ssh` folder. It will be added to the Ansible config later. + +2. Add the **public** part of this SSH key (the `matrix-borg-backup.pub` file) to your borg provider/server: + +If you plan to use a hosted solution, follow their instructions. If you have your own server, copy the key over: ```bash # example to append the new PUBKEY contents, where: @@ -35,17 +41,21 @@ matrix_backup_borg_location_repositories: matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | PRIVATE KEY +matrix_backup_borg_location_source_directories: + - "{{ matrix_base_data_path }}" ``` where: -* USER - ssh user of a provider / server -* HOST - ssh host of a provider / server +* USER - SSH user of a provider/server +* HOST - SSH host of a provider/server * REPO - borg repository name, it will be initialized on backup start, eg: `matrix` -* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager -* PRIVATE KEY - the content of the public part of the ssh key you created before +* PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager +* PRIVATE KEY - the content of the **private** part of the SSH key you created before + +`matrix_backup_borg_location_source_directories` defines the list of directories to back up, `{{ matrix_base_data_path }}` is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. -Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options +Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. ## Installing From 121f860d634c04efc4ab83e2d93fd9c74a95aa45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Wed, 13 Apr 2022 08:58:19 +0200 Subject: [PATCH 219/419] Update configuring-playbook-backup-borg.md --- docs/configuring-playbook-backup-borg.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 2bcc14ce..70466a6e 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -41,8 +41,6 @@ matrix_backup_borg_location_repositories: matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | PRIVATE KEY -matrix_backup_borg_location_source_directories: - - "{{ matrix_base_data_path }}" ``` where: @@ -53,7 +51,7 @@ where: * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager * PRIVATE KEY - the content of the **private** part of the SSH key you created before -`matrix_backup_borg_location_source_directories` defines the list of directories to back up, `{{ matrix_base_data_path }}` is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. +`matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. From 2df993977a5c821675b3b8224ae75ddb1aae788a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Apr 2022 08:52:37 +0300 Subject: [PATCH 220/419] Ensure git cloning when self-building is done with the matrix user, not root Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749 --- CHANGELOG.md | 13 +++++++++++++ roles/matrix-backup-borg/tasks/setup_install.yml | 2 ++ roles/matrix-bot-honoroit/tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ roles/matrix-bot-mjolnir/tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../matrix-bridge-hookshot/tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 4 ++++ .../tasks/setup_install.yml | 4 ++++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ roles/matrix-client-cinny/tasks/setup_install.yml | 2 ++ roles/matrix-client-element/tasks/setup_install.yml | 2 ++ .../matrix-client-hydrogen/tasks/setup_install.yml | 2 ++ roles/matrix-corporal/tasks/setup_corporal.yml | 2 ++ roles/matrix-coturn/tasks/setup_install.yml | 2 ++ roles/matrix-dimension/tasks/setup_install.yml | 2 ++ roles/matrix-dynamic-dns/tasks/install.yml | 2 ++ roles/matrix-email2matrix/tasks/setup_install.yml | 2 ++ roles/matrix-ma1sd/tasks/setup_install.yml | 2 ++ roles/matrix-mailer/tasks/setup_mailer.yml | 2 ++ .../tasks/util/migrate_db_to_postgres.yml | 2 ++ roles/matrix-registration/tasks/setup_install.yml | 2 ++ roles/matrix-synapse-admin/tasks/setup.yml | 2 ++ .../matrix-synapse/tasks/synapse/setup_install.yml | 2 ++ 39 files changed, 93 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0196a1b0..9c68ed63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2022-04-14 + +## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action + +Users who build container images from source will need to manually correct file permissions of some directories on the server. + +When self-building, the playbook used to `git clone` repositories (into `/matrix/SERVICE/docker-src`) using the `root` user, but now uses `matrix` instead to work around [the following issue with git 2.35.2](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749). + +If you're on a non-`amd64` architecture (that is, you're overriding `matrix_architecture` in your `vars.yml` file) or you have enabled self-building for some service (e.g. `matrix_*_self_build: true`), you're certainly building some container images from source and have `docker-src` directories with mixed permissions lying around in various `/matrix/SERVICE` directories. + +The playbook *could* correct these permissions automatically, but that requires additional Ansible tasks in some ~45 different places - something that takes considerable effort. So we ask users observing errors related to `docker-src` directories to correct the problem manually by **running this command on the Matrix server** (which deletes all `/matrix/*/docker-src` directories): `find /matrix -maxdepth 2 -name 'docker-src' | xargs rm -rf` + + # 2022-03-17 ## (Compatibility Break) ma1sd identity server no longer installed by default diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index f2c65a16..90757a80 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -52,6 +52,8 @@ repo: "{{ matrix_backup_borg_docker_repo }}" dest: "{{ matrix_backup_borg_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_backup_borg_git_pull_results when: "matrix_backup_borg_container_image_self_build|bool" diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index f3ad9b63..584df9b7 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -64,6 +64,8 @@ repo: "{{ matrix_bot_honoroit_docker_repo }}" dest: "{{ matrix_bot_honoroit_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_bot_honoroit_git_pull_results when: "matrix_bot_honoroit_container_image_self_build|bool" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index ffb38ffc..d7f4706f 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -57,6 +57,8 @@ repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}" dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_bot_matrix_reminder_bot_git_pull_results when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index f3b031fa..66f2806a 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -35,6 +35,8 @@ dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}" version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_bot_mjolnir_git_pull_results when: "matrix_bot_mjolnir_container_image_self_build|bool" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 1b317464..1ae0b3fa 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -74,6 +74,8 @@ repo: "{{ matrix_appservice_irc_docker_repo }}" dest: "{{ matrix_appservice_irc_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_appservice_irc_git_pull_results when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 2dcc23c6..42aa020c 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -48,6 +48,8 @@ repo: "{{ matrix_appservice_slack_docker_repo }}" dest: "{{ matrix_appservice_slack_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_appservice_slack_git_pull_results when: "matrix_appservice_slack_container_image_self_build|bool" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 6759bca8..274f54c5 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -33,6 +33,8 @@ dest: "{{ matrix_appservice_webhooks_docker_src_files_path }}" version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_appservice_webhooks_git_pull_results - name: Ensure Appservice webhooks Docker image is built diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 575b22c1..74f80314 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -41,6 +41,8 @@ dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_beeper_linkedin_git_pull_results # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 38dc62a3..25f2978c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -32,6 +32,8 @@ dest: "{{ matrix_hookshot_docker_src_files_path }}" version: "{{ matrix_hookshot_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_hookshot_git_pull_results when: "matrix_hookshot_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index c37b9e10..699ed88a 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -66,6 +66,8 @@ dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_facebook_git_pull_results when: "matrix_mautrix_facebook_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index daab10e3..bf04e834 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -65,6 +65,8 @@ repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_googlechat_git_pull_results when: "matrix_mautrix_googlechat_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index d2b7157e..6a880815 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -65,6 +65,8 @@ repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_hangouts_git_pull_results when: "matrix_mautrix_hangouts_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 4e531615..5e30adbe 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -38,6 +38,8 @@ repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_instagram_git_pull_results when: "matrix_mautrix_instagram_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 840cbd6e..c7202f05 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -26,6 +26,8 @@ repo: "{{ matrix_mautrix_signal_docker_repo }}" dest: "{{ matrix_mautrix_signal_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_signal_git_pull_results when: "matrix_mautrix_signal_container_image_self_build|bool" @@ -56,6 +58,8 @@ repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}" dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_signal_daemon_git_pull_results when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 1960288d..55e7d016 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -65,6 +65,8 @@ repo: "{{ matrix_telegram_lottieconverter_docker_repo }}" dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_telegram_lottieconverter_git_pull_results when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_mautrix_telegram_container_image_self_build|bool" @@ -85,6 +87,8 @@ repo: "{{ matrix_mautrix_telegram_docker_repo }}" dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_telegram_git_pull_results when: "matrix_mautrix_telegram_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 6e587900..552c9d52 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -43,6 +43,8 @@ dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_twitter_git_pull_results when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 8f27ac2a..f47675b5 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -68,6 +68,8 @@ dest: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_whatsapp_git_pull_results when: "matrix_mautrix_whatsapp_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 26a7c0c3..3ddfa39d 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -83,6 +83,8 @@ dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" force: "yes" version: "{{ matrix_mx_puppet_discord_container_image_self_build_version }}" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_discord_git_pull_results when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 0d43a0d0..286c5611 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_groupme_git_pull_results when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index cb613074..2e74c059 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -66,6 +66,8 @@ repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_instagram_git_pull_results when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index c3776c70..96ae82e6 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_skype_git_pull_results when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index b064ee83..3a7dfb40 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -80,6 +80,8 @@ dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index b8b3f737..ac2a2fda 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_steam_git_pull_results when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 485900a8..6336b0a0 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_twitter_git_pull_results when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 48865008..da979f56 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -29,6 +29,8 @@ dest: "{{ matrix_client_cinny_docker_src_files_path }}" version: "{{ matrix_client_cinny_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_client_cinny_git_pull_results when: "matrix_client_cinny_container_image_self_build|bool" diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index e9c7096e..4d0af82d 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -30,6 +30,8 @@ dest: "{{ matrix_client_element_docker_src_files_path }}" version: "{{ matrix_client_element_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_client_element_git_pull_results when: "matrix_client_element_container_image_self_build|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index 0e4868f6..db866178 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -30,6 +30,8 @@ dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_client_hydrogen_git_pull_results when: "matrix_client_hydrogen_container_image_self_build|bool" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 6c520ee0..a3582592 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -23,6 +23,8 @@ dest: "{{ matrix_corporal_container_src_files_path }}" version: "{{ matrix_corporal_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_corporal_git_pull_results when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index 621177e5..a721f186 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -36,6 +36,8 @@ dest: "{{ matrix_coturn_docker_src_files_path }}" version: "{{ matrix_coturn_container_image_self_build_repo_version }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_coturn_git_pull_results - name: Ensure Coturn Docker image is built diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 1ba4f2d4..b999383e 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -102,6 +102,8 @@ dest: "{{ matrix_dimension_docker_src_files_path }}" version: "{{ matrix_dimension_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" when: "matrix_dimension_container_image_self_build|bool" register: matrix_dimension_git_pull_results diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index 4dffe681..60f07937 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -30,6 +30,8 @@ repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}" dest: "{{ matrix_dynamic_dns_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_dynamic_dns_git_pull_results when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 74e7c676..a2470728 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -39,6 +39,8 @@ dest: "{{ matrix_email2matrix_docker_src_files_path }}" version: "{{ matrix_email2matrix_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_email2matrix_git_pull_results when: "matrix_email2matrix_container_image_self_build|bool" diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index c56c81f9..e3347a4d 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -85,6 +85,8 @@ dest: "{{ matrix_ma1sd_docker_src_files_path }}" version: "{{ matrix_ma1sd_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_ma1sd_git_pull_results - name: Ensure ma1sd Docker image is built diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 5ad02a57..d2f8f917 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -29,6 +29,8 @@ dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}" version: "{{ matrix_mailer_container_image_self_build_version }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mailer_git_pull_results when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index 73acb433..90f73dba 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -38,6 +38,8 @@ dest: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" version: "{{ matrix_postgres_pgloader_container_image_self_build_repo_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_postgres_pgloader_git_pull_results # If `stable` is used, we hit an error when processing /opt/src/pgloader/build/quicklisp/dists/quicklisp/software/uax-15-20201220-git/data/CompositionExclusions.txt: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 2b5beafa..6ff2de30 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -63,6 +63,8 @@ dest: "{{ matrix_registration_docker_src_files_path }}" version: "{{ matrix_registration_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_registration_git_pull_results when: "matrix_registration_container_image_self_build|bool" diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 2243706b..f83ccdc3 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -22,6 +22,8 @@ dest: "{{ matrix_synapse_admin_docker_src_files_path }}" version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_synapse_admin_git_pull_results when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index deedd7bd..2302a6f2 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -25,6 +25,8 @@ dest: "{{ matrix_synapse_docker_src_files_path }}" version: "{{ matrix_synapse_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_synapse_git_pull_results - name: Check if Synapse Docker image exists From 7e062328ff420062aa919cb74f14e2dff698e78d Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Thu, 14 Apr 2022 15:01:40 +0200 Subject: [PATCH 221/419] Upgrade Hookshot (1.4.0 -> 1.5.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index a55b995d..45807ba9 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.4.0 +matrix_hookshot_version: 1.5.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From d5f4c17146dbe87d44770dc9dbf215b24eb2375b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 14 Apr 2022 18:06:54 +0300 Subject: [PATCH 222/419] matrix-backup-borg: integrate postgres backups, add extended borgmatic configuration --- group_vars/matrix_servers | 26 ++++++++++-- roles/matrix-backup-borg/defaults/main.yml | 42 ++++++++++++++++--- .../tasks/setup_install.yml | 9 ++-- .../util/detect_existing_postgres_version.yml | 42 +++++++++++++++++++ .../templates/config.yaml.j2 | 10 +++++ setup.yml | 2 +- 6 files changed, 118 insertions(+), 13 deletions(-) create mode 100644 roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 85b8a701..91324025 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1081,13 +1081,33 @@ matrix_bot_mjolnir_systemd_required_services_list: | ###################################################################### matrix_backup_borg_enabled: false +matrix_backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_backup_borg_postgresql_enabled: "{{ matrix_postgres_enabled }}" +matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection_hostname }}" +matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}" +matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}" +matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}" +matrix_backup_borg_postgresql_databases: | + {{ + (([{ + 'name': matrix_synapse_database_database + }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + + + matrix_postgres_additional_databases)|map(attribute='name')|list + }} matrix_backup_borg_location_source_directories: - "{{ matrix_base_data_path }}" matrix_backup_borg_location_exclude_patterns: | {{ - { - 'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"], - }[matrix_homeserver_implementation] + ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else []) + + + ([matrix_postgres_data_path] if matrix_postgres_enabled else []) + }} +matrix_backup_borg_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) }} ###################################################################### diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index c8a09f7f..374b5bef 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -1,17 +1,17 @@ --- matrix_backup_borg_enabled: true +matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" +matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" + matrix_backup_borg_container_image_self_build: false matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" -matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src" +matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src" -matrix_backup_borg_version: latest +matrix_backup_borg_version: "" matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" -matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}" - -matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" -matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version|default('') == '' }}" # A list of extra arguments to pass to the container matrix_backup_borg_container_extra_arguments: [] @@ -28,6 +28,14 @@ matrix_backup_borg_schedule: "*-*-* 04:00:00" # what directories should be added to backup matrix_backup_borg_location_source_directories: [] +# postgres db backup +matrix_backup_borg_postgresql_enabled: true +matrix_backup_borg_postgresql_databases: [] +matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres" +matrix_backup_borg_postgresql_databases_username: "matrix" +matrix_backup_borg_postgresql_databases_password: "" +matrix_backup_borg_postgresql_databases_port: 5432 + # target repositories matrix_backup_borg_location_repositories: [] @@ -61,3 +69,25 @@ matrix_backup_borg_retention_keep_yearly: 2 # retention prefix matrix_backup_borg_retention_prefix: "matrix-" + +# Default borgmatic configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_backup_borg_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_backup_borg_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_backup_borg_configuration_extension_yaml: | + # Your custom YAML configuration for borgmatic goes here. + # This configuration extends the default starting configuration (`matrix_borg_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_backup_borg_configuration_yaml`. + +matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml|from_yaml if matrix_backup_borg_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final borgmatic configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`. +matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml|from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 90757a80..9c34c53f 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,4 +1,7 @@ --- +- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" + when: 'matrix_backup_borg_enabled|bool and matrix_backup_borg_postgresql_enabled|bool and matrix_postgres_backup_postgres_data_path != ""' + - name: Ensure borg paths exist file: path: "{{ item.path }}" @@ -11,9 +14,9 @@ - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} when: "item.when|bool" -- name: Ensure borg config is created - template: - src: "{{ role_path }}/templates/config.yaml.j2" +- name: Ensure borgmatic config is created + copy: + content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_backup_borg_config_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml new file mode 100644 index 00000000..0d50d93f --- /dev/null +++ b/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml @@ -0,0 +1,42 @@ +--- + +# This utility aims to determine if there is some existing Postgres version in use or not. +# If there is, it also tries to detect the Docker image that corresponds to that version. + +- name: Initialize Postgres version determination variables (default to empty) + set_fact: + matrix_backup_borg_postgresql_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" + matrix_backup_borg_postgresql_detected_existing: false + matrix_backup_borg_postgresql_detected_version: "" + matrix_backup_borg_version: "" + +- name: Determine existing Postgres version (check PG_VERSION file) + stat: + path: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" + register: result_pg_version_stat + +- set_fact: + matrix_backup_borg_postgresql_detected_existing: true + when: "result_pg_version_stat.stat.exists" + +- name: Determine existing Postgres version (read PG_VERSION file) + slurp: + src: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" + register: result_pg_version + when: matrix_backup_borg_postgresql_detected_existing|bool + +- name: Determine existing Postgres version (make sense of PG_VERSION file) + set_fact: + matrix_backup_borg_postgresql_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + when: matrix_backup_borg_postgresql_detected_existing|bool + +- name: Determine corresponding Docker image version to detected version + set_fact: + matrix_backup_borg_version: "{{ matrix_backup_borg_postgresql_detected_version }}" + when: "matrix_backup_borg_postgresql_detected_version == '12' or matrix_backup_borg_postgresql_detected_version.startswith('12.') or matrix_backup_borg_postgresql_detected_version == '13' or matrix_backup_borg_postgresql_detected_version.startswith('13.') or matrix_backup_borg_postgresql_detected_version == '14' or matrix_backup_borg_postgresql_detected_version.startswith('14.')" + +- name: Fail if existing Postgres version is not supported by borgmatic docker image + fail: + msg: >- + Your Postgres v{{ matrix_backup_borg_postgresql_detected_version }} is not supported. + when: "matrix_backup_borg_version == ''" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 89b6ab7d..8ac2a8b2 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -26,6 +26,16 @@ consistency: - archives hooks: +{% if matrix_backup_borg_postgresql_enabled %} + postgresql_databases: + {% for database in matrix_backup_borg_postgresql_databases %} + - name: {{ database }} + hostname: {{ matrix_backup_borg_postgresql_databases_hostname }} + username: {{ matrix_backup_borg_postgresql_databases_username }} + password: {{ matrix_backup_borg_postgresql_databases_password }} + port: {{ matrix_backup_borg_postgresql_databases_port }} + {% endfor %} +{% endif %} after_backup: - echo "Backup created." on_error: diff --git a/setup.yml b/setup.yml index 52079e32..de86665b 100755 --- a/setup.yml +++ b/setup.yml @@ -13,7 +13,6 @@ - matrix-postgres - matrix-redis - matrix-corporal - - matrix-backup-borg - matrix-bridge-appservice-discord - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks @@ -62,4 +61,5 @@ - matrix-aux - matrix-postgres-backup - matrix-prometheus-postgres-exporter + - matrix-backup-borg - matrix-common-after From 5611cab71ae06c83527a8c8bb566cdec4e0b6010 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Thu, 14 Apr 2022 13:38:38 -0400 Subject: [PATCH 223/419] Update element 1.10.9 -> 1.10.10 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 34cf22a7..205f3480 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.9 +matrix_client_element_version: v1.10.10 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From a9d0cbc560a380fb9a5147101c817574d9d134ab Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 15 Apr 2022 19:38:10 +0300 Subject: [PATCH 224/419] feedback --- roles/matrix-backup-borg/defaults/main.yml | 8 ++-- .../tasks/setup_install.yml | 14 ++++++- .../util/detect_existing_postgres_version.yml | 42 ------------------- .../templates/config.yaml.j2 | 32 +++++++------- 4 files changed, 33 insertions(+), 63 deletions(-) delete mode 100644 roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 374b5bef..189b6042 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -5,9 +5,10 @@ matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" matrix_backup_borg_container_image_self_build: false -matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" +matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic" matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src" +# version determined automatically, based on postgres server version (if enabled), otherwise latest is used matrix_backup_borg_version: "" matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" @@ -30,6 +31,7 @@ matrix_backup_borg_location_source_directories: [] # postgres db backup matrix_backup_borg_postgresql_enabled: true +matrix_backup_borg_supported_postgres_versions: ['12', '13', '14'] matrix_backup_borg_postgresql_databases: [] matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres" matrix_backup_borg_postgresql_databases_username: "matrix" @@ -55,7 +57,7 @@ matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new matrix_backup_borg_storage_compression: lz4 # archive name format -matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" +matrix_backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S} # repository passphrase matrix_backup_borg_storage_encryption_passphrase: "" @@ -68,7 +70,7 @@ matrix_backup_borg_retention_keep_monthly: 12 matrix_backup_borg_retention_keep_yearly: 2 # retention prefix -matrix_backup_borg_retention_prefix: "matrix-" +matrix_backup_borg_retention_prefix: matrix- # Default borgmatic configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 9c34c53f..1903d865 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,16 @@ --- -- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" - when: 'matrix_backup_borg_enabled|bool and matrix_backup_borg_postgresql_enabled|bool and matrix_postgres_backup_postgres_data_path != ""' +- block: + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" + + - name: Fail if detected Postgres version is unsupported + fail: + msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" + when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" + + - name: Set the correct borg backup version to use + set_fact: + matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" + when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist file: diff --git a/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml deleted file mode 100644 index 0d50d93f..00000000 --- a/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- - -# This utility aims to determine if there is some existing Postgres version in use or not. -# If there is, it also tries to detect the Docker image that corresponds to that version. - -- name: Initialize Postgres version determination variables (default to empty) - set_fact: - matrix_backup_borg_postgresql_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" - matrix_backup_borg_postgresql_detected_existing: false - matrix_backup_borg_postgresql_detected_version: "" - matrix_backup_borg_version: "" - -- name: Determine existing Postgres version (check PG_VERSION file) - stat: - path: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" - register: result_pg_version_stat - -- set_fact: - matrix_backup_borg_postgresql_detected_existing: true - when: "result_pg_version_stat.stat.exists" - -- name: Determine existing Postgres version (read PG_VERSION file) - slurp: - src: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" - register: result_pg_version - when: matrix_backup_borg_postgresql_detected_existing|bool - -- name: Determine existing Postgres version (make sense of PG_VERSION file) - set_fact: - matrix_backup_borg_postgresql_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" - when: matrix_backup_borg_postgresql_detected_existing|bool - -- name: Determine corresponding Docker image version to detected version - set_fact: - matrix_backup_borg_version: "{{ matrix_backup_borg_postgresql_detected_version }}" - when: "matrix_backup_borg_postgresql_detected_version == '12' or matrix_backup_borg_postgresql_detected_version.startswith('12.') or matrix_backup_borg_postgresql_detected_version == '13' or matrix_backup_borg_postgresql_detected_version.startswith('13.') or matrix_backup_borg_postgresql_detected_version == '14' or matrix_backup_borg_postgresql_detected_version.startswith('14.')" - -- name: Fail if existing Postgres version is not supported by borgmatic docker image - fail: - msg: >- - Your Postgres v{{ matrix_backup_borg_postgresql_detected_version }} is not supported. - when: "matrix_backup_borg_version == ''" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 8ac2a8b2..2929db8b 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -7,18 +7,18 @@ location: exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }} storage: - compression: {{ matrix_backup_borg_storage_compression }} - ssh_command: {{ matrix_backup_borg_storage_ssh_command }} - archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}' - encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }} + compression: {{ matrix_backup_borg_storage_compression|to_json }} + ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }} + archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }} + encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }} retention: - keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} - keep_daily: {{ matrix_backup_borg_retention_keep_daily }} - keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} - keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} - keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} - prefix: '{{ matrix_backup_borg_retention_prefix }}' + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }} + prefix: {{ matrix_backup_borg_retention_prefix|to_json }} consistency: checks: @@ -26,14 +26,14 @@ consistency: - archives hooks: -{% if matrix_backup_borg_postgresql_enabled %} +{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %} postgresql_databases: {% for database in matrix_backup_borg_postgresql_databases %} - - name: {{ database }} - hostname: {{ matrix_backup_borg_postgresql_databases_hostname }} - username: {{ matrix_backup_borg_postgresql_databases_username }} - password: {{ matrix_backup_borg_postgresql_databases_password }} - port: {{ matrix_backup_borg_postgresql_databases_port }} + - name: {{ database|to_json }} + hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }} + username: {{ matrix_backup_borg_postgresql_databases_username|to_json }} + password: {{ matrix_backup_borg_postgresql_databases_password|to_json }} + port: {{ matrix_backup_borg_postgresql_databases_port|to_json }} {% endfor %} {% endif %} after_backup: From c520a758ec78f035a616195a141858ad11e2dbe5 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 15 Apr 2022 19:43:45 +0300 Subject: [PATCH 225/419] fix linter --- roles/matrix-backup-borg/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 1903d865..6ef39863 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -9,7 +9,7 @@ - name: Set the correct borg backup version to use set_fact: - matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" + matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist From 3fbbd5a52cf32a658fbb02dcc25786d580abfdf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 17 Apr 2022 14:07:50 +0700 Subject: [PATCH 226/419] Update mautrix-whatsapp 0.3.0 -> 0.3.1 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6aae2015..d920be51 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.3.0 +matrix_mautrix_whatsapp_version: v0.3.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 471806e7bdb0d510edf9276b38e1dfd9adb72c7b Mon Sep 17 00:00:00 2001 From: Lunar Date: Sun, 17 Apr 2022 20:27:04 -0500 Subject: [PATCH 227/419] Increase default async time for rust-synapse-compress-state Increase the async timeout value defaults, as larger Matrix servers need more time to complete. --- .../tasks/rust-synapse-compress-state/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 1aaf3a81..219f1c98 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -11,17 +11,17 @@ - name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided set_fact: - matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 300 + matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800 when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided set_fact: - matrix_synapse_rust_synapse_compress_state_compress_room_time: 1800 + matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600 when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided set_fact: - matrix_synapse_rust_synapse_compress_state_psql_import_time: 1800 + matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600 when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided From 4be425c267b41ca19dd260f5e0cb2e0f456878ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Mon, 18 Apr 2022 13:10:39 +0200 Subject: [PATCH 228/419] Upgrade Telegrame bridge to 0.11.3 --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index eb70d3fa..65a446e0 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -14,7 +14,7 @@ matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.2 +matrix_mautrix_telegram_version: v0.11.3 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" From 949fdd0135c1f8b98ee59271d904d0d8f6ca2201 Mon Sep 17 00:00:00 2001 From: Adriel Sand <61815862+thebiblelover7@users.noreply.github.com> Date: Mon, 18 Apr 2022 14:48:37 +0300 Subject: [PATCH 229/419] matrix-backup-borg: add ability to backup to unencrypted repositories (#1754) * matrix-backup-borg: added option for unencrypted repo access * matrix-backup-borg: fixed requiring password for unencrypted repos; changed variable name * matrix-backup-borg: add unknown_unencrypted_repo_access_is_ok to config.yaml.j2 * matrix-backup-borg: cleanup comments * matrix-backup-borg: add documentation regarding unencrypted repos * matrix-backup-borg: add readability and ease of use to code * matrix-backup-borg: fix wording in defaults/main.yml comment * matrix-backup-borg: add quotes to docs * Indicate the variable to use Co-authored-by: Slavi Pantaleev --- docs/configuring-playbook-backup-borg.md | 2 ++ roles/matrix-backup-borg/defaults/main.yml | 5 ++++- roles/matrix-backup-borg/tasks/validate_config.yml | 7 ++++++- roles/matrix-backup-borg/templates/config.yaml.j2 | 1 + 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 70466a6e..4177c561 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -51,6 +51,8 @@ where: * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager * PRIVATE KEY - the content of the **private** part of the SSH key you created before +To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable. + `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 189b6042..906522c2 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -44,12 +44,15 @@ matrix_backup_borg_location_repositories: [] # exclude following paths: matrix_backup_borg_location_exclude_patterns: [] -# borg encryption mode, only repokey-* is supported +# borg encryption mode, only "repokey-*" and "none" are supported matrix_backup_borg_encryption: repokey-blake2 # private ssh key used to connect to the borg repo matrix_backup_borg_ssh_key_private: "" +# allow unencrypted repo access +matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}" + # borg ssh command with ssh key matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml index 4d3fb1c8..84b78d1e 100644 --- a/roles/matrix-backup-borg/tasks/validate_config.yml +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -7,4 +7,9 @@ with_items: - "matrix_backup_borg_ssh_key_private" - "matrix_backup_borg_location_repositories" - - "matrix_backup_borg_storage_encryption_passphrase" + +- name: Fail if encryption passphrase is undefined unless repository is unencrypted + fail: + msg: >- + You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable. + when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 2929db8b..210b7a65 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -11,6 +11,7 @@ storage: ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }} archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }} encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }} + unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }} retention: keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }} From 15ce32a30cea46627ae753f28c7bd103250e6eb7 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 18 Apr 2022 19:37:14 +0300 Subject: [PATCH 230/419] update honoroit 0.9.6 -> 0.9.7 --- roles/matrix-bot-honoroit/defaults/main.yml | 11 ++++++++++- roles/matrix-bot-honoroit/templates/env.j2 | 3 +++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 90bfa269..9e7cf2b5 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.6 +matrix_bot_honoroit_version: v0.9.7 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -96,6 +96,15 @@ matrix_bot_honoroit_text_prefix_done: '' # Text: greetings matrix_bot_honoroit_text_greetings: '' +# Text: invite +matrix_bot_honoroit_text_invite: '' + +# Text: join +matrix_bot_honoroit_text_join: '' + +# Text: leave +matrix_bot_honoroit_text_leave: '' + # Text: error matrix_bot_honoroit_text_error: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 37719d03..7f1eef5b 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -11,6 +11,9 @@ HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} +HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }} +HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }} +HONOROIT_TEXT_LEAVE={{ matrix_bot_honoroit_text_leave }} HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }} HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }} HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }} From 949228eaf8e1bc5697d60c6574503e4d8141cbe2 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 19 Apr 2022 14:41:31 +0300 Subject: [PATCH 231/419] update synapse 1.56.0 -> 1.57.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 9e332669..1fb247a0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.56.0 +matrix_synapse_version: v1.57.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From f0842d7226f239d434d7e40911e5bbd2cd78ad2b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Apr 2022 17:28:43 +0300 Subject: [PATCH 232/419] Document that upgrading to Synapse v1.57 may be dangerous in some instances Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1766 --- CHANGELOG.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c68ed63..d8de53ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,24 @@ +# 2022-04-19 + +## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action + +If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading: + +> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs. + +If you're not running an `appservice` worker (`matrix_synapse_workers_preset: little-federation-helper` or `matrix_synapse_workers_appservice_workers_count: 0`), you are probably safe to upgrade as per normal, without taking any special care. + +If you are running a setup with an `appservice` worker, or otherwise want to be on the safe side, we recommend the following upgrade path: + +0. Pull the latest playbook changes +1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) +2. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`) +3. Start Postgres (`systemctl start matrix-postgres` on the server) +4. Start the main Synapse process (`systemctl start matrix-synapse` on the server) +5. Wait a while so that Synapse can start and complete the database migrations. You can use `journalctl -fu matrix-synapse` on the server to get a clue. Waiting a few minutes should also be enough. +6. It should now be safe to start all other services. `ansible-playbook -i inventory/hosts setup.yml --tags=start` will do it for you + + # 2022-04-14 ## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action From 295ef29fe0ecd03e48f80fc7b60924d8b253c561 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Apr 2022 19:29:41 +0300 Subject: [PATCH 233/419] Announce borg backup support Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1727 - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1754 - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1755 - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/467 --- CHANGELOG.md | 7 +++++++ docs/configuring-playbook-backup-borg.md | 3 +++ docs/configuring-playbook-postgres-backup.md | 3 +++ docs/configuring-playbook.md | 7 +++++++ 4 files changed, 20 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8de53ad..b7800da0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # 2022-04-19 +## Borg backup support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [Borg](https://www.borgbackup.org/) backups with [borgmatic](https://torsion.org/borgmatic/) of your Matrix server. + +See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) documentation to get started. + + ## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading: diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 4177c561..44c970af 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -8,6 +8,9 @@ You will need a remote server where borg will store the backups. There are hoste The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day. +By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), Borg backups will also include dumps of your Postgres database. An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for Borg using the `matrix_backup_borg_postgresql_enabled` variable. + + ## Prerequisites 1. Create a new SSH key: diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 2d878c11..75b599c8 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -2,6 +2,9 @@ The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you. +For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead. + + ## Adjusting the playbook configuration Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3d5e6c2c..c842a870 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -152,6 +152,13 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) +### Backups + +- [Setting up borg backup](configuring-playbook-backup-borg.md) - a full Matrix server backup solution, including the Postgres database (optional) + +- [Setting up postgres backup](configuring-playbook-postgres-backup.md) - a Postgres-database backup solution (note: does not include other files) (optional) + + ### Other specialized services - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) From 80c9551ef95f87b167bbb2f0aaf40a0e457bcc8a Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 19 Apr 2022 19:42:13 +0300 Subject: [PATCH 234/419] matrix-backup-borg - cleanup the .service from the systemd list --- roles/matrix-backup-borg/tasks/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml index 0a90a2e8..a82fb7b8 100644 --- a/roles/matrix-backup-borg/tasks/init.yml +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -1,4 +1,4 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}" when: matrix_backup_borg_enabled|bool From 502ea21fba3afe318f7c811d60edbe061b09765e Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 19 Apr 2022 22:01:14 +0300 Subject: [PATCH 235/419] add retires to all get_url actions --- roles/matrix-base/defaults/main.yml | 4 ++++ roles/matrix-grafana/tasks/setup.yml | 4 ++++ roles/matrix-prometheus/tasks/setup_install.yml | 4 ++++ .../tasks/ext/encryption-disabler/setup_install.yml | 4 ++++ roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml | 4 ++++ .../tasks/ext/shared-secret-auth/setup_install.yml | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index ae39d00a..498a6c32 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -71,6 +71,10 @@ matrix_container_global_registry_prefix: "docker.io/" matrix_container_retries_count: 10 matrix_container_retries_delay: 10 +# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt. +matrix_geturl_retries_count: 10 +matrix_geturl_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 95a0ba53..16b9fa65 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -70,6 +70,10 @@ group: "{{ matrix_user_groupname }}" with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" when: matrix_grafana_enabled|bool + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - name: Ensure matrix-grafana.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index e0fe8cf6..06989e7e 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -32,6 +32,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: "matrix_prometheus_scraper_synapse_rules_enabled|bool" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - name: Ensure prometheus.yml installed copy: diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index dfc15a20..90411a34 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -8,6 +8,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_modules: | diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 634b1ca5..13a64c58 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -13,6 +13,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_password_providers_enabled: true diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index f408e2f9..843f0370 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -18,6 +18,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_modules: | From d04767a9d65158eb4670e90c7052d0dee1a07c9d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Apr 2022 18:46:10 +0300 Subject: [PATCH 236/419] Upgrade Synapse (1.57.0 -> 1.57.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 1fb247a0..44b82e95 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.57.0 +matrix_synapse_version: v1.57.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 018da4fb2517fae2d21ce583b42bf08085239743 Mon Sep 17 00:00:00 2001 From: Didier 'OdyX' Raboud Date: Wed, 20 Apr 2022 19:03:54 +0200 Subject: [PATCH 237/419] Slack appservice: Enable RTM by default It is very confusing to debug why messages only go from Matrix to Slack but not from Slack to Matrix. RTM should be enabled by default, as that's the recommended way to make this work. --- roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 index 96e68967..732b0b64 100644 --- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 @@ -9,6 +9,9 @@ homeserver: url: "{{ matrix_appservice_slack_homeserver_url }}" media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" +rtm: + enable: true + {% if matrix_appservice_slack_database_engine == 'nedb' %} dbdir: "/data" {% else %} From b2105f35ecd6f4ad0dec612d92727b809e9330b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 09:58:30 +0300 Subject: [PATCH 238/419] Add comments around rtm Comments taken from https://github.com/matrix-org/matrix-appservice-slack/blob/develop/config/config.sample.yaml We should probably reconcile our configuration with that one and include comments for other fields as well. --- .../templates/config.yaml.j2 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 index 732b0b64..911dd75e 100644 --- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 @@ -9,8 +9,20 @@ homeserver: url: "{{ matrix_appservice_slack_homeserver_url }}" media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" +# Real Time Messaging API (RTM) +# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise. +# rtm: - enable: true + # Use the RTM API to listen for requests, which does not require + # the bridge to listen on the hook port. + # You should leave this enabled, unless you plan to use the + # bridge exclusively for webhooks. + # + enable: true + + # Logging level specific to RTM traffic. + # + log_level: "silent" {% if matrix_appservice_slack_database_engine == 'nedb' %} dbdir: "/data" From acaebfbf6729c4a313cbea0f26180f01aab99926 Mon Sep 17 00:00:00 2001 From: borisrunakov <93043305+borisrunakov@users.noreply.github.com> Date: Thu, 21 Apr 2022 10:31:26 +0300 Subject: [PATCH 239/419] optional media cache with range requests support (#1759) --- roles/matrix-nginx-proxy/defaults/main.yml | 12 +++++++++++- .../tasks/setup_nginx_proxy.yml | 10 ++++++---- .../nginx/conf.d/matrix-synapse.conf.j2 | 19 +++++++++++++++++++ .../systemd/matrix-nginx-proxy.service.j2 | 3 +++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index de1a3146..0aaa53ed 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -275,7 +275,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate: "{{ matr # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}" - +matrix_nginx_proxy_tmp_cache_directory_size_mb: "{{ (matrix_nginx_proxy_synapse_cache_max_size_mb | int) * 2 }}" # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf). # for big matrixservers to enlarge the number of open files to prevent timeouts # matrix_nginx_proxy_proxy_additional_configuration_blocks: @@ -557,6 +557,16 @@ matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] matrix_nginx_proxy_synapse_frontend_proxy_locations: [] +# synapse content caching +matrix_nginx_proxy_synapse_cache_enabled: false +matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}" +matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" +matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" +matrix_nginx_proxy_synapse_cache_inactive_time: "48h" +matrix_nginx_proxy_synapse_cache_max_size_mb: 1024 +matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h" + + # The amount of worker processes and connections # Consider increasing these when you are expecting high amounts of traffic # http://nginx.org/en/docs/ngx_core_module.html#worker_connections diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 92454e96..30001dd2 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -12,15 +12,17 @@ # - name: Ensure Matrix nginx-proxy paths exist file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_nginx_proxy_base_path }}" - - "{{ matrix_nginx_proxy_data_path }}" - - "{{ matrix_nginx_proxy_confd_path }}" + - {path: "{{ matrix_nginx_proxy_base_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_data_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"} + when: item.when|bool - name: Ensure Matrix nginx-proxy configured (main config override) template: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 720b5086..b15546fe 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -5,6 +5,9 @@ {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'user_dir')|list %} {% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %} {% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; + {% endif %} # Round Robin "upstream" pools for workers {% if generic_workers %} @@ -95,6 +98,14 @@ server { client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} } {% endfor %} {% endif %} @@ -227,6 +238,14 @@ server { client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} } {% endfor %} {% endif %} diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 172a83bc..74356ea9 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \ + {% if matrix_nginx_proxy_synapse_cache_enabled %} + --tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\ + {% endif %} --network={{ matrix_docker_network }} \ {% if matrix_nginx_proxy_container_http_host_bind_port %} -p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \ From 90a142439aa983c7e59c1c9598bfbed2473789ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Thu, 21 Apr 2022 10:07:47 +0200 Subject: [PATCH 240/419] Add matrix-registration-bot (#1771) * Add matrix-registration-bot This adds an install and uninstall task plus helpers. The bot is disabled by default. This commit does not include documentation, yet. In short, the bot can be enabled by adding matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_matrix_user_password: "verysecret" matrix_bot_matrix_registration_bot_matrix_admin_token: "supersecret" to the host_vars * Change bot username to bot.matrix-registration-bot following convention * Address smaller remarks, fix local docker build * Switch to an env file * Add environment variables extension for additional config * Add documentation for the matrix-registration-bot * Add screenshot on how to obtain admin access token * Use bot as admin to only have one access token (bot and admin api) * Use cleaner setting of matrix_synapse_registration_requires_token * Use config file for cleaner more secure usage * Delete unneeded env * Rename vars to make usage clear * Fix typos/wording and add notice about logging out * Convert configuration to use |to_json * Reorder role includes Nothing should be after `matrix-common-after`. `matrix-bot-matrix-registration-bot` can probably be anywhere, but it makes sense to put it next to the other `matrix-bot-*` roles. * Minor group_vars/matrix_servers touchups Co-authored-by: Slavi Pantaleev --- .../obtain_admin_access_token_element.png | Bin 0 -> 210079 bytes ...ng-playbook-bot-matrix-registration-bot.md | 72 +++++++++++++++++ docs/configuring-playbook.md | 1 + group_vars/matrix_servers | 29 +++++++ .../defaults/main.yml | 49 ++++++++++++ .../tasks/init.yml | 5 ++ .../tasks/main.yml | 23 ++++++ .../tasks/setup_install.yml | 73 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 36 +++++++++ .../tasks/validate_config.yml | 10 +++ .../templates/config/config.yml.j2 | 12 +++ ...rix-bot-matrix-registration-bot.service.j2 | 38 +++++++++ setup.yml | 1 + 13 files changed, 349 insertions(+) create mode 100644 docs/assets/obtain_admin_access_token_element.png create mode 100644 docs/configuring-playbook-bot-matrix-registration-bot.md create mode 100644 roles/matrix-bot-matrix-registration-bot/defaults/main.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/init.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/main.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 create mode 100644 roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 diff --git a/docs/assets/obtain_admin_access_token_element.png b/docs/assets/obtain_admin_access_token_element.png new file mode 100644 index 0000000000000000000000000000000000000000..2204ff39b036f0aa3f5b20c470f0a55df85c4f9d GIT binary patch literal 210079 zcmeFZg;&WnZU=txAkRwQl3Msqlu1}ac8XvhWo!CtLzJ2qq z@WZ8n+X)W(oNSL3m4Ch{dDLFWUuildF`2+wv{q1k=*s6|na^KxkG`!?weV$c`18Wi zj$}4ons+Z&t>=le(IYMNzTUdCoGvQ)b(F$8$>I3zk-(9U%?&SGY;V`gBbJ4GQ7>_C z|ML}wliOQQ8d0$S_5I&3&tqD&yMMp0apNxXhri#+K|n`*F8a@xD#Fb-6o0>-yng%a z@2`a2dnWYntNlX%N-qERSB!7U{i_8nL z*7wbZQgr`r?Iw0RDRQhdb&l#2jySBi!4IQ`EzF&qr0HyC;cZkqu5Z=pU$Dk#+aGiX z%%)HX>|rF$2DXw>Mzn1o*mwtJByx-D>0R|H{(B&m4TY$0RI?)w)`or$|CqPACKzoneQ2dMQsRW+=O?6?dAD|ZMb3U^_R;?w zxBakY33-nthmw|3XKSKse6ALU5+P>zLU+T0y+Luu6g8=wyryQupW^KDt!e(M{oQP0 z@6DU1r&CD?ooffXWIl621FC9sj@&DoHC?rQCrE$Bc*UviNVShvnsOekk4ec`JuP_k zagIiIw?T@je@gJjcWYPUcPlIRF&oLl#C!V3q^Ry_C{z9oB}92`MOj_l8*_81nEOZJ zlGSG|Tt3d&H|r_l83{Vo7{lMUMn_dywBsXla188)iIFbCcBPh;p#?QJjE@s5MJRQ2 zbQyk;KECkw6ksZUgRt=OB{JfT*&QyX+S5O0eKMv+8lyiAkm5M4>X!EGE*qZfdM`Z1 zoau`h&qfkW2IIL zJFTQ?RaKa;6BBjwic9+ky%KhI>@XXpe~>4|#y&8&$hw7sps-v$>zZDRCjV?x83^jEqc`_7Z*t16f@Ia{@pnWX*oI8r%z=iG;U@OThSjh4GP$TTP0>WKH2Z9arfJ&oBpy8XBm75PX8s z$Sj_wB$}!qoXm_JKvFsJX3)Hz`Mxph{X1<`z01Tq>ha1v7l)w*?+pmKh_Tn5dGUj8 zHX2hTNWl9BzDR{19A_kOt|W3JUIa71{w?k1+s3IhsH@MNBQAZ@=97S2;al~K}%hD7(1?Om#2JRFnFvjyf zx9L83?j#tza0@XAz3tXK!Y9eJ<+Zh?ksUloXD7xisf>Q@GS^!f{qXI0g|cCJy;h$q8y``MM14=gx3yO-oNfz|!*1Je&W>jZ1mtveNoAw)5a10{ zaRfWwT%1WzM^xFJVqPsAU41GjP$;pQXvh#exOKSxM}nSoF1X+Hc#O#>I4Vk2Tb3qU zjdR!3=agpN*p!WrwZWmgwrq?fM7 z#xrbH2?m7oizu$sH6EkY7Bo+v4!ZJ_QfFjvIjypHlX@r0(>5&$9!af_RT2eE)c4NO z98cErwS}d&;^#&tY?!t$%B)XS2Kb-4@9yp~$6=Y63S)+Tw4I%Q974?hVyyTusa=Ti zZ}7XM+R`=^4`m~;TaEj7ngn2$-t@E%4fs>>0?ta@RE(%ojfuHus`C3{Mlrq6*EVG8 zMI`=+ws(yyP0W~^Kl?dJLmhVd?p?NTUEPS%5)t+H4~R)j)KFH_P^iDW@Nir24R{P^ zv2`?8QEW{YnewgdT}1^?2~_zf`86#Og2xXX9QG3Iuq%Dz<1Kgh_V9DfiZ$EXx=`vY zIc&?dzjUHlm&To+^LYwP3Fo#MLvo$1xQA(CYHGxRS@&+jnsRK5hLE28L2&rSkx_A% z4}OF}gGq5%QnZ-0^=n6J86zX4q^kwJ*#a@L^q)WPCUpljn?FjB4Ac80_uP$JPH>N2 zj{gFa)B2E}52?eZGA}c4QO)OIFGs5=R$u4_X((z?voN#zGhJ&^zk2dvoAJ7>?i6xC zvW$L-lBv)MYptI{i!wxR`(Xhi)efj`Zf>sCx^Qv)4Jg9I<#iQaI5|CnggM_Ft-IJp zcK%6}^_I)Az`r-6GP>V)L8-CY{X$m{E`QqxZEKyoZ~ z!n*t!^$3lal+*yCRGH4tfYA7)itoG!X~a@BkE4{Ci%S%W;qsrj*x1?qm?9}vHz^@+ zfur@Q_6&g&J1BNRZN@1X83994925?>A;+jhMt+WrQk4G`+P(CMIBrCedM7`$8Oy6Gbo$GT)g$kyf870G4%O&B8ClxNs-FwL^87@F zgZVz`!NF1gcwfT-5ocyrPTh**F4Rs4o0ynmZLd0opzqroLs9hyWOPuok$EVIX zjzZ_o2UP-0LoR5DYis7CJwFo*3l#x_@$*;n?X4ShCDhizp~E2|ogEcfEIHfT7q+#x z8#VeLXxG@Q{0oDBvBt*6f4$ITi;<3fy2er9-ie}^Nu_Z~d?%2Lpes>x`Hr@%i)`>@ zsyuB+7-j3P-IqI3Nf$WB7Xo~wIA@2O22+##qNyx!q&?0X52Bg$7G~4hf0pP_-U-AF zY8J1x68CR5oT>4^DNN1`bmZwA86ou9QM-yzvWYh^H#bk-oJw@}znVMpj;0Yfz5ToW zw|b??JqS;TGZRC@@W4O`|A6b2;J|MRb|Txn<)WSFCihZp}y_=*w|RV*Q}9} zP;43&+SSU2CJW@xbYnVAAmg13mDV;!T%C$EgrOm5XlQ8Hct+Nq?+H>eT_2>30kgQ7 z1WSUB4%HnAx+hOY3f=JB%F7Wt{Dt|>#`ioo)~1YYZC}lhR=RA=JJcR)kb11&o;3UD zXlM8E%`=48>hxU&cp0vXJqCaBiX+;LnK6C)O}lp1^v>_mJ)tAKPx8{;+@$yD#b1UI z)jBYbJggbV5`%fTUP~6x*j8MUtzBVzT5^QK7!7dhMg@S~v8yQ;ZkJ8Iq{{)CkrJyX z^>5F$lzcXn)l?L8RewXJ`w|nAR+JsLb=iN!Nd=vtvJSJW{!n{bob;P!ODG=5p{>3Kgsyzn99H9XdKb-CJMgd0|VQ(1Zz`5YEKP;9M!cxC9?0zbk8Zm${4DUei<)j(AM6^jb%3Y zf@!_*noCEvN_R{6;@2T_e-(fQo(rmbOQvLq#WA1jHk8%$T<|mS2 zvT_I#&Tljdb66&lk=v_bW7u&KtJC94Q{%-*`@dp`0%7Rr__?=Nq0IgsLhV$yf4URj z>2@REPH*V6bEQUgR#^JM8kgNF77A(rvljgqX%vJ4^^d*1EIgGJ64W+ZXr7g>6!pax z8}Ec?(lP|}W0H8p*@zaOC+kv#k;hc=%fCBeW+n~VlPyK}6DH>M4!7m%*#3ofZ{a1d zsVZF@fG{oo?!?%raAFt4+|I;Bqtol}VR`aN8EzL8o>gXu!#H)&~)<`)(Xi#5fm!vPWl+j1Loo`l%f_1Zw|ef5z+i$g(2 z1!~7bLBXWHzB?!=C|_a{9=WYm0CNl>f}K)9#=mX*SE4y!n@_I+l*(I z(#!2xbCUNAqP&rtY>44yvF6Upmj;BTwPf2eb8~ao6t?Q{R6$Zo@|9&yMoEePY8Kt9 zdDi16PbixWRW@I!c==A0B-^bf~__crKTS;CRWPTO_j^BO` z8TeQzF;EbS7tjGb=y+fwero%6e_1Qhs-gW3viB+;*<3y9CJpDOMkp@%kR-3^GYSf7 zbkt;c%oIVpXPI%a=8rMUZ;ECps3-*f=4IN9kkrL9*r+zQL!LD<|1zFjEj#<+r!r%E z&6)vQ-k@c8OwGjk%+z!^g{P5u+m-)w6uuEh96>^5gfXjxjUJh=hzK#aJ8^dN+p!Ik zrI3yD{HvW|_2R7CN!{(MgV|^(7?2fp*k5Y=&9#$poV+(&{x_uj^P?@TsMgx~=AZQ7 zu^*%BpA0mpZ!t;Xa&far@I+GJqD>#TpUl$;wlvLCiG`4wdU|>$cQIo=SY0bKy%La= z{J;{oWFrU&Y-EHBb|xf57S1qGl!7Y(n~v^xIsA;S$A!}iv84=*+Lf6AQhit_T%eC3 zAv?R-`F1l6k09?XVX%IZ%)mz!&K~^Gz0_RRsI2p4i`KJfh#9j=V2fm`^l0m)zW%3> zJVtX13xtuMc1VCbX8RVhMJdAkDj*k@SdU5ruJdQ9&2`Ug71%{v8_In|GbTqJF~d7` zLAtR)@=o|6f{BT#+uZ(rfs4%0{}d*qxIzC;bC1@ie`TC`8V?8NU$IVc%m0E|m-XFt z<37na5o+48x#N3VWe+`UW zxQOj~A6f4sV*~-wGID)2?TdpLr=`j5y-TH{5(!vu=EoTK4<9lu4l83z&-lzXv;QbB z<;G_hBOA_rE9}Yg?;~iYraMOWf+{W`MaUW$e2R}JzE*XBeb&E4X_|2@5GAqM>{m++PnlIqQ&)rlicwSac?a-4=Uh zo(t(i9T901X_~XM%C%V zD87y^PHY6hVZegNh8R9a-Hnh;BP1rA|J6GO_ajXFa{sFC@6}bU0LZfZ3l{{lt;}p2 z&?pWqI;G`gX6?({#@#z7{VYv1$p8{gfky-K=Iq*cX#a&b4P`IWWV%oDvc9=+2( z8zoi6kC1rN(?9(AbJA5KN+AT*G-Hx0xY=+a(c^HYN(9$+ewoD{=>~w8%-r01gVG|K zZfoEQE(Xg`H-W}7bFp{q;AI@2a$dfXKemo*p#LYS@9w45Zc$%&aYmDRtEE%Ze2I-$ zcR$W3q!%KuTV5uVMx5Q*SUFTh5`A6K!3hU(Lq%2;xZw0d`Sp#w!taG8Mjg!my z92u%b)7(y4d+(p27PVTAmO#9Wva1^39Ieu*@L38di!qM=VZFCui`@>2hq;|+si2US zI;}m5*u(pHbG5Mc%syFb}TYH8s1|2mp+DZW0Kd zEuKe?K@cYjIKIzjU|1imj_~q0lvh<1CdaKaD8&oxVBzBWTTp;A zc-Q0~>KPW<@mWp%5WBb6!<01!^4t865+*j5f~I1_)n(e00Yotuu`{;d5u)DJVkwvX z{z!@wXe1ypySbH@Y0E-NFlm%#jih)G3^HuI!;q=Wvj`=nRP^7bP}n_5p=q5COAgv63^RCSK8Q)(0i%{C{ViCQe|nl0vO7U% z-L-cZEp(%dLKXRds*d||JpQ5uwStaX5dHa>>mcrDI+C8!un;*DiwX_-{XJz6MnaUA>~Ke z-O~2X^>s|r{OHv`Jm_!z5C)#I8*;>f{x*AX`d+jFT2*&$1w`ji{Ur(%?PeOjb>mft z*ppYdqukumA#(b~quZyR-xMVf9;oJ~m3@mB<&$+L4`>U#mFTl5Hje4Sq+xafLJZ^) z*$kwhX2dU$x*$t0rYPJAZ0eKpW`u4Av=K9v!^MrQSIqt{^S1td-)BY5Z`(Jhd1+9A zFksIkP#gBr&KXfc<9ct$wfdP!4K)pF##r#E;ls#y9E>TZnLRwb(Q$mCY z)t%(ZBHzsrXA_fjgzb}a<-s8Z6{Vo|1w(tox38##c_K9n|LkVv&@T0gk*1qnXy)l! z&BTZVNTl@x2UOHiX^!?jDm~s+yG)E4;t)>m>1*FImkmJ5ANFlu&~%sldzi-cg*V?| zXW-eW;;Y7CG51c43hku@?H?U{5^uUeSb)t!5Qy-@M5jMDw^4&DzRPcJD?q2xSzbq{ z`GAO@@2DYYylS)v7ukAzq^X9#60pyli5yO{JX+<1EVFuDRA=0;_RdG37cg`ET6m(i zvbIJUBVAx}KnGeE;KsC+D&o*#DT=V^#ZJ<$cz!XeI}an;rgvPw=g?-DUGSV=(xKqF6!9BAntr&W|-=MRg~KS--g^-@4XgU4RkTB~2NS5TXJ zKfIP&Q4*re(+vGRr3gG5tpn5R;yh|;Iac8(&efpQO+5R1aM5pX#`X&k41a%rJ04;n zogF4@kD8y4`%DQvAR+?U=NsGotn6%BM!MMmLH7>@1$IL@y3HaulX7ZDP7r*I(HKd? zQeHX?kcIaM7{etp%q+i~ZY53(45>mZBRrG+-ogU1eWBat3BfJDMs|*YBGV(;!gGyl z+`6!5w>x0=wv8%|)7p4zazdTqTH8Q))Z7dbNxvZTkL`a6si=26D0~*HL~v8X-s(Su zpx-ID4FQJl_u591YPO?88u+*HkMCbvp053B>zvzd-izmV@-#c?hKA06q}$E~?e6EA znwkV%ZhWNi*r>3_&=QBT2s-z+>$v4B^Vy=S8MgC-sdJM2nnND_+4{4s1&pLCVmLS` zqVx#5`Ozs2!k62jS454ClA4v#(4HE~Ck?xmH;GP-^al9P$J&eC>u{oplq_&)bp}1I-2Q-W%4Zj~$0`s15K05=@biO{FF)$@83HBX7kDTTfij%`WX?Y`|@f{ z7ysFzVTrnWk@HjR3}3dTF1zz43FwsrEQR(UJ?Nh#W2JqQy|<8T`GfqTX-e_;~Y+AuE2jc=gR-P!qBI4o?BWH{+hr^|si1S;6z?{_>WVaw#!DgBfw;qR~3*qH94zxTG;aZ@R%x3Xq>h zk^9p)PMapng6ZNh5NnJ8qnyudT_rWy@YfE{JtCz4T3n13*NO6sB23@iL;xB2eX|kO z?6p=&jfZS+|2-?`8#Cdzlq$>14X7J@oE!UkA-o z%f5Yt8e!?oTLhHW>1Y4MXxI4oc({s>^R>9!CIMPQTi2nIf`Y8tuqUUUm?;fOLV~i2 zs-mv0>{T6k@2k7f{SxdCUK%@oEU~y=hJH;YbAl{LrKLTOzC0{)owcJDp^hlOw;3az z(f3Zo0K_CSGczq(wwS!zF>!M(2SiPV1zOQvdS|M^fx$$v*K!Q-+~t*(m(I>nySuEC zQc^-J|GIjrP$9|?MVA)8BqUPb4n?}3Wo~}Mwn7_j*p2DElgzx_N+(7U3Q|*N_gHbR zDq3VMMo=T=X{8+;FjQ1jh|5d`p@;_V-0F+Lgg70{Cei@!f@xQRk-dF5s0MO!Od1*j z&=|h&es&777Icx7v=ya&d<2#H`=xB0#C%13_i->kwHY5z9wix@n?C@7!@%GnX=vP= zH$vByul@B2`Hz~skku^7nyY!7GS?MWfbs!k?ytkc!_yZ2W=aadA*c`jqaPa=DE?Cj z;URK#hefTtD2-An5#|>cjEctIoaB|S#}gAX68MiwuUc(wX<0MX?4u`LNRxu>hk&ru zr3ZpXkGx(tl!!L0`EBU$vas{LZ8ltlVnOD0PPsl(Kr&Xo2R#rD%U82u0c7(aB++yw z^4HE|yA1sq>H^Vbq{@tvx5R2;chH2-n)7JFe`sE4L}V| zcz8RMX+X4L=IALhGO(f9v8fBw!}ZCwYShh{z1njP5J*x}jpBKI-q?7rk*%z+Q{V^P z4yunSTDtD;M}`Vq-u6CF69^bIGb2~l5f_2Bo$P89CR&4)bX*W)3 zH@}zdB{ahe&PwXqAI26;oSjiZT`qOr1ZNN5pvOe{FM>i7Yrs7GFM|4c&1v2|!+u^` zvJfkc0)7r7BfR~iBfOY6t&v1aXsZ9-h0cyYkWFSxiZC?F)YSdM!!T*;$8>a5G&BKW zGq+n>S|u|20W9tA?V{o1+k&D6DGfWocYOT1)&Nxl?hfP>6AO!tnG4yN787OXq)K#g zae2eb;?;-t1u8+N(C~1>9M$V~WqCO_a6wQofkuQ!$9c3`{F@6V*{_M%5II$F{s#^;)L|ytNziJOPVzXxeg>=QXH`9G%~-Zx%1A% zRDufB?U+YTI@sbmfki@?;0N80Xd{o1h>)fZY@UTw32lJB_J3-SfGrpt=S5~pef9+H zrm9hY?Vdy>B7(zWchw?)FWBc;4B!^R^nvSf-_|8QlwT@N-08l^C+8=6=TAF3JDczV z;k__Wd@ZLc{LVIcpE;@A1N{pUpO`6uSSabz_8t>6FK;&UKZmi&^Pl&tU)l>#N($(o zF*dY+>q;-{Us`dR(o0z2>iO_18zxdxcWcPT*!Rr5Yg-R?z-WyX21x>m3npTz^=Jnr zj^M9JK&G_6S{EF{4Qj@IfCSre%EMu8IeV>EGvww{ZT|58Z!G*meGWZo&+ib$JNwC| z*Z3kvl7U$6Q3OaPEF1#ZuZP!?Yx1HR^snt2y|moi+}BXh$88rC+CP34ohEFciITb< z3z52SdxPY%)UEezdPScaGkJ0Xi;Y5P0 zd##2<=W9PA4Q1l5CWq?>V&}9Yce&jKwR2@~N{a9UqP1K2^LVidkDS-s<2qYPa^pse zJP5pNlc4vzdwmMBN!;K7Y}q<0a@sTL%e;GbxG@7AlT`3bgmf`F-TbfY@k>Vpo;HVz zIwElV+3St562sC_=ycr$gmQ6q2&S3-pWY-Ozkx#t;aWxo;}cx#mF4C6o}%uZ-`V*L zIh-skZ98~0x5OxN^lC#+D>NTGScOW=2Cgf4n*SD&U7?CSSDD*kI3RGp08a4dX*T@d z&yo_m^^sf9ZiF_-HEnuEzGQWvI+Uj)q8b%yG5m+y>$GD`HI4v1z-(*z8_1l=wqH_G zD9p{XqNDy1B|P;9Zqrhb(Lvwq{FI=!Zh2%RrL7tyYa6dKUO>MJirS*!@xc%B+uU5+ zKfvjk5`3nkgM~8*f_I4}#Zj9!X5$w!y4iyn=W-5j zTevUR|MdfseK~rH#*T@UJ?K9%gFucS94=n1&5*OG^tO@q-lToR5y;f@er2@*aEXPgY*upiYx!u*gYMLuux% z@nDXSz(e;Fr;dO|We&$!-#_d*45tHps?-s;N?U!0*BTdgrk%U5P$A-hEQ>Z6n51W* z1qd6n+FYbCQtTF?2T)!&fZ5ojc=m?KNYXP*zXZKtAwmHz0m47DWYGMCKSxK;IP$c0 zbx{*z&+NHDi?^;>D%#B2`eB&(C)u<%V^&xJaOWLY#3BRzFP)!2(#~KpXs|9aAVh)m zEjruvCi(BxG0*_YJo>SHBfX*|vEoz(Ip~8em(I8Fwv#=4j6m1;nPeegsVUiW55jD} zDAN@iryYST)&iorb0wNz1Ed-!nh&18V9~p%KKnFVTu-@h(c~3$UqJg1!1cyhX@U6x zonjl6btq9rKZs6-ovVY&pQ9as-ldzGpouN|sJ=YAxI4duhdl*a{3l2m2810Q9kB4v zpYP5&^4#(hmX?-ftgimMWRuai!19HE{CF>;RidP;5!|>!9wW}m&i-twGY;YN=V&~% zc|~o_7v!9wg}ahn3Ea&+({;k?$KJoYyXU~hGdB#i{&=nSgjd&f<`L|BVMC6_p!oCW z+|V2wEGFTZ!~v$C_w zM*G{ruP81fgH`>M#)db$bz zTT9D5=&voZ+QL>MlneJ%KscJ+A>6QH_*ty|=ys@rvLZ^|Gd&zD2DKa8rlxcD<&X2f zQ``;(k7=1(_1Z=|;}gK~V7U_#x*>Sp+n;0pJ)COml7on2Z4)7&u80)DqJEfn{H}H6YQ=+LIN^t z!=1II^kLt=eIpENmiF+V$+a3LB#!mLj%d3!1GBRa;L+29;kXCP#^nwKkOU|qB@GJH zzvpEcLl9qU{jwSNNl6!>(e^PUc*5>U`mYIa8_(EtXXfXpg4e36%Q}(U@e8oY+d#zX)2?4Pr*IqU5>z3k zs(o~*NmOCtRR;+FfPAtaz`mYjTReV}-!$V0iX9;l(ZUNg8o07qu{=Y0Q)qSf0(>{S zu&o_k6t$+F>3ZV^^h;>Gyq7G$?1hDh@%H9j0sdqS4}F=I z20c>H_{_{IUr-d3;cke$b|^pf=g-fB*$+;7mAZQbnd_2GagctvbpOX2w5h`j z-YeD^cA(^}xWUb@%*@hC^KE)7{vO6pI1CJQba1(;cdure3x9X4LH=tEu2?7I>X!~*w~~a;DDj7*)7g@0M+7c zJ)*#oRMNt=#+ZG^qn6Ln-y+jz@SL;q;KmSe{Cqw00t27Xyk6lYb!Sa zA~;zrt?BIPVMeHQ-Z(B8t^soh0(27H-OpTi($vcSj0-C$JoGsiyNU$dVSggYR>a2U zxr;}ZT3GmYIFxwq`o#%RuI;(TXNS4aLY*xj zI~bT)IDk1M*R96rpI=r(&Szz1{oT}r94I{Pbr&5l0yIQY3RB*W zk83x~{IcqP_!r-3M3LKaf4N2l?yY*$KC1o(kY$9tbxHLu&TPPc$mMWI40hYrmSCBn zw{@Zv^#^O5uB$7iU*h7BrpHhA<`-{rx#|l}U2GmrI!(kDXWMa+#B;lZfZO&?Xe)rw zCGd`eHxpn|)+tCIiw#~o1bdeyBxflZ`Zqc&}RGr z8sgznliUwr8_&lvz*dhLVSpR_f*`?1i6RXAut8HN)mIke z6|sN*JaFC|@47nP@)2eYgWj^d{3kgJEh29pe6}k=k0TPQC9f&B%ZsLv{{Dyz8k+fd zG+Zj7w+eS&wuOJ!KhcibDE49;RZ5 zwA$^^ymcs2Ft;#AAFhgb2dMV5xa3Y|Zdw|*pd7_B6_tDG2A?EMFF!4`LiIG4^_<5&X^i`i6uw z+-_!Nh0DTp$4biHpGe{3pM52klkexas+_0EeSI7KHW(N>%kp5BA@15B@ac-x<^f7p z7Cs_pKQpro(i77gCp|XY2gG9!Z_6>ma7CJwn)+8-HHmb^{loq6b`!VNz*aLeYeRE) z|CJRp!yT@416(xZXA0F+)l z>UXSbandOqr3b0a(aD9NLFq1+&kV&(;sCii%j3 zY#z`h>+Q5PHDg~{zWSP7nZZ16%YE?Tg&5%jQdoP<-ozFQFKaN{($kVOFepbd_TVZZvqh~O4?>|xSpFegc3n_%Y zT4^}C=u##~revarRlK01%N{9SdiX~**TmMltIU6qnvO232g}!(qW;%50?i~}!*&n( zp%?%-mG8Z-5NAj_KQ207&Jb*N z(kA_LMovPqacxmF?&HL7DATG2LYQsqdw5iicB_iG0N#ygnEuB&Y{;FwveoH`?2 zV$!Ba6h{E}#tSM%DGMnKty0VSwFCUF;=996Q-?Lppv&f0xxcp3Dg}?vFXKYmtOf#s zBjT4YUsfGMhroN5;o47WbFpZ{%*Xfkr3P1CdwMX@@wusBpL_c!iT`C+ zHnqaYad!=-x2MUOF5Bf^X%)vF#FZ#2X-Qdq3(3lQfWWRp8Qspp&Q+JTXS!VD9V|-m z#wySlsgQ**$4lSyn#wk5gp&bEgMQvvzPIV9RuH;f3l>rRSWM zPGys$&7APhRR=?lAv*+M*UHk~oejJQ-AS7|$6}W;^7M>Px|)5Ir&H@ac9ZZrRs45P znkuC-Kd|R6uM&Sq!9_#473sf&`WDI);v4c$dUvTn+mmhz?CONc#jW;PatwBv)S8+Q zd5K#QN=ncbyQh|%k`iBRq1rz>DkCHFH0g3s4l+)C^wp}(tMAz&{Sc;vl&MCTSPKCs zd0LhJ-9Crql|x7{A)>6R3QBe8)K;UNHb}~#^@99?$e0{{hr;PLfc{?g1n^$)B(#)R zLFNFb4LdtKxHe(PL-(io_QW9xDd|IHMPUaAJT|r>(BSVLZY;kNQ&NF$K}=$dkc!Ic z8pXiCfV`q2Vp&I5XYbfpH%O8pb6?FK3=XOcJg4~l8Cl`3pE6zZbPqE)!;M)v-KEk0 z4V3ps{()iMFPnYq;xe;77|g4s-4xI0pSK@9E1~_xTa3GXa^Zcs>~rGM+=d1@!CQ|5#Q)pE^IJvOTX|B`k&WD+p(_57n(kk=_-U4kGe}tk!|_G|NQnl*Zi`4 z5#K2rM;#anNufpWeU(#IrvJbH2vgbC^^efEgCtI1Q`2m}cI)4DqwVM>JnRiXzlc1x09eYjePRPLdoc*k(!6f2(JC8{?}fnBB1$Q>e<_V@0V zEv>Sokr8E^a$(tW-oUC;Sqv9u0v+R>|2)pD*TTe^|KoT3uPML&^#b5Nu{1P{Z;xiQ zKiyw>K4vvW9U);fc9^m;+XdKOCn3SL3Wke4KWQo{wMXTS!7TyseS|(%0&P(m(jXT8 zr@?bv%_^JOuJkWVm!5`@@=H=jJhpVvfvNA{$g_og+4Gmo{G@-t9J$;o(A8@s1`UuS z2Fu#f@p1ZugyH-5??bM;M}YC)7~g#M_SwTGRDUZC=u4#Zmd~ajK38DIMCzXt8fMof zfJ+hANsoRH@eKk($Q)p{4=JC-sWzE^stYM7pL+|YuLvpJwH#w4c6msyaQCK6Kcu2p zu_*J6*_IrY-*s8?hlBEnjEn9|_tURiXyC_4FP03a(Mrx}2a2ZHdV(+CES4)oiEuYN zi_YHw3>1N_M#gO5NI+3gxz}p9?e6v8St$f?Dk#&*FqSg^baJzjm+p6z?ti8-_`EUn zsSGrnrYk;mn*6XLdalspbZr&MGMla_{aJr}OxWMA^sRs8WbH5|i!N_1#Z0p%I&Cey zec_i$QP7{w7eub;NggwQWco$;NGpxXUh!gIH(BTIVx{nZxt+H){ zF^*{T^1?bzc3k;rKWKh89pli=$C2r`)rr<-lmZ4&z2XjwVdwWV{bNUxqa7kmt#quN zZkDp z7HhJXxV~}nJ8oWG_VvmwKEMR#qN!SdYIm zAoSdeo0?u7eDYkZL+P&HGxA@pi5K@E0wle4h;qzRTkXzWpANffp2jyZy0a)A1|qt?LBiu>s@=a+;EFkH2RJut z)f|u{j0adXZSAq}vo$sc5xDLJ4}&Kv$YMV43elzH>IJ_Kw`L>bzEhGYgN0}tbwNOP_?r98$}1U! zpQj|Ruy_@aBFoC}YVPUgSk%^4TvEt7A{U!uwWN0^tKgaF;~y6yf_?FQg`InF#UIrgu5GBK^5XCIKF2$sKAVEc z*!`#<43V;7Z6@0%RqPy3dq>?!o-2IM$w|qrPU!1X#OxQ9pa#23Mqy#NE8mBg8eh`i zOfAt6qJ_7=1e4O;*z`i@2_E}VVpJRweb-lCL@BW8^RWv3CVe@VD?+;0D53g&=UnXQ zU-U>=anI{<$c7o?Q15*W7+>c;8M-Ci5B|NGR5Gt98_zj1Fcs9#?cidfVDLA>@#k7u zeG7lwl_1!<5|IHqby{X-OtlA@iKXLbW7a@HT>aLr1k3TVn3@{h5E2hOFsC^=J%y-v zC!F?ub$98T7UOe;ksk(>VjvhTnUh~SwE zkmK5yT=@di^xBLorP8c8a}R-{T7hxzS?;0is4>4!5hfF4-t48(lobKHNmS0UuuCx|?bGC7y8U*NjM6h=__4R?=}({_bp$;M|`( z^&UHWg+1PYhZ>k2u}Sz|ztkFdzB*FqL{wp5J9}L4ycOh*-@oZdJuC%v^F!H8yTJYa z#vxz@X<*k``$>Wxb5mFHprvS#Hhr8%R(e7K~fTQZ*7#o4^iA@66o0RzgUDKlbF!@#HxIzJf>m9n}yc$yN z=xnt-kQ^n_lq{!ed{s!YxlR{}Ud75vSv(02meJ<&NyH%N3X{xuj1gVn){gJIH7R0c zMG_;;1fUFjmu1ciAe>XWRts3RF0Nz<3adCh)k)C7#N5Zr%r-hZB!O25$y~`CE4fnq z{rfk3vJFwWc2s*bQ}5tlB+fHRC%!Tlrr7j*4dcAG0@`0$SzLDl8Ut{8M+XC~Mt}bN z*)uTkajMi+;kM3jW=@XrRBGtV-dVZ##e--@T`KM=yaR}6Ken;ZK?k(LTjR^*E&g(; zgO<-&d_M)Js^ke{an7ZuswXflsS$E`ev(QV+<0a)8o=hv;`8izy-c^^5ovwm=38y_ z;+&hg=2*0J&RYiYnT&PMvo(WenM7 zXNA=2O5Za0BpS48u>69Gvb?osq_6+_@DLkhYG)~2G-i->AgJIo5|%3x$^HaM+1TLd z=9l93MMg&BVWMz5?dCoTxL=tUG&k>Cdw!+IH*U{ug&V~1XCbl7T3|#bE&Ov-l%kT7 z2s?fn7$4xC87<_Dp(ym0bHh~V7eX>reMiT4aC^X;3ymgIKq)Qh)X=5Pt_N@xC zrLEVeIXF1@9A#Z`@=1zSCPMx@vXS>?^G#@t;kAZFNKgJr{gIyT55rrS{m5U<1RVEW z`KBvGDV&gfg$hS8(N8QYTz7;G1e#$87bY+7KX^d#Ab~PLmhCBbTgN`T#c-a8%HAFa z zNSB~=gLHR;ba!`my(fA<&))kVykq!f;TmhsdCe=%I3mGQt;8a3WTd=$Zgc!$SBvs^ z>3KJT^ERea{q0m+Rp|=takX28PIRKV_#ABht54gzDer%e{GM)DNbo!wZP;2Qrh)8m zJ0SGaz#Af?1)6b_TaC!y<+E?Kknl%8&l&TcrK9V|`J2jV{0Wn5aPjbFMhl5~oV=n^k*?1P5ydK+5}N;wr#b=TWZo;*2u-^>WQKnok0xfL<&4wO)| z^7On7_pqI35U*$R_S>b0+o_ZD%E}4_e!%2m8P12kXyvd_O|AM6&0#W3nnp`Pz+vDF z_zPd3iu9v)Jl56)G0(>8eKDGGvhdeAQQ@=LJ=LV7Bv1zE8yu8${b?p0nf#6n1Cf`Q zp(qxuz@(j~{dA2IwiPK_f0X%3eVQA1c85 z$p+X*b>b!3 zDWRhB5bbXppsHeYTC3++{c5hrVX3?P%UF+8krg44L{PrOKRJmZ4WvTUp}xnz95yjyr`puA#|``uGI+0Bq5lYwB#!k-pp^sjgaoV?dpr zIL+Nfr=7U=VU2dHexyi(ml!0ezV1uBc(j@IjLMvygQFQ<9oP0~MxzjCAP}!%QxLK2 zd6q}y)0ItsdBQUV5=NG4`b+wsn$3vHT&Cvt%qLfV`JWJ~zfe9mqHSF}_}ac$;m7dEN=@q?n-gwnMNzIHXR>x60nL0c6HcSrJS%Ks&-=#3^}s3Sf9FEUdS^ zD|JN+D$5?J^psvtzjnTjjEzi6rl^~q*3#xI&0d2u8G5XdvC(v+YYK35QKbtwIyNRA zjjkP_qxw)&Blh(5p*-g$rX;TJN)XJMDMK|L%q9&Lwc79GcwOyjVBirQ^Wp1#zr<;A zbp{i~jzJsNS)8}LDe?~RQI6ccdF??s9!b&JSFgdc#NcyovvB>mVg0*OdDp{n4kdt*y=e^yytmIT8q2ZZG#boQ78J97 zpf_U$aT!4PzE@SnWp_y?+DE)+0PY@8Qz1@;G#8YC(%v#(Rj*(MNJuP~b#4ECvy<&V zZ>7vC@q`dnRzt(%ozt61;rliPFPWjI`m>_q!{8t`#6q9?2YM!ZUg+tOkDj};+^W5i zp^$T(X+xw1MD|a@x=N*l8u3S_UeX){xP&!DMBLm8*UjnFU*Dou@!?htO^j%=tALlz zC{gfmn(iDXBonf3>kV5Im(S2y78PsXeGu@?8|YpTo#eZo*|D3B{>l_$*}Og+0qE0} zKU`{z6Dl7H(OY_Y`pB<$Af?3nDaTMcpgfPxUya@;JsoQGZ}3rZ)R$s|umXgy56lAs z_TN2uevn_ZwLev=)TayDoRX3-rBjhc8%_cYArlA3D@Vt>Ja+3p6BDnsJEGW(hYQzk zLS^B>P-wgUwJ;V$Ekm08;@qJ+1FHjogS?F6JKNyIP_(qB?oTg-BT|}|oN7|$R~a2H zkrbSY_YMw^dLs!MA_-n*sCX(A^de zhEHN3PW~;-8_JrxHV(^Gt|Qn2pLAg6 zz_d6p9x~io)@lw^my?r&${kUL0s#L?9A?fFONSIj0U$9kF=3Ob(iujlnwFgnff#g2 zM66|5c9hoX6QVve&uPykce1i}K{S{e(2ovd=5#=_!*j>O_hk$ur~viSrq?WMfwFS; z+Sg8fJVIQpy)e_^u*R12^H0S<2^FKo{sHCeSRQ*Tz`+W?+N$WDXwYSX00)S85Tl2T zM%_CJ_k%hJTa??UnHXrD#z=36P`Xxx5Ii~j_YqN1XE5`E@)c5WO{hZ-5d zgS#E6(0h9M{C!u~+UKAE?I;S!v>=s#P4DW^`m^a(Q|5uE1HS_87KpuoF~#aTwI8_SMw1l(E&-)%)Z4n~So>MygyX zp8$C~C}<*2adToAW9ZFOg@j_>k5#95F==LRew`MK#R^hA*6E=sXpj~#|^*`y0r`u zc_U3cv36S!X)m%^Kes(`;X@W|E;2zEGJVv509_P;A=dm6f*CQUW=n^Q7Hyq8Dzx>< z`ewdECX=xQh{rJ~11(o(8wDm{*P#hjQJ{i|5U}e%`y#!l5pU+wMLRrx!5v#?NeGpU zp=@;sC-;Ugn;k8-1aZr1=Ns-^zn)GGO#n4W%g6}O#DaDK?I|7?8(ZtnT=Q_rJB+a+ z^JZIhNNP@2q}&>|w|^4}hQPJV%{c&=w105K!WK(n28DM}>XMUJWZ~wn>+cUJ?Imm` zjTD^~8DBPK<>qcn^2b5+sprk#l7_!SC}KxI3wP4jH_@3Oh~Q|rC77vR9+)sg3Swd+ z6!f4EnrG_l=GOS&*p;tnYZ$^cVfyf-;uIeo4Trdy8EvalLSO|s@M;(afi@CzC|S5F zp|Bnc9{P^MOr)>y5~t%X9n5DmzLM|_9ybPhaKgvEWU{D`;2@Ja{5K?zyqYPZ{K zL*`0yVUj7F+oQ%Odsu~`Yh_SW^?1qKRrQKQcj`${;u?2INC-%5ggx;=11KVt&5Fm- zTH-kX2Hg7gfv2SDn7;NuF27EsWKwV?H_BQWs3!eZv`OmM26iv<4baV^$?psGEC*5vMJwMDDD;vfG zb{wwzIEmCW@X|Y<1g#6o%Y)*=ad`asN7!WGNDm8rf**kG{Yo{gaQUL8c*^nX4kv8X z-MT>=ulnRbnTZpsZj&y1C@}8f?ZM*YICS`XgT5Gd&R@VO(E!y3PKW72@+n6SjK)ri zMW4e-vhW&-?#baeUme@3kI`|pN=JzMi;}$diY4>JNh{O_8pGE+;J?fDPR5z&8v?f0;R#@@CUl? z-xd`ebv*nkJ|UaFuDI%gh+ea_EcILx@Eo8f`RaH_>PpWo@DDFw*T;R^nUK>VLQ%st zpw(A|-F&iP>$1x{PrKe}(rFEo;rv`kPJZFY{iyh4ull&U)aInk?@(a0;Oyp`?*$5QBV~%<#}5WDXyqAdGbi{*)sZWzO$z$!@0pESM#qRb=CQ+PW`>37xDuqYi!U58?w!#<#E5FeV~SO-A-Hk+4qjNoyNuc+_mbT zdrrK>HtGz#EGI=nj1n02EydMyoFD7;pe7msDe5+k`_2*|rYCF`I3kh}a)xAa+gw81E)t{>~b zUblJvc!SG5YR*7^y@mKnucdRz?t<>6C()fpb~c1d$!CkTmL|-Rw0^e&P$bURu6Cxj zv&=7bN!8RvXIxo3PwZrKiK08sE3MUWK&tBG96FA)?E>`cP;^66LK?WSmIq|~PKOW~^93A#&)R7En3SB@z4HERdKt#4Zv%&yG- zHu>|kbbe|o?+|;GW%pGXp^zs$Y$Sa&@4iBh=w+x`=q=kE#C&yj;);b7nrpj;E#5cZ zHjn`|hhQ(_M<)zTH$|6l(3GIE4S=QTf^Jv8+dinEApwmnsGOh@@zsSsRTLpZhjY6? z|G)?uO($#B7g9F12Y~Mq08zmlBF={8_AN0sUz2Q4W52p|X_Y9=T7V1r~~VG%0y zI@T&F4eyREF>~WwpO`FnMqDzt=WWl=HA6CaQiqrS>XjCWmgPW=luMgV3P0fh(MUV0N%S!VY9Vcc5+ zUsTRVpotBsMaqy~+L|Z9vs>mx{jNZk`sOVb85Ko_-+nY-9=lKxbh5P3WL@5W7HnQk zxO2SGUD$6Ojb^xY&ikV3)wGNm;?4~EE`VZ&JT$i6E|sZj9Pq zlbGnk1*I`nqN3pxqmu{-FpO&I=zub_I&{_EAz#-12MdrHh8F(BdhVP+<{+^rT};M36uwXQk<1vA-^q~7tuUNs;1CX^PGQYIAHSApZb@;C;KVCdmc?L4^vZ% z5AV<>ry{|dSkyOgqkf^KsK^0OEtApQxJu_Ei|uLcrl!5h1+(Ned=!)e7if?v73i~R z1R>yrLlfWF_`%f0Bw7R{v}MUr$xYraXf22A6qG5;o13*j{W4yX1i}#>LHr{bRWVyz ztf*v=T^F^tM+1o#sLjI5klG%|af{u_v#gtuDKZ~xgE15m5qT&v0I5AlL=!g8fD++H z0dkY6A}^mqzE4x}niJCU@__fVFp1ubBZe0Ph0|-IYJY!2e+P0@vb3gRbD6F2&Jh~G zLqH+$kiRS_fPmv+RJB3ioQ$e!d##`km+dK#n!}|o+nNCp1sKig9jE)p7a!}Bmc469 z*Y1M`JLIr&j;A6DIh&7gkrUJLi%cQ&zXsgR%-9!wdH?VhMC7pFlA)t#jx#_ivNn{R zK!Zd?lmSXPjrk@N6np+1u(@0oxj#qefDQRE@m$@>UWZUPu`u1=Qi_9prs2a>Dw;C0 z@8jA+6?c(Dt2TMm5G_lSlT#qB0$^;2%Zzn5B-yR&=zF|(JzvOcM!%}_Mr+RpDS}rsN-%4I z`Q;y3$`$9hig5L-6Zz$P%wJlpV`^ILy}-$KS1Zd1_8gO%0v<6CAg$ zR@oGsScKg@{tZ~1261kF)=OP`3)Sbw@PH7CdY;daoP%)4Z%_;EYC}r^72J6r{!>K$ zoNN{PaHV=ggkbc4h4TRklANiLY_58WeGFdlCgaC zgFs${p8?I_xj78~)nBX}edGNtD+NoOHp}-zLQbYPL9@EzxL1t#mpvL#SExEFi)9pY zR=)!hpTT{>9G4jXaY!c!M=?Q^^kHg?GWfLxQ0=nq?QWiwW{HXk&eJ{!dIxE(v`xd< zo)a%`o;$x{w%WpW@DLsW37jw*?sF1A@D>tbY)O_N;Iic=c^t=O9SE2Nti{Jp7o9(@ zxrNW+jLBZp;b9Ncla^N&0s05rEurIutz^XkcI!M5MdDwe(w`+>&H5Do4h^95x^gUz zh~JK|0~hA}V(2QE!EI&_gtlzwEyna z`O;Ng)Ii2@?9?UtpORBcLcLF^)xs!UNWs7GCRjC}G^?-(!U14JPEO9sUikf;eK!u9 zdP-?hz}GkT<<;}rO8~3X-WrkuBnsMVX4pZ)+_B5a$>9yc<|a!uWZj*I2DW_jzi1x} zb^3Tdg-W@}*i9j5jnmS|4xC#Uzelj!fKtWA$v{w!+CpzqyUo!)Gfn_~sleVwDZEAb zq2Fw#(!L36R8;;7O*VuG2HKL$ID|tlq`%d1^{rq6MF%N|n6t&VSh9C$NQ!ZK$zSuB zcVolUP-yAz)cgB(T%Ly2gnkr#XJVF=<;qs(cJ%1YkgY45hi=rh2}ELg{s-t~?`l?`vbk;7lR#Nm zj3R_2zr4oM1Oi2pZ3eu2l`tWYIVW z&sM8!yUrA;4(~>C!RGW=pdWA@ah*E4F zOHsr&F-nYbE6B=XQ1gwu4o&pcubC6-S!jK#MB8kdW4gIag8LK1)IeyH*wKN3Xv6eZ z5o>|zngXP(ZENNgt)Nf<#h+_ai8&LcYZ7poJ?q=!(E~|upI0XxDej@58TWg5xTYTM zSqo0}HWzGj1~ALXLLmC40EVZks-UVWfiuatpsMj&qHd?q57_<{3X3~)lq!zd4SMlV z33*?dn$ne%47a8SqJprY!~BfTvZ1-Ik&~a8Vm9sQk{xvI((*j`FMqhVhe)lbl$QEh zDC4Tbc|G^G;6%IYe@0<;qEJV@@bt6{cD97|i2R znx`ms>%(0~Rab({k>WGQN3&oq0aZ`UdW=38UPN#c``FJHLW^zi3%LhB~1s9 zApSFHzO(U^lL_|&RdK2A>)q>~k2f~aTH$RUsw+7>&Es){k+W&f^B$6`a-oG0wZITc zsU0YZ$2sjHR_!iaz3*PrgK%s~^O!4#i1#Hc{u9C~XQ@u0o?g}5xZ17jK5k)=+T+nY zl`t98hHC27?o?G92wlGoeEwg2?x&+0Ni@B`9#0hhp*SEv;g2VJ&;RgyT4|_+YVmE0 z%MR+(GpE-SyMo3yp)LX57DF1kYePBpwuIi^uRcxwN`=(tTc{TZCVReR7BV*{=}`h9 z7%DmxK$*T|eE3rO5xzgr>*^XBUTRdSco@@1{FYKA~Gh12DvmV zJ$?54C-+Ws^yXW{^?aK?0J%TVXq1ye1L?7UGNYT^Cr_nkX zY`*G%GeTP0N}a)9Xw;v{wiWmXrv0HN33wh+s-wfD1`IdMiCjIaCe4^vY@{XrJM#BQ z8!nicdUG;|e@`a?@k7}A9+&m*og3iofPU+L1GMQ&a-QAt`d>TQR@I+tD4_hW>k3rZ zPYfm03ILwl(iY3W^qH9$mYE)+nJ*eL(YM(s0hiYcCf{D(OV*{TXE9tlebdYJ#q!qQ z<>8|Br!)K9(v`x@m8c$Cce7m{-d!zh4z(dH7pHXw}>jtrbBl1or07FdaX z87YQ6^zY?eZv259*I0OJj4z6=t8WZD56zw;V+wucCk^|V_HbLE#$Q&|uRQx^F~w)Q zb?(&x?QhD6xBouT@%P|IZ|?8ZemCYc9T-N-X&f0u(m=fFb)6GFziA-Gl0Edik8OW0 zR%?V=PU&ws9PJ?@j0eemNmaJ4+eDnvQ8mWzKfV_j=aFsRNNu#N4NU5xM-%9x&nEvj z=8OL-@9Fh$%Q-t+hvDP6EW|x++7z6Gi&nW&RLniGos<_ zn~O2FKt**LjhQ^P19D`W_@~gHX(jTc+qjM7f8W%nBkJoX-!d1iT0-w7c=IWg{J&S> z+#Ra~V7mkcu zMS7qn3nOM|rZG!+`}FkWu;bltcpAt;Pd1cZW{F$wI0q)AezZZmLEWsAM$sPtW_7lV**c^G%N_4z|3a86DA35i6Z}Vy4GML^PLzF~rHs^1LnY z{wl?lyBf0zkM_pV2BmY!88VHA0Kc6Mm@Y3izrKi5^cp#1KB! zpEK7OBLZcTogGUuJ-E%kd`kJ4gBC9+lpua2{q7XeNPj0`)BpUyHa90T*ndaFjoUId zK|Hf$)Ne#Zrc)NnG;>FB`wBH~R#ZpSiSOU_uMl(1jj#-|5lR}}-)kI2Sw|dV`Rcp( zV<&?!nt)Tvr5n>g=Sy~xw9OgCbcKQ@&916^VU3v8$8*Dt z^>TesH=3NHRtq(#!zSfMKwd*aE~mWx*~GPXz;703H;WgLC6Hz;!>ULn^aa;7+fk27ehaRwj$ilCcMrD5gvAl$%iPD z4=s7bG>rn&)R5liZYDJ*B-CxsNZV3ai)2$IBO2Z7tdgNYCQ0ADDzKlDwu)VfU8+8sY|FFm3K+gW z5g?9!$2yrR*iRu$Pi#I^c_U}Z?C6MV)~YHr_QPlCeta(q%KxnClyJva4b@>``cq! zGj5=E3KSRLD>s^XW8+QIaTu(Qdj8ePL$yuyHKuim+*8MTssP(}3WFsyhPlqaF+&}g znoZ~(TaBLiC(4*v{$AamDd2pA<@H%Zi!@%JhJaz?+3@Uk55NL%QWRJknV8ui%QW7? zQb5?~VvdOlrSJ)g)kEQAdteYkij*8UrIXUNn9#M^lx;LG;o0aC^_*VB@WfzbeY@Rplgi)o4Y4m48Te{IkZsgkZ4` zRMm}5al6>W*&1RwIoLi%+I;b|C)>C|^f7a4+#QwjL@s%GKEXC0&AVczPZ}+6usft5 zS0>Y$><(_%*Wgw0RsJH0OQ-4|d*)JNM}#(%nJ~Di{TKsi3tVoD&fbPh{&{L;6(h3s zDFp0!eN*pW6$Dc)auLVRrR?1%{3IFD`vB%=Mql?6HsjKibWi+ff_hfG&XX5B#y6H5iIC2{ zqhf-bRCjKr{fXpG*SE!teC`qT$qs{6j=VPcK>41CZc0Zs?oR%Dr<~z_UpQr2^U$*g@;El9<+ER zMBwJ{`7>_mwM*D5&m{+LR)NXir5X9L-Tmfd=F8_h+x{^UUX0=)(QQ#D7hzefqm{fa zyG!HBJx%p&#v}7tFJv*{<%RYwbh_xC-jVVVR^G~<7n4w3-Wi-O;B3LYE8O=_6_2%_ zU|yum_J3Gh=0ZS$`B-v`ryYM}HseR*jDh*vugxEpaK-5~dY9&G362dnxM{K^4_~Dq z;xL=+4D48Rszhz@UApYcqY4{1q&lHUppvYq$tOLs$SVH|6B(xKMbCZkWT}CXLfa(Yj5t(jlTE6B^y-t@hwz42zr(W9cW3 zRJnp9QU({BjPrU7k9OZ0e$@57A($qlP~LX(qljQwdax#Mn6Q4uvW*tiEXQ!+YIVGx z1hu;6X|TwCMitAyjpJDrvTNjMg#?zu(r#OE(r({}cVBw^F~h`I*x>A3oo&h&&P;C# zN%+T&kNX$_G4WuhoYu0cocIsEN8fv;W8JZcE;kx8uDLwFhcaPuFksC}O!e$2 zM*6L}!-r;pCC>OjEk!mn8so$X>89s24GcKmTn}TLvXoC8OmV8x+eu8m{@y#E=x4&V zqBf&9*Y__Dlr+F2N!Mt9$=+1eLgxG=L|lJ1i76_PF)DDEL-v&~W|+cLH`tOS>=>e- z6;@!!>IIa4$eMIoPj8Y9( zuU(v8M1^6xClj{1-j#GMGK?A6|4wCJz;2SYkhOoj${CNk$4{Z5OA-EkbagQSa39(s=C_3@Fynhj?YrTO_#7e^_eRe z#tKMV_ZoWjZzMPgtaL~g*tz5$I1W6@S`t}x94vdPw2`evgF`9P0zFw%N&WykhC+6n z40SBtHU^-*FI`XA>l$Xnh} z{?P(s=I=j87B1!-F3?B;J7IbzJ#BkZLHe!cIcq}y?tkd?5$C_kjj8d<6oi>xI>GE| zc}dY_!TniCIxn3@J&p!{Lqml~FO>?uGc2FQ>JD=YGkV6*B(T)wD_b^F*|nP`YlcEGFZVrx^@mR4NegXtw{z||>9;;R!EUN^T-?)mfJ7Pe4Q zpYn_1;xIEQlvg?hHzFe5?muSu*o-UbBleV$1)C>NCoC~7gqD7z5x2v@!Wdhjw9PUV z`<|?S1$yLT1I)a%e_*x4md#Sid3SGv!~*^4;(Z+Ep8>b-QS6;yT9=ZEJd;vkV2qV` zqix%}mQi0rCij{pT8uH$mnB|`lm{}1KjHLbb_SFf{XV3pE19yd+aW~R%}C5Q+Ne{8 zx68CFF#+xH+gAz@9f&u>M@|;lXULf@D@+XKc{&PXU4b3_LNH;p$j0HLSYhwt{#-Hb zhB<uVs@)_Kt)K0|xn z!|IF4@(~Gdl+MmYfrq%$4^G>`2jcp=NrGgFjkNG2RBuexk&a!k2_P;hI$cf6D}|AO zk94RcRNoWSWWtQKn8U?FC54L8@UavqX^=cz{47Wx&{hi1MJiFdI6t95vXigRQsxRr zvS!DtOHy982+JFhZNEK`v3xjaA*Dx|^D!l&l_7K|dH+_APSJjaj+ffIYQb`&7cUaV zS8FmxUa#DxV9x9HYqKB~d=!4JNScC(DITlEcM+C?@w83G_m_d=RlOFey3;c&@2;6+ zTAw+wn{#@VCtNgFqL0Go6>CXtkYR2sFVIj%NU?;7ZL8RLm&8$;V*Xy}PW`uN7futi&J0Rmj zK%CKLwvhodfi7d=YZZp?(G(OGd>Av~59%w><8FkZp5@Zu-=pyNLdN^i68ZK^p7^)I zY$P}if|-$yY3(E_7P&%@G?VCce|sN=(#}{UtN` zlbU95VLC&Lo~S3UbEqaf%4vATeEyAz_uLNGEwCwYGtJH)N~vtv#`=?-X(O7*GnOY$3sS{yOHZgFv1IwF(5xuDv3Q5Qp6*qV z0C8MI`xOHfm7!nTT2H#XbRM<&`HK-z50|ebod67lEdM?ai(rIGF^P-EUwa?O zDaQ`WhZeLW=*uaqo9xnW+zc0?{eB}sAZkbaTTDVhMrQCY>6$xD%+kpPIFh9IwpG_z zd0hHO#yb{dhcN^6eZsMQ;(x{&@P#+r5jbJhQ=n9JIT-Hm`!4unqFu%QF4DJ6bI+70 z*mvsF7~PrA(P6BdqJ2a&_P#n!i3>9@hx*I1q70U17}_1f|9~e4Y-K?1Ku(PsTS-8 zj~=X3n}f(_;8sV>V_nQv0&cTT(aL&3cbYq?{Yn$8!_Sf`$u;BG4o+BwfG!O=JES&a zs)9YN4zvz|Bweuy?dpvX2$tledk$nHNs=v!U`|z5C;VGAF>aPeymfKOJZL`L;obRc zcmoyMuAiC{Ib-P4fvl97uEBMO5ww@~&BnkWW?_9L1e~WsW3!RK;R~ECd^C7EhL>^u z(q%Li#q5vtp^p73B3@I=%#B#R+C_O-bp#ZOO--|0=2WM^RWhn4Zzoh8@@HKNv5Zd0 zmsC1-A&cQwTQE87w}8l|dG@BhHR9>l2M~65RffhcC%1~T*HW0HKrs1n7tdS9pNeX^ zJ)vKTq78ys8|1*oCEWIxVi_A6DbW-}*;bdj&7Co#U44c}`Q@3BFiZHkB{ECoD8}NE zEOqHy6*P&i#MUI63ZzG4^~Ti(1w8iLd`_ff8LzKREt{8+@ z|8v)C3HucjV`NK%QcDWN`yKF_4K0t;ib{uPjB7dzH0l0>1t@bF?pT9ER*BR{OdSdH z0vqA%N1vP$kxN1zL5}{M*EZ*mNGdpk*2Y6q{n~U$)w#8m{}T+g!32pO8(mQ<1iiVs zm5}Dh$SATQ-xX&LwMIJiuv5C`^iU;0;9xbBlw9l-1@ri1W!f+K5@RsILw6jE;V2G$O6QU2JHT z6_=C%^YGuS0dT3Za*iI*Nzw25)QnMKcYME~;AZ{^hua)OLt(NZKJrg&M>ETBM$!Jn z=5#^*nR9D>&DS~cT`$urZsK$eiHeA3bK8dui@1_>%;8cA3^*x)dWkU-cg1}C_8Gz- z`%Z80mQ}6K|^wPv;Eo(xgN$BBu+P(sbqd z6zhw16e)E2w|K9;hY2F55B=ErVLxrFXl4Z{d<%VQK_z%}$>NwPZhb`om8oR}FyNi48 zH0}q@6>|@*bmZgJpqZUenOy$fu*J&zI_EdEU}4^M@N57vyOu>zc%j~h=X|XW6r%3TEm>Hm;~G6pD8e_(!K+=ut(38&wc(uHr|sX_ z+^|q_VXp`(AHBk$sO2&8E|A1A;O%3L(LII=+&V^NnhaxwJ03V7Bih^FdzgLC1BV3} z>{SRs^5)ks*1o~fy35=6&Sq7DnguIn@T8K~c;Ofs zA9!d7&J$AnXM{HbP*BDl>gl2F=H0v@ER8w1G$bRf5r_yAUshppDePG}&;Xw3T_$nt zoCtV;NyK4gS$q|X0SKm!TOY-OFeT{wd8Qiyez7rer_P^&g@>SIITU+#^b4C`1!i1L z!&_#8+hJ{-d&yl7W-KB6Fs*V@ivm{K?H)XIr??Td4+onxgy~*A;@==NLT%EI=v1dV zi|tOq?QZxT-mY~fORBH%?JkLbcOHZQF{mstD)U`!b^>0=EF*Ui68m7r%BZ1YBgiH! z{ALs@F2>Gj6i$pt;m4xQqIw#2@1pe~e>@4<51e-v4kBxgk_}5D1bvW(q=YZ;MnxB*|IC)#*7d=b#)3ptmI#=|CdMf-MpDOWRBWRYt4XL&(E%i@|4pim7pXY5Zu=qeH{U2K0t#S;sCB+fZFawqfOsiUW|n?mhh=F*6byyKP^7Daath1q|V)UUa^IOPq@of+0fD0 z+3EgHXgEv&l@S}nkfeG=4P>e9*lpwDDc7e@?^Mk@G?9X)Xi%S6}9@z7SwVhKAEKeL-T%t&o~mJGfbfIb0NP*U`OU4KnJQC9p$RtaL~a}n6RNWk!IjA-2Q%oG_F zH4nlF#Ewo~+l)3YRn=E;3)p?w% zz$dW@>5(R=Dw!M&$uio+snC02{SA=slTM;2lHUh!oc=+MH}dM9-I{hH?{Y!VJFO6_ zb9Ye|xCdWb#l&W^iwMkz8@;oy)#X6wBo#+l4S8=_SBjC3NyO5zQHMU9GE`ERKIdU( zX6pAJm9eK~+@mV0qCtx4>H(cb6Q@MmlZKxJma{$5UV{qiuU`%$5Jo?WL=)$v&Tt0CLu{YYbHKcll~rvH z+W`7|9Dry*cQ`dI%K&1-%t4NLni9tD{`up!#S9vBUuI_RHh>IyYkzr7fk%X=3r_KJ zH1ewkQTo((?l9VT$}u;ZJbLbarIn^G?fu$-8JI;O?Ug&i8;Z<_n%x;8-8kUkv44d2 zZ4~P+5H+#=gS%+6YFH$GU~ba6y3gdv$u}~FWgAC<)f(M_?6qjr8~MB9kiH_`^8}r9 zCjRO-s~oJX9mmIHECmH19u?<2a~Gy3INN}$`K|b&dP@Es%c>(!605SUj_Q+rJ<{w? zh?oaSyKX|tjt9@$8|Jlayh~lKtCto|!3j3Unj7+z4dxw1eil{fmk?SAf`!YJYMWpR;Or@+C;o=g4%ki0k zWE^kdZm-_m#an>+g{8)SGSclUtgFNt05oS_Vvd3W4-WOaN9K6txPcFmy>N-5r&~cJ zhMm!0J3>xgUPePfm^;?7@5Zi9GHAPdJl8@EYOeRrwk71V`mB@p8bVlGTQ&gB0kQ-S z5BgZFhgb^^l5x&fbrfdNk#2etEM@n>}Yo&9xo68+jM0J*h#olaIU_JHh=yy+#B&ez#P1&Q7Tn)b(DKw@8N?T>l z`j3RFI8ZUk1vEW)l#LYGKGnSJ#VOr89NTfM1Q6y9rTf0mxMMSby^7u_Xm~d!{u4ym zy7VAC(+G2RNPy!F_UsorTAbexNVAb9o+CCrI%*g76dA#_)b_sF>LB`qZ>TlJ+lcufBw9C z{(zx($UaOU;r;GCa$j@%^=QYPq)Jc-;5(gpb-ewA1U#8&NxCfGFKIXguVYo1b@N@_ zf@y%p>%c#C*)*k{XDBW%zB`N|wbN114a*7qMX%>+`Bp`2_4(EnR`?hQDbFQUo^d*@ zWP8AIr z_UyBER;C9+{W}kTPG0`EwB#HuqdsLdfZYS4t^cjhCTFeRdY`=pL|UX1UT^J+wTzas zvO!(^dn^Sv0bkVCPM)EdB_NN5{o%#q;0I4JiBJ))9h%wLXRWvZ6YRhXhF81=9$Ymq zr7^jAMnU&1hI>Mh+hu;^b5>49Js6~Py^V;9qVF`$Gd#Y~1Bl+--pLzzFB|T90mhd8 zepWAm8Hr{)yI-;j3Qds(2CYlsb*1TTqWJg(;GGPFD^QAoO`@Zl;ai*I)2C0&bVEZHKS^LicR#0kgVPkg%|Nc?Z@dh3IS$U^$P>%K#@RyxwDr|NHWB~N8d z)G&@q*l%~(m+y&^d5v;-EKnjye;o;Z_U~r1C0JYY(`rBzFg&vyLQLZQ7;_P*1Z4xa z3f+|Ps2X^*qaKR=KooJ)% z)y$n$aomG_veo{_qMV3cNw;$l7lbppAN?yM^Y{0LZvM|v z312Ef{lD6sw%6K-|Gm`zSC`JsG;yH(c9%ubht3Db3L?TTLAOSb`C+Zk3TEF^8g zO~kp5>eu+VRSv11QQ>oiRa81ulfV;_Om?f&LKesrZSB{domQn8yA}U)tp?|@>r#~J zn9^7wh$r2{lvj2<$rrD0Sg@0(!kjF8v^{lIt4NKB#Cv*-0rDbf?>mhaZlm$m#M)0b zEko*ZR%i~o28wV&@RM7gbbV61KGIoSefCT;ep7X1fg?MyBF5b9!u(_=$gM++VS}8| zH*@_zkRN!_*-Q`#+Box;sDp?matMa*QwB{1F=HOHaD?LKg56&Exjjd?yi%6J4RAyY z;@u^++Z^r!a!$3=z9n;HhoAJ;=kzpigKukZ%cbi+()eLSBOe+H9^Z2EMZW(tl}d=! zLLa^9qfLzxP544dh?G^~qI`e?L?7>D^-$GP+Pim)+Z%}>Fg`R@g|Mb#dsYn2N+4j{ zmB+GWDCTJk;(*yIrvF`G;bs6Tzjbr-SWTxPKCQW3@#_eyE1m=baa!zv#bgR6r?SY1 zn8y$Ae_LFG@X*Z2=d+Pr0lQX@g&5-pFVaSW1_Ks$F7o89pPTH#V2kI;Tes z;fM*CwF@XK~T8~9K4ecimxp!C6)6TaCQT{3s5y6sevgylj|K8O+c5=46%w~q4QvG^`prE<3h zF2KxDPF@d6hebu$eB09(-%c(fC_q*`DjFY(EL3fwp_c!PL2#6lL2!qrT~l#Z^sHJC z)h7V->vMI_*lpC8dYa?r=hI}99{$$J+n#yF_Y$nZ7%Gm@!BCG(BgZG_vV2PSNPZZ4McTaEcOEGHyj zy(!jy9KuC?eY>!Ua;V&$Z7vv39b07pX!-rvjitu$L+~~kDM|33I&Em)IdgT{ zQ=OXWU*Y2(8-p?df54FS0wwSN9ftB3F(;_iZYV|jhr7N(t{>wzJK^m8B1$fnvYOaE+)hMmH8+6 zynG~)Hb#1T@+nkE^-JB>+tZ|*G)X}%YmX}XUPybnw`T1&}L zU9b1|5BT=Ob-P_TJI~Ye`FK7a_xo`i_v1)Zj5=(GMLhj$Nyr`{a21DQc0SG)+>!%7 zezYtf%)Oro)^~zn_m!HJb+dsL16>UI)9pinuLS)eAz=zF1&Gjdc zJb3h8h&ej=<0#)p?J=3>HKBK27}*C!>$&?!>rKjti(jb{6oj%0z|<=c=OB*a^YMdQ zmNqEqLckw3MbE_A5tQoijZN*?-ofNgh6hI+x6RMh5%2j0B07TW?Z&m1#VPbeOl7JB z*4+H*hDM9%Z!DDigJn*c`4AdPQF@Y9U!dxQ00qyJR7z7eGD9Py_nHEsT?-8>TLvFZ zE##6cKE^crBO}u-AQv9~Q#2;+Ko?Z#$s0`L@vn+OM>0~yXfTP{S38l~80vYcC33MJzf)g;FvsEAAfmWV}A4aQ*!Q9=~*9l0<9o7K2(Aiex zHl>(ya8~_i`<`{TQ+rjb$}UBp(73W6sUBNg?4qcv3)9~fpYtbdTGqBcyb|u?luEyO z4?j@ms7gCXJfUFg8imKK6vbJ$nCAgR;z3FcAV4a8eVja8b_;8zpi*Vf%;kpkz>AP- zEg42Wmzj}tWm;9Al8K241$AG5c{{m#_IEc`HMLG%8uAieQ{RA7E)7_siuKBb=>2tL z6O#}A25-@>;%*6h?J~sk^N7McgHgeY25f!+bD}{HshUUIQ3S1%D2{ zGy4)J1X*h`t8vMxt0xg&cQfk2*wQ3;36_|M_`z2O3~nwZ%w+Qgrm;i+i_Vqy*B-YZN{Ism0E!g(`I zvFvL~fg&TgY$|X^Bj+ejF|yU2l<5dj6N3suyPOL@!al9=9qUbii~mCCm<^I6>FnMG zu!TDD0Z5lj$PSWO6;5#+tEG$TJsvcsne}d4O51!tc1c#mA-nM;8dGZ&` z>^XQM+iSp$24(mHm$j#_DAv=^;#~BO4f?@S!a7as+256m6GWeP%%a2!6e=_ z<;;8Y+rGCov^9p@Wg84kxxtZzrFf`cRYgPNYI^H*H(vTRn3sc;FyQzu0H4-@euv7c;wFfaP~k{!CzeqcIEL0m3od72HxI@OR*!$ z`p~51<)tSlQzQ-fS%|Vn>WpHt5@smUF|Ji;>dC{@uzZG}XZ0ic1e%)4UVBS-bX^u@ zSPi;z*t81!kvMdKhR1bEYg;kEM?fYhV39kRn9zx`L!2Qi0sZdZ4pzT6_MvnG17!rg z$h4D~(pN1;RSmVRRt4{PAdJph^v}4A=jPJ>`tJh+^AsO{zdo&Q2s3V=4H7X>hi3Ul zlI9lLdzb%P6yj}Q-n^`LF{7`pfzthLi0%ri4hs`J`wRmc|9$+tM5O)l!3@c@iXw-Q z;ZQVDmd2s=?%n^sLbQ@d%3|{t*g}87{LGkzkf4C@&983)Bd|r+hB$p zmzkMfl^faA#0n%FK~PiV#GfzuHd`9i=^cL@uzYq}?qoeN8r-sGYJNc0CA5FiW@G*l z%=^$#WZmefmV{)B>q#K35B0_PhM8$J+;K@;Tik|*1-GNv1wh_(M&$ln#Ih_@TUVKH z@lnFd3qn>NYOrr(+iq7ixX|KKELH+x%`3#N98g&A==rnOvuwz-~W>z+rzMU68$0 zjsDf_f%;J}!~)?1a6CU33s8cGzpv`sZ28|`SW75rVX*+8@v@)wc(=HUG1?kA3c6OI zBal9YWJ&%K+qBA*_@$-WM^~@5B6o-cd-D~zmZ0gL66!yDYrxf#&QkdKwH@$q>};hA$f);0do0+fz`MJpx}iHsL;`^aH-#Nz(J zWj!H>t^;Y03O6AWaEuWxc)}g6`~UfXjoWV^)A{t*o@0@_8ZE!G^_;%zB!O)^(BxI0ml?0?BG;QYZ)8NKHhhrn)?=gX z2aN=%?Fj|O!2u@#8FweM(P3cAwK9~8OpmiM=*${`#SG(h5FG;FPw40>IyeqM6NR#9 z>8WzVhn;P66(Vw3zkZYa)M<)}YacJOBFY}hsb90d5!`Z{jBFP6%yuC(=k@7H zkM)$ik|@g4pBa!YQQ$qH1=JOomi*dHn1PbR)ZHDufmM;<3Os6^6)r_iGAx~PA@ISH-h--Ri3kM(ty7h7d!GFGzR|H46}n`C&ha|T3Q*1h z>0@?UUQ7@yK2E{IH822>@+>q{Fq9Kp1y6Q zz>5^}b$xv=!rD<(gaF9dQlTw2n{qp%o+lrmsz!M~iy5P#Zr<7PI;fnEj;{hYkcI%u zFz}0=@6Qyv*?RdD%@4Xxu$OKV!<|$B%Yo_SAzp_P%F?kWCY}w`&SkZnr&U3zl3^4U;(sEsJ_4 zs$x-Ekj-wxN(vrW{bpiA?(0K#5-Y6b6QOzb~sLIJ(%H z!YhA-z56c!G(`9JC4roigT{NXujS|swEiF;yGof}%p1zjkrpNE^5+&wGq z^3Nn9-mDg6U;$&mCiGBbDz?aaQL78ucGr{EjJGW)S&$M02y(|g1I8$J66R{_8h-9vk?p(3 z%A;^zdxzTCn3IPaG)jl>j{*EA1Mib3oYx;QQY={e2*W$nOoffD!K^I%2xD?L)h*<$ z@xleuTBzzJd0o6;XC%2r=`j1WUS#-l(B?4#s`Tr)-F!ty9Ka-;00#ij+DtiQ<=?Rh z*(YjRFUjS=i~&AAzDoSVv9J`n9KGV8H|6fu>ZGtoiVZo*C#)L-!~>K-rzzmmWNK<~ zzp-nMn^-ny0)#c)b3QIx!hkqn(kg07zFC=RR=@|i3V63BlLRM=>v=9c8_dybg4H(y zA>rWRM@1-u7xDJP~Dy)GF0WV_SWD;igL8w@w~IsNWSd=U_H>9BuHNbqJyQ7uHt54D`BueW{Nz;~~*Ur${|01+ zXT_RJQIet0%6{PyrQQjJ8A{!lA!dZYPBo(`pLb*qo&B z;cZ&^g!HsbC?QDTlo%;5jt&jw&QT{_QVl{JVjdqy#(Y|7Qg#Ixiv^KmK~ETb1)q+2 zzaj>t&BEz{7L2E*_DV_C%q{I6`Y7w|IZVZSwHcgJEGgFK>OBETchIVX^ggZ0*ZypJSwyZa&Z|Sv95{;{yXCv*-CP zX==mNc4@c7m9*9@#o6A9P+fcfz1F}!G{GTnx$WW5F6BU9Oy1H(5u>-9T?=H>2J0Rh zx&2;O_cgkXE8#OIC)TC#hDRrTi^@roTmlPbl8e`>;*KE?#Mr_xF?Ol7*fMf#*Lw0* zMz!x?2@Y!OvXxF&GO1!=$e1S1vr)}^(dQ+0zvw_ zrJ?X*`Pc2B?2DSYV<8hZ)UmQ`LP7;IyDQG7MX~N-0Wh^5%u+3zsalWBg1$IT|8zBD zWVFWL%fp3(ov+*wPm}T1Q!PE32zlrZWB|I#=!#EMr8ne`gS;G&1^|{UBh&ubHZJN! z!n_!uB1{_>Y)s5xEbI_PIzkIuE5n7_3rVLP8N(0>Kl9=>Dhu7DaD=~J;?EhiVY7b^ z0|wt9pP>0o0CBn9^XC=W&2kAD6dT(&sr`6bk%gt?yClI)M-B=P&fI{->M?J$W>4l> zR8pji3IgO1@Leqh#)=6T`3FP0)SgP6+OJY{XbG zouv9J@GT(1aH00>)X~}b#X+}--orEcOvjJlRO@UFaE1!C-qdxTJlvZh)#_fS5{tX; zD8s!C?;T92CiGmlo+bKh-G?vsR8wbmCV=vDY87^sURaO$y|{K1J@j{lyTJyR(KDk+ zlTqNsPgcr&*|~(=r6`K;h98ef~4-U`Zhf89A3hfI1KS64oljL``gv9y58jp&KVo)du9k8skDb3GiK9Vr!B(cJiL{a9Z$ylHEA%4aCB@;Q4!-!y})UN8LCPJv4?nu{?s{co8XyI z0cc6~rwlACVpAnUy9Y-_jg7_Jk|RiYc2HKSK4{bT3ZVt9 z)p=CsD%r4a3LOMEh1A{Eb3>}ZT1!hh)cOOcRPs*{iA=*CBE~{b^qF}Ep`Mb=(W#Sj zcN662oGW@(cImG3t~zsSF&&NB^j4JfjT9onqUKEr42&$VmyUV0gxI69D!KQ;=qpG* zpPB&64!O)VKffTArk6clz`sf+;QEq213zNqF&**jERq2n4Z)nb$FdljgF>${b*N+5 zKEC^`Vga$%aNEFib2cjv{H8mH*We&v0QlGEPOXCX(Q4PKF-@aK0=O{F+MUhBO+j$E zgJv!v+$n_pE+1lm`$8#*b%2whip_YGv9nfdXx_hmDZr-~ z8`_1Nup^k?wf}bR0JYTFUB3qE{vi+6xQ-9f_g^LB0R$x5)$#rb4O^_Nz|QK%a(aM2x+Rs3vB~| z4Bo=}hwb@>?6JHa>*J#i0^mj#{sh6kIrw4Gk*2f0o~ofCwc`gc3i^L~9*=gf8<(>l zRV#kdWHe&G-HNnlWM)FCMdw}&Yh=`A{@UC7G_(Rv&}Pc1$?45a)VRWpC1*@f)52!W z#l<{2rnQyJeay0d=CD1DCOKU4oIy?g>IH;n;>V99^6>&qu*|KxP)`sv@9{YNrV+P8 zB*codKWgZ?Mb;%7zLNk~Rtf_HgR5N3L?j_^-fN}g=Lgt&ukd5xV5_WU&HJWG4p$ws8t1oB!&ne=y zFOKJW2xH3>4?84YLMRxWCwd>z!s9OUT0=whKXSL%ct+IlTO2e{p2lo#UBiKlZZo0XYw+xA zYHI$3t@+{E@->=_bOziybI$GBo(2d{htu5xs`)hKzy*EJaJVr>?6K^OCmoK`NJBPJ|POiJAumi#<>GNaoilYyb3r;m?#v;iyU??zq$(x^1_lMy3ZX{ zmh=U!+$eB$DtW$Q29Nk_>U_2N=M#ngD?B!{U&n@CJxa3mSLCf6G-i#JzJY<>v*f6% z_K=PE*Xl@Ba8-qi(pnZxQoD+>OiU-uFD-JdkSL?fx6mIeKPW_ulb>Gyv#G&T^yOC~ z&ZS%8btas>y}hymi3ZL#p(BWgoFv#F;O0$`KPvszGgTAYl$I8hs&?J~5?=yNg7fJZ z1PPiV|;j4WsF5c=75CY30 z1AEILR{`IY+Ulx`2buIi+oN__S%ut^e}+8Z!o3~ZO2oaii;fn6OHLL3)?t3tOZ?@=#-SUT_j#fiO30gq)&{KphUI+Q$DMWs*c4ye4~Z$z^P?3ep* z%O?rSaK{0v(Kp&F%1B{mXW^Fn>T7B)q)yPx&l7E=~kx)Z{3pGU;*w8(tIlAAs!gvEsRYau8+EvTCW@1RO>v9X*WIG3=n$TFk|3-M&_`y!%K#v z+)ALH?GM>z*6IuaI24}{nb%T#%AEg^^ZYJ{yeT#g@31Cy?UbJH)@%(^}3+QK8}M^ z-+|L@oibP89$M$Z1nZN|0)!iliXqp@?eO3lvmONOgll4Mfj?-#*xG#9`Skt^HH|s# zt(}AouOtn9K`@F%Hh0FIEVc;GG*BK~&_9|b!U$-9a|m+##Hhl{P9OYB`LgxqK{0l& zZF%cBss$n;iF>N0V_@xS{@i0D${U=UVq!m_WHS`)r?=Et~OnieLML2)hvtOg~ z&{H8sR$|%m_c)Gaaq@uqcax&aej=4Zlrt|bzg(A#>ozA)KRGLY?&MU=$<3J~zorH; z#*ZG-y?af4fQEd83J-eYjtjg=f}SLEobd=mvulIu*npLon0OeXk|px{X6zBHBv{aG z!UF)4IX~?me$xUkRP5j9BNO~DaBqac{*PFn)KbDzO#%~2q`w$DSn#4>{tJ4q#5v!N zw^w*otLw4fSNe<;yn_H^OYo%5x`XP(n=s*95C*7ImEeQr6Ho z-TVCp>F5ffAn}niH`qQd^G-l#79Ce6i}X5Z(Sf^wR_2tI79-@9uo13 z;+f-e7gWEJ6-f%hvx(-J7hi3=DBzGFCQbUJ zO0Pus1Q~|6&wu4gf?k+|aBvF9 zs-|E2eNW#Wzs(_GeC?{iK@vj7_u?hMm5>O-5a5qzl<+J+I$F;=7Eb1wyv$6pzs$Y#y2tzjFh17Y+Q_f}v_=*vZQ0}iXV5E<$|Q9~ zw3^cYes7?isA3!MW(WQAE&f8?5*HqE5ir!IzxCkOGef+)jVmexHvwC!k`ItbRsClT zZY9$EkKk|IxZp{;$^U_+_4b1IuHjZp&hGE)wu2*Qa}# zrM~_LtNXn|i)8c_7%$jx zJMGWpB~8=X zDI4BtLXV3NSLd={-S<4*3cI0lwngm721XVpwucWz?vW(>tf*f|JaVho?4^Wl9fEqBvq@`-g`5Ci;Tavyt0rGC4U1^e*7143IoIc>+-CZ2Ua! z zlSFn}UUg#DvLzNeH54JC=~3$CA|cj#`e@e*3l}#$^FXxIfOR@A7ZsZbktUF8*LZMnP=2S|w5VsK zI1ueB4&a7>S`Y+@1G{lCCO-a?B3;hfx%z043ndyF8eNbmpVvMMrUQcPEbF{LE#FtET0w_WGPL-}YfC zZDqNxf-MWkbW%WUZov9_#3Xb4$^}qstxtFm4VdHGwHc%qfwtYb#=?F>H?YDe5R`kc#V519sg7J@jR&Y1{ zRqc>*Nld{Ac}(YgDH8@~T&L&HOx%L!R>D9*&9?}`PoE`nXBvTpXfYEqLrk`!iP5lFNZ&Iop4rDQ&OAc z5Sgxs^?By6$XYhTwUIkGKHhOMPDZN`|0ypos$5F}$$Y_ec}2u`XQ7LooxOvo=HR|` z8WjCidR?L9Xfd)hHj|Zgu^bs7D!S}<5kjLZHWokC_>7T@0PzS9NBD;40wt;&7%p&_ zD3eG{tIGA$Dveu6^olAdPy*FXxcO_*f<_euL2(Esh52U3qcudRB$eSCbX)uN@sYM< zE_i_R^kx4U8t`VbrN>~53Ob02{{FcyQY`1dGv^>m>V8C|m~E`5P#5&bWF9AMFm`NM ztR*$M=Ls8wql=3%cPxZ=>GPD_fIx4W2%SpD*cZIA0)+YF$V6oVf9U*#j+Yed_D#A$*`s5Idu0Zhx$U&*E#;8;g9Y-NmiWxp6mzuyBy3*ArjQMf-gS2;CH;C@-D_gM)|_)X&(64eMTt`y4!R93dipG_qu5(@r4>Lz7`Mnn(#Y$ErF+qxto;1# zyDLN2E}sB+1$?jqnaBH{9wh)!*4D_sq}`-WZRqIyp`@>`pg(2Gs7_jE@DlDqA*-+g zbF{WcJX759(%MSH+=Hv~dP&jnaxN|!^hn#j$q2oDtM|zJWyN0nT4Im0LaBHi0rR{j?Tm;I^0?iK)cIT)? z-X*w?wX?H>;*wz#*3uq>`U?u)=4J_m^V)T|nk6O9AWm&Hdh*Q$DGx4$+PHem=L1WJ5jY|P;=nwXg>1&Q@ge_yVh%QR~Vy$F}A zC9FpD-p$EPv)L1b13~b8Rn@Gl_}b=~pS`^|XP(4}3MnKjLKT*4)t=D@xn`^P$Z#NW zU?^{)$tZk@;YQx~KU#oHi;r<2sOPefZm!t^9+xuc;v>Zg!Ws=DCPLrY2Q1Lk){=Lfqo&a-(Uf#(GJ* zCLMbXYuE51MvwV7z$1SbyIbg0nRmXbG6JED;s2^^+(wp$BP;8DyXkGx+eY5bpy||i z8`e$-42Fx#Ul{LmGcpALAW|ONypYn;;-1mo4)D!~F%KZ8fmB2>1b|9@)57-l`KvDZ zZgVp&2#=xoUlycLR0~Q|eu%|NGJp)T|ol85K| zQ*B#N5;XcYI5^J_M*UqgP-Uus>s!cG2h0Ezzq#sS3JNTIRf$liPwPLeGc785K86G9 zQ!hW-fEDD-KWlx(puo8i+yoVKl|;(Iij= zEr;>c85)wpUQ7(0SXkBImhigaM*R$)-Ud6wl&_8>KoLM(=?2!ufkP`y!Zw_3v$Iq) zFBbD^{D9VJej{Oz7}tV4f$L12xxe;oOgHDT39i6{usBs70!!Lxi#Q8(|09s^bs=s5 zLfCbi8&!)a;uwoL$-2Zis>ZV_({>^IE3P{m2@ zG0)7-HijHoSL@T1JFq=LcpmV)ChQRTGFV>=mDbOn_p-8VG}#s$`PfLXKleUJ>G?jo zpiLk7Bu)8s{awp(E@Gc%BXZj-Rg<-Y&&P%h*vC4)6;l@f)hYpR1;pdEY^ag zu1(iv6fzI34oW=vvs+|uZNjg|vfN^0t8eu6eu|2%}nh?DrC+wx_Ir+%E>w|%zn^Kx)d-BXWpXU8F? zlMsheNHkN`$hAxdnQqPrIJn)x<_-2(PKTl*E0M5?bpu#K4rX09Lmop6;dEx0=ZDZx zoMs8hn7D-d5kI;|Mp}m#>AD1V@TJo#G(>;MDyV2IB&Vg_g0>dcvQdHJoO9~X3Na-m zFrWoq$Kd@=8k3MP(~FdWo}iqs0wrVNM@J_nA<@CKb#xcpdi*MaHWU(|zyy4Cv^W?_ zdFW-p$e*g!BxpU+22OylBWtAIOUVP4L+VKhadC4eheg2OmY0_gSC~WRc2=EfY-)kz^=_0!)eYbC&`uU z0f=v_NG<1&lz!i}z)FmznL}7OvRb}VHHna;;kbT%$#FTfi(CJD#FIvi`~}-(pNs3) za^+>9)WxYlo02|UsD7V4Dh?$xWKIh^q#6DVnl!Fd(7IfVm@@`vF=g!qk&GeZ0xf`F z?h%F*e&ek%Y^v8@+K$Wyrt|A_?eo#joC%wZ;0#td7&dhakFgO=t)~kFsv@*6? zH1d$Owt$u*Lz8ja_H23|_&lV+Y`R?W&QISNcjz=5bP*up`82K+UI#1HGo7K7`Sm8}cn z?w~ZPtSn{vNIJsyb1xof%dN+%6VlU7!E2?*{56~cFrQJNiAd?TF6kZ^2$`y>FU|&? zalO3kyFRG-)7NdFB9yxK=7OeX%))4Kwrf@Xl^m^H95uCT{-W>{0e-_{J3f6>oc+_@ zMLm*1+U@QasP)v<)p?z^8%L#o5Q*K552bg;!s_lDlf0+AE<%KJB{n|B#KxKMB@}Gj zPA)|QOP}+8h_MnwWQpDUuchJ^HwNgtrJH8Shh_nUOIC!T)o)r8qeQH>ujRAF)zq$& zGUmYV1bj!#yYynKLw*rXLL^+=c-LK5B;Le?V1L<=#^-n{r%HD_`^5^5fS`pVnT*XP*7 z=jElx#&*tY<8{8L#|JJo=K&yJjgUN8}5)R3{2Jk$||fMR-rCdXLA4LFALGc1Y+uR&JrTlarHj zRMN7iP?%o6e(8h>d#~cu%Q4;deDC!gtJ9NDCm!0mx>f2uE;4+PS{l1*j8Wf-?5!^T zC5@=bDC85IGUrs*UTHR9-JHn~s-IIJ(@49@uooQxz!l32C*GSZG}4A0rDA5 z<_CvF0szeCB-I&Y}y^5$9?;JtR&wfR6RRV5#sk| zG_`ewAkeWjr^d9CrK7KZydDi#NEXu6AXEr>>zSF^cjS6b)F2SpgM%qUD}gOWuN#t` z=6WUaCt4oEEfHiKiS}{kF?o;2&#+M%)#Mq0we5%Ed z?_h<`?eQ8)nmhNwWqz@(I`wl$||J4$-7sxg) zFmEvDoOR^e%FX%uwd@;r0)4FP&FlWHD9Pv`JOBRZxBIC*Z`+YDn+99!pgSpY$E{Lt z%Ce?vyFVYQ*y>Gx{W%SxBLaUTL_tN9QS;1K<6=$L*mo|MeNVNyQT&TBd)&dk~ zVOLVZEwp)N953h*dcJagB7Cqs)K-PYa}(n-@Gt@jLT>LM@T-0X1N@snIS3Eb+olbj z)kXtW0JM|{P?P08LRr!R;dk&b{?b|F`Z7fNf*108N+QpZK4+9tX}w=8ufgiCYVlJ~ zZ89u1WF-dbqdu9nz}1uK-saUyfIVjBWkJo6BcEAa#HaMORFoqv;Vukx5Bl1nXVN_HbrfzL>m~U28*D2;@-8AKEQ_GyAiIZURVcR=CE}f}~iYdL2 ztL~?z3{1~_8&YN^RO7?;uYP}j|6)r^HMI@b(2F%mMP~AIyUcTWc5^RyQ4=dr7TBGw zK5eFL9$dryWX|<m+1fX`$e-dB)(1UIu1zl)Jw$*3I7 zamGSN8-YyomA3uWUEs#0@81HaAwWy)(~K%6d|liQLu(xV2#UO5pL=az+&+6kW?FPR zxGAV8izKd7UfYZ|OG{M5u&MN2=lZ9#+yp)av_RK)Be4%Io!u%V<;1AbfDufXcM1)4 zrU2JUd|HK`fq~ZT!ss|Z+_1NsEom--6N+yN85>7 zD~$}Z$P6PSGQZyCeSP zENq|&3CPSqh=T=3rP%uf*CFWTHPjwZj6zQbZXMjK?Jg_nT1o`(B<4o3w{wS5`z)2{ zYW9>fA5$d)#PIGhyKlLBgdiuUEEvY%VZa`sM36SFy~z#7Q?9&ZfokH-{hjfj*X{D* zvD`+ClUCy(cl_;fRnuUi!P@b|d#$r7Xk-AeR)&e46RXHq!uj?rrI)j`>KAs{IXTPn z-v3z2fqov^K<{KrVS;CCA9vlMdWA)XL&p0=21Z;4)Iix(R9X30is^X#hh-&fgmsOX1H8r&m*Uo*`6 zv}?&373IYzB`1ds^+05#Jt;@8XK%+lUrtu`(}3mH@zB-9zc~j8 z{l27$? z?wrZ!=$IIK`yxgjdLyY7?0zj8LNB9{uLsQaHQPP4Sby-!~lhhR%^fy8f3u_Eu*>DF*|t7GLr+in7uC>MjI{CM({- z!(szf3)H@-^q(b1_g$JIbimI6Vo_wwS03pf{+^yEZ)&=rs1{jLqCTpn9TOKv8!26r zYCG8EktC5Sp3xWWQ*B$MRDAmpO@yhN+wH1J7_}vrk&$_v8g4Ic?Ip;?Wdlm5P51Vy zWA7V>I*E$Bvb>EqRDuA`9$Y!*MlVdin4-0cW1-I?ij4494L|US}b{cxn@ET;69Lq+No*u z4G+K8%P{lyUSG)KRR_dO7q{mYI)P2_CC#jr?<{dLz~?@V-Pzf4+I` zN4)Emmy?~RsPD%E1b9_+Vl@*WGVik0tU=T7JK>R;yYu3-?LNA#4v=&o+QrrjGzDO6 z1fZB0{qvK2dyu=)(9jM|{M0XV4ZIpkF%#HA*|4(nUdrs@UgI%pq}tQ-Jp!?N+Mv9| z2}h5toP3e(1_k^N)MBaN+BtQ$QPUU_Cnj(_zH^{{63^!pW!yqR8`sV*ARsLl5)6W$ zo{5PjeXliPhqa>+rv>!Qqe@g_D5#)9Nc|2x86d(5I+~HfG~B5+KtyMpG6qbGo`%-A zzdxTTt%jb5zwE^p`@#=h&7r=WUKok+@~ZM&)ex$O;viWuMzF%gVX^ki-oI~ofrFb{ z-pqp^<=i86U*)o>2)C0{f$bDU7O*Z=KIZ{YOaXc*r>}sUba2peu)bfdQ2iUqhLrA| zaZHxU9v0cRr7$vQ#EK2T?Akn)Hyg+82xIla!GGlaNLCx$gmR4qP@o z+DFIG64Y+!BUZTXMR(n}94N z&_V_E4+C3_b!xoH%Z|BVk%zzp3?9}SUY~WwH0AIgKjZ-hL{{XCq#V?!++{RGqvVjy|0Gk}aaN}%2C zXHFi{(9+T?l%}iFv+=`lju*^;Qcy)o-w2dgT3$}cE(!+1gOG@5{lLv9yJKRIXV|n9 z4VmQ-(fYbm{cL9q#1j9+qcm38EBHO4oB9N`9CMv-74CEav0354l~4O8bXP$1Wb(?KrnNk+bBWS7r+ z5r_?L;sj{!McH;Rz^{@wRVD=^`%RPvj-K(ZRMm!&eN55J`stdCn}=OqZ-h^AeO{;Z zyjbdeMngjbBgmh=jT)Q*WC8HC(AJjz%)Zb0ltIzxlSX_UgnNjs&w__la7^W|HaiGu zOFDst9anP%`&`57Dj7?Sef-90pYW7Z0sh@d`qR@>z-A*ro72rIAkY}75eAfVwM|7< z*1en8&bBCPn!>3i0d&2JE3i4etlISqM7PhHo7-xRZGkeGX(CFbjgK~<{!n-=`J4>_6Q!oll`U#vR& z9SwKepXH1O#GEha8mFi4R3t?L5&C6 zf%-HVqNh){d{dz5u~S!5V!Xu`*BO~n-q6wUYt(U?HdHXM)r9J1AS%|k!FA-rh2R5bCO?5k3sRMxuwOkmA#96 z73Do@IhAe|2DM#C%!M*<|T#3NaQiqe9dpgTG zxrYvJSX5Nyfx7zOrM3h#e!!7s<>XZ82!Ue!R`N{|8ch>+u)b*z4rOEn*M*B${PZMc ztT3TC0017CWKb1?v4J68`iXbCt@a`Dr>r(9Gs&yfk+&}S-a+WtI2BK+Tj~q|g>Jz5m@lGEch1Pf z@trH9e1U4cX%RFN?<&&Kt3b3BO-pc{ji=@jd+cMic9l`suK=H|n|bkx4lj&$)7{HT zrO5w49HGN}_ABf>rsiN--~Oz=scmK`t#8Tv`SS+TqU78~<7;?fO+)E*++18rj8ShT zQbED?;1Fbxr4@vb3D9HySWOM)u)WXQmN&c+qhG74{1AwzDLwX1Gr29DCLE8cZ@`a% zd#RX^mkaTDZb|zgA8lZO89YCJ>j1DvWYK+U6$A*Wle*xF@OXM(fH-oxpf^wMRSrsa z*|;dGs3g|wS2r_N+Y}GvF6HfFV}sD-22Q|`ZV?zOnikF3BL>wmejx2%Yh-XwS&Daq z`U5Bm%FPG_)7xIlVz544US4L6>!g!L>;hp2#f%Cgp&f5L$UB3YW=AhQKwGVKNo zO2>N4IRSGOO}-QU;lGK_BAyBX-z_hG_@$GO7q39l?CVUr2_jPnq*^_n_5 z_u@LM*LS7zhrr7kmZGs?^7v$mXXv(@?Q_3vv&o(jDfaMtWY;39nOwPuL&~zUfdqvn z6vbYP)ooL$W^aJdJtHmc%B@HP)+e4$X-;vSZ?eBAZ+wU>Ikh-R{6R0J=e^YAg!%I%WwOKR?-and zE({=T+m^w+WXq<_$jQkCjT6{Jkq&TiK{uFv+aAHV<4_bYct{_N=|I3!b_0Z{A>Xm9 z@HX^7qdY%P2p4d0^o{lBZzOkEm_O8*xEK8_|NCiMmpns0L?$X==Y0VG+SvFzUkgQ9 z7c&sWHv+FgVC;v5OFFL+4`TowPGYom|{rlfns&PjC&#e81pskxYDoUsins{hD zV4VU531uQcg#r|`WZ;C@IJ7qaa$^mRxy*bsN0Zkl9+jmQPQ{oReNuc8G}HSvYnXgX zyY7H@K`H)@20u%SD)z}ui~|6ezGP{+eJ2T#@Efsip4&1g&{X0iVP7HuZ3yTBmYlRy z;X~g^;8TQM&F*}oo_aT;6A#L8bTr%J<3ILSwy#mLwBxuGSgK1KQ*97s4^L{70ekp6 zT2TG|1gsPbXA)Kc_e`BV(#q33%f)?l@!rwx=w-)FeG0E_g1$UZqM-WJN4{m z&zf3xt%gu6eXGfAp5dofla$I=*YiXp(lo)>fBTp!GT_p6CZ=4^)j3L9!jSDbN?|!F zij1mMzX^}M_bfjjLcQl*Q?vcYCC*h6B?z^fVqe?^8Yd3mZUDz0`kax0{tRZAIyz7R z^0{Lrb^x){(9%5B(p@|8E`%2#GzxYPYqO%zPJlyb)m8a zk$ik|4~{jEtCm-IfOr6qJsaXTz(p(TPu0%$QlYeWxhU-&P`8YXKl&yn#BwWe090co zHt_U(_vBvT45w=8m>h_nu3sl&(bF8u8(Oijv^HuV%#G)F`1ph~NYA!*ZVN#0z)qVC z#qanSmo;OOT2^$?+xiT7o-adrY-nhh2sQ8f*2{f;ePDqKkDr%UT&6Rk+wvQ9F>q63 zl9Eyt>89-wK(7Wi8ObUrz^M!SdcT{1<2M(h(y<2wn3pes-O$1ob2KH9O%=;7BVz|p z4X*&4(q#NvIBRU=>6x3M4=po@KZaMip^ZO=_{F52@PtFJg_=@((I2R^P^ z3CuP}e9v2a6Dfv(-BG<<>)f#YoG|N=$s!NuHRF*&#?~kS>JVD|c5EmDGCgFKW)#yWU9-N8(cpZZ>MVWG_P~&%1VL;}BbWbKsr{ z6_6Ad^(iRidNUdI5XU-xOi7`tq}ceV#&8|DvXQ5H!rOe*)YK-Eo*}LR5}YK@R6O|g zrb33mh8A4Zn4{xh&xa!4jx4~H5xh9Z+q5=9hJxOr{&;?%!ypL9Ze_(fIlBPAGugu< zKKuy$4UBo9LOD1%ppfYu9hLU+p_JkILcFp#Twf} za}M(4aZ^d9sa$>~5=t&;-_TYJhm}GXPEb%#nI|IJkuPM9m*Cc|o{@p3s{P5Xrkw>T zGj>icuA=82xIj{ZoS4ib%}xU1=?^QVU@s-OUf{66TwYOXKl}3?B{8wJeazl;FNKQ_EaC%nUkWDqi3h4#lVd5gilu@=;GKN@L_b|7zUC2LQ_F?5^ zeFPGW0GpbGh5*XxaYPXh)}@S$jKHRpe$^qEwC<>_t(Cq2_@9~+7e2l*jJ}E1;Z?Y7 zBzrmVvs9hj^gBfZ!wVdW$`IX(J%d}gne-e{Xv#$%|CD6IS14!ZZ zi;Y=NpbH|s--7zXWnXS)NX{C>_}>G_|Xf#aCOL zU6IIWb)Yfm>B08QAKsF{!C}YIdZa$tuXJnL57%M0?HNq(M@X^p@W><^gm*325?|7@ zx?j6<0}I{4+A<~EgJDMTt*@{5`_@u^0sZ#E9GA;p&_Tn%HymsKia zjQ5WB3)WWnJGG*kfEIFc!Uk3wY+YVGLuTgXC4c+&4)mRj3<_|%QshS$fkDO5PpR!F zanACWW5^VPr@yQ>W*WDQFAx)Vbaig6DtLbR2eM_;Y5M}9vGr!BY9g)+n6GPJ4ND`}{ zpq!9xUcy-(x9z$?*QD1^*@z-Dg`%>9b@ESU=^1Wkhy~YKjwD0CgrGp!PH#PEB!;Q) zvtgGo!W-}>JnZTfU#h~pBPAggd9NiX@~^_IXTx+m(tc+5h;?V4zXV6Wol_3RQlp+3 zj&ZA_N)zyIJM^R&D`}0RNw=7FMr^uQmFb}Klp|4kZ1WFH3A&Y=^*fjSVD#62YGbYq z*$$uxeKs^NV~tTv3ExUf^YgI%ML&G_p!^lHOeb$(#dH!J$n}U^nVFb+hFl^mHV|Qh zC33Rw!cgvrKl>Xi)aSvGYL*x0|MB*gQB|&8)G&&I(jX}*5-QydDyT>*At0U7-HkK| zh)9>9fJlRM=LQiFknR@gZur(dN6+()@Ao_2{bP@DJg~X*}|D2~2 z=>L>n^BO*5z2ZzRoWdn+WMrgN`jG_kC8|JpC8Rw-=?-DLfdV+VK#YLd2!JXMZJ(ej zy;mvx`qj@R%9IOHHie%eQ08kfR^!lNLqUN+L)8fI@hK8Kc!`OL38Kwnrzuew=dkHq z3y~&vgaGOtPEG+&`RsvmL4fnYL`vE7i*b?qBGYS zIN|5)OyZ7}#mC3rA`a!^=9UD_A^;KwJt?)oUQBUcv#->6A01m_b#V!Tai!}5Mr~~@ zdzX`Czo#_x`B^0L;$OSsyjK|;Pnz1mE&Hvr6M!ot_-&Yz0^EotDMRSL2bt182ibDo z@2|_tcfaJAea_CmMI5F@GVkIc3iG>=Quwf)CCMz${j!0*w-6%g*`F{ZX9DW`?w!Io zE6Lp4-25a~?)Rjp%vAaY&T(KslbgTiJYF$Dh2iJ}jpF)eOsK;!4vmVJRCd-T=#@)=GO@3FAlMwSQ6 zMKv{VOcI#c7>k%gw?m{X>(5|9P5Y=}js`2qqerc)BPFpwkp=_?@;m&d>+Ia1qPYBC zMM*(Txpj3F3$#qM(J#?n2;yWZbOJ6U4t5{8o}S2^23ze*`9WB4kU9I2drBw?E7Zl} zCyQN#Bqa4}y^D=YJI@t0W!1+Rq&mO-+NhS|j8}CFRd2GPAdtR}hK_D*HT50TZiNU3hwCdUynJo4D47uhT|N~WmLVab*U(<`<&|-1u+lzy#9hv2LP-MDOfGOq<>^#fgzi&>CkFG#5gESX}#|hha;U}km)7~rU$?xh* zJOK}966==2S=1{I>Q0tdR~bmL^6JWZmRjd*6bmsS_;oG-9|k1yiyR#6W*Q2N{<`dB zbZY0I?2f11$s)}U?Jq$*k#$J-LCnz;1W)fAy~r29nFcy;^Tfkhm`S~(R*OwEm3pjf z%UQ%(_}I(rpUA)6n>qDT!l3!vf(+zJjg!nr`4|HZ$CN z8{G6jf)AjunU$S1Ks{*3C(g6M+L@oezVSJ~^caD7fjG(6N-Hgm2L8X~>(}DfJQ&Ma!pt{Zw0%z) zyZMVz6m9{GZX-yYdICqXrI0;239FWljY;I}EJ0OuH3)1;K&|EhR=ylq#v8-mvr?R2 zSNd1-B^Ihev5Ly1rY%eb)LWs;j?sGUfhY8K%Xv)=M01go=#6_FvX{%s{D7#Ph~d@Z$@O?yJsxL~VTxXsMM z0&Ly$N#{A{c$vi*b0-hJW&4n#BAe~2p-28|izJKfns%&HvwZ|va>=xbokb2SysoZ} zGyJ?p-3G?SZ~3}YtCx9|JBz_AceW*1-`>HYx4$2ibe<)2a#9+^0Rb7Ut)-o+FE!?O zv!miFDTG`d3*Ck+%@GXAa-f;-h%P!HyAts5mZ|A)n0nE;qA8%g`MAf`*?<&m(I!1k zD%Zk=z?nE_iKx!zT=+>ujU4mMj8C857jN4pBqUz*e^@cW3h@)zk*I*S$F?KPt&duV zc!Y{90OHND;t=JP`}8>o+GdZ@kHPDrWsZYY!x`19;lRj$(GjZ|nrYs?)LLB5O4T!W zU-eLa@F)K!{U^E`jq&R1e}uL-s7*e9{@elOw8}NN(zm7kiNsbmW~BF=$C?W1g!JHP^+Ps8Hf}(z10SP@4R%Gpv`^V+SDWr z;Z)+I6(4D3uU!!(vHw%*0U+;XU^)>jE6_FWfVJ?6c76#90br7 zW3W;<1vn~?wfdI{eSLjZU!*t-?=O~Op`xCt9+5ktIZ^~J%yas`ZUsFk=pzX}er$$2 zC)00WYx?fAS2&L)kB}sG+P1pgs2IvSF7_Yt_dMqAJ^m9U2|j+wKWeMD2@X2F3=`;< z4ldT}7sM_)sO@IwvrC(4X*WKkk|U!;F@BeP1eq!EzqumvA1=WW^UtTi+X#x~2$_#% zMBw%|#uqcwyR0l%X^JY^p(PC(4qiLV*(LmQdL!Qq&hp&wj7ia8e1j~dy0N9n$Ko#u z&-k(K3r6eddWIME>INL2z>z0LsP*6P4E9u^`#_6v)$wD;)lq3fWgf`i7QiOVnyzV) zMe}`3bkx&~cv9*{1;Y>joPY4v&QiYq0Nfltz8a!}OA2QFZnu0Y5P)`kY4~fUuZ57~ zb4^9*o_vw--7+3D4?gIULTCDG9~7-r5>(&Unl!OofHu$X9F2$u8N=J+$Bg&V~GhP1Ku!sNN-H2A5yh$(ck6KdI_UUYtu=T~6()(BrLD6ozp89shsS{Bk z+ShiK*Ahn$yQU6#Aoy9Hii(BL=_D{ffl_n0-RXXiodsqen$_mYPi;6Z7PZeX^EKAy z{7JOa54NLA75_f9d1AE#njh>~0K;d--;R=t>`BbghiaA~xrtl$vJYN>u13lBpv!5| zlaV5QA+G)s;gi*!xFcvs;Mp~wY9mQGrSLjs^!oOFb#;ngM;$jNI;;EuD9e60g7TC$ z{F~j^OXPty?HV3FociVQxJeg=CeHRgp;{~*is0nu22XLWRF7FjjT-0RbDv9`@vEbT z4N{Ljh)n~F(}}!0@If;>C!h1OXEr?!iffW)k4Uuitc{J=6i{q4JHQei)ZMfHrs@fLkmW>KC`}GK@VRYEGG`hC}jn zw~_>Dd75dWpspwmohZe{1O-E(y16wMAS46YQ_4*G1}Pfw*BZZTzyARL*vjJQ(%jtl z>-lmZjK6y?Ln0*#l3|g)?UaFL%+CF+g9u*(i3-5N zYFcs}+``~l`ASVL19pof-9wNs!Cb*lkoQAx8T1y!y0USJ@yVYoI+od+8v)g`v&5F` znL;Tt1_ovfH$%aCuhL93`%jo?M|4(Q^??n3_g-dc9wp2W)V=cA%DipCQJb%zEZ^ro zjrZ7ET4`Q#nvZ8pRIvI@G{O6m#Yi&ZvgbcBHe@Nq3z7<2f)2W}HKYV)t(WB^EDgi1?;sdaq)PGWs`bdJX-F0$Do{@Wk*%`L59*ja)EXK?3& zUgu($v#=J-fiX5S(be_5)X#m?N0LGpDak2T4`&{Xmaze8_ImXJm6q$#06CfuY({Qk zad3_y<#~FTh zZvK|*7kBs9NBnh3!F;Iy$FrW;x5PH6f(=Dh=yqvF0cQdU$0*O^zkD+gU~sCBvT0UZD7D95N7nL zo~KbTp!pq>O1@qKQ}h?7DF?=|Fl^{dlX@`Cb`NnYwFiQ*O{M1WRkt-P{7B`18F03I zTh45LGI%y7j*Lk2AB`to-;Y3u>nm~vQhO4nT4lsb43(|fTa48?-a`qWvp$@8!eKXM z_+jJQ3C@Sf2yl6^8G>lL47!uKEp~SHcH4W87!nO_OicE$nol98(JWREf{T4cOmMyG1`#|x54K0@F_T_9?dSL&V!%rVi;HvL2N6V12>i@%7*mdLw#IxICP~4O(spQzBgH=wt=cQ6K8Y!IcWGfCL2#psiLqR+7y0L~5e*q+xrT)% z4j4y%fVWsEoaOGGP(Q%;V zZTg3laT$n*^omHQTz;Fp>oBB1%%F=MUk7(u^R@N#PoMn8ti&X21sWmr33$!WLPgfrrXS`8y<3hgXjc?Rq8_SiUM2+vjS>>gD9cx(E7aT(ZiW& zyse(PQzAHt2U#zHY!*t{r%z58z_u=^O%DqPw|{5|sEPEN+&Cz*ZCzZ}`kdIYd?C)M zED?(y4Kr3)&(MM!H%eS)2Porytx)TjEVpToLC+F+s{hk*Y&%a1-YZbW^iB-4rk)Oo z>7RFfL&PtW32U)|Y)F#sO{bxb5U;~tDWvda2j;g)v5-cG;S>S^CJBIW??l%h-b>R7 zGUk>Nj7mG$HiW@1NT(~XkO2_y8DX$Bctt(7?3p(a2 z=@I6*-B9wb`PjFWC*ii%7ouPuLrO;JG1a3jDmZzp#b0=V;{Uqqw8_jYD<~)zbOH;T zX9qi@W(7rsg@ul)|HM9hi;33_5wy+hpi%^q;T?dTg1l|NhDm`}JFXIhtpa|1p-`}c z31ftX5cE%5FGx)}C_k!=RjE46w@|Y7A-%t>_ zTTjZ|37H|dVwswnnjr^zgDe&Uj3~`nbGT3+@$y4NJvoC+8&s$!7ACsR&T;3B4-~S0 zjxPU`=2M$dpV0gOKS_v?B{fOluYLoxM*3sC%Q7&0E!dDKNaBUyzFg0Dc2P^DADzwC zEPXD_IS#@2#`F!c0npHbkslbjCW7bGw{PEo6QL!oNqfuX=`gNvXWqd9D3RoDx{(bxz`gTGY^z<54?(xpb@MSJNEO5baSCga zkY0M8Hv>*(L58R0w&rl&D|UFYI^Nsd3m(x<>!+rV^jTlM>s*A+Dp=Rh^M+jHU`yUm zjDZ3=z34F<%IPw3^vb36YJQt-LZXEQ;jLu^@HC5H*?rN_r*OHmn3ReP_(P#oukBb+ zzZ;plh8S?Vtf{}#eg-6rJ|dixkFOIZ8b3y4I!Z}PZ@Cr}5E4a(wU$``^e=w_{JRpMI zCufo4k`g<&f}cULkqUsn{l_s z>i2N(GBMqT+tUw&5T1yg--YTC=3JeR#a<-U@8xLEr=CYmF(h~V5Mys3hcY2WjO@X;;hx^)IB;GkHClwcyZr85*A{}d64{4A1gbpSpwY9}Aw#3eF zX&?8I9M(>qiESOZx1`&kp`jo3U+fd%tWU|q5F1m|gaurk&i96DQ0U3ny2NhmBA68i4zD!YC&${wh1PSwpB}Zo?>4Bg-MiP^-0Uoz z5}kKgeu$-jfAp)wBJs5$3|?Er4)4bM=W*P5^QCIh;qFNYAyJ8g8*U)=dCO>8qU$-M z*oTAJt5Elpimxz$4op*7*201Z9MQ@&XM z>p%KDe*WAK!YZ@b!cLv~Gg2IX=yCw5IVXo`(aTz}6doxnP0Yx+0<%+?wfpmI#s)1x z%n4vfPIBPXOGTJmYi7m;swDSGJrk4Q8bkbGKV-$8X#y=-Fyrb&c2Oj7|KL0g=we5< z2{DOET^&lKq~8;2m$<33r3>`>y|Mb{<&sxV>6FO+1BI-1`t{o&a{@;9xQ)SaLr4;s zc&*e8&FV`+;o_6r!H-G!-G1}K#GV{V=LHc?tQsm@@HBVd3YG7x%MSCpIJpR(i7d~V zns)_-4LD9f>=45hvyYoPUYpXjHBES^YZzMeUllxXx*JzysqQP=Z(w8^qKJrirak2+ zHtkidzkV~^0{lhd5^lcobbN7Zx~CE5GnIG!G>U?}?yzO60wc zf9LL9xU6?vvI^Pnzg+s4Dg;JDbttcKyRp~;9-sP<&cYn<3npvy$R!W2NbI?`z{B7_ zw*V5=5WwvJydtshKlmS#i1q<;+dnS@)Mt2i{$9}k4+918`tPTiqX3!y_jh^1U6uI`5 zGO^V;$^S?I3~fqE6m#?w%k7`5Ad|G2-wUCj_0SvJ=gIl+#>~G^J)kK>I;RN8(U7*V zV=XQjy+H6(xQ-few*!}D7{Ej@#7?WgY3;{} z&h(xu)Xz;D2L+V>!RSYl>IXD<4P}_{g+ipI0N`qM#_~>|)q}CyRtrUIO$o}>RL$&A z{(@OkGQ?u2c;UmL9z-5Vm6aAP+VFas_lAs%ku*F{4KzF zJ|Ww-R4#`P1bLmbcDvY41^2x+ zcn``S-Qm2&?1Anxo>-4@nT+SXu@+Ggk?g zvGYBVwV;ev9{BllpoG2LHghtt3$%lyeN7WidFI$!0*D_l1vLQ%X0QMm7 z1V~?v7{-EtS_IrBQB(@{x7Mt@0%ZaCe|53z1g1p0dj~uHsiHl*-@iYZ<@#4x00n(p zaXykR0cBg+-s&g7NF{AJU?hM6=YxCkbjfm&T}DuOty_pBNz%1{QsnPO?-e?n@Nd=? zy_jdyAH(VADgi7|j|c;{3Ak$%q?&s}B%gECS0hH7-f^|59Oo~C$$Pi!D%x>9clANb zq^Pa(1O_T5j*Wq&Rru`e6(pmz=P7@03vKyu6`GG{ed=hH>!^_6-FvKQbw$Bt`#7^j zceYgD8|YoH*0~W*_*_}Dx%~%9e^eB;=^P%E!f2?%&WG&UCvDo>wOOgUu0{b>qb~uf z3NCW=K~3Zu(?b~XdhFo1RgN+ifzzB6BN%88r<1xUvK zaWGIH2L9aU#N4S=*CHZ?G~o^# zxB?jMy=*K7Te;z~W(9C3T0)LRN$u$@%Tpf#;{);L+g4LoK#_oYa)2D**2oG_%;tQ7 zdkg?I+7~pCfrz8yZVrE}Z@D_|gI5>Ev^h}mxRIW}sZA=L7Ht2q@sdTk~A%w3y5B2M|!s_S6P6NfJ zx8z0J^dm$cidsQ?W?O4$Z2Q8b<@yZ&+s;I=`VC$KLyvN=ouRE0_g!49?Y#P9oGkfN z2np7!!`B_xe$7yyp4Ce~x51B>0e?B0^VLqT?jO@nvY!6$?4)?CthrP5ezw$d^m~d2 z`to>{#o7;9%{phFk}P?4LE#EV;|Z9XCM)Z}qZJWoCT0%Qp{Y>-_)G!#3MkU2PoJ(J zY*ghk+6_w}MLd1@UX}SVsOkZS1Ct+EWZAj7Eep0qFs!ou7iqA>KU1w%v%TfD#q6fKuSjk9KYVcjn=7wwp)!PqvLbF^}HnQp}g*^euA-XYf~! zy9sUd*t`&2Wr&#tt866g`sY;~KA1;qZRwbh6U&B=6?m7eK-GeH+tPfDfjHE5Z<~J6 zC~FAk@6HTr7kpXH1J zEhs^R=>GmeTI%A&jVYqPr+Q?>)&Hxhi?A8n`1>*cIS1ddtE?mySnOErgK~r;G!zYv z4P}jv?75d!{iFX?rN9+Y-`WtlW?y}W`@OCc-z>NC{YO{6g<8L^i)MdjaGR6mjR9Kv z(;(KlDq$Zt1Dx9_T0(!h$9eI+65so=K8nx%YD=z~IWZ|kPy4w~@8q7^R4e1(A&*^~ zejkvQdBv7kPDMoSf;+$Dc7+?G64~EfLQTepeL49pb#>m&>a6RpRuZGVsUlvBMV41! zZMwZUC-hOoPkTo3@;W+Gh_z-ygQ`rPImus+@Ca{0_*(AWM$sQ~Gdk!Jm(2nn8L%{a zf1_QUrIE8BOG)z2aiX{#srJ8%McrH1^qpW`-M_h7X6o-vyAj*ttEm1^_X(Grn(C7A zpMB9DxZVaC+oQC)H%%#J(Q6H~+vi8Zg!|?CR$m&Q$Fcr-g4D%8?1T@6)t2Jl3vG1k zpJ=Atw!}icJ>5E~5U8k9=BV^1E1gGmn0w!|7O*IF?Pw@GsQpBjl%FSqY0P&a#`RYt z`mgamuyUEph}G70bPRtu^Kt4EJycQyBOSE|L)1%MrO-EX|LG z?0aonQ_iXqlR{Z^K{vMZYMED7)6j8uIuKOINzQe3o>1Y{lRnV7^BpMC!>Nmoi?;cn z+_kkTf3xRy7Mte0#tN*YKK4WSx6?2pe^}H;cVgckWMz-hoVC|WP??)+*-nMN!a8p6m?YQTp- zf(-x?8qP?ct+ptyya9X*`jrOFwXXsud$=7owK-E)=z`A##`3M{FZzh>sv22 ztH9_U{LRB)(yM(jPut2W9sAQ}w()JqoC_sYuZn*D)oAFvc~gh~YVpSMNXYn0ILk!b z9Bp7gA?W5>sLy*-kw+%nlnKpbI5Q8N4(IhFY=L5gLH9s^jKeAY^XDL5Xxm}u#g;|g z{+<=&Q;_%vd!4ymyq2}d8>$5x0OS;5=)|oCucNJPrUDS&<4_6)b*?SWpyMK~y24ZW zJ5EoV9L)YyWtPzn*DrV0Tv}%{TPXV0HKa)`i8x$tV(&o&Tskz^BVK2-GE^+Icj(rS zP9*E0`=zNxlhBi^rA=+ge(%VB#nVwp5vx0OPM%=su_KytARyp}39k8y=>D>#A0y{64I(gma8F7JLR1o<|T;3iOA=RGpN^5JDa+84=qlQ zTs+@Nf^6fcVPIgO@0m)(*qpArbx_fkjj$GObaXVKd1A?{scGm7H|WpgH8nHkkPQW_ z4UXBG#9$nlcU_Lfk?{bbc0b5zOfE zwmn;1`_XTG6y$vRo=7-1Y54Gg^>bp&X`SKpJ5lpT62GhNJ&ME?fBq@x*&RuCJRP_z z=X>?1no!T7Kz8`<9RUc2T3cJe5fZe|(6#~jEb-z;NaSZ~)Fw>Th(S~hy$a*&<@F^1 zj-lgHOxL-sXXfSkOVYgtDfGs{^A|7Ba=B@q-yr)N`tqdlDheu6!mW=ShK%ewTeiu5 zpW&zEF1KAecRuCzSiaL7e`tz#?FT;VD{Y&zyz7^z_((3v`&B)oL=Or1yj8)zN?|v0 zr#9HcwX1Z@0lVReiVHc5WgsnM;99|lLBnZBPMM6Q%J*+<=`SqzoLHsKZqYIqy(OI) ziEGY(mps04pfK-PpVig(K${G^QSW7*O|xnY_8W%?)}Qg*l}i; zY%i2t)Z5J><_Bj>EPn4H#fSQz6V4uGaJ!CA$F&q=?y~gQ2_`qTe8~MACgK^W-c46nG|6%4a`O>OIyxnJ!3c$#xJ^&YmLs z>^HW~=+&6*A*=el?SRSLo2Q$V6ZkiqWKR_wgsMHJxn49CnOD5&n!KD{DbQBHWX6TU zmTWj7eA7`eDs}D)W%}>}?X+VN3u$IIc4)7_;u^UHqKhM0mUF}Q&R%R0{j6RnQ>&_A z_cPY!p7pHNGzL|voT(>*lbud6%%)$Yv#-bWPD^n*ugMv!1Z{gK3Vp-iK61Z;O=6jq z)UAVORhOz_>r(tUXfd5({jSx_`3DkQ-m;l=JXYP3o>0RuYgXKaM{5+Utk2@Rx1%!X zc&97A{kl8Rg8IlsOTOE7Qv0zl+kO9`hF98Nq(Y3Vbr;`pkCtJWuK>qW`5s;*n_6$R@mu5Hg&v9ft?G)8XDoTa$}x79 zNTjJN?EoP~ps{F|cK5EW08s{`!lUSo;~zhkY;UNRczTdIk9&sH;Qu}yO2t=Q!+vH^ zQ(8MjLtw6B^$5NGdD1MCIOCBPr#SDAZ@vSGM{d|caq6z|uPlejTEt7)?zdz0#QU z=xPYT-Hvxd9}PNeC;X<%Z;2m^*duMMq=otU(nqR!Ph~# zbeYEX@e+kq9b?T2!i4vS>|0v;*K|MX<%ux-?Iv%m(>L5Z-4xzH6=i(&nC!D!a~G4< zoR=|{8d=hU^ljhO4x*yA>6dQ)C^jkCSy`DerPotQ&;x$41yGnwG$ttB=F2!1P^nt= z(TWjd`&9BZRji7=(XZs)iOTwXR9NESp3WPUfXp~aM?3k>n^fHa6dPXQ7f!A*3Z_K3 zj^;~gix#I+4sX1Ko*zdJ$at#G9=4a9Mn^Se@0c)CER>%hHlL&2QHfo0;pYAcO^(m+=mGligp?u!h(X2>)wJ7r~lr{VDU+tCWWB8AE@lO=S|k@ zR^%Kf3Zuv!*XMs`b6wHB4Z*)?QWH5>_16u2oG(~5+gn`fgzf#%)rWSLiPS5zJs0{6RpJo|ndB~ohUBT51hbXl zflpeLuG4h<9(~OF>4Vd*VO?}52Zh9N6U`GN)8Q#+)bgM7&W-g71f(3w6pORFSN9KZ zDP#6mmej;qe9FuAM_*ACR>*sX#TL;xYucpD6P7E-S0Wg15FNh|xYT3!NtJHH$k>4* zi3Z{9oMHNK(^OC`*46~$@nK+%{75*QRsQ=*EPOv-9U&Cf`(}+}&YMuY#5fzD;VJ0) ziS&2jON5sKR75mw0o3lELGe- z@D=7*pAXcZQraF-^csr0W3*ld0*i0>pwDxk+Bu$D_*`7{V5DcW{sJL3-`=Yaz}e{7 z*l@867toG%=RQXwD2y(vMTn#92r(H@SJZFrXwTQ3tn1q9y|Yj+S4ix7#>!^dv;i_1 zcfHqPBIJi>Qzt{KVw;?K7J25YBMns!W+Zuk%3YVN8kPq-^cY(oH+htO@SbRv<|BG? zhnsv^Rz@N%ZkHM)Q~N8WGqq}1#lGzwSL^OdStR#weV`$2M9){gHqDFqHoc>>khl7E zUcB4k$AGtAO1-5mIHjL(cF1r(=&Rf|n0ffjXtYN$-pj9)DAN~%E3!G<9xd=*>`*fq z;{(kJInjyH`_g+9USsM847EP;xfMRu>7nLQUw=H0dcEaws(g#~B0)hgkjG)oJYT!Z zgC}SC%W|6cttiWksO#Nh*LlMhSY>f>Itf1tdw2%nO8Cv6az;J4|28*c#Kwkz=hNoh zLzlMnAe2I0gD)?QT5zq+R!o|7*Ne;XT-ZSDY(7#P%>Jh0v}bHwBm7nBgfwU5{BC@S z`<|KhE7sUKQ0E!UwP8EwKf$}QyT7;nv)|3xs7DJFnxB=vBvo6dTr_vtJrfA4)t~#t2GwW%su7f(0;m3e(+C`AUEOh?7$Y-mVcgD)M)@pZjy}KqMV=+@zJ&``ye5rd^4Xu+mT>Oo%J_SL5zk3TQ$&ihWxr7dj zPgo%-MTs+UF$Wrg^bPj)ph8uOS^Zez)&nmK3TE3qk$qq4zOk_pU)DeE1sWs+YkG9^`gonp8VHf1-bp-285*^4YJMSo63-Q$o4I=pJ~UoxXD zt%7Dy`Z`_=W|%Eo-`kA|x#DQUlg<%vlkWlTcD96Q|AUm^ae+FHv95ZHjl~!xpE)jH ziagaX(qArx**yJJHIj^TcfMz9piyyElT=TknT5$|D>9Q|J-=YVZGgT!Zs)HS;4(c5 zqxi?6mVB9nNCp4PCRL`tRbzKQ$7GU~-ilffSS;SleacrNBGAY&mG#>|Ra3F2>V31l zNyt-j1#I!lQR#y@8O=Oc64!5<{Z@;VisC5<=P&Xb)C-etdiu-^tMcd!M_Y0H&h`!0 zRrH9RVO%QU4;+X>9wBEy21jMZq`ahy+ytwMnL%}{TalamcKZ~7-%998T3E1XCMUzx z1&|>NxSpI`YxbtO2EA?ES#p{#1jkYGA|=0u(6vO{ePVH01^j&86UUS*w(L~Ax$ zU?&@lx1`(MjuxIG4ZTR8h%!m%iq^ERBR!^wBcB;rK6psXKzwo@%KwXFMS46jrz4h*o20Cf?Td-iVF=isRUk?;alYAv0Np|NK>c%~NS;pg3$fPb` zA|`Y}h3{V|)$#M4EIdS!=4GkK<#yJeG9fiX^ig+VV0UxD={DPsk>1A5_G=`p8lM!h z3oX}Pg4^C*!Vn4($2Yg1gwLFWp0oeK)@oisxNTg#2U zXnd&Gpf`Tmso9~GV(a~zFe<;N=qJl*Z@6oMtVBL{17=j#QRo&$CHre*Z|ZQj_vu~k zMLQ49-NVq!nyk-hd%{x|JNt>YBk8}T8urM%+m9AGbsBR$94KrE&K4M#3h%rxKANiznuO(WjEL@D08%T%3q8rN$*X0p^Yh3@BUmd-R&FK zsDIbvV7{cECxRL6lUAzqvEm`avUA0b+czTd)D4-Wg^hp+8y!o(_-WHCK4_9ff@2al z47a1nx{pG|EJt$;A7w`8Tfd1~z)(!1pZR1g#Z$~0O}oO+@Aux9;6}6n>x-QCdE)w2 zk^2&_?G2OWJOcs;z2Xks6qSr3c5oMNCTRKwfBCLtho!uYg{EQ|iWYmUgqoaz5%w=MG;~NFXnQXGymg9CuQfFJr*rYussK4o*8ZIq9Ar|jE{W{QU5KZmYmPX zLw)5%`dc{DPnH6l9jj7J>SaC^;s1L<@UAiu?Ry_nmHdLjX}it@KjvwD3m-ymr>lrb z{(H^2#QSD~k}@e#g~GeiHOH@>{spl$cLg7O@PByqw^>7I&e8my>WB7zRQXL|{N7W~ zAX-c*QKh|;hkt%}Qd0%z^6gNv)MnnHd)M3*XP?#&ZOaAP?#0Dl&ipV%`R7u$*KK2{ zP-xz;&y~a#e~FXuR4@|6b@`75*

G!!vHWW@mF5W1&J;Rl-yFxgS|dqYP0@%D)vK zKEBHnO^$1jV1?uAv>7$x#-+>FV%$159#9n+#e zkaDEcM06Hf4;RM zogQA3@iNih=eL2;KUj3!wZ~kAqpNbGchJ(@3G=H_S|yHp)Rm8P&tkGoy*r|HIMJhA zlA=&6NZQ!@O|$-9@#M$5OT}3GqMtu=I`|phyx(o}&R&%q= z>s?D5?wmmaO|D*E>kCW?MUqXn^;`T$l%MCd#J<{UBoU2CP8^XdX`gfIPK6H7&i5&A zm}Ke_btHPGw8TWTr4j`-p{OS?PzXp_AD{S%qc^hc1f=}}Pmq^2*whUcTGB^bVhzWJ zlQC7{`37K7oY&Nep5Uy&5j_WY6 z?llbg)mF-fz!+nGPRl^~2h*rps)K$83K8QSg^4!WjF%VAUeL~_~$er(e3yN_Of@GCz@ ztyq~1^g2y#WYa3*8Po}0MB9w;i2BUWq0QrjT}-Ur)#HWkJx9>B|DZIeXI0E{Uk6>rW!uHvFzK`Y4uPE}uh_aik|jS0`mm;+N%j zB=BujtGvND7S1Af1E;oTvsWgQD614bOPA=pW24PyaiwUc$q9w|tK`_}9l5!iGMu6G zlZrn~v;zC-ajI>UMc@mMY-i8?(K57rcvB)Rn@< zbiy#h(c2o=M#IXFZZ(~gaFnum-})A&qfkm`b*h#=e&@LjMwW}nDpn**{~@J zsf-6n@S0dya-Af%167n|i>3#o)>7CsLnFU8y{U%po;2pI^!^`V)yFtB15P?MN;T4{ z+D$*5^u(!!Jn*y9$gR3WhG(zLY^M1Ss%M$-OdcQT-&C1N^*9alZD1<8G{~k~BQegK zoZD(L<~Ov1BIm(aakmg(&gG_J`Mc@ek6R7znXIcF=klw3jg3&$lUnGCE0XzU^DCLC zlxCgruEqrn_+<;euJd@-?^nK{+mzPqcOy%;?$MZm%4}XWbyj}zbW@2cR!zql=D&r@ zeBN`==?$^X-IwLc%p_VNnG3Egc(Ip3Zk;fsIB`MZ*I)ZArFEswrFWrMhWfcBY55An z>D-i`DLw^mlu4t-$o->XzTgl=XYzG~y4@?`xcNgd{WF5efP=Zbx@6d)3KIvfhCjTn z-nS$m7n9-l#JFfFr};dcS4~nr_t;wF6xHh~ER*sTVws&P|8IiK{Mb3{r51i3CzHq4 zIEu%k#uV4azQaGv2*MVn>8 zq}3B>&B>yKEiAY4m>`j=Wo(uH#9g3UGg3)yGme^-f{Fo z|KDI(X^L#Ccj){?zBM@RKjw0KX8OTrLgIU?=9Z*z)pPg1ywu?LtTfJyFwVrannR7V z=PFBTHW;(HIdoq&xFB!-TDR!a;c{H^_aEM&r#n;ERz+8^h)g^4cWLs=t^{GsDIJ`7 z4R2EnU#ow2n?lGZ%B1b_EypryAwE(S-2CAO{LVD_(>WV$pH{A;YxzyHT=5Af!NpXw z!-bu3@1)+31x)(K{rW3zUJUbHKiSt~s^sSnyDVctK3R3L`RXKgaxJ8W$H_bFbIKvF z?uH%SRllR>cVt^xepp_9m}-4W2w_uhET;2yLzm9&rlL9N^?Uzr2`fHiteCJKAsj zPGrD`*G2ff=3e75;|@1^!HK!~o{a2mUa`mA6PUdDrZu#P#8gPeCik}+mPi!9e2uWH#Iq&C( zhT+DRp0t+pHx>}VZSn+Rl!2Y%EM`kyXJ{wAk1jp;OtLN=P?H!A~RQMbZJt-KA ze{yzX)q%7CP5o|*&#a+25A~Fp7Pk#r^>4@VHf8=jO@3@m9Sw8OD~Z(At5ScK_RW8m zcJpEY#7|oO3oM-?&+DfI66bvxRtYR};NeAAITv+B){K2mla%iPw>$r24x3s;`S1OT z*Xy&B{PxUm=6;qvaAvYR89aRKNyZ*$z+lGyvfUtRE2`8r)(9J`#LTJ;{LKG|yPpKt{@?Eune$D} z^}fXXOG96bGGQ)lUEZ52BWG7`(Rj1SBi1TQnKoZcge%s+`^+xK-%pNi5>G5smJA=U z*Pu%77~wa{MS6De7Z7lf{^h@U%`Mq+{wSg6zbHaT z-hPbCYv_{r;r}|y$U^JUbz;+B-}67a?wYVzB3Nru(5;0mX=*mHc=@V!i!V#M(?nVjI3P^`)2~Jan$GDaBTKDoe>lJVt<28yCp9cvey~A zuAW3oF)Xjw|0D=aD;K2zTZUD+wSB*ofOJSVD4^0Pozg8Jos*RA?rsnfNkNfr zM7nd*D2;S?cg{UnuKRiJcOU!v{_?Ja^<}LY*SxMV&T;1dCu-;$jT6=Tv(t;fD8lTz z;#(Z^@bZJhWQdL*jBg&EI|N}tzg{lrc978L@%{LI{fBuo7I2w(E;?!jFQf_x!@HI6 zgM}1t)a46>?wRUn+J756$T>VQI{6-a$BLtnu8aC2$=9!1K#s>5M<=DjW*W6u+qz2n zl>=DSV_9E^kxlbgD}3Ya4Poug;eU<1<5@~|?6@5p2WbA9cd*4%oe7<(h#K2#k@Pso z#L=Hchq!F@Sw$taXK&kUEXW+M8)W~uPzn#lZYg0N{`VtHLEtJ$0DANfXeM}gTqtTm z*R75h(Na&mJ2AA165&mw+hQMuyB@cgX{`P3(@z_pS^joC#TSVKKfA{(y!YpasdLq* zTzqTt zu!voTY$LX^HLg9b#Ia{q*{tJ-WJWdBc(6o`U!H@d@aqAO4TXG|en z*YBqkaQdY%cv$F_5pD6J@oO?9;koif-YymH%b2Ivo{h6Yhkq=M5CAQD3w!)2OZYc_ zTah*03WguG>;>59h0JVj>pEm_S(M8!Q>je1HrN`Q4w(Mlql3SGx4mHc`q@)1;oun; z;8v0B5IyX+bic^MWlGdOxiZh0OzKW%7SHtd$F&kf13(WkyfGDqW|Hu?J<^NWuXvD-mdn{zTdh%an>%>UX% z54V37anQEq#7 zSOn4iF<%7N;U?GnpGC=Oi^Z zKg(R%^Zh@+HE^{4aT!>%_3?|l_`%<$D%P~X;gIJ-H=o)dV|~j897u=*X?x#@P9vT5 zYo%A782sG9gK?~acPkMHSp_FZL>D-NScbDt>1U8_@!Y!9f%W~pc|_&)=0MHkKVJp? z$9)f+^m(c1`e>;K_ttnJxCh00_C*?5`?{p`+#P?iGa`Nb!)biXJQ}E4gQs$K6a#$3 zUFvE9Cks{qW9pPH;2(^=>bf}!A+Yw1X5_x^-s`r-t1(67p;Y#L0*>wIAa>-N?F`>; zco5swlB$jp*IZr`SUY@tZ;RUg!mhFATg>FUleZ~R!cL~27YDHI`CTE~{40X^L9(+# zdJ7>SU~;#xeqtmyI#nkM4(J0`_ea9lU+|~CMuP`9i1p?P@S7kU%;I(I)(~&Vuz13N z5ovuJ@vgOS^~aW7nSb|N)x*QI%6N?hEJ3jW?XDkg*7owrIPKEZ<3g$C$S-8bAokDQ zKAM;dtGV}0Uw82j`a;$!e1{5b)70&I@@Nl>Spxn;E}tiEYgqCeLCgyHr-DlM+qhW; z=qGI}c(w?tV5d(QAfVrGNuffOR?fXq?anCP8Cf1_r;nUQXCPYJG*!2ng>ra-MYo<8 zQAAp^wEH~?xIb82oqBaaoh2;@-OqR~kgBy?Ewq)cn-^j_IuQ-p*P-^L>hZNlm5c5U z#5}IvzgL(RUzIS_-I&v;DV;4Y;9!xrj=f^lG6!yPeEkY{I2!&t{cCh<2m&}y^@mYp z%zSZSYc2GiMUa#gL(7>~8IiZ$$fnZV9~y6J*kh&a*Tay$L+vd|!HN5%mrN+g@3;YJ zBSX_OZ&K5JgWnH-C#it)8co?26{KAvVyNi1at`CXW56l%-WI9m#w?IC4syry6VOiF z_jC$&Z^|BWA2WY@n0wT+9voE%FZUOWw&%~A?6i1&x@1VuO&Wm-yta8a1ncZY|ZI+ zfJm&`CRCntyva}Yl`Fz6f~zgDPDWcc8BH-BINk@(6K0PNRLbU~wAQ{smE+G*fhgADpXL9{%whTCL4}x#(#0>D7;aMS>gH{u` z2Q4Uubj4NZC2iH()Tvug9?D({VFi!nS6ti(%7@$INx*Diz^lzvN7TN}1`n}DtwYV(W;#XAYbR~f04AI6J;z7X%QOvM%6l0fw=ayfIZ zbNK)XF&5u1?;DjLYuEGkZ({B{`}CWB@F2;PP|85g^VRb2C|$hURNC%0d|ZzM4iO$l zjD-9)9Va69h^y}>8wpyoiTpCV*W~mKv{#NOi z-=0kjQvNr}w0wsPl1U+74?N`O&_E0&J$JT%e+m?WONYYzK^_hGwMOQiZLCHo#+OZA zM-vNi%!48@IZfJ!V`^eH#_#;dowaHCDP#e?*6p5t|N5q)yKNl`Vr-e+OOmWv)TLFD zfwhtrQC_SD+0jdAi-gf=Sj2j0x$o9Us)w@gC;MY2kpEfkZ6eBOAHoEgiB3H)Rz(H; z@eYHw&l?wP-hv>ttt8%zr;|ZPE(r1$OC^57hRZUYTYMjNgyBU%M4*$ZOYW{OI=kLJW3;L8#)I`E<~MF+TDdboWG;5t9lPZ zu%+l+-15H~h@yjLegt%`n}vH9uQ2aU5~ceFzpp3C^3UfHwO=Ah-$etz+dh>W&hX>w zU}NZGlneZ|(1*j5oDPKOigU7fGeRT>HXAwXD51MwGI<(^KwCS!fYgY+yqEmG&bRGjFUO4U*vbFtAz=wX~6ncEr{o*-3c zX+0)6w(6wfFPOj*U;lI4|MUXXeVkq@b>V9g8ihQn@ifm1H zh>j!{CT;Ec;k|9R{pscM&EJ{e9{%={606Ig925!hQb8`tA$D$z?zY}n#wuqb(yzwl z?9aoF{3A8Qs(!`kct#}v$2Z-YpI$i#1Yzmdl)tA6+)HAp8N0pipII)uypCB+LS+>a zo2p?g^`^6Z$rUpPZp?~BT_SmPYM3P@@IybFg|CM$yC_TZc)p?>P-ey%Jng<1{@Hnf z?E^x-%RH)x0~lXP8-09RHfeb7a2HLUfo}ck#~!HSMYotJ#~@FYO(&vEEKa%~9!SX+ z`|NFm2VU})d29&D{~*k(ew3GsyR-55#(=i*@JS;n(wkY|blX;&nK!RM>hd-Lr?Hw( zYBJT|5U>C^S!6lz8Gm_G^ut#r-y_~6|24_?0|Ok!f2{y6t`_qD{TgtD{rgYP z|GjDdzpb&;-JR;*5W2Aty1c)sv$$Znzf`(s)#r6|-pcvw_0kHn|C6nsYP6uE z@?8uPxcw!ywYy23R?_7nSX|}oTxv2`|9W?-ImYhxq{jWYz&!um3pqOnHB%0fKQr3w z-5=!X*}Eau-hrxlL*>46d{~s8013ql2UK_Z%5Fzk0qUz$<9?sY9kL(?CgNG@zW?i% zrRDu|ve}fBfRP$O@9hL(iQ&*QfUr(pVNe8|K?#l&Lp3+DgJOAFSVhE%Xcj zdpkS2q<*I(BUaEoNuM?dIETY^P8;mqzow?7&CO91VlbcL$$(BVAn6DcWY!&>f+0T- zSzKIPoQriuy}ZbP{F`Il8#_Cyt#{ia=)+zvJUzNBVH#GN;svDV`~V=pF#_)_ENC{R)1`_e6m8)6jyyMkR(3d)!$nN(Z{sz2VR zbl8r^V;1+ztStk>K1=4)<-Qbt=NksgO0Wai8wG{bhJ*Sbz~KYX$XOXZ9||Cm))5wW z2qdMx+}#)eF(OhcX0X=3@K>Ka^dX__`%wW6ujuILhR3%g0%pDm>5suHb)SSC4LDu3`fvK%hgxrdagvcR08$maaM4YlTydy$f*?Q_@kxJWHCAy2X5Am?uO=Zz$g3WF-8uil2Bll!irW^6o=e!=_w zQqt_|BY@!6xzL3`#>Nlh8&}``sLZ^Eh6Lfu3m6#?6GTJ&YYI#P9%}r#B*p+3Wl~uM zx8!VLSBm>9MmB^YxDI#@=l z(a<0QEFf>#Zz!0FZ;o3b-mgEw;dL-@QaLtj8F4=~BX13qY-}C|+%r5}vBAR1+P+yW zeS7rpymEiq!(*u))VL0TgjW$l9SUUfj_wvCMU&Yb!p%y22Cp8lNWj+8Fj?o98B2Ka zzutNk;_VALX7k_i1k#j?9+ZR3gFqc*(c>{_lI$HD1M2qBqZKI8zR&*cqwDKy-(?!g z<^v}%@i3Gj2;HA+sJ+N&0Cz#Rc1q69fC>nc%SS5#HK?NMe;aVL{xJxnv{t=qC#xrq zycZY}3cfWoqygEqMtW304gh8{UN(pEvn=39GVxJK;Eorz;NZ|F$XJe8=uYMUfPlg6 zRVE#3pu{8`*vgAMSQ$G27YQ^`9CO}$)6~^8F3C|TP56n zHIUkH5|jUG5oI5Gf>&GG@vxdEYFhdYV1pVxYbRw_SbzOolPi^n76Ab(=8d6D^Y`w_ zi7(X;TM?_-pJodh;@u3}9&sejQ(nbqn4yC8BnG0DagG zW0&^(w;?(Gz#5)npRS+?tvQCUVH6Aknf~{Nwk#RCyF6Ga@|Z3zT9HYQf`wxlBi&Cc zpdPNnK!)^HB{-l;F3;;Y#2;I zfgS{qUv9XX5~F&UsBZGgG_1ik!Ba5PyoYNuxUE4|Jg7n&~Y!M`6AbAbFMT|&W9w;p%7=h+J^O1=Rg z)y=5!Lf~k1v{jNJ_L;VJC^Ok&>KK4pPnfS4Z#HV$|SzlGTjQ+s>=8u=fM|K#c0 zFFTQjcc}Usw^FMebp=UcO{ewUW6=+gHjJyMNg@y-qnG$8ejD&aUAeoo@g3pEHi2^qOKd76T zn-OOwcU~Z(g|veo@q2ak6<}u2J~%AiqcO$$;|f64@z;{Z=FWjJkTIESaH}Y6NK11) zppQQVNWZV|m>!M*a-Ktu@$DTY>Az*c_%-PNhPM(42?;<#DD(s-?BzzuFsVg(d4G|S zGqGPd?{=1JTQxCZCR6=X?uY5h7oW#Cc!mgKwE<~~t3&d@$JiKR;7&-xZ2z$L@dMmr zB(i9mXd;NU$+UKfo~29Cg-=20e(7EM$qfHJ8s9=@-1i zH;qIM?DB{aoet!=c`NA$wXL8JesIC>%!*v_{7;sQ@cwLF5D?`7v^{s*1tFD!Q}1fS z7l~OlWtkcC`hX?@^vyqhG|Fb+b=oI4fOT_woKJ6%kdwEc2pC;0b*5Nw&rB zi*8|`J2GHRRJ62Y=+l-^h6SKN1@*UdFi=wl+B>{%_X1#`!r0L0(y=!X$3Gf9P8rtU0&c+c#=JHIOZ`jaK>CS}k*eiw6zkjyO zy>*wcXMIIGWx`yFqp$YN!+|uhb(#p9zi9!9x9D;`3lKqZ=JV+qXp#8Mc<-NS%>{-M zTWJ01gIlX@0^8uK_c~r-B${sWWvf{HnBL8T)K=R70?^?NVsdD}P95;}03(bTgBnL3 zx&mgSnEC@<)6a-(uw#xlx3C~w5 zN1sr)ZTDYSYy&ExZ%`0k|K}$>{E)qk*-QIOw$IJ^7OA=a`}b# z9Ka#(U)7%uC&|cgC9SL$sLCrrAGG+pBGrLpKpW6qEZt%8fhq+v7ORT}p1zvjWpn4g z5)6(w3}K5TYcoKdehU7RqpkDSN4t-3qwU3-F$2$za&KCDne?O^aNEU$``Pgizw zdXdl9Mr!8SzGsu{!f}v@4Pmj~owQ&=3@5C`#VwC=y_T5KkkI^)lr>{;OX_a3PFtPE zuXwpb<)e3;PR#*WrC6&n6`Y!zQ;Zc;ry~;ga}PYmAB`znTRcEW{b@pPPSkDZr%z8R zv#Ju~<8eW}Bb_rUNA&wX24E3+$jv;Q@PUdWkO5izh11bNCr6|wjzk-7|A_V-!e^@N zU|qbF^!7B0-WpZ88P@>RB--}1aFHjF>kk>|)4b!&&luVUSv-c%NC=A9+f5CVlMDuG zQaE@ch^UabQKZGQk-vXcsme>xTjWhzNHBlGO&ciDGf=F(enw2#P9!OAInKpylf5Cz z6~N6OD6gP*$Nd-)_eBSjU56YrzQWeT%ymnJTmBLaCq#`n-m)Jb|6H93Cn8MkX*Q#Y^jM&~Gk$n6^hzAElfP5bGI@ zqpgg{iPFtv4OXroU065hX0&Wg+kNVGFOwc?{+Z=!9W~&PV0q!5WL6VNZLxisO7((k_0970D_LV)tQ zqy)Q-dN?jdBy2O_W_|#@QL`J0no9GFFF&hFz=D33Fv#}m)j)+Y)Z@HvBaf{0tvvF8;s+iS;sccP<2y!f)!avFW4i%huEIf7gM3HP$jjji|2e9*vv|0n5T ziFFnC%I`crHx8@j{Nwl<4+u0O~LZ7@Pa?m4qZBGt`U zy@oC@M|xOvC}t6pvSZ7e(Cr8MY&059pe6rZNHXS31!=YMrz#o*WdiTWv*q)B=+<-@ zW$A3E*sF#0I3w-@1SEG}xJF&%6yh!to@l4_2KNg6>teNm_88|8X-e^G*iOB0=zIxTnDC%P2xI zoY@-RZX&kPyHbhEHy>hGFvy>}oqN4N-7efKu&6=!$L`-e|Iok210HK8EC>b&JQyOc zNY`3!Hx|Cm`qq#aDKiVEdVFWiFI&xu=VT#o=Iur9^gpzQ4k(U{0&9 zR`=c05SFl#L!T2Ayq(jy52*Of4xs2o8fDAXgK2fJd#|eU!R^F6uK&aTveoA z_(K-YsoE$!(Gl{{rMbh%cIfWfsc1(Xf*~|-y0+U|Q!hSndh<{$v{c9wDBL_>uCx)l z{~cHEF)Dd~7>ed&?g4h#|FR%GUrr$3oy9u2|K#+@!sn9 z8>}!c15$0(&J`Ybhb10FuKoIK7>*Rf%Uw4(xiMOGgq6NzW*vJb`j>tV(BY1p;#UUn z_ckq&S~ZXDT!Uu|poeB*IL&P89Tb{H3$e;ou|Tpdf}7J`wN1qQ@~PrQoPC%Q+_q@0 zmK&M+8S;QM#nuK4Ze)}PQ3_`XZTGCjUu!Ow-<~*S$h<9$OVWkkY!JColUosrT}p)% zeASu@J2&W}5E4C~njGuF^g}ALq-dTIlAJII-*qP?+0i;x|NfrDtm{SaR!6aRnDW~Q z^Q-x(AdUVoU3!;(UCSS(iScadf7Z=WS+$$&@p)H|ARPBrwos;+QIP^nx3=UF? zEIxU;ce5i8j>gYS1Qpqjy-x(2nuy;FuDsLMmVFTqpeDaZXQ0!S8)H92xYC{xqcUlB z40AzH*xF5NS18<9%;QI!PL%5XRD#Rk5O80wO5M0I6jRgUD5n_NeFH$R3@=}*Tnly~ z_KMSC?!jssORK`GfjqxNL&hFAN*JZ^JdC4*jt&qjnMRj8dq>FyuSo&6W)bng3matR zsO}G?qGMntL34KD30)LC(cIG>do%`ip`R8_4s%%wtqEvwa;aE_{FOB$wEhG#*^CE> z?3u^n1O^5o0KJKF8+3i)fnz%W48)6(oF7p^6)r+(gIhCQOXqic0AV{-G@wB1y6-}_ zItu6g)mkv^%y9BfcxNNfKPdRK0r1oLsHKx_HdU^(t zgC} z^MfKOoWCQefl7VkXfhNXq!>irpb@vP@dZ)UCFGJZ!0@zTO9y89#Vj2_T zz~wC3{U&o(ppg!6VauGH52s*h)Epq-6s#S8`FOT7qcuM(4$1zY%K`;M?I7P~;_mML zd&3~+P>QWj8~ou0FxF!2Pmze{TW@7qqRQlBR61g2yP)a|&^$e!yj&fl| zBPH%qAkG<-=8l@F^t*SFpuWZ3bvbA&o`(BO1-WL+>bGYRDBAAUr8{JAVV2dwy?^sM z*u@sZ?N&g)c;k358$uJ3R&mKATtbX!rq3G0i5Z1RugCrL= z$5V7}dBWSdZuT)8P)Lr{)hpDV=r zxD_;jF|=u6Qfz)yuHVtlXb_=XuRG3zhs;6HLBU_dCzGOe=B0CP^m@OQ(W0BNIG`l6 zl|m?%+gIN-=8BHkw1hZ^`DA83jjSWB)}PzusGj>cBqRiQe#n`_>%W%hvQ?e~Civ^u z{-&TvgT8 zC4pmXG$~Q<<(V9-H2UjT>jZNRz~vl&Mn;ej&DqvWd_}iwc&|(LcIK&&y@#kDjihoD zA1k5+wV;U+x!VtXw_T<;p5fA%z_^JlItzuRQ@k0%3ZQ5&wuKhY$?u=K9YYJmgJs!^ zCTJr+(-eOtrRU=G=XaF-vT^L0!h&}=R{HS@!Y(l+@K6~`QAYD7CSirw&$|=~F`pOr)}TLb>}6@}Eu9<;ZwARffaGx6;NRTe zPx13v>*Lb?%#9zV;B?u83qWh$dIM*BJB%zW-6sM-Bap|fISAyThYc!0XaRt)XM20E zxW-nnFJb7EFl_yT+ZC^LZEV@2`gfj(es%pdiL zVPIlA-QPZvlw_R@YVw&;kBo`}*)6~-90d$CO3y=hm8~b=jg5=7sv?0bDxjQKp3okz z7+(CR7r=Zd!_;K;_@-kC2lMRAT600sLhE_P&hNQ7F}5eE2J3hORoMJm(4`>0|Vo+YluC7Mjk^xVE*XNvxh*cj8 zK}}tKq&h3HnxF*Gqd+~O$;T&M&?{pSaU% zkOo757p}3J>EmCxM+M+^RCp@)1uyrj)*^BtPv_t4&JpFenhKW0rTpFqH83@kbH~RR zDe3P5*!Y8$>(k|2Zp3TJiy$caj(B-6>it8jsL~n^_5kB#Y1S~@7ow4A7_(;7iYAM=`eckJtW_?^!Bh(cU$dd!BqVGc zk&iouXh)Ks9zFue#Efub*R9RK-PFe%eD$n9s(7!9P+Ulu^1C=?T|cJ)5lH@SM<|71 za_t?8+T5%a2yEEjJWGB}cGNvo;Faw?bHHnnUP@&&ZVLh(5aO=)cfJ2J+%VaqVg-Wl zD8M>!fce<1G#z*lfoh$*%JCm7C~hm~@E%>_buS@#wM`n>IN{>709k_{@x%xwI?90l=W#hHUr*P=?;AzdIbczf0$zbcpc}D|}`=X4_fV zqNlJO@K#JKu#5OnBC3@`Xcl8}cky)axIM}xI!-&%meHp!oOsK0^kLdLa!H7bkUMTW zV?I)AGMTc{oX_)tT>gqe?)+Y94AnVQ*~j1THmBpbJ>Vf%>^n8aPu?v$3$`%gFv_N~ zB^`w9&Z;2<CMOqDg|^Zu{G(Yq zXWRyZf&Y_8nVQt*|%#8wI_uZ{xk+iWq*XS(>@To&C)T&g^3n6a?Tk=-=p@ z7^Ul)A?M!UEU6TKZhC=A!lXXa<@D8v;1b;-ESAPx3da@4Yp~%^h26vq8FB@Wh#V(s zgrP}}`sB00IHzTOLV6jF@@zP6xIcu}$>MCLk>N0x$OJ2y%WRGGkf2cHYYQ9=QkDsC z9p{3CqW)V7!qM)0&7ko{9SY&kQ~_|@X=NU6aBi1KZ<4n|8_Tr`POAfx6RqC8buGL( zuC|*lI#1aWlg6e?YkjFz8XB*7VNj_G&=B1-`*U)lJn{w$4;7!WiLt}O4(wmeuFSqI z*q~5mVNer0UB?SZk21Q(Mgc(Ha{o_d+I+LGzQ-ALwT;t(px1Q0Dd%TXnjDk&a%2TjLWw+eIa6 zMu;12I93eRK7yO_b;+Q6=PH~3WMfu!ThsThO-D|eK%9`CxY~0IIgTbhn(thriQ)rK z5R{Gf^wPp<2o z>!EG81BG2nTg3 zC@FxWADQp|b{165H+vH(N4Ef0Bx zE@JEVU$bkI?*ksSZ4{w~1bQDL9&8-OfA3u3)IdT=OH1W(-(<^E%%pjOcGP^)O!iz5 zh-<#l(_;pSV?(x{!o-))Sy-06lmsMLk~)4cJzS!mmup3H69s^X>L!`GxJW;L93~d- zJt3I?Se(m7bNE4BSIdLMHxv8$Gf)({zBavGOxf71pHdJNO$G<2_pyf1P&}O!s5Byp z(eR1sB@1iMe&N6n6|MFEJhAppUHvT%*63&KMZubbkgGMO{%pV>DeRM_jYoa|JNcL5nls1-m`q>wD-Mcnt-)hxTRz*3o(S zpwLP9goB@7&eZe~9o=`}rJt>UUs!B%Jd-dmG^lrW z-}yscTSo_g1{l(~YCN2(K>~Era05K;Yas4v*Wd=| z(ec=$b94QNJ&cu=l>h>JNS1l``hh}ObAP6+n8_;#NI7mTJ6{?%<_=m9E=GZF6^BRS zfgLdp3snC?KbW9%%Nr~2=2^K|;i01pe)(cVH3X!3V&`023S*o$4?aZ5L@%38^m0&PMABma_%k}7@Rhl6-Gq(iJG-U2>LEq`6W`RuA&7s}R(-d8_JU8KaaR!dG zR&Y|LQ*`&!w;s~8n8Lp(I%&fW z7GESex?Of4_lpTOOmKhGBAB4nx*31r8ar?!-)Qx! z6)zXtX`0J1kE%oPia9Z4su88(4$-|r2n5d@uOm>OEH&({yr8Ra6IL9STU;&Qt}!h0 zVwI#WG&4xA6 z7X07$!-gd$HQ@dGQ%hE-F1hY$jk*x2pD98|Pg+)D00MZn${c8hSA~`Ntr)mpqYN9}SkK=diapp!P^AYg zBSF@&{0Fmb{FENapl_)8Fv-9SzzVxVJ@;E+`a*XFN}wv-`mI9>_f5IWj+xL|FRWEn zNw@=F$v3m2f?d7TdgboG2fP3CIIxt1Kl?Q%r+&4jaBf^C2*VIS$#!?TDGJ+n@vd>_ zi=8>_9uc$wWhE-X zw*5@_ga&JJn!dUC%znM z<;${Re}3!nkb_K?r|$s2^YRvUx4`SRFR=9}B?#a$_-z-uxnXBB-Z#Gw*!YtS@2*|E z_iKEEKr{zr)j>)myEZ>u$!|LWoJQ!Z%{_9gd(e}oZnG7Mao(3f;o3iZl;gt%;VhZkTS!j79g%DK5L=FEgoo-CeBpPpeJcD3AcfRN}m zZ{dc#&B2Nk>s|8xJ|!s`Y3)WvgN60`#W>jM zFppnz(4Rlr^A{Oz6?d`xJcoU4Ruh`hl34=w3o}z*7kaxlOXvdkO#u7C`EY{W95f^? zT*nLp%|B?@K4tR}>jJ1_$1U9LEi6M>sTO}9cqc^>HI%V?B*2Y^;TE)Q-Q#k2#4zb` zN2QZ=eo@A6Mup@L)CHm?e#=k`n0sl0-_wg;i+%vv{gB#ev~>6Bv~`f06Me$?8f4*V zi+|*VwBQtNDGsE%rnectpgT~pSE%n9dpfiQJ+!&c?|TP6w0KT@eT{Wl!KLUc#FxuZ zJ}oDcb=2Wdw^0*&|M2l{_uOUmz0@q&Fdfi$7Ga${BQix_H*#<>JmXdWOT$IJ&Yb8=?%;)TI1}fS6cmP41ZktAyX_)s7T43G0FXF25sTO$ks zBHV&5ZCC!fOA+7dw+wy@TLDR8(kM@R>L4S-w?Z8JMYe%W&v zRp^z)^aRh8__q0V=}^NV5cSgT=!uVl=SsD6tc7XHG(9;+?xRiH+#aQ*&6-tMDe2Ts zt5hEEFnvYUvtn4CnVAGeMMRulR<=9Q|xJx zU&zc=V;`~DM}F>DkYW8)ZOCN}O{@JH_-RC9FYcB-V8HI?^_30mb>qE8{4^3?z=}!h zF{EZbjNcxIcg}6kr`BJ1kpb^H(5{Z96ns#g1TDt`C%Y%)0`AF|0~ozKNEbdrRKMQ` z|Bh!*O-su!Eq%!5-1cVr1iX6@VnK|7fu+)7P10);2mqKPTNrJIAEY6x3djhLh`H47 zT&0zYz8+4I916^?W^exj;mmZSl^40BTJ=R z$bD*$gvLqa6;^VM+*dZ*h~A0mCOM;($t8yy;({osnBamYkA-%{2i2f0hDr<_ApoRn z(@TA>oQ6BLd>@0jN_~z{+yRk8Fh;8qo=!WCdtUVX*FwG#OoeuoeYTfnpl{qiKx@pt zV=tAKCW+eXwCDxfo*6uRo00cRP;3*aVr*pCp&M%4&UvHun$Gc0%#7xD0r8e+bua!tS!TlvWN}aj7y1CSgB_nTFoh>8yTR=)_lsGdf$Hy{ZCt z1DqfawB$iKeBc!@UZnoxF7}_~H4~vR=>Hv?7(f0Kk#IY>a1T4ta#U4i2b%b>tqUQP zD@gL%nrX3qQ)FQwnh*>H785l$XTqTch?gX3#O7y(<3C?ZtS;nH9)9cW?x)e1kAMr~_dl7U&^tbX`VzxCUTw!PSf&S=cUACxVV0;QWU? zdi3x`;OdTr?^l&P_OGZuO6P~+f#3XUY*JNCt1DN5tc(;D37iO%E+ADudDgS$DE%Dd z4$sf40PXZR&+q9DcWbLs&n`I${8j5H5qAaC@wcivbYiiU*}{ zOJR`}Y2bIL{z^e!CVjm82q*~wInTo@Z_pi=0lLBCL5cDFkHb(pKeQC|V_RE)1xnEX z^934eK%419F~EeQ>(n{@{vO`C-^kJOxKLEYf5vu395lItGj>JJ;GPU*{#4p8FL`?3 zeO$QvvS0)fIw@b|KA9LE?lij@zK0UOwS>C`nSm*3fRU=PNFYN ziVN^+HRTozW^;tIzbk8f%JTn|`776xFXS3z3`aJL(;H`J+zTeY-pqEmF?jZxKf3DH zwm3CrirH&SO5Sxz-<>ee4YvFP-CwH$IXHkjcVDzILa{LgGH$C;Quj^dD=MKe%S@=& zpEu{@E$tu`tvpieT=5dM17Q?Jx=|OwBT3w@vA^`3c{&>zrVWUIom!N$oc zrmT!hyYLNUu>e+Ysm`u+^jxwwR!+%|>gW=q?iO=zcbB|kix|+o45|I$)XTJGK%|;^ zKgIysJLkD!zBEW=e9Dd!>fJ7K z`6fB1KR!XPkW%~p#Ke+x#KGRqnz(RaU|G>QU%uFz`VGDDi<{CrpTg?doY=sPMTLuv zpvcYMX}Hv61=7-^Ck?E4s>SDBpSXQ{m{-e8|?W_ zkoaQtF*8DNTYb`ej!pf>6qO&T?$O!fGSKxrGCJCS6^kWw6cJbHwBgFf;_P^|EWx6? zNgFTEvfaqKR!^ByjJA8_Ed=t@a!>CV0Lt6?^o22&&qUg6`#}F4K zkrYiKm8D>5@fP?XJc(8$Qg4{tbBZzF`DoyW`t6Kx5Wgp>o%W-{#w~cYo_l(a3ZcdV zTVQyX7Or;ORrP9B1wkdZ@v_y0Qwg5UCOXR#;R5F7(ugKz+At+*ViY|aVy*^%!R?OG zdy1idKMUU~Bi79M9*Neyy)}FyKxDj7cG!N)Jz{{VW7hY)FR(p9h zdvHq+(oDUA&*~yfx;oTzMDkHH6O33uQ?t z!)1SZs`}h$bo41+L=iGvlFIn#G0dv>xO4|J+4r0}d;5~*etg~yg<4ozf|fx%7Sz#^ z5qSuNh6;pzwQdLV5<3=FI)LHlIfpTDi(7J^;O8eJ^Ei=!;Gt1U>AnvNltj}O4wmf0 zfxp|=-;avSI;rlgm$bBmyN>6iVe&g?!~&%J2L=WT7xPv=$mYpB#e0g^d$o`}Xx5uO z>aGGni8yb5jl0BWWa#fVTXDnou!V-NPAGJD_j5s+26WC$Vjv&@yKYQMFWBTWz>=T1 zSQ=x!Y@7hj##Vw9h&F~8+B$XYye#~K-=#YKG?jd%+V9F#skMXQMA3T@3{$5*O8=bSuU5hH;mI7Fg~i<24_lHdk&r^VRbF{ zkVGD!Vel?ab0{WZ=Tc~B5m&r|{FqQ{ya89xM=kGcIAPP4uNk%LE-8rKOxV%MXxnP*1!una zwO+U`z*JT#m(F|-WpHMjx# z#A9i`hWg_UW!q-DJ2RQ*fFK!V+xP6FHCGsfI5{`KR0~vNa*ap9an2#cUT28O_DVn= zM589)MMBQuhofTXj<{J)>)! z&=@z1XjA5o<2^sYJT*8b|!fNkx7 zI6MmU`Dssg_f-=N?5D5P`P^)7Zl-5Cn-_?4v;kkVq=Y%0zby2Ae0%~l)*uhLIji7c zIYIYkKyYCM3($C=sa>HF5@y_`-j<<-sYDmT0M&vQ%)u@R?IRDZdx0@D);F9^!`MGs4X zDWhP|klw!ipF(^Oy1mpxg8YSDUQ5BNGc-sbYd+s~-6uXb!oDGzFHE6pV#&U%3e|cD zZSChQ3B8BgZDRhZ(oabv$}Luq6Ms(%_kie|M>swdLfmOI>U_Z@gbdL24+wa$73Jj> zN5;m&EmAu{p}4VsrvF5MW1778+2r@MXTi0fe%6Gq@SL<|%jqha)=z&9!NEaAa?ndk zN$E;3uPv41`c6Mr@5~60DS&`3OpB;l~>i1>h6YKEujn3 zCMqhc>L~zrlZ#8$Y_$jH20x!W@F@#v{%BmyzGV#l^ikaCD2VF$cy)S83Jp1y@rGR8 zEZbHaS7P2uLmgeCsck;}cVR?361mGSR0RcNND8_tl~_IB@(rU=zj?O( zt#yjmzH%GBZ#SF|jPXOlZZn107gR+_g`rn-VOCe{Z%nsEd;7xJt+*Bk zF+kl4bVbekGv>Eq5JGAM{jI04{6R<8_gczEa!JvUdZ?CX<|lJto{A>v+H-iIE#D}= z>OQMHD4b2Vw3;ifPtyIchl(ICS2daOy_7E1HLAAv|KaMbqpFO$c5k{H=>`Gm7U`6f z?(XhxknR#`0cj~o>5%U3mJaDg>MWk;eb4uebN@k%0qo7*>t1WlYyRdnag_iNOoUIo zN%Zn42R3w0PDU}A!PhC>YuF0v+7m_=?`75P%QtN-*f zlOSo!vR&b$@!$(Sk#$uqEpkzAC|ah-V!}SjhN}2>mfZGSaYwZ$x~{_>UCRE1vH3SO=6sA~k*0J7_XBC8z9TR(rtSr489N^@?Lk$Twz8$owX zGR$aVejRktynQeb{C%-&o{>SgShMq9y+S*Z)zH#1O_lv4XmKoVNUeOHo|h_S8UK2G zxd;dma|?^~$nk_x(?K3I!1>_!?OaZ?qCoiz!NM9bUb;2oV>!#CO>^QUFG8r@&ec1x zK3GQrkpUw}@y;2S=(AM@Oi#&Oe!q?&MI6kklg=3K+p0g;_;nf^;%ACzTb(lYN4iF8buz z_g*4;FSv?sKHMg%6;vKKPEx%T*!`JDJ>}Zbe2?1gzP~re@j}(CH=`|?7EA1Z>C;v` zw~>yEm?vG{!a@K5-A0ps_@^(m@%}zepfK1axC>KXNRZWqiODQxoHKfuW9TJ!>{zIU<3F^|UrWEc)Y%J?L;c8H8bQ&7VpehOrPn=PCU+LoKq;IMuUKD_INSi$#a3yvC$%?V) zXqCnJ}>N?=mEkam)bS5)L4xIvH!}(gIKO`He zS9~lorr)ASZO#4tbKF8jUw^EonHLoPh8ZeJx05x{Yc77hhp4w-9C3NLaXL4?{o+9n zbPxWAmCF^6b%EEq$HBA(kL%sLQ?FY-&+Xjs1ZCvY)pb84tga*yN1(Jci*wHpBXKQKLxz7G96({HslWZ>Pq5804tSFswAFH^MLyDM8M4 zn|90#v&@VoP%o$ZoxQ|Z9MhPpu9Qs39{HZcr5W7Ju)PNH1Ay1J&K2!P7>#PHd*M!N<$;|d@9ma^ z|6c5fQzkx&lYRk;RSHvCervgHyZ^@a%o`JvEpa4dIwmGF(5BtAsD%;a_~DbR3kR51 zd&zZgpYj#!KpLf+93RDa`R4I02{(Nriyj8T9UT*0XT7a)wN=5_g?hQ=DBKzlAwOjX7@dnox? z3g8AXD2G^+Q}t0onl^a)39B7AO_uA&zuLLFYyPT60OCQ7I+t{+(I0I{-M4EiF!JkV zcib;neTvV`>6L>>P>e$A$28?&e9!=d(~jfpU+f<-555?B-%l7mAs?7I>@VF)X#OIq z);{UXB%$&-Dl0`z(QijZDGSfHmp9`jqJhZ+4FZl~aa+18#WfgsRT?X0G*zV?BpzpH zT$R|As(E2#@OdyNk8-=GqbNih4B{!ACUf?bKJTP%_JvAq3UL&%)tY$RPFdY?Yn%1V z+Q(6X_b7dh)Yg~KHb&95Mo~)O5pyw8tiBAIOBGi>XMrxltpCt z??Z1pQu8(`(MSZNtnm5oe)}D@*`SXLHpGK=2Zk_x$Uo)-ZXFSeRU~Cbv>$lBWv7A~ zs?Uy?=C4d#RHw_$Cr=X#)?w{4yBCxu?3W*blMuLu4khu501e3*&W5!br< zw`v0;#1d8v=CizRwE-pVV^eXBdp}SDzo;LflBtVKP1gQV;h5L9Lr>tl^6(4`6C{{?T4rEDh+`kwFUx*P5vf;lW_!JkO^_b z01Ci&StviqwH>PU0MvA0K%t#HsP}_K4tc{>$(5Lx3TO|(>UTpZ08aGIMB=T6ri+BzoOFb>F+NbPP#{QU(VZcaAl zpNCn_Zw;O#$Fe#;TWOVB+ZNEJQ!zTX$Sg^B)z;S48*JIUT%iiypT|!vRDCh&SGWiO z1(zTU@?1dYg3)bNc7Ji1^_xeC;L#^tG;+m*2tFFLQm3Qn8Nv(TC;wH0-A{}jTv5at zftmYb6=U|`Sn=-zR;0jebV^2WwJn*pl7RV(6IQ2^xCGnJqWD~#8LW;g5=IBU3_g`m zOS5DXFTSsT2rtMj{4CANoGR}*Bgdd4zS_nVwy>2pjJ7DZISWXvnha=4QJ3UoNeov4 z5)ZvTl7vu0KN|h>F&WL;1^+=Z5o>7!6_v`u)+qW)*a@D^5t6nvmBc9XN~U1+;yq!H z#U#UAKFcCnb9B!yjVg9kVX!i_HX#tclsgY(z;;N?72j9(2e38mZGCS0C?0|k|bJ^JYzn`Sah;(ooCw^Gz$qe7qiw^D{M~=hT|MTb1nIJiC^z`z4|I0&z z!DeoFJ&>T=_^*4mr0Brp>xQ`Y(Q|CtQ(cnTdWs|J$w#r6k2-8Aw%tG0Al0FKn(=IE zkQ2SBTxAw$c7ID3;Ph*@lH49Dl+4;#QJIKr9>U@rYt&(6)u=Im$t3qpY z#hHo`Hife(ClDyU=o@o~vdP1#y=AJa;cDc5EWP-K9A`9+@_q64MxWy$K9~Wu%@&mo z{fV^ta=j<}NO4UOxk|w9ZAh3>3*LNt3?_yo_5kumE+E;7D5SPMBshtsBqY6B>$rx1X37IrSN*&5`G1Hb>Ps z$SyGX_mN--kH4Ayi$@R%A?>6Ke!j6lo;&(Jv#D>2_#RPO7QE^?>^VfPu`*>oN6&Zw zbpEbU-4_XEdTt0PtG;SD1rxOFuI#dUq?BUVM3um5Q+PTZ|7h`X9Zf&UYT6~XP_$o8 zy2E7Q$z-a>^rSSC*Kp?jHVeqzxhFy6+}+6x8a&Qdb~pV05aMZR^HZ#xD)N)|vV8(O zVZEB{cfIXPxzR|C-xHfp_o0H!Kidx7E*%-Z&Mq^ZKuE~@1Qys{e6p~ZU+tbLhq+l$ z8_A~HH=pWLJ%K`$@%-M3%7v*a5D#TdBfTbqOwig z)EO0S8!|4+56z9Qez0&2TL^U^_j~d{xoxI0f5XEeocC9*u7>6+>Uv????3x8!L`W^ zu_%rCY>)rn(;y6~pI3@H}fJ1!R~j-bVJLQTZ0JnxlEf07V1cPPFO zaa^vrHkv!vE!ed3-zd3h!}a()&iV}=`Ewo9Ky?+gWkmMcFCfSFcLQZgN>+A@Bj@?8 zH@k;<*C)s4E?9qXGlJ$?;|vArJ3s#?7g>h-uP#Af%(Qe{<~mc` zA8|;R8{++Z$aV&4NyTKO8F9C+xzS$xEn1V3Of4*!?uvY<3b#iVYe6e|jmffDxj{=< z$MZ6a(?(ZeXv-Sra{c+e`Q3#^`_P&|{8W`Q?BDqc*xz-ZczIhscwgZMcYEB1wE6DP zN0-ujT_pmyrOS@~zwm3@qut?6&c9#-|5W$ioG&~J@IM98CMbhe!6wHItjczOi1@wd z;{(2(q1m!GIJi|N5AWOW?q5*5C#r2TLC(TZ**-QnZ4t395_1jz*y{cVm`Z5Pfn+b> zX^VwCggjA-m7l+>R_Klb47q%ZbxR7r5(UE{ns@y1=+BQD^x>S}6RXylINdkb*bevA z^jDY)&788x1le!>PjbLMqoE%hO9nX#yI?4xHhZ?=Vy$E$vT)Wm5v}pvER`x#5an|n z^}NeUZ)QLUm#ew{!dXk`Fhn z0`Y(F$q1I?0hPxGf=7{Py0Z28shq~tW8(^;iQ;4OC7g`Nz9gaM!C z2cpZBsoRV8g6)MVV+1B8jvl#LhvxriUpu)$Eq7&D_8$r9~io?4JG6K0Io;I?{GCt6?VY94ZE>~aLvtjx$ke*_R2jn3{z z=28_13T{RUw^YSG)nZ%Zb~r=ae1%_3`=RJVoXi!yZcwt+r5loh4Il?JF?{m${OtQ? zZmG>@c{V9bXTnipj1)XfV)c8_VvObLC@sQf+s)q)ppsKfAMyroEv&iQDwGl0%HL8} z(%z-g)HjIje36c_Wyclo3&J?3>olzqQ^ROmg;-=e^o+9w0ANiQLPz9`%= z3^@g+l9%_UQN-Afhd+P2Nn6Tc+6IC|DV620Y+o?uJUMO_X77V7tb%#U#t4wfP5ey< z0Me#7*d0Dj5jy2*awWM<+WtZAgI@I)4GX!n!b^`8JG| zjww0S@(Qabsh1EU?$isq)*2Zikiwd0dfr7P$<*$CdS5IlF7OF@WcqF2bl#>n&95lkAb6 z+=xl@&9|W-Kzy|&5qV+FrnF6#$e6;^Q~6ir+1vU`yy5A*HKG^Rn|-tEvEJ@d)c)Xs z9|oZ|5C5wAej1`?tF61G7M!q?s=IeiXZTt`ywxm1;*0*5jF47`j6M@)f0->dwHCs^ zu!d&F@&(({oHogBEu4h7Kl`YMu<0|GclzHFjFaV`h`DP|zY*r{Mmtawl;xuG{Y^(I z+d23Hzn%0F3Kr8FkC$!=dr-bX!$yDs<~Qcv-Wj0u%dFSl^(zhy>_GcRhvt@^5mIku zev=ta@kzhqAKu=63k)K4+m=QSIQBs2T8omM;F~T!p2+b%6B>-)9BiQ0EtJY^uyGfu z;$j^2^~>VoqUi^xG!S@8^!Hghbo3o?SP&4C7PYlywFd_3M7itsr(kug=RBgSc(x^h zXxka=^}rUWX>L*k6g;yd5fi?McNP4q@MAXhLW4BPH>vw&0PK9MnaO_6|E0!9VdoMU z1%4eM^xnBhX1KaWpIGyc&E25Ln|wE^i4xx*9MCsDGJ>);C=C}LZe?e)wZGiIe{vul z28WDw{$VQ{ky)>~YeY`1^Hky;ao^wT&0BbY`4%@dg<9nxS)s!~>Dt+wo4WeyuiNP0 zg5A*7)qUey-dGD48(aU8!{3)fu*gpk{BNKP2^!;6I2-EOI9$p+odFbw=_XWE1YX#p z+OpTiN8fe=@YAi>`rxqAKYa^oxpj5FTsF7qv~`wu!9t1UwxvtYzL{K_^Ov2hu0D5a zZuZ&5Bf(_leJ`)G%tcd7g9sA@_80JYL4oAih%A17Pv1H`6KgHTIXFQBZ-Vu53e0Y{ z7ebCh*rd`d>G(H+abQN7mX+1!)cV;_*h?D?6?HvafM#*;Q(4Ck1sv`Rbb6NUMC74m zCc?%^cql0%KK_!vH<&qx!=j|yBM>*99J^;)N0B$n%RHSDdnfcx6kLAUg$y$WmSIgG#5AuUT4_KPp{p*~8s@&V>%=XTIn z)!739yHX*8h-5`SB~!RzAGvGl23bBzJ2Q>ro<||8lIqM`!um?|O(PglKhhiH*oJpL zcGRjbm=`~)WqOMJyH(LaddjH4@HSM1LX~;6GnZm%X^9{JJ;V_{{5E4T;br`z(qi7S zjvD-buJBtNN@}9p-F0ymJMxRZ07B4tM(O?qd|6Xe!feRBcnvfzh>;LbEg5agjwm>BQ|6FG|IQ>);o&UKYA=1;R zC;x#CKM_+;DElGEo&WEL&vM8l5nLVrb15zql^VWA_5X97xkO?U9{ulk|M&Bm;BQQ* z|9w*b^W4CvHTVyr--G|(tNQ`s|Ni~|KFWVSdXoKlgX{#pydw~vccUK~UI1bxU|W#6 z$0-T{XL2!AR>{H6E3;aoO}h3g3D3ZrAl@QKoU-~1BitisSCm0FOurFjStx{SEr?Z_ zHRV`rOx{G!of4V~Io|u!v2df*2ZfI_PGB*g{;?hU!r7&yLT~6$P0rNR)DbkWF7ffE zrJu8`Tno^$u%vR8X(Z<4j01}Xd=jGmn)1+=HY${ELnSq8z{e{q>C2m|(?CE5e0~mu z1h)b{5mA48eCZ%~M=L-!V$76MjI->6%EQ;@$Q^nj!D1)Qq8|zNK*F||Z&|vH^DRMA zqaPXU#ASzjiJKx&ye6VF^2~6{-t&7C#Hi}J`6MP1j3h>5pfmB0Lg#Cgi!qc+$`0!^ zB3fk*oV|^V)1biAYP`2Vs<7nImZxUN?IPr@b-d&gv$W(IWa0GG?4>3%|wHo4f$g2sWG_w0rS7B1T2SX&YId9OQ4n1ENMfmFyk?( z&tRj4pL^4ugPp+&8zt<6|K?l$%G9uAhP$lwXE|ow=8*BdhZ5vKZ4oArV|ii`+%T^^ zUIrKC?=Xp0uAz0~RnhzmWI)X~$GdSQyE&Q(_<`|G*Q${)yOXd*l#{V8bI%trZN^aG^9F> z_q0&Lfbw8%t3APTgMhf)HP*%DrIfU^2voJ@*TE9HpYI#~(=*N6!ir6U)pW+mEj1`w zsjD#5XFxUiM1#l?VJ;;WCGvcSuczruFfWLoX_frv@C=Whk+mrq`emR6T^>B&Tw#W0rerj zOX+X;n=>CDeSsU-bv8oaaO(VqdsEt(_qnJ2!fi%|_08$JEM@kel_q2%HHtG4yPI)7 zFE1}!&5k$)zr!sALs!?B&fJaAmQ~!>?A2E2B&;~Hp-r5U{fUDXW^+uK#p?I3T@H}P zolWCHxuw?B%GT%N%?Iy7A*R(vtn{YUhYGAB*EgLFyoCaCMY|=3#5J?H3@!qyEi!?X z=%M{l_3%K1!$u$)8rpxiobGX$BCDyz)$aAj<5b6%mCqLmcYj~*h4v2*cdw!0n?Sw= zQC|l#99Gw-U6oea#!NvZt0o}Qu<@;HHs0^SFL&Kso1kWOXPk&-unB{}rw=Xm<*Fz1 z7J~vt=e>jJa(%_C88tEg6)qs{K>EkLa;?|7<2*T0_2uOWIcM)oNAeB;kX{?imuK)$ ztqRq;|H}e!Hq^0ir2pPZZ)7=b^-28lMYMYe2Xw6n4oCg-UK8{W+S9*7e1Z-}_-?Po zq#$_yq2n%HVX`VOo8@Iyh?SGwIRL8Q>wY1)^O)%zT0->^M7@~zlQX~Wbt@1MARBuv zCmOM^Z-;tpJg>62I}+Eve2Cm78(Sx*o|126$PO3!yDwXBGQ%Ik<4C-C0X3EVaS7Mm z5vukDW^S7+;^}c6KHQ^^#rI#*_Rfy;pWh<--aEfSGuN?6XUtz(YhA6l`09nkt)vkH z{;j`!3+$xuZGXT_hw)xBzRKe*An5+F@_Eq^hLnJ@4vWCvV5kf4}bw%s7E(PLHP@gaq%6X21}lWwV^hdLkq4f)gTAtLL6 zw31(G}%z5Gkam)xl`!)scbyEH5_@oSBwMAG0#dudY3Gv$P|J*;& zU((a1U(ebATe4_8CQ%t_SsSA9jx$P=t!xiQO)0v)NY)g)KvmMu^>(Z0tr+eky$SIqpt71ow4Z@cA$wa~&5m_&Alstp;4BW=5r!Z8Z z3xgfO+oeC%6{Br-roq0E22Go|Aua9>D{<{!x9QEP(R^W^0aA_+k;i0k%c7>K`Kgs^ zJnnGg-&5aHIMb7p_7QeOEqb7|SyOp05{i36iU+3!(}FvS+@knP$49Y(UGO+yTM{qW zqpEblx5-J3p*Ddx4IENTqJPel;mm3lt{_!HqFmPB&>=P|OO&HYXQe zMFC{KH|>ooH&`x-dV${vD4njgO!@g6DwmJVuS;pN?PI4)qb-)Ct+b; zUQll|u8}qkNtPb4X@&E9f_{UCR~>LlDtI=NG&4J^oRA}VJVgj94#37boBB<=li$3w zg51tQaZaB1pz-s4=1Y)=GuGR3YirZ~8@rkL`NWJbLo-*LuhQ1c0Y^;C2>Qpi^q3eF zAlt~gT^sw~CSXmYLIfpAX&lL$l-lCUl?xfv$3p&Ao|bQ*?yEzp+@4KcrF= ztV46(Q!B+7r0VA_A%>@exP0|Ptyi&2LdJX|;wken+6plJCUHSkX@SPs9K+>`a&BUg zC-)PBohXY=Y!wrh9SbG)kd0aaUg>S2D^6rRUKMT21kzteE`NNRD|X6!1SSVIN+xt; z5x2EY6>bx zT+T|1Fr(yVmkx%E%i$?XpHox<%e?W<8P@v=o4(tMbca_c9&(DXSiIA^|7K=Cjsy;l4JxHFfMhxv=oNz0If5`&YV#0Uv8a z#g88m#o3-QAU=FPIqi_)B>afrw0^ogm0|sA&iv2KW^il_IDJhmE%gCw>)jnimzLET zRTiVuHA$^@TY{4}+|ba$K%v;h?L3iCQ=|5|<(JWxL8@%^{|uB+IXFb}C2saxj8G%kcB~%MGpVVjX7ca_@!Nu;=6Xlkc^SL2*m5 zh5hEGGMh*5D%TC}vB9L` zCdYFumFb346#%K9Sk-b&O_!9FnT+SRl<3#s=URF4lQJ8$4^5i%0~_6i`q5Y4od$cR zFe7ri%;sh@m-$x`gUs(7oyYwV1_;2frLK_}lrTvN&-32YNz^Q0i9NN@h^04u00Nha zdj~1tu1I^LP3XMOz0>yR z@;;%go1$TzN}xbDKgDD`<%(GQ%4=%WLCtiOPEo#bskt@kQTGwzMwP{UlUhoAH&)4% zG7q=XmD~D$`^Iw7EMf#}B+}jO>0C>gG9U7&#D0e)O)YMK-UY-9;mdyzUV}n3bSVIR zymlWfH0&vXrt*Z}Ac6-y!5w~kEg_-}QG`Nr$}4oX>o*vn{pY}n%$!mLWIQ?dGqh4Y zTe^*|>7M)&`ue0f&)fYarR7~UOrUR=4JCNT&24*o+j0L4Q$9=3$P-&P;Ri8iomHyj-`|FqGKfuOMl{cY6?7daIq?ogEicH|b2zX6=rR{sXdJ zT{XPglSq4movS1c=C_mxi$2JlK5h=xE_6DDFhDbP;O3iir#XRB@toOj|nn2Lf(kw_+a1B=nkK}zzw!5S`ZI8&Y2iyw%aTYHWN&8xy%ysw`SvN%2Awz(6Fo3hVuRgs{CH>3^7ObklV3sheb27wr+mYK{uXyMNreVYFe zycg+167!a*$=Rd9+f6lf!P>G0F$}{ICBPRebplO3c+Ef2*%Qx^|tD>tzxkCRe7IiD6bjHh9D;K+JPv&=E?#rvNT*O&u_fH<@ zBo&n%?pJ#$$WTSkQu)Xm!x^&^Z}PPgR<0jSA;^wFCq)hJSjw<$z=|u3(aaVShgf@+~HnaDRx9LDI*JO4b=IrZg8K75k zXTn!adYn>goVsA+(^rXpGrxX$s0a28aI+`7OlAdwkd6XH*f3T%tz|cJk~0gqAinAk zzlAykii-dmcz1{Te zsu*SB_i86l(kwR!E?pu5RcFVjO0d2ndNbSKK2orC>@`{vBb zUh_{CEv-(lQ>SOB<~4xeYdQ?|b;`i>aFl-hP5d=gq*qK?kIw(E^o17}QVRLt(R%{@D0`U}O^?OZgP<+4@m8EEY zVFk%BXY!AF2XtWL^QuKlNS>xavym!HEG`b#6mk_56|#Nc|0F3%+o^~!tX$78z!ZB? z!w&AFh+gAQo^8OqrpjSF|LvyJ>u>@v3&+c=sa&r%qd40ah+~~V6^9b>)+QYH-M5;W zn)={(Lrgke;U~k0+fg>^-m+@DR2LZTaq^a%I~=hRkB(X^Jsp^}#7<3NwckFGfkq2D zMn+R`%&4k=bvdZf{zgnhV&d+eax}sSM7ZFXE6$}#H`WiF;`;Jv02Pr|kOlLA2pJar zfxf2I;y$YD{k8qsUzZs#{&-zh#RNLV43GiwiEnO0FvRneczJp8o?Ch9?N__Tj+fuD zu$VYoBTd&042>vK{4VT$JnJ9l;NlwH-+$NL-3_wQP4^}sz7PJHIP;6Wz1mEU_{x}U z;Mt50>i$d(NQn*j{G%=pbVePR6^?ZHbVIn}(0^pahATye>1myIS{4G?5>jf27;;1k zc0iSVKp0{J2oE}_KRHKiSju`4Uym@P`O^5ZP!bL#3iN&ZD{4Mr4pw;iQa}fXY)G(J zfnrwa`Bw(LMLZ2cOWrx*i#85rR%S}#zS zy#4}aKy7SN|N94z5EfLft2B-sFVq)_UF>-|p>uU}o0y#b3K*RS7H5-VMLJjH2bYwD z1_g@uLG`fsA~WUVPdT&t#2dPkh%eEIx=@I1MLb%ALixxdT}Wb-6pL`>UROiA?6>Z7B&7XpCgkG%J8(i$uCWg-^p6^rqaQ%8hlLM-^y!vVk|8f!Qj@Xmoi|Zh5_Bp47f(Dp1 zjD;mIBX3f_Y!*hUD+c=JzTwn29+cOBg;gvn!(zK15h{bm#caSMFCL2?4QYI>@x8O)Ss?A*cE8Zj zz`(vP-=td>xLeTLu5l~d-9Lk|Ik;+S7riXLU^2)Y2Z-+e!lOBFADf7qu%$3pZ1fB! zJw9o?ATHNC;AEe6m8!{czAx|DyF8C|cxLc_L6Jj6wOwpZFCSs#loLZ>8?U|L1znK^ z#f5CVynVnv9<(F(Yc%;f?+%bCoag_IP5`wn{?6kqyDrDr_VYj3L4A zJmM?mXTjXxv6+ZIB9V)jEmiByYk6s&FuGJ zm1s=&v*Ox)gzNu$?1|S^dAjE}%@wQ1S6}OXZ4JWnyUF+*3uo)7FPp~MzK?9`71qY@ z`G@~Zu$Gk2@z`9$8X9-W%DcZ;;IGdCX<1ymUkvve|0jM@6Ezho1)=M=J3Bir zqTexsfIkBu1|#icU-=W@RhpEYJvKL*dA~0y*z^44a}MhJyrsCUAs7XP#ZHfful2t* zcOwy*NC3+L0>uq%FayKGTd~36p7*o!yG)J+1qBJIIsIVZ0hk{~^9HHb+YS3Q0`}TG zf2ynh#UXf-Tay=r?ssNY!_MKk(VN-?@Q?bs5}o>(^~a;iYM1`^$?n_lMgIWJO3&`* z3w5-YKLeaGox$8eG~y3Z@7@&s zv?q8y9o=o$B^=fvBmtlXP*lLR16#lB#7>RpXPZxQ>kOQlKYEily4kS>3iz}bm`-74g6q)xV@WFS62koDydahi_}^guI%8YSyt=_f5ODj64k|gF zQk`nIA0&>cWLk-u5b7fb^kM-2mBu#mGgvblcLF752o?XA4+dAu?53IL#f|ZIFPlk{ zM5P%0W&3n1Gy%DVb!s0TTs| z$8VQWz>mI_1q0>$qO7v|IJbgPU$u8CBV!pMP}&x|3bF*wtv(W>3VY!9JN82{7P}ro z!RP^<5XV9z02TNJTZRtLex6D$5;YYiEeMeETE&?Os*~3Bp`+85Hg!btDJN(#QHstO3T(`}R_nUWx`E#xp*7234;+)X6tK`bjc#H=}1R%I}W2!m!6I54>;^GfA(xaB^_ zyosSk4`d)I+rt3Rw97d6MF zK@T`u&8L3IgwG_%pC_aiZyqe~XAjrWBkBNGxmVqF|O&lo$GWQzgriqYdhe5<9&V2f9 z$4PT>2?~6=ghsiHaQJQgQyog9FDV&Az{U>nIj#4*0N^Rc6lLAGc0Ru_LyAUPygrj} zzic~I(N=%0SBq|77(6Y_pTnyH6l4Egy~pzEe7$vqM90)hhW39oJltlu&}H*6@XLN0yI#0^ZrBrBPYSWSaqxvj)?1Yw~YPm&6qm&|kMl z5JD>Jw0s4nk`-TX;cHBf+Qq+f<+*hQAtxvHailGi2K9AyiAhP_ROqM1;LySzTL3QqqgT6$uL^!(kPU64s@gMufBg;wHTf=BempDaZMAMkW{Xm=%Hoz#dtwt40YJ196wI%c2 z##aK-(Mz^UfXO8sK~4;=Ka%@J(@R| zzTxAeg#%}gp5{Hnz1992Mj)Ap=X0ye+bx^-o%WmIgF_#ps`Y2w>pa5Lm-(F0Wjsi; zLh5gP0fDWp_oS@1(MTV&gcKs5#`Fs zwB^1`2W0=~SNPL7l)vspLl_m1V=EQdQErJ)7mQRu$Wm**wSPYPw}&|4N}aaPe03ya zyAHulnn7EHxU9U<6grHdRmg4Ege*bmtt3#=^1?uQ+~=2M{-*X8KQe`ka_SOPRKPnG zg42PyX`IQ*7Ya%+nuye@=C~BDct9PzFh_^v3*51SUKRyK8|4}Y+syDD`H@oTPCfD8 zK1!O3!tU<4BqUjH?KAE^<|~09?)=jyMNLg%;DRL;X{Yr`z7*rv-vwnX6ga0QU6v)#QcA_9!Je zIVXvL2O>LrFp9#cL+X@z-u+R*kX!Kq04>PLsgZAY$3?B*o9_|Pf4y0c6b3IwvQ&ye zaEeyYz&mjU{ak*HUp@+@rj9W^10Sist$w1+>&mWx(N?Ehz^xDHbcu#l)AX5%PtghW z>oB_Grm{=Rl2LzXe@++g>qhW^>ynaYmibCWC1~2?5xoa0X3ev>Qjy?~tG9|GdJ^;k zN$DzxkSp=M?vL512g!mGkEQHGxv)+>Ny-uY`UdR8FS)Il&{UseNsuW=wag?9Pa2Fe z>DRv}y5AyR`8ikK%FVkC4Gj+r4jTPU87((xu+P@~nvo$YA;HV>3;{}q+R8D*$6Xv7 zS=f-3*a#twbCc3$y=|ep@V!D?w5{amR-W&J#6uSe!^Xhb)wAi;s*)5UdU=`QMbio_ z+eQ{^^17gqkS?@lX9f(Odvi=OBAb2=@34b-kQ~5NGc!c>DfWVu?A0hk^_sDo-bw_K7YV;C?PG$^v7 z4Eep|JR0ja2Ee!WxsFPf|78LEeC`6C4_|htc82Q={{HEL#X)r{ez3#m1#==mm7Atj zKdAG5+}GCkn^S!FC=vHq=#UU=vrgpY2@2zjB6~+pC`zo!C<&?Eqysg(D1$xOK3(0g-)QgYpa+18!l6ygv`hlXVu`%L?-0|bDf zW}%Q&9Lw&JEdPM6zliOTB}8&YXN7Gsfwa1)ew_YNNXr2>_ZV_So$k@1l@v>>5XG2d zzJ{HWe!K`exItGJlg@bSOKjU1^gcq3EWi7m6(`Q5&G+HM$`D_j?W+cVY5;JO`@V+f zWDCJNPFdVCV+xH-ox8aX-^{b4*uW#7NUQXQ@`$B+R8evmmyIvSgD^|oRF~bAs%!`> zs{%tRXCl>4`3uiR04Ydb&`?E}+DXPk-_n0V#5#bDSfLm9CN+P-EGQJ`wd${?S(2*b zZ#b*7HpIIw(PcRZB`+krW5T~E2{3rk`MuJr`%Y;hru34rhh2o;XcwS?K({tdZLbIk zeLGd3@JxX-MC%$dk&rUTG*5G!+3L<2G9mK)WOy`*8quX!JR}T*(D7mLYqL5vr?N)*j?Mddp56hAqDSubWnBT-#(2fl86dVlHf>L^hcZ>tYO@+yQVaYK*{Gi^;xV%e6 z_Ds$toANph`Y{j!fKZoxonkP-w||pq)R;$0>~+fo13`iyOzuptRvoo*S!HNkwp5s# zeSb_NP!C&Qanp2Q9(AM~v(#q!aag*pBd=B10o(c-NIR@4f>G6$$mG>eRGMpO+xs6; zI5KSWZ~ebd#ZZcE4Iz83!Rh=mOMetlUgMQcs?T6FShvV-I2IMZaG(J5MTTgg$V0Hy zD>N?%agS_t23_72OgM2127@ewj=DZTYBh5Mc_1T;o@LIia)%TFHBfj7(Y^_eZuSYw z>ieoInf*hy!Asj_d-f#Lk2vEs$y@Jr|HqX}{N}hKD^TEzoYxnU^1KQALlYv5Ao3QA z0s|rMulJM-w}13r&e!*Id}mnM@r}nERdx@!ndC|1>XxOb1Yv>ctPVCp0EllNe2|@X z<&?8a#(zysKqW6@xgB6)Q7%X#hnxDo_)pTR*oAbdJ*?=N50TV;gVExWqAb8rd3GOC=$*sY)M zm07s9$^E!tDr_xGH!%35a;teQ@EV34&;L|vGerdRJV2wQ>3kfCZo6|bv;%SL4$nIn z=G4H$d3!k}Bdt>5Oe6fmur}zB?4Wi_WU!C_+=v^uw(bUsytT-y?X4h8tHSuN6vaEgAD za&~GoLSlKg;ui`WRZrcTYw|~tM6iJn7#T9KY^y#=-#vW*T%|1yed5+pFvWS*8Y5C=E)7ba$tOv~+h%NrxaHCEd9x>8?$8b0_EAbH_Kn^+SgY zWV6>^bI$jD-Y4Q7{X`YA1cgQ!_gc2msI19xqdEEBeE{3OdWG)hS^=YFP2LttLP7$d z;G|~AsX?0I;-E%rH&jLh7o|AXj8VG3U$@xPZ@D7_?HLzb>h~Nx7V$wHcqLk)1uO$w`&OR@&e!x~r&!RpD1?SJB?TM&)?D@?>_@lDE%0 z0=KN^(%`VQB*3R{%Jv-&w6EKLVKAtX;^N+Z{$V_rG_!herhRnMdcnUxw{%hMws~&+ zuZEgIGf6_GM#`W1{kIp-`dUZgE`lL_M}?~q`9+I_Q}?dXcKqGdCyWrpWX1<_7ROI89{UL1!uqI&bTmU5;%kbgUZt z6VY<=@&XFCOiSq09gc*E{x#W&fCApM^VVgkq`19?$#l46b*)==V{`knvU0!-baSVA z{rrki{r8nW@j>UVoft4~2&iNAKi<&4(h=?PtkJBqQ?a-I_;viO$dAYDo}J<^o>C|U zLWOA?DrTP~t6m_V4VCNstNoijF)`f*rf}E zyKkYfa<0qT6zc&4Hp|%}kKb06r#nsGYyQ(wpXB3C5$+iv%_SO0yL>2{Jb0tv1+&`! znZ@}JU6X!d&O(ki1wL$GFw&bG^>PVwgv+T127^zI@Tp;WI11{Hn@MuDDg@EDh1d)) z`gsQl{3cN)Y>R8O?qP6$J%_YW|0y&`Loiym*n&^Qnb%l4_$uJML-L~<|3u>1V{>nG z1`OX5tsnH+-v2$KOH_zgC?X&v?DFYy6 zjf@1QoTI@s$DTrg;$YV|wYQg|-&#Th0pw#YK{N6T#md09H6wNv6J%gB+t?5bdvQVI z%AkZEu}E0>UU)p4^Zonn?Gzs+C3m6F^{JUl%7S=iA|&{?Z{Ow=6u2xn-Lrv=g4|pR zz~}6~LB^wJWh}^V2)sLN3gL6I+&wyKE1(>6um)m>F_(Z(wrId;Tf%T(03EPycMlKR z`>8D&8J*E7>)~5|A{14=Fl#_f{X>DCsnI6$9k=)s1;%Y<30xXlR!$sZp0{RdB~!|v zN{_BU5E5=~^2i6)5(=05CI&P|FPOk6HI;Z(CRj@!OtSYI2_+4~Gw4Y2{aU_D?y~Jy z{?0LZ4-6ky^?%7k0k8@Fx?`ZzARn9k^EfZABAS*oiRpoB6_$oNx_*7O3U25TcsRvr zfm+q<+iHl4T%9Nn=A+knbHB#09hH&MLYB^#FEtAm=~La{+QjWze^tT7b$ZSzvIdM& z>7F?vRqH{?I|tAv3-z02Wbpv;X8^IoAGT0MT{)%_cNtdHLz9m&iP>l`f&Q)4F9H1` z(W{c~CZ6Q|!`k?dQI~5dTn2KQMYKsLFETWu2bQMY2wG~Nvy)+rOM>( zJlMgJO|XjQfzKkA_(|-2YH95GhHsMJmi@$FY+_CZ%oD@$SPj8j0netRlT(UdV^|_% z5>a5BU4n0k=3KsnoWog4tr0h|*yP!kn6rs|OCfQ7^+gh@WAavYdxs?Z) z3*`cf^=2t}`KF7Tj~{jI!-)?>@pUgA@YfSf+=AG~I&gSTME4KR z1}3Pc1CF=I{a+#}_Rt)_{oQRri2|Ph=6i-bt>DI>lXM|l;UY_~*=mRogHLJboL1h65DW7z8737EIXw_9)N-5cZ-Rewf zT&#+U9Hodzwmt9AM!)J%246r%#!45%QJ9G)7Z(=?KVgxlBhJ~@Fb(nRSZov}9ih}z zPE#-yi(?iM6chtb#fgOfrfhOdc5H=doD5_!BdiORoQvmi%}m!w7ij|^@c zz7hqR7p6UUGUHRbWOQzf-;fe6)|l7Yi5Il>D=U!q2c-i_+a!FbKIUuRPzs<)fI>8Nnk+M$er#t4mrlcNK;Zi4cFSJ{JIYk%kb?;4LY?~PzbK8Lk8X@wvR?5f82M9j6NIUSo$F>)R! z`#ab%8B?Nk`SHwhUNzkb=6_63V$BmgX1XPI9eueW)fDDnT2w7CvZ8ryk)PSI+Z3nz zotKIvRjw3r%;Xj4{D6iN!W0v&+en;e$=AP%X1rgd2R}G2oG9wNr4~_4)Q)24HkIcA zi_du|dA1qb>WW{q{m>}0_}VOoplO}!cJdt2T)C>c3n4QYa{e`&)1NUiKkwZDmM z^4RneNY-n6&yi|4-tkgJRc#Cc5to!iyd){(i6RjRtst5lN*S?x+QOSX+q2qtU!?(^ zEV~dbUptI;y|uw@gvI2H-U_4M13!38&C-IaFye!5OTIw6buwVDv!CQ<&)?hSM;M;j zW$S~;=Yi@eO(KO@x=SwhjopMq>ocl?FDQ>bS1Fl$sNySw=ZUq$lK&f9vy3Lv%4|%O z;T3m8ThG_->I5q%gW}YP>QoBO-u)l;F-&od3SV8_5V$-Rz<-ocooO4AeM>!h{3fjWIwc{eu zndix^$69fPMv@|;x(T%ctI^nCQxA}K$8W4EAJs6}pq0^fF2*?-X4#S8Nr$XIETk2xp@@o zqt{RxB1|H$M7WB+O1Xr)6WFf?ZQt`&ld^f?t1?zKv3?sHleJ_oDihx^>PVDmsv^2H zEW7hQw@Ckst&)!3NaMaGRPiP3?$B|lN_lqJE>BT6R96d8tn<$;?W}af01l{ACS599 zQ%`IgJWz1>3h+7W^+64==p$w#HNxD2nLbr*e_P35^+A!vvztTEN#x^RSDRryi8xxF zL49^tN)6g*v!dafB*US(p^V&3>69We5;Fq^|SqRZ98`eWusS1~k?4iZKgUGbt|7YntbLfpp*HK2&?M#0Z~K;Xn|<&(JW- z4syo&Wl7T$arYh)Q*Aqe=W3|ufn&BZjr zHs+rK&6eocOqZhhuGWET-(_7VuXp6}3oXIHT(yadQA)|LY(+L5oKMP@t2|>7Q^)+% zK{}dl8gz5T30ZtJDd3nI^17L*FrVuGos?DFTF8;9e!?>^}!h;=iu{)IQeay9KD4~-yPnqN)Y!NQ1f?O`5ue^ zw)+|*S#P&~0@$eHMpSk!-bihu0wY4#Ek1T%uMX%4!%zNh-Cf^TdL;q7P(jS?iA~1) zjYbl|r;cz*#K@%Ak`UC^p1>pJ2d;Z#v3Y$?m&!EjRky2|V3C6z%REZnY!+K34ZV+5WZyAb|`a zbw%Z~cc*7|Zw(cJZzHJ90s_RX8=r)QuQrMt@6pR zlKpfn0R33x$(qIYvh5Lgf<-AZxk>`9`Sr}v!?)O2%;`#<&Xz0duJaV2&$8di?7Y8T z&T1)`-*-8r{uL4&>|xuB?Cj!l(np1UM(2C3calO14rJinNBwkPSJW^)$Ir4li6}o; z)8KxBwfwMz-tg4=^=9$u&JBPjARv|n28Ta`e3!SZ7GIE)+E2E&C-T&J1V zT7^8i5S_P~L|IPldgT#^_^1%1UA+cQ!~Gr}DI(#av=Fv!5kEPUwR2rs?-P?+DU(Zn z@YyfAMr`=C^`TYRRMCT>2t%O0Zg+dm$qP3O<1R=GIIE!a0q&+tzOeXs$$FF$ zpEak389ed8m7Fa=8XfZTY>NXca^l~=#KTAB`=AOkV3n{{bb<$nCEf@xchPGF$@^4wm+Jy6FVt-C0L7<55jarmcPE=S$UNc#HcFBxhOGb zVeIwEL{7ffPA(xRs*nET;AfUDB){6VJ&zvGe%gSPSzJZ{ZR7;0CaDtmy4CB*LqK2j z8t7lYG}y<+nsZs*Y@MWRd^r7CRz^-o7Xp3p^wrZ7bjBrEq2&F;{kb(ISmHAlmbN2W zWk8|@L@oeAdX76ht0Q_n6c=YWFgSpO5CDn?r^k+NYmB?sY%`qs=-;EX#cRXT&do0aC?-*R)NUkNq7yWy#3JpEKHV$57ALv;g8@cAN&x z*J-sHU@@5_c69SIRc1!J3KCA_J`T?3d?-;V>+I?qCh(&(yiK&Su}!^gbB^hMt5B;g zR9THI1*tp~D3a>`e*Tt&9VM!u%!p%D_nHdSCo$u;ChSfR>EkGXxHBeiTqd~)xmXt8 z-18ZRkwT=KF5L)URpnsBZj()UVNxBZ95E)uKtCW=bP6ibGbVVnbJp;5f`s(Tv<_A`Y>ur7ZzGefP0&(^6qhcVyfA2Rw+*Iz@&P)Ig(x1P=?+ zNWsP?MI9$WX#fJcEi7z?qjG`GiLKm{vA{3bH#{r~ zagOVU7ZPfzt#fOpEB!g&Zw=vk&XiVD!Fav-!-_xDIIgwT2N00}U0sTvo`Ip+B)!ti zL9f~T1uClg?hrLsqp**Pn!=BwqUb`?f}s}|OJccSK7RaYKA^#|wY~jWOG`%7M_9KK zaj=GfnD9qSOTg07l0dLEAT|MT?s=>nE>Yv%3^tsKiVEv5Qs4ajVF5=C&~lOM3F<4T zU~kNWI1{11wT!=FIdg|xJmR#&AP$7(?%X{Yl9<6E8$`ZAxT$4^w|u|TdQs}5)yoKk zYxOZHRSGv^Ge6RXsLIVWTfP$szbH8s6L%LcDPx8G^TL&oZ!Vg1p<)fXn>F8u_kL%m zz$r#eDUxJny={+FqUyM(fd-!AT^Kg>GwxV@!x8kmeNdXLrxP8i((LXKu@g*SFfNlA zvbrHUH{)hWCN+^A-Vo-2tsd2K`|Ds%560+uz1yLBq41~DdC)*{XhH*Y5( z4)P6Q@1OT%yyR;0;4lZyJA;UUO$~Kj8t>cG(1I^M(#Ia0YM)>Yt3NYAx5{!^{&SJh z-saQbyF^oPi5kxMrn}ERqo8nkMeAwy2ZjI|1y>Kb7sYwa%?^zd$1A}(T3m-48W6`5 zcim`u=lTpS{O7v)=WvDT^56g96N=eRc}@=%)+g-Y;bD+L6RIkV5lDyVG;TJITu3qWx2sdrm|x*`!gl|6Uf=j*Xo#-?rYTIh zKB4IWRerk1C^p>xxB%#D&KVN!&tM56B-&+_CgZUbyY!){u(>QkKArm$fZWblo2394 z=;CCl*<$%Jit6UMUNUD2PH;4w$|geI8om28M;8dZldG)zv2dAEdN)cKfT?D&O5E>D zg(wn%5kRdnKibLAxS$0gq%DT@S^v=G1-Z~HXsY=Y;)E|VLqnE`3dxx5UT6J@HmD=+ zuodx(xKLoaI6~+A#q>_Nl$*!vg3RtT2sXM2Fxx6;Z~}czlFjQeS^P`+N*3c}aNWDbDxb*f6q) zk2k(uhVx{+mXAq~7x&R6{ZmK`F9)H1^O~YyFP@AWY}hp6xJnu-eTl&z_n@PSOdL_@ zdESK<&#>)R9vkDw=Em75c>rhW>tp1;qD@Tx{P_gqm+92;mR~)u>wQ<3azt-+OuxZ? zd(yt5=Lu7-Jg+^v8c<)V)uF^!0oKUKoQZTLx)83J?I)6Vl-X7cFbS@ z7@1*sKH-s*u7T%f;`^jY>5L6-vjKvAu&rR8o)-95J{sRb6z3T4$;O1HVD#t93&igLqh%I+m5SeE z%O`kJHOPFNLR&yXWBsKqX*xk04|=`S@+O z=9C8^P-pEz3acGA9h*syQV7XN0TR%AbTvLU)(4dFbfk|`pH(&6&9bhk8yg$XFE7WJ zmlZiY1WYnuI>Xsrs64wVC30Yt@+={uI{>5|r&Rs^iD0@wD2DI_z32{-9(?Zy1tG;ptlPd?{pV(lb6Izw|3)yb`UJXf7}4C5$t_{x4EFmN~ zek@!^x=S8{?Uq?ZsgG|xWl&f)G3G~@=&|)cL^)#3zgQm|!vH@pC-;N_9LOLd%}Sfd zjzlmJ!(W2q#*cp9He?2BusN_flqD3N?ACT#5%w26G@uq)XtJQ1C-eFK`_dJSgjeq2 z1{nnvZT0NtXK`vjkbrB}IRfvW?_kKFrKMe6rp?%7VkmXc>bBf~_v_GTXUeK7ZAnQc z-I+LF;*qQA%=NWdzVb!?(qNy;8yJIYHmiDrD;^4E_I-!2zgQ8wSCoQ}+3A#Hn*r_K z$wx0=q=oX`QDm6&xcXu@BYwz{LwS@lY0?!WYH=hO`BVy!8V@}%9;pEeI{)^+ydPFZ z1LTQj;*;?Vt`60OC&J!?YFkBjL@1s6c-YQ2c}90xc73W;BCoz0ZAu;#p+l(yg#T~JHZTi3f%20wCWPJNo!0Ib zIXf1|Dgv{depQ4&Fcp+z&nHvGI2S5}3uM#d2fvb1Dt_m%a$sWX=XM{1WthQlT}-gPVSbY_6eK%po! zx<|SIQmlGf-OT>q*=lDwEXk{wchq+Ik;6&hDFQYSjBvExS1(H}$u zcTw{_x7}~1CCeObR3s*%CNy>p+(>?G0XgY1H|DpZ5LNARY7P=aNXVE_>M}`{Qi=R& z52vVkNyXtyd1aoRd{ysWB@+_lk9XCTEs=8FlQ#!kt}}e^e>yF_paAwcD_3`*u@0oQ zCl2{qH@3wfC1!Md%GeVf@ML{vHbCLhEkJpV_q26{k54Qyi; zMTuzt@VtHAhbH}Lk3_GWFcHk9bJ zU7@rFhSDh40zu{OrHn1U?j+d}<}g0h9mnaAf=QOBj85*oCsVwMvSf)fF_MW#MYrKcrghJGf&u5#NmTv)ak(AAiNOowTRTmV! zV1eZEWbGcb4njvaZ@*5Wyo=H~vPwhyK6Iz>ZLIf-F@KK}d{FB3q7W|dNc=XzB#B&| z<++t-!|#G#V1#!|6-?f@bIE(@vI=Ljay})&G_m+1v|vU~9XI~@9oja00Fpc$b=ugmyU@3^ z>~2n@gRb8uN8%99bx$m+^?&S1P@7i>0q$~~0_ai&6W{?goaa`O0j(ki5;;e`=?(&t zsNgy($K|aU5*Sg&+VgVOpM6$Rl4D4uB~(ophk^C$g;HRJuCU8f>uXwo5`F@E%jd`~ z>nD`|=H><-_Qk!hNUT&K5Jd+EhxDAI!?lTgn{hHCO^_)F?Oo3==aRaR^A={+t&EnS z^qYZxKoaFhH3p*(De8#C-|v5VB<2!gy$O%o-0-WO;a>C z=CiiQ{dv4`SkGGYKx;XAy@b;isoO$G0PT_P##ntl#1~BtahNE|?y(hc5XZgnTXaBh zI_zaHnfd8SMbbB!c{IM6=l5S^zEM`Jv5`rGEqhex#saXBL}fzi(OWu2d@tzJ(kfe^ z)N27BXIwy81BCpD8f?C#;1I8^uLDQyQ{V$4+SuY^JhS>2l`cBrM||jXMPXT4!nk_| zXVK`%dbZ#oD1v+CiI?#}JLhy_drM_pn?AW~78AgL8}_*o<(I2~Ic@)gZzSggT2v$$ zje5_~a_OaPJOaNLaq}Pud!cQ|Pu&2d4M0(vwUMkQyadAtr`B^=8>d%a3sDw8>!bK3j7m%w3@;2{i0*0RhcU*GQ~KK0)B_!@ajv zKx;b*8dVnf%I$kA^5lPci3Utbj(09YKrb$G8!s}PWk)H71in^fa`pg5O>zDmULS)c zfvldo>8iN{`t|AsPerxYKMtSMeJ8=12LlF1+LKJ*2U5u>((Sf~wzkoG4=1qSGwJ;a zw9zJ8`Kl<=Da(3b$mJs*>zb)u$NJ{A!)PI@^;dhwckei18Yag2Km}N{JvDQPk8Pn~ z!+f?qN(DgiXuTUk;D;)B+vj??SQ`tN1s{KW*7d${$@=>E!S!%1(jv`z`FG^DYjYo{ z+xZ`aar6iPM+4viPg+TB!6~=rCr1)K@dg7~>S)0rh&Smf zpqr$JXxKy07z`+0}!~^9h1w)C^~`&q~u$$IUU!tUbIrtae%iO(d0x8-npNMPt@EAnA)C_1L|V6Wx+Y`j#> zaO7Xq)IGOW6-J9CLC5jxxgL$nW$&yF9R?B@?_5vc)747ROjM6ECa7>z zutA`$t0GJkgdd}0ZUZE0?HWls7O8&q32uv=bXc_fn*icq;>GX z{6-lwEtGSiq;>Fi`&YV|mNCbFV5#EZ-_4eRw#LiRee~@qzh61+A-p5ia@hY3I_QHA zOTGyFQv4C%R2OTX(smy%QdE3HxO{)<2J8(-NS`Lx$v`wZj@P>O@+z3qP{-4o%4PRF zTrCeiTrG(MD6f<1^Aev|N@kPpR(U`OsI3QNG@DFu=Id?pN=g9M*xq>Ssq1aS%6haE zuS)!i;%C{o zKOz^agpoa7(*Z-~uF9vm$~e5x7@30a5*ttj$HBUz=}|F-p3BE9c=ZJOn?zH}Ex zLOtxEa0!VCVfY%$#_(s3=yfIVt)C2O)385-A=2c%CvMDn7*|O>+a* zrgD)Am~s2SM)!s%#91g8>8H_-3bzG-Mv_(HvetA*`KVL zOzd(^O~p4JWyvr6vY=|x^GF0*A|NvQ*W@N5;=V=jc=>dXgU6!N!6vu2HOW!n$pPGx zz3%iL6ECCCwuVcM=BE+AZ)}b)cs=h}e+Qec*m!?(&$;NB{hOe9b}W)jVxnBRg8ZB6 z&QjMini*`eFmK>rJ?v4|RT}^{CLZqd;(#j?r%+HV;+rK@+1wK@;1;W(J(SIptSE9K zP3onOocoEz_p!)Vj6ZYDO3^#M(&vDPnvMhn!V>|x~tu4?bswR3}_S0#! zdeM8tO1UEP2&b)7K3yK!+0mac>!gUP5r9?DOKzmtai~5w>7ox-SMpvi#A~Yf(Vg`FNp~@kqNr?FRU%<{nci zPNd2Q`@E4(7U&(vKQ`rin$D5)6-5FT9W^xN%@MS6K56P8MM9^)bfA!*&!ZRd@d0K> zTDR|gn@>2fn#l6@K?L3}z#lP*RY!&mLx1K_C_~VL5W)t~a*+6wxG!>y`*fXHiS;VP zW2e3Re%kI4p}gFNi;KI)?kOFRyd9oeu4*hgJ#X(2d0lQ%U|Zafg&&H0PuvBGJ-6A!AbrFAG^`@%Ix|!2Ttb1J6kN|#K zDkI3O2lHT%C4L6ZhYlP7Q%DAl2s6JuA@YI$VAcT3i(JdLUZf zsFozlEvfMb^s?&h#2Ir-%T|xLj8(OR`O6hJCY_qV!z@zWrH9wQjec400(hrmvfBe+g;9`~iIVVD~ z4@8l1mv-X6EjsyirTd1Pt;Pc;OJYRc0X~4gOqfmS*sOk&JG1sv>Gg)9lZVW63?$-! z>ekRr@2{oMkJj!_e4bO5$HCPs&EGlQQJt}w>)$xtdTW3(aO9E5@h7TTKJvz00*M&; zJtmkf&SsiP>n*`uI7l?W=2^a+wU`K{*m%#01ztp7PWM%s=> zUSOE%y5^~elHI)>V4IFPpHDQp<9dSwD6X{u8w^UXxIAz?8?dYzybYCm@(2cMj2^L( z^pNi6C?=>f%}rritVy@Z5HbDkBVZ3;q@YPh9O0{-DL$;OZbG}iL`2>Fce;Na5Bd75 z@JG2EU}(Go*zr-=@(cN1OCkRVR{(6XmUm{{y^`p(0_XCuFgmD$Ip!j#d|;sijJ$9& z9JsDLc{p;C*?&Y^W-jBwq~hgb-o~LnUF`2jh{x;HsJ!H%_Fu=+`I%~mhbI()BItlt zel)O5;j;D>48z|;R3he@EzdWQT<;wA#q~b8JFyp*b!OavW@+ji*L9l@%g+1N(dn|v zz!_sDU|};R^L3Uk*|npbgRw~D9e_DA4w35<4?2zwMjG_!If$-A`J=!dq0Ry)-}&b> zO$p5`3#T=v<}XqB>PtHovA0&8lf`79+6QktHqTq;Ce5R8rcHKqK~euomm0vs#K_F` zz&Z5gb%(~b+s|&0rwe<7Z*o>Or>M`<63RJQ(yD2&l6v-*@{8Y;=bL}NID*3G1Bv*` z(|(Cvwrwu^%JLB4ypiXtzf$NxfsYcCogLC!TBcjd!1%A`#s`-rWmL9Fw-8LUnxz6g z&bCfxsiHyTm#CFCBS>R>-thr-djlNopuB(CEX?|j)2wRq@eZiPws*-MiK;as0Eyp2 z|IE8gtJ>fD4jr^Zku%T&aI#C1d8B;P>u;T>AQz|rf!VdM!aAj> z?-~NzdcX)V(DgMU^N1BZY&4^~TKW~M!qC0MlVIpJkYGvruQjq88Si*RK(b-l5jA^8 zQd5%vx?M@&MgkIYz+Q3PQTgz?v-5M7?pV8Q3Dc=K}z#7%=mFl_;3BwCI@`Kg_sL z#&#XXKU%cjE(|NJRt6rAtZ56gFo_ZQ2LLO_K9 zbfLPsfoW+3wRLq4zzJDPYres?{3ZDGMn}yS=iY(f6o0aZYdWdjDj(pgD{@axHU1Wi z1a2lod|tLKj{;D##uml>jET_b_S|BqxSR$b>DcXQ zIoYlzu6ZP1deeHjH4^Zw?Qe$&T!CVY6r$qob_Q&|a84h{1jWVIReg@n(Sh(}?N{~< z*YeHbRfFT^>!Oj2VFt5aO1U)hsA(q7w&`C+e9oxU_>|nmJ+4gio#$nXsyvO>5oFB{N(rHs(!cA#j|$RlMKap+%*Z<9VX>fzO`VmI z`4_7aDkrlY+ggQP^Z-AhkXvMkZ-P7)ZdQ7$_PYG%$8OuEa}Kq$7aN}h@JY{qr0xW9 zjsxIVqAAvBt!0rJfV5nf3AE-CrQ~Y}RtIfsDjfEDHDrAKVXf$%^{E5m%qd8E1puH+ERN{N~P}#0n zJV!^tKns$lR(@`dL+XY402C2h@1W?xih_pvYzfcurJ+w71R>5WEAqafWMz$}3CH6! z8zHXXerGZWe5sxZT+b`BMW_Xoo!0YP$FWA>#-c~}ZUC+Nv%-tGw{a8x-u3yx!g_Uf zyM(c%m#X6W4LU9+DAW&V&U zVM6~;CGvBSCWr{6GUgz|;{u4nR{n6v$`o)}h!nTZcd<=W+ghkPt7}MS_?6BMBgTeO zBx2;*BWT$YfPVB6kmRc{j7}NYnl&Qr^y`}g(4T8s6qV}5mqoOZ@2W*iYB(xMy565lEVK3K9b;B_In8i!2SRdvgBcLJbn^u`RqN!tGQ#ODJhNDn%Oe+Wq<_Ug8EBO5W6TgHY$61X=-C-G z3dBl-JF$ANWaESmDMYhcyru)7iMia32~c~;<1DZ^0k z6_nqMo0W7qS>CqAmXf;f`i+*AMp@a*7UtF;KoOvJF{+{1GxvcUCEF8?S<)UMEs;YI z8~xK@HiG(cSEvg`y5#ZD1Fu3YQR!xtlE3s_us;h)?_pcml=J(bhAOO*#{&#Pg&DrG z-$pSJ3@=-E#aTg~=x*0;BX4!jK{W($yvLA>DDFLY#cjY@8_SDCKQ6PClgtWlVf3yg z6!P^0J#1&<&Np@!I0ZK$h4bJX^dn5u^&yHL+lFZCNNAZF3saPh>=I_PIh2T7FuSj+S&LmObX#4dm z9ZWq}+RM?8PqWmeiy%Y5gcr<-C$rn0`z64L`aq7a-@o=@s5o<22LNCpAB;sa8_C$bXt@JxkJ3hy$0I`{ z>4VX_DgdfwaapPHk*Yw69HT^8kY8K&MjkR2IFdpB{eN75mHVJ@Vs|LH(4tU6!W*Lk z$o)X2ptP#VbAL*SkJNnR@gpJ5U2tTH=kk}q1OMqMWrmGM~l9wb0!(e#CCC~Jcii)yC+V_;P8v}_5 zOS6?sT*|v#PbY3Z$QaMk2GFLDb8TX^I(9p5O^%E(z!u48KF26OiF~~xVd+iGc6?_0MJq`OWAlZ;_6!6v zSl{|U;uz02O{xvvtaj-7fJwCIVZ#GA$O`WOT&rdGL+uQKWoiDzAEiy{lB7Q06$Kxt zMebK+ot-mGp8Ns;0ueF#c&@ivUcY2Iy5t=Z5vA*8ZlBU)to?9Q$BS@QM4b|+Vjq-> z98;K!8()02s%wzasBAujg?G>OLREB7%b#ZcRhrtcC&uh5gt`TBn~NYm`^#(C4-!j7 zZ^M38R(7VOG7cKxD=90lGrsWYlG)^V&RhkUfRXzw8F@n3vwQ>`pScB%sm=_;hXO|# zS)Hc46EsXZf8f~?7;%(7cL8-3;CM{EM08iDBH$MtYfa2?A(41D)i{t=oo7~^w~ds% zBu6u(UsDe6Vv~{|NWvc)$`Kg;AWi8ITjg>v6rTnoC)MDE7r46%N2-laE8K>tPJBVJ zA%X6?FIeb8B7NlJYY)#h9-h8)DPHx1P)>&kyfL{yNdx^yYad7C(XHeL;=5$+D6E&o zW@~H})f$oVG`P+00Mxe)^M}o0V?2G}3pBw0!q?ma)r={1=#) zRyN-fhR@I6oEK%~HWr7TSpEDW4}OJo4x*1I8Trkkq|T7n^~rL&VYmp%#2v zlLZTPm_WhGhQoWzro1I*U`0j_IJ<=6fvB2}9#kj+S@z2H3HJWt6>d;C3TqZ~qKrX# zH~-+;rK?(nM!WArr^wpW%#yyNO$y*3&&|)%tCmU@@-yqj%Z%$4XYY4% zvGh)|zSu^ZgUMCdgO*M4r3Oxb?;8npYt8KM2qI0-jj!7)-tc7xKHs=i z)5G*Rt(VMDq`CT)k0bgVsDTIR4DAo{QB8dtkUh_O4uMM<^L3T8(bMhSynT?Ko%JBQY=DPUy+KgCW@z7fH#>gT zMN;{`PHZHpCv?z5X{*++j$F2)~~ZQnfVy%wpixfHRlU5PhU6D0KHNSj8zs#MBBMKJGT007Joe+{E zTH&*a^X=`hysk|LCG9M7a~(;xs*aEb-V9kO&r2gj#c#6qzr_}AXp74g4Qqydi1bF- zh3d&ip6;4URMW{Q58b=bg?yq74n}%rTRW+R5DP=HnH)*ZL#&M ze301n_mVMG96zO<=Q>`j{k!;7q0+Z~3ZBtlKtfgXj|nV`=G!^whLcCw6h&SAvL~Z# zGRx|sc!*|mLuPmQ{EI$QtE%Z53&=;@y1LKw>Kbjf%oi6ff_IU2_V-=VdYC+168OQ^ z^M8WU-K?`OUROl7`-uVqR}Zk9hk2VU$?JU02J$#fcH?Lu(M=}X!-1lIODo&j+uhJ# zfUKgh`E`wIFFv=UR;SzQQuWHM!smSw9?ArrseJi&W&5$T-&7O4Wcd6;cP6zouWxHO z7@JKvOds{Knpi&VmZ5`5xn!o(#;Hf^T??80cHTZWK84%XtqJqCiy!zC*FsoZ1chG1t<=pd=QlQ{_6k2Df%ghp z>~H=3seJFStwOPVo1H%Q==;NDoIQP^$G-M0tfx?Ku$KQ-8La!qXo&)6;5pC$M+I~tjw z)8!@?d#d;M%MbH-D6IXazd)}LQ+`5sJ2QZm*^x;1N{a_$l9kqc8N~r}{*L80o0uh3 zImUw8dLHI;lJU7<1)JDd4T3V{{n+o=91mtTXih(T3VGMa(OQa1;WjJWUo9yHjAXVU zVq8Ar5n4G#2|Y+eKldF&Ovg?}{QKmt+1z-ELDw7XEvrx3=_Zh#i!!aojCs4JMB_`* zLiWk2X~XioidNg(E%4c#1{E`QL{Uf4ClBBe=k!QNv?FSXVpJKQ7!nc@?(Xo)x?L^g zet+!@qobpH1uO2P zj7^IqWi5t*5NIHUA1q-Y#Sqpfzx6gr#`u?JS{fk%h&=St@qwaY<4Jp>-ww3(Y&J|# zi_U)>Fw+apk0`dFHDCNjazyi`IdR~`?rv<2pW`1b*<)Q9#h1EtK00jL!2G~h%B{Ju z*UMTKuvet*{da0<$DPM!;o;vZVW^PUD%e-7Ph}KCen^@7{e-Ue`HAAUbe^fbKlsQT~Lnhdz5~$fSuV6z=lzVNW_%19iMd? ztZ}$ra}^eji!A?aTTFCn&FxXC+Rmu_;ZTjvmN(SAMW3wC_$kYHq;*TlI)X$fpmfMn zmna@3`vhtupI5n;x}VwjM3`c&?DA6|(RO-U@=J&O<&C$&?|(dV)l=j-T{>r-J;!iyZHP);;bAPvfG@kUMJ@FN;wd)UCVx$t90BMGXSO% z?d<^}yq^2K4{&hQ(jCAFw$Wuq0n}$h5Jh3(?M9{I@4zT|k7&CV@W1capYDrz>;@ zx8&2W>wIq+onR@9U^~Wma%GDk34ABcZ?yAzcE}jf8--bhosKbPPRo*TBHM8=uGL{r|qB@8~=F z?gNgP``)qE+H0?Mt!wSqOuysS$ZMAmRn#xMr~O7+BqgWv*jMzmPQ5WtVPPR?$m|E( z8-&^ncuK7npwG_EZuxj+eNg6x{2+lC25z^vwyD`elcg+A1`;M zrxvuH+v}nOT8B>~;RtvU!_RM*uqvuWsBxl_=3d^>v|39&xp@8h^{=t9uG3RY4vnJp z<0o6$br=wN;`4M#`S~2GH@ennt&~_(%fMp0TGc~}wajmD2*f&=faEFB0#{jFDMlAt zgsY+=2X9A=Q}wU*P4RRT=9@pZDg{*Ez%L@uK}{Eeu-HOvfyHDaxVGJaI~sYC(AN+_ zi*{Zrnq$`omKZp@9?MpPfc!Q=_~fn;Xe(R4B0QK=jVehi&Nq2HU#5#0QgtTW>;L+U zYSxDTeM~3cD~#KAD6Pk=}jGr(X8KZUb2j0!&uZro#6PKX@duG5EO55a zFCT5}^&3W@^!BPr?c;(Kg5hfNIHB+c&MS`O)DQa(iQ0+pk4DDaF2ckQPfnaR3aji7 z!jT&BlA7+v+spDVvB9Bcbbf3DI>)6#P<~Bv0Ao7{T@=1t;B~@G1rr6wq1jgA2DdH z5%jz!w#tgM4}e0_orlP;VlF-tlfnAmQ%OlW;Y8^MLtdg8bi7t`C1+~ ztQ43Q>EHXL`s%~%-Y}c|W2ywhP{Lu{dm0XgLPxsZb(ts7o5e@|_6f53f)|oI^Rf~V z8wHL_Z=(hpFl{z&O$yxkZo@Q*5(0x}4`>SAf|^}2Y3OgCvyq2*tZ_g_`<*)rEz;btfJnZQn8e*O(KUun?tH1hQ%Ma6af!W}J9 zw0Fj>cr?|lq;HKsq9mw+A(S7BbF>|xP(K0|GHlcddI#1gtj_P1M~96^7y;U#tta>u z#c_x+oH9g^93aKGn)Y$gV>_q-;VNnrkF^9O9rQgMDUkF!k(4ttqd+ecUVgHJA?h}( z*H{FsH3x?kCA-ZeE@bqeM~|WBuF$wV)5md+Ywkti1xpwFWHNpw7G#x;7nu|&`J71o zAyfIvpsaIR9fRM4gH|_MkNcTBcqBzkFCCBMJWODpStL#p2??Wr`AwN>q!>OW$Gqvy z#I!REc&oYUR}t4N%+0USfWQ@qGoQ8kj?m}H?bP4)^V!L%G{OeK$Yc>`Dl40#>E9)` zTU5yvW2*NB0?NntY<;?=TFI(_|C!^661{9@$!{S@Ww3<5sNN)xY9V39U`6pFGb~Td zxCL6mlT)Fx(H4g!C9Ec#Cwj%24x}2C9ltB3D(?m_4r}P=Qt?$+&lPwVNlENTo_BV> z09BSk4y}a9+df`rXCJh*lY%&SV&wRLRI7j(?b-R=G|Jq((nt`KRwN|DhCPRN1TTjw zh646@kCu_klf@!YJ60S#2>Q&a{cHQ>Ud;r~2#O0FW z`?<@AJwe#m5ebw!P-5UMw^`U`j}Y@pT7&`-i@9%}QyXu%ah zW^788z;npXZXq+xv3XhyJ+ILo)5-XNm{Uvf{qYI$vrjfmUm+et(Y3_{XyXZT>e9&5n4{dCVB+xM!PkR-25YHWU3jwvw$+;U{)D~0V#Cf9}vS?kz zy@E)z234Hr>wWN0-plsJO0xX4av8xsy?5jo21{sDhtMo1E|q zVoVXl4+`9N8J$APq?%K8&bH!)b`&a?~pt-G)Q>Fi-B*DGWsq@?u zZTzDn>&beD*V$to?J`drm73qm2_&UJ8#*c1H#R_Lt9vy)TUvm|5CpJH``1V6Ys_{I zfuKx+P{s1Mm#wSglve=(3%gv?7??z+`hXV;wsqqcOFaav()i z(aw(EZgZkH3IIoPB@Q0A%#=lg23Zb=<9i`=gD1yFrPgaI;7TunI0kAK`|#~kBO{EI z6y5R{?{pZoTb2V}eIO*}Y`81xlIjMB*oykt;q&{_)j_tKKObZ&(07HO zoLvlUdP3q^blzhR<=4GBBQ%l^Y(qM)$g1NZgPf6txq*Q?=_+~L+}wb>Ijw8GP2b$@ zqqzGCpi`@x@El8#U)cxjQ3OUeY$q#Y+;?XCGw!`yrKg;;jF3i@8|jWuU&{-Nc&Z?7 zTSlKm-E2$+j`vqKmqIxX!bMII^uG|_(yGko*bJsvS}RVFjK)Z*z_O3M;AX71<=a-D z7PqNYJ^hK^QEec4@{rA;tKiaDT%P2+9gEg`Q5iU6R3zU4g(o1}#D0HNAz1BxVtW-G zlg%aun7H3#V|zmp(=X36pM%ZgazEKlYFa%vEHp7RjPk`MEOp*61xyHxjx{u(t0^!i z`$Om3CI>5F;5JJg8Xo5GsQ;kbW@h@2_cXsNXyg()>vUm9bd2rUR2W5}nO1l2K zpK7IV|4DFmTH4)RG{O_5e7rsN@@3astTXIa*>8jp@$vEcBl$5PA4BfdgldfgUPg^R zT~5KuH?)mB0TJhn6j6?+>+dYgm`ppR$fA2%K#kHx;8V|U6x}7z7%;M&;#T0`Zp(G( zaIg=eXR$PrBy}1hkKgQyVMXoeABxQfPn9%a%U~%!(P{q8bzkSbD9i8@k3->2cYdJVEurjHA-aTW?x(2I{w|qzQ5s9eh1y@jRWbJ2P}tehPhN-;X6A4IV)xhYvU(+;Odc`u)td zmCSW+UwXV-LOws%{>WB-7JxOvH4to${m01=hbf1^OF&ul0CzW9h+g$HnYIWt#~9V zc%-O>!?x}Bqt;aD5cd2|NZSM`_vV=}^%-@pZVe=4EB3j?1lPBmcqH+eQ$c^7JaY1w zpOe$*r6_9mm|@@hsAuXHxlQZ$q7${4uwG9hU3hrXV~=q)S)wcusxqXCm3HV0_Q=L*;%G1idbPP^25XV4ZDkcfo&c&vPUhg_dgL$`PNG-Gr zR{t3NeL7H&H4Al@ygIoy21JD%582E_QTCUG+Jfaq=Pse%PKdf6%lpX^!z~JeGwrz& zNIc}z$k|lA^>xddtxDa^>GynjhnsV!Pe--({cZph7Pu26&vrhE)5K)V%vdWXw6<#x2yC0SDuvHeK&TVY`v0*}*z~8A z?#J~Vb3YmI@$omup(H0W?t~E3FAYlCx?1OQ&4i<~IlwuPDn1CJt?$qBSV0R8dR~5hdC!KlvD57t*S(QqiQdSQ z__31@;|=GpfgzM~btSaho{)n;=qoBJK1w~Q%vmXOFRq$}23$b_+;?h{7Fl0AZco2g zStAv-YfQLW?W=*G9o}`UIk}4|62PILBz%SsgqKmvRWknP;GR}$dzK~ePl<}A6@FIx z^aSmkhG-5Lc8LTjdIYTID1MsUrAg$Li^CtYI(EfKxcgkX*u4lH~ow&$KkF^ z8DSFjM@Ite@r*^xe#w9kx#}Q29f#j&6YA(>PqOIzd)DxEMK>pmc-7Ig%@>cE?;)z` ziicxZuMDe*9*fS0+aK@39LY^lSvxX*S?AzH>Owt-$6Yo;L7yu`jm4BY*fw==J-JIo zlUY<0UboX20{9gP`l#ugE25Y|vlG3{#zqiA+qdtKEtdWP1jY1wayjZQCX<%wwi&R?>*Zcq8FAn zNZGb;A~#X(fWe{h?TS((>&*j~?fL`{i9ykGLY>N12APL;P336-eSx@~G^+vrnDDz( zoD^N%b_aP%|L>KRB~D!~xE)Mfm%AnaZV{jXsc=vxFya`WfAdVv^@$BNaM&dKes@*} z(ODaOEU_V3mWDL0mZS+sQBJ|)?I#|6-5gv&>`jP1-z>4k{Kj^E??VFTPV) z6JS2`@&aWZBPMlV>64=-@i1SWmrQOT4ljktTu=Jv_vGI>5k_((@rf_s4+LWT3UF@B zJd4=5tlcD6+1O_N3i06xJ4ez|*c?*uFPvzmE%G{a$u%Y!ZD?gGL>RJu@Fc1}H1+5j z)5xWU>8#hii(40Xf2T<3#jgtjnH?#g%CKk3qk>wz{`z|YKGqzz^-hK1k1c5W4v*<(U;QRBX4u#7~m9KG!bs?E>K@ z5YOTI7VE(!z;ah)jass>hA_G)*KwgvXGWrZet}8qTtGf&D9wDVl9+QsYWhMzW{2?= z`&@EUy4opQjx$DHf5f@}lM0*o50DArq?FZ!)O&&zYsyix7$9B;R+rh?j-=A&um#c! z!h7+ZCLg!70~MQA5s+lb;uV_Cfa1c9i?bA)mSrrSgb(t)R64eEWhsC^X1>t%_@Fdm zx=WgHT9GA%MTQt$2joCRHhIg+#s;`^c7`3nCdQVQ;LuF3$o5m?&;THy{>U#c^HdFw zH>bMt)i}mI$8^OGen$gyczvK0M51FK>GtfAuyS{PV!nkpZVsDZUD3bI%*2u2ho2v|)NpIX8%YZ8ia-Ds?kOd_3Gn6n-UOztOlx> zn3VK2K}{D4#g7QRGESpKZ~Iv#k^BL(;(Z%-^}=X_xGVFhm@3wvuU0T#;l#RVw1}GX zqX2BDW+27^kcRQ+lE=!HR#pHglLJyspchv;$X)U#^xfy6D$b3KCBO0=Qv`R?3kzd} zUTapl;8!?T(1^T?pG}>WD_%C_;_zqF!f7$ zL6T#QJi9aU)7cG~psYm`pU&lvy{?gyhd44DB09nd-{#ngcxyff1Rc21D~XeX1PFUB zr1|@|gY!A-kS23dih};8%7x_n!e}gT$M3tJQ}W3VAs)W|?AcORhgR?IE;q>{35AXP zT=EwsHud6x0opV3LKARB54zQ4P16OCk^4Ka#j4XjGl`Ba2}k+}anMUk>x$47eHy~G zzmh7xbfDozY*9!rkVM_upQhi~L-xY+dE2gqHGF>U^{3AV%+gm!w8zNYc#UvCj0{3g zNBHIUODTxLo2eCq;+mxV@~L2u;zhHo7M_YyYCGAB1o1oK0>>nD6#jc8Ulqk2ItUXO z;-U4lYw7hTgfd&Fp~bZpZlqDXF1wi7;!P1-q97vr#4U2ZXe5}(%t*&^t;E96F$$bM zNpMsld_FqO&HqYxMq|lYSXtknr(B?r5U96wK=_=O>}G+&f!~eMvz=jKHgY)-h4_?o za zrM!Dg_U>SC!lP?LL$k*6=GD@sowf5_19IR##9)8C;WVJk9*3ldUEZWSKfNk6krvxK zHJYOVP2m@);V5!Ay5-;?4N%;CF}k|43wxg7Nghlz^?064x0RX5$z;D7Z|CI|X(fbw zNGOIaYJ=S5sEKcfTt2A>nM!tZ_DYVaP5ECez`=KnmoivY2AO!3JAs6x*F;Cdwmd1K zEtuEDR}03k+3OowLw^dge^tL#E9>1eU;LC^4tSG3i7$YsWo>c85rdhQ%jj1Hux~y# zZ$oIsBeo>v9ajQA2Y<<`6qjDlG4n`|qh{Ftkkr%C)UKe;kscjfoS(mhKsCzOh94FU z-Z7@iOFk9Y+p|-I3kDRpa98ZfudXE1%W9<>Ut+EmsqD6?7Z?OwUoe8VF9!q(z>

>$lBEaZH` zpg3pbAx)O*rT8yV$&COV|GS%WJnXs9YYux2)V$-Ag1@9p&}nyU+&VY?~1)Zrbr&J zmY33-#vjsV9!|oTD-LpHY}|+}sT};2qqbey=uy3v8gR;QM;p(efi?XK$xX%F>kzY} zlew`tMDyFs3i|sx-xE%!H!j6>*UuY%RL*pmY-&=(xHdf-uMG!N;R)-t?@(SSFIE=b zf9R5BbmkLFEA|=$Av41w&W>7yqXxvsx2qiR8z1~UOxtje%bM&KuDFPb9QDWB3i3_$5M~9lo#r9czcHybf2}d7y z!CE0`6l4)VPus*#Hdi($oKQn)C|B|-E<la@I2j@IKj^>;@^>s_c6MqUT7-E8~em!2Gdy z(3CcXkL2Z7+)ifNP%Cz5&aQCUTvhfvT_BxB!t5ZA(xV{CKRZ8vf7wA{Vg7Y71AE7; z?d<64RA^Mv&lD+!Z;lZ_#}Aw5uGM(ZB{7d}3GJN&I#Gp6e?`v)3+Qn%EZiw2B~+vC zB_RR9zJ|ns#nmNSD^WYXPoWImEOogEI~%O8aiz~z3F-*(bczmXSXoW(!D+5D$m6lJ7qRfx0SWrQ+JRHGUm0Yb$5S%iKIXtyEcL@gwyYn z%{D+C9tiry0+w%yqaelIc9IC?JXImbCAOFP?8{{HRpuf8fItDURW6awPQd3@4fjYn{e7|*7MVZg0`%#_gNC!ZECC7m>J`1F zewnd(StF2Q4^+JL%G!9;N5=ml%CGG^m$v8LJ(W9mkfpdjUMnjs3qm=XYG}>aJ=*1n-G-doDQ$--bZ>^J{PA0rwRewyl&SWR?fan)y^SdSC7AmZR366e9vo2e zCg4>}Jj`~q82A)DIjIHGTh+vaw{E@3BYph%@o!^ZOerttSjRm149(;sQ!88Bg*Y?< z);vHfdb$id^ zhD2;a8S$jS4*(nT(64EEU0qrrNSEH%_mMaJe9&P!F{H~yFQ}!%>pF=# z7iIOI6GJ26LsMA%*>qUKL?`A0H1d9FaZeyGR6Fi7Cq33v=kv!ETemN2c}Hj+FJ1OC z;U=3^{RtoF16g>Wo-MF}gctUu=*t|vkXyN9JUN^<#wj)OF8kNd`SL`#Tl!91?#tuk zQAuj(5#6vobJ`o^Inw@GG?=G_ZlL5lnC0+GID&qFM;{qXZVt9%g3AngviCi@Hsh>8 z6;6M;OQ><7O@V~^uD05^J4063-$RBdvM$aY$fKgr-&S@oGW)(clLq$A5u+3I&HTLI zY&acNQBatUE>1M{=H=@o^?7hQ%`Tc8zci>7!4uj_bNY~`by&PXOu=@|=OBm_wwHUzw5f39$J${9q$l25T@ zX=(Yxm>2Zo)!D77tgMV0M6i(u4`)nO(6M5TFjh`jlas^?r%ADsMfQ(I$>j2s&%!e1 zA{26F(b;+jza1R1buu*B6#~2sD1VNRKO^pvUvU~=NBIuJsrkC_fXaZ^kNzgg&Rkm` zRw;c}s_HQ~=>B1*e-yyjgkIh+QhFH6MjG6A`Do<#Z~5XcZ+3RX@A4hEl7qK)hXs9y6uSB_HbvPhMt}h>L=_m zhUW@XZl@X8%`Mb+n|r!sWG>g|l8g0gCKsA+J_zJ~j8F8ede2s8n>|r35IjF3KKeWX z?*?!$Dv}q~(?l`DgNvOaToMl#rCTYbbv=QF@Dn`VoX?JfG^~EojpQ)BVIK}W7=U*y z_umb^dPUd^X{_)TA@Y8H;4(+MF!O<@+Ml z{L0#IZ85BjLEgQGalBGTJ0^^~y3b0<(23Ewak}dNd`80l>YKIB*^0fqUs)2RKAkw>FhsPw}#_O{(lI4nK%8rBH7Mu;E1u1B;7uD;WDoJ!Xj{EM_ zL9^>5cVCT>6rNME48Qud$6FM2p!Q+sJ`PV92ad)Ti)IlTyz1#zY`{k@8dVazS0CZuzYOMW;Ex;8%|9%NwXvI;N zO8+AZKO({s{Q?80&2<*q>VIK=X0i9Xv)K%SBECY@B>aV5s^mI8)S`+W3sdp6E&zXU z3j~xuwF2-|#qt9k3m@R|M@5DsVap4dRA3RGZO}Cnq_rQ@zu#eRWs?T59jOcA1rqqZ zHPMern{DCmKE2z%zb5?T`x%}5g&`#GUjdaQzY-1!yc{auIp7X!!YSLyx?a`JGJ$K5 zJ+craTRMJM+~J&hUh)pxVN5S7^&+0*>pF(CQd7M71x7rZ+^-9P?%g~jVXar5&AqP> zTu#Qd4^{&@UPauYTkiwXE$*{S;YwMKM*Sn^`(Ls^+;iy##j}sSwpWqVPA%&}Dfs>B zo){<9WAxp4FMA|s<`E%)7Tk?0Y5G?pAsFlFZCG+;gF5t6UG8C{fCk@b(lq1Y_Kp8(?_|Fb%|#2KTdO#2$p z^*6&fF*jn`Ae~{ZgImp3B;bM=H6VziF)d};tw8kg^T}mX_0WOF^nD?7_|xir0&D2U ztVJ>%=qHW`%>2rogh&NhN@_kcM(V|$=(%K=&exgnf44M*{YuxkIfFc-!}o0Av~J&S zgKKI?2qr+jYK89Uj9v3Vw3_+ zZRMCt#=wi8W2(uxPI3lwK5jrzlm3z2NWxHAzGvVoMcnedZazKUO}m2eKV9+l8j^mm zblG<}u>0MCSO|vDiiOi|F`H8}twE_ZQmgkZn>(~|C~W*?Qa| zlvO{;tMG}+amLj1^#jfx%x4?)t-l|!tW9FebO;__0}9`Y^Je&Co<%3w3lu!QgX~2* zzqf^szlBaX_1ZNAf}B6^q0}O7$*m%89}dLILymtwEGhCwE+1Oo>>;UUIv8npbf8fPz8LhW>kzlN(VoS@0>KsA;Zw2TascMx0+Y5N=O$Eg#CeQ45FNM)!h<49a8{<9?HWA1nQ_Q=sbex zyA8wS8NYyFAONGw2oe=GMA)zOe}-QWyJQA1;EaPXx1u;wDED>h%8?*Es|l8~ul%p6 z7P^|XEw_{nM@ynR_hW@}+feQ`5o?3M(^FUbXivTqU6O#15aty3S3bW{q5ykuXh{+I zuJQRVcR<0%s^fBdzDJZ1$Dym~R*aa-D&}57T;Q*xECI1V?TV>ELdp>$*X{el=eV4b z@|2iYb;tqqAG|vKu?XnJ^TASFJxed20sHg=zdby)gMjnCx#o-UdfaP>hegR<3WuK# z8|0?<*j4urVh=Z0g+bJyB>F{NLMa z|1ZzrD{tVRC-UZ#f9*8T>>oGM|NqYb$^7^Ee>g7xUoBcQJ);p`XFO6ch90mKNF2x0|Q_4ogO9GOnW6{_Ppr|=8) zQuv?MRH&rFD6W}h20|=s7nkK-SWr#``7P-;r2dKllHtm?rK0jk$x2yN48Z2Rd*jBp z5Ti!!@vfavf*~wSfTYeVZnju0`TGqIeNs$4Rz>pL)4H7fO~_1%q@=m*#@En%O$OW> zJ`C|>*Up~&qiR>$_CbZnEybgeTNs_wYbi&3*``Df6B+LnNg~4ZE++a$Zo!WCSBfJy zWTfVt9S6zOF$P>=jDsic0|zHgBw5nZM5nN8c(|B<_h;!$3A{AkYV{z}IUFV+_QT0@ zW;2)rGe<JD;rc7HpEjjP8lShr91B6H5uH(F&1V`=4Q+$X)$wSfbYKYqJ%&$B246 z*=2Qc657noD|_G$mO(|rE9c86e*d|?`x0z8^{?4GcZWk_cVFa~Uh0l5MMsm=|8z5~IO`Mj z#h9rVn!p4^(c4yzuBFYcU=5q(!Czk3*!8n1H#yy zb2OTWSHyBW;Q(jFk~&+GfS^uV;c`@{{4D2DlN${a6_Muy+iS-{jERf!-=^Kby-|D* zF@1>EHj|0^C?vDWe;o$vV85JSufWSvIf$+OfOSf}_(crvo|-G$Vd+^F%bcGnwffjxvx$khO1J9(Pm@HTpa-@}yT+Vw=q>IMG(ob*PpjB~1NLL>6bc+#0{OBo=j+mIV#vb>MVt!9xn_#tU$gD9BLBDT6-GJ2ih zr@g`7(x%jI5MZRTir`9>!i^VBzo z99o{|CxfsbH9*|-`oD%tBAFC(*2@&zheCj4&p@9&__Y0$vT1Tk!HH%N7Hs7x5wifZ zvOyr_``?k=v6^}3OY(oM2)zXE4Lc8|x{ncHMYG8p{`ilvY&(I7wfvpLqO!SYIkQBNp-yX&x#M>(F z;y=A~o?^PptW0g!N-j{x&M*IK?|%dY`!o}Jhp1sEHWS5rl~7^%duK@CoMvZSzZ{sm z*5XXCs@Ffduc$pGO#87sF{lrPf79o$)(HyS^rmN`!1Nh0WqKp+*Y=Z;Vpi|L!NyF= z<`0C~BhM|_&fTeg84!w@xmh$4^%b0sdN%9`rq!w&&tX1$KFO$0)%;XQBf>ti=%fs z-wUXJqnNt^bnVwx6})H0b>?QXVCp#w;LrVBbU=h6`~uR}puoUwb1_0G?=y08EN!tb zAsk6a@<(7Jsegdr3`u{JvaR)iuzZDkvC}Cx5jMfMqm1MVMs#6b!p>v<{XrlEFhh^a zVV#Oc%fyhat)&R6B&4gtqfnA3bM^!3kceU(V6-JUJ1Ic|{1gQ_e^|Fu>kIlh5Hz|6 zmhL$;qAwV6cUW=ix749)u(O+?JoWCYL;%f)dt*;(ZXl`ZAObxGd&L>I2+A-2dVC%@ zmV~L&vam4$2 zon%}61?t3WrzI*&U4V^sXmqsacxwvOw03F9fkL2@*@mQdEPUwse|O`yKac_*1WL?v zuHbr#(|8sYmOAl*P=-$4u61Q9tDx=5?Lr%;*d}$k#d!4OSpN5t9Lhl5SK#1uI> zuX6duw_Lzb80g)1p}YwXNum)yRb!;F3FjPZKzjy2XA))Bc&__v4ex`^gwaw9FFD)r)E*}&htT}j-HEhw0huCrvb)AM%pLcbwZmo41R+QD&{y`#x z4t$zgdV1*CyEN0Sg;g}h9@e2ORY@J$_rvKWrF@5L<{kd5F!(czX2z+P`R3JSd>#$6d@f~)n<9B1=TaQFDmU8o4qe|5)%rsy%Tfp;G7~)jUpW3 zFLyGUnh2G^tc6nW0glSBRC68U1zuZv_m(NZSa`v^hQ4&YeXDyvu6G__1HfvYzz*q> zL1*5S_;%BZQnNu$iHq(ugTZZGu%;l|P9Eat`NjRJ-R=hbl$^^GZNjhcrLHby%C>T+-O){KuZS(deM#iF&fSPn}&KraOagDOlPkdkB z^RBD4gI`=|EQxaD{>1`-dVQfhRjRn&4xsJLZNz&a<@fZoJb)SM>gpQv-sOA^VImIuIW^orD_&Q#{PQ}fA~j1$O6%grvlgHZ zAfN+8VFbgV8ftTz1~8U`G}SNon4Fy=Awhtz^%fQA-7!%kJn&lH9{p0X=X9J+(rsDI zr-i8hQUB&dId$%E_rd~Gxs#LX5xeM%7nJl>lMjYn!wkP|2h@t;kl>+E_VTmqx1n*nVf8=hn+r56-LN6a4Ffv&Sc zli!K74J~%P)zZoV!rHB%xHkc68V3dlOid9&0NBy3ni#pI zeV3m8OGbvbyg)Asb>o`r%zM!YamV<}O9@WBUK8S9c1qy|0x!9V81o#RkxMcnvkU z1Nud_V4vJACPi8f1SA2?|E%Tfc(M`ub|er#7|&cmS+-ta0yA z^Hno*$%`*sj{0aJSGY4P6@k+>>gFYi>oRIb{G6u4FcO=-It_wC z4vw<3`Tb+%pL!_0B61_qhI7`d(|*;kA_>5E+G@@(+85krX+${gozD{yGLs}#?jPgF z%At(xBb#h2R}{58m{rS7?x^LNc*kic_*LIIb3Y$%uwn%nd<}@`Q-1P$pdYEApduS- zPD4W&AkPF)JY!QAf{>BcQJc2v8BQSH`xkLACHUyZ%W%iu42iI>pQ2lk9c-!VC4G_lM)Jp=m`|*2gbq>&+dwyOD>+F1O zXQN}@UcY?OUWkSoa<9G>i0eL5%-?`0tmBrSG;@@Us#?d!kzv&Y=vkp}ZvF|tOvjp# zk7BJh&iyphPkSUU_y7~{7nM9BTt6Tu#yhh!S07CgmgA=BT(r2JuESYgQvG9q_TKjj zEXviLF2f;zX>&@J<_d{8!on03)`!u>IGLs zpHjrqCOx2t`k^*Iw4osBTubW|wNGrbyx)nh8=#mIHJ#SKkKK3;{!S>5N`G~w@f#t> zeInAawuzrlU=S|tN<94vtqHKw_ybrV@2;DY0>-GSW->NF3u?4OCu-h*Bj+f3K>-Z1 zF?)w4vkF`d7lNWNt7cp{+S;T;`v!)FXB3)u%-#!wvyvw0 z88NUgqw|b(5-1{Vtg}5gt&$0A(1Tb`?zWaqPo-8J)_SoryE0omBSZY7ZjdLFtqC2m zY_lxYuXyVqlEN>N0;>LfdZqT?JK-p0t1u?WI&1@4WA|lT3=B`eXQryQe9sl${o~kX z$uSPD4TFI;00G&{CLR)m!I@xc4@hwVVe3B9(EPZ`b z+A?T*wFGDj1qv^RmR!DUh}6067;lU+f*w((p;yhuV!j$_Lcza0eQ%@<0?a#RkW+1uDR9qix2+F1uJS_D@K#9XB2IuD-nvc z;9aVzb=bOITdC}`nzlv{8ke;jI`D32rQRE&yvD~@4pxMUn%b)Cd52-Cb+yD}wKmI0 zn8d$s8XyC2?Dh=QQKmKb%Cx3oF{Gq&z`tbs*;%Enb=sEw-2b*|%utxU9cOR3pBQXq zZ*Q!KrKi>qi{}UT9S2XBtw|{ujDEs89Ep7IlR*^YyrDN~Bk#FyLa39;vdM zFb%Omn<6SJ)q$dE>gwL?^QHww!@zmS8eThdxduo|Uxw4%OBvu667n*L_k9`MK@6%S z*@rX%wa@C>_DbnXx=z#beLziZMh9Dv0cS_a+d^>rDD#}E#Gmry$RAH2|_v5Q+!P{1!lb9nfUPoOdaRNhYn$$)C;45dI_QCDtH3;!z<0KB?uN@Sqsl^_}a zwYs{-Ex%UaKmc1iZY^-*x@1ZU?Z>AE;MIjTg`nMn?c}|`uI-L1F(wqprig%_)UU#T z$%;&+wrIcBbeRMLgee|&78iXir9R7f)FA#^7jb(?4ay(AQsr^|we~m43f!+1_EB2g zZ0!}AR>-Z5Edv7s?A!nNc;V@JMYYXmc2#t2Au>5N z&coX(PG1uu$5#&M$HCbHfUWm5i&T)Y-NrTC&XL*KCY3f*vT{zhvmJxLtbuU^JpQGc z4~1w5HeIOwo_cpXA>tvL&4#5vhbCHfcZtG^I{TBLa^&O`!misi*vAnEt6vDqY4AX& z9$np(E6*8vS)OKKXz0UrQH34=5NFVQm$VA*LVdl7UQIbZ4bsg0Zqo(3ibmv>nHe?- zN%R$UN7gS30Ij(K$~5W`z&52)-PSFF{g{ltxC^`KqgQ6`{5`}aT$crP_A*KuMTq(g znDo6$)gM)p_gSD!LIPN46i^1{3DOB+G0I~`ilxm}aTKR2A#vz}326epKpl6_x1vfq zx7E}DDJvks_%%7%lPy;cz^lr#*)hZqYoVL6BSn2#q`3hV~xiOF4pjY zS#kH%D?bF7T3;Pbfc^FYpWMja-s^H!Z($EJ z=vma$46o}~{5(L+OJE+!a8wusVCU$Y4J-6r$M?R+`@Z;BgP(fXn}=<$a9KAhdz{8+ zBndaS=~NYyV^NtB#VM&Z&hM3NmXu2-bvXF83X=&b{W#bIiL^T3_aS7YPIvh+^mQ57 z+DHD}ZH|Ztr%#lrsA#Uvf@06bq|btc^~$6V6FW~&CC)y$gH8q>Cv}6wVIAGZykGO5 zS}{Cv*XGF2-<#P)%b>v&|!G|g?_LQm51`(?ar%~O7= zw&7n-wcR0zJkl{x)}l)O`DPxxG93;lqc#yk%i~r943E%m!ZDZ=MF7ZAWZT zFaK=8FeksQD2C*h>+J=7{lF6S_DUtcW`(9j0HSA|urQ#imwWV0J&TGG9l$ZpR!Pv| z90b1Hh$UHZmyv&FgLpL+bwXledlfy*hc)ezAae32p!Ryf65U~1{%dyVwN0b|E;&NQ7ZzXqC~ng096 z6%QGIj5;2am1ZIGnMd1!-N)kEq*KF?h(N<4TAYo1vTR*V9lsGv6XSD%&aRXB5>X-0 z(gp6mjqE3s9##cSZRi^i_ujqx&Ic@%o#Z9+vaDa_6EEQZfTEf9WlQFif!(vnFQBq; zWXiYc;*Y{E_8lJqgyTO>R!4eU22A^+7*cAF3vQ~ZJy+{v_?ekkP3nghrIZyZu8*()I@mprspS>;d(=l#C;LD=lD}4*@nf~fts5QAb%tBblf{WSnU?J2 zYHfx?)fJx*AuadMf;)N@8?US6cc!^{q8bW<9M$3sK&y+tbJt*$O0PB;#rDb9O5*&+ z_B9x&Q%B~!sv7h$`Fxx@2wu$DZ&zTkrXAd@PJi3yGC%pz01v~G%=iDkf?gen54CL@ z_Z^cN?#Rg}cR&=Q(lJO9my<8C*A{x_{D1=&UDMGE;jd8oR&fhL$HKJL`rpq_ccU1< zMX+!E37;EZ+Y>T1U3whLasC*^9AcEI(8mI;nfjm&UX$`YVHkC>mi4N?DmL!l!2?h% z+bqwK`n=X@+}E2{Iuli zyNgAXESYRyEA*8{R39e#=U9q;>fPOW+WS4W_iD$~ACgP#;O{>3jn21?-@q<&@CwBA z`ETge6IWaISflc`otCIl`Ok07O>cGQbB*qBb_ED_@`Z7N-)wN85RQ%ilNClSH?TJgdq7GB)X#Eu!?_ zmI;c2{dQmISqF=CU13;B4Jc|`Mn0<7?K9-0Sxg(iPki)Df&?oHuO{nl=%qkMK;*vP{CV3L@zmGm<_ z>8?I>-zSyUC;zSc^uw#y)NoAtjp38me>=K{RZV?o{(edJX2l_Paf$6nyyzS z`qLyn@INbIs{%yj1pm46y056}2p%Tc^E^Tl(1JyvZSF+*d6=Un6oX@n;QR#; zXFET>1J2EC73HThCthvy=?x9E#bYl8lAezp^%MS8);)r5lPJh%u>V{m7=mBOai~lw zt7B(AE4$?lb;$MiZ*nf(Qf0SNY_RoQ=9P?otz2QA{9W`X*-btI{s%ps>(BQt?N8@l zPShB&#>ggQXJ_M|ynRG2A|i?mgP%$Q=l(tofih>DpxBH011)XsnuCG5iBcyD#Grx- zXB=Fep@0oHEG+D6zLwo`)7`g)>ed3j3tT@tJ3C#CAvP|e z>IG!am6-!6u4Mj{s0R#QRS?eBelB%!Tj`PgFuv2Lmuh2qs`;wyWU|@3U8=VwM@5@q z);sCxv(>{jEkBVntL$)sN2SFoEtz@d`KGT0)%(UGxs?K|SW>z{kfHbR@Hwtu>lA@7 za3>^@ZzTHx6T~jkBWb76!g{7QY|5^Q1oVkIla_!V(+mA*^fclZtg>#D`|a^_AkN$S z5o)37)TGjO1|T|}4razo(5Kh88_((d11fDB<^E`l$19zSBtN2^|HIUO2U7jNZ{T>P zD6hifN{latQIv^u6{hK|f7pHy%te0h~&5(8Np9``CYTi;- zlvj56dgqPP*Sj{N{Bef%_I?EIk+qu^uPe1?jY~AtbqkOQ2n4Ki!=?0&_d081pT>FL zW0IMZ6PI?9APe{h5?tP-goV-gYHMNM?Ng^wA*V`c#_tvTm%O}EVeP{FY2&u_l^Ys; zahAK*$?(i?Rg5d2xh!pJKN0u{`QM~0(_*jQ=f7A(sS?}6aeLR>h$IfR%!&=Taq9*# zJDQNNv4--=Ng;(db@Y-;vmh_WcWt#>-p}qWr%MG+?^o>ciK7i6a1jp_tS2hS&a$Ly z%AgsBEyQ(o{2Cg(bfH4@F-Gq0iDqmnIW5C`=lEB8fxf@V0 zyYlH&BRv3`0mp;hGy!oVrx?jiawWom)KndJcXu=Mm(MGpi)3Yu3l__SS{(rXSu;IX z*Z9Lj=M7wpRv};Tn1zMN9VTV#hgB(4Q~Vmd)4ixk?>N_Kq%21YzP;wg9KLwB4CzPlCqyI%%?u_s-st zWzqWAoSY!|Kw8$sG4=tAi%;QWhO}morPhxomCGOyk`4~6z^JL_lU21@l+PWwuYwiE z@vdRgws)VS%h8O5W0d66XM}sIHL{TPz{2(GCyAVAL^c~c-;(;1QkYP4+B~}0W%%CV z8FX~Na4eQ$dr{{B7Cw=mK2_CJTrFk+0Llg*gB zX~FFr)(hN@%D>K?%tCCSqV;Q+Rg>?>c__?b$xeOuT(3l<;Mmg}_aV24heyz;U(V|i zIqJJ+iyi%_JB&<#CSLb>A4K6EuShHViD|(c=f|v>Enw-7;B5gq1orR)BP&hT73t=r zIkIU6PR3aj6X6kCfd7*PHD7<7tCgLV6;Ni{$1ETa3AJ;3M9RigEm;u?E7VV?;LpH- zc)5nLvopBj@3?zyO#6I-egJMV9cHW0b)T;>hT^)kB-npORsgMeceV2{MC@7s_-rtc zW+^tTK$g4cUUE#2x|x-qpHeL z*e2F1ll(NP2UwrV`3NMC4JRjD=lqn1Pk9{5%Hr^x!v|JjXB;JeS`o!fTx{%Ok0Xj| z4|kx?v{9>DTaDHg4r@wM=zmLAV$lAtq;v3>@>3QsYnA*(R_{ zV6?=L_CzQ(;KYqS1{3zyrcUvL@l5gfCg2g7beNq+pBIfCQaWKrxRNr=XU#cR$-jz` z;uhwm0J;2EI!vOl7?=gXS^sTZ_JHc1gYGatUN@$wz>q}@?1Rj*KX9T~R@QeNv6@V- zww*=HMowCrI&RZN4c#Y-BYKH_k$Bj;Xg@GC)Ovo-8z4lXjRJ`7=8Xbiul}qOTDuUy zA(x^FZ=Z*|_EnA!kcQxP!}o3%uDlc)yc7T=2I_wbZimgk@N5}Wo(ua61G@nqv~l#k zpAbt7HBq<%1ChM)edMH|xHtxT5+vpCO7t*~rD7>qok7RO#s&+B%*<>v=rC8M5?vW& z*po&bm8M3>Qkbk=29hX<R<|>gk~Cr69$U56_fR3m zG(%(K0IQ{6M@Hou=H}*&%UH$C0^)T)eQd-A*mx=Mbc*ouh9q;fnl{;e=!(UZ?|bqK zz&2{N0(Quz{bnDO=%22C|F7Vi_y#oxB_|mg$2GKCjlA9g97pY^`G|9suPHWc;yM3QC%C# zw3Cg#{>h=9Fs8Z&)w(@AGejG$_uqDs2cv=zQk{%%1vNKLx=agOT0URyOPe2DRiq1T zIzIM>6c(Iq4lp@jHj%uiBjTLGV%-ylPB4!Srw-CGKu^2py}kVJjM8X&gfqq>!LYqMlumlUmW!;z zgw=C7AqQMW2*Xg$J(J$;Dez_;HdgLMQ1Xa5yk*4`I48Nd&{R`Xdz3cKd2GyA(bY3m zn+X<8GtL|@oo0EbFSb}27#Zh|Fe;BSk4hlMK&|n^#gUnft=rx@HzryK1F$}Bj0l3m&#r57rg-Ge99Ewp3A(hj^v1)<_LUWW zQZj84_ZYAsv4dxp%>>w~;~p%!U{F+41WFQq4uN1{WoAJc>tlHMynWRhnrOl>QCR+4Jj}9b zaQP1nYB8L+ap_#8g_d0casluB!-OZ75qGW{f(fgud-+B+4_C>Nnb4s+J3FCq28*31 z()z)IuIQ6<1Ec$!=w7+zg(@d_&-MBHKP|bO7ibN#IZj%Qe_m@i>TPHs0wfz)VK2`C zK8TuuU5kimNVN|pk&#ctb(SIBeh?DGMpMY825bYIUGJ@}8r$zN=&AIABi`qI;@;>U zqu+VlfJsqBDK9N81-Bc(3O=@toWX^H@Wmj5s*AiG3V&me%&r&kg?cAW1rJ%)s zscEX1OAWT(#~0pX<74XD+JY!2_-O4B6tm|i4hQVU?@y}Sp!iB?ld{xi@PL_v54{93P;tBmpITu#-8i)IpcuL#ecEd$MTY^5jIA? zeH(UuG3}F3;x+&G?*R+ntJcnF+V3iP3l`&i4ohrMaq)SG14%ZQMXal*um3Mp@;k)A zY$lzBx4Ng#^NGTPD7`;!j=Ox4%u>5k#LUhv1FwBGClyRNFd?wPGX-ANq#xEdl&4PW z=j0&cfUO!F49G+Gg)jLKHnepu-VP92z*1EaVSn`sT+?sAefw4_;Fs12Xl!>>wyKz-)PPkI!-*D@a&-L+hK zFgy-)F>!k&#nb4X8C$lyS~@1)))BUxAGHg!NK0Xx~ z7#wW5y5l8YYaGurpksmQMs!oULuJHqsduIiH-O z>H`tE6VBrg!CT|GgM-62)>TVfwCNSks@Qq^7t396<=s8b;uEVoEQ>C27*(G{^6%L> zZ%y?4`h^MLd#%S&iN}%7($X@hCF(*Eh>eLVvbZj%R=k%r{7~r_f^=g~_VVw2zs8yS z%gcBUJ2NjJck8&$y1^=y*H8{e@*O_;+OV*2(;4ZH+^SAmS|ZZ%J~4*Sa_{z!Jw<^N z*78u)U%Yp@|8-|~DYc-t#`_WO`!zzJ?khcsGMXr=-znxx;T|QQcip1(T%>>3MwM^a z+VtnX-N8BX%hCDy`pTqdgBoPB_T?E$70lz}JT2E>}qe<>aVMo7R_!pa&wZ zZ1ncA7aMzZ<@#16Jo!|d7hY&+n(-+~jhoH{A^G;FeRK+mjca0Rdgta1!0Dmx z?`;zs8ykoEy}PG3!<_V?wlGf14qh+L^m2>e(i=i4m8$Vh1$~3j0S3Jr-k3 z%2Fth>sW++9p4mkar&5IB%#bg3}IGT#VXOewHjViQB|pQG*47w2|>_z_xAqo@0S1z zz;wM&9c%Q!WPUmO^+B~M|3fo5*B&>FxmvV(;#n@YMa%LDW+|McuTzd$u^)zqvkGvu z&&|y#3-CZq2SKtYgrGg7b?%^j#r;6~=xNj&7A~$%G(6r8I3=T2=oRClG|{=`&y!G4 zhZw9i-HMHc!O%Sss(XnO(mz}^Iu;#7GUZ|OV&=}9 zc;UNKM@xX=9x;tB_)L-k2OS_VEk@~_J9Z9UJg0dI!Vxwzid)rI0U z0+4)Vb(MxR{3REc1bqz1Z|>p-^fx(C9Kvsxr~|3TnZSc7v9AJJ46*;NSv5u*vSA&H4TfwV(A0 zXpIWTsaBLPr2Ub3;O{~hVBp&uA;YV~q>~m0o(tL8*}#mPlNF*>R96eJnc!-cj7mad zz(9nhl60TBh$pE>Ou0y*K*!7V69NI1`mgfh0}DujQNeCnPLq#F!}^D(1VMBFDK263 z!97vz)cG20^N#8?vVBz@Y%X72jZBE=>;jj*i^LEy4s>vv ziGlnwFf`g)wZ9C@%fA$sOnPtDRPd00kraiCsrRYJB&2noliZoG)k^sY;|4Z1Hgx!q zy+`udwHP_TY7aUytEnIVL8_H^006fpwbUJ48}g;oTUk+VC8xicBHO=%}5`96kk=BP0w!~`p+NYV5xEKo1g&`O}Dax&uAf87te z1#X>CK_8$h6GfWHKmVSZ>fQOxoT5DmZgQ|}Xwm)wL?_U=ePX)G5;T^U_x#)#l!wSu z?JfvaRGO%x?<6KBu5PSlfRO6yx&EG^j*)~H+V-pY0D@S|*mRVB{C&I746EBgY|?oJ z58V$w*=+6(SsVoE#8uZlTVS&gu#)RugmA5T)o8#PQWA3VjJ&ew-d-6vQ>?74&Ir8Cvfgs9wDp9F za*kRJ?@G&gdLS$d1-Q*dmlDcB5Yj*!s`qRA z)Syn6S>OpQT@D!gM~~S9k`aVSYo?zNwDY9lb+cb7{zLtD8=nGEv^rRCX5gLh3P$ru z5We#4K_Lug^!0y6oBewp@Kb8h>-2jKDBvuF{+W}};{L`52|z({Ovk1QF>r?#|Q0gM`w ze#c_zLHccY9Pq>ONlC^gOZWhQK>2ZucHQ&eYp=8megW7K*_AMxJ!zejQxP=s%G-?t z+dn3TIptx>#zc7%z)~{g0y;Ki`D-A@e5Co)D!tJh{i7v;mge{vKsuiS83bxHwl&NW zuR?mOLX<6M%ibP70+E3rE%3djJ;`T7a#JS^;7Nt?C5>Q1lJZ%hKsRj_#C^a@Lo+hy z=n)n=X_k)_{mXo_vuO;<>B~U`Pe{nJ$`+b2227CnY zw-_8Zy5H?|1E=|`61`zQRtG?*>j$NV?J_zZ2Qhhtl;08b+S-%H7uO@m-NN^>eea>F znSfna%#pQ)t&UKCs_SSNxu4DjI#Ew|KXjRrDA!nA+^%o=` zdESv5iWN16rEgmbC2t<5wHuV^Rq(udN>H=+tBaiLl$1xzd2gpVl0|?6&n-hD@}7m{JE z3P|1dP3L>zV&=Q9piKwG_x^r^NwXR;Cvm7~s>h-FpH*tWHVizi1h5>+7+x^hj8G~o z+i^k&%sSm=#`YJQ$~X8ix-qh8Qe1?fm&qCMe1ZKdhGo?;G)~9e7b1=V9igDS1wm7u z%`>C_Nm41vQB#UfS};1s;vNs*XdH_>MHDLLsytIg5WY38+qB*L9V_^+kbQDj%sfx& zSiv>nlIYF=ju|2p@%?+~6=NGph-!5XzoE!(+Vw`7}rV8;OM4m>&=xowP_nQJCG_!ppX!?Pd7?tsankD=P~t*+ui*Q%uv}UZJzD z@YuK3QsyM2Aqp#ncBQ)79dsI3?aF)m+?EhS@siOEh^@;FjsC}$mY5*0Jg0*8z=!pw9T9n(PQe0U1y{{crAF4Cw348HVzDOkkfpxyB zN8z%4)$N<-W<=pw#Ee?^CLn|=<=uxPXIL>_G72Ck$Oz8^$F|EBCy@KvpBy zi{zihadEgsG`$> z)EPYaf46ZYX&h(H;A<9^gl}u`ev)wTVC?eQIX$`5lK$dUR@*D5G(60rHBPy^C7Gpg zg_4P>KAD`H#KyC^bxX4K3Q9|^8u4K%DGcA17DlU>`v7CGh|ziqQC85uSpt$j8XDSHIxy(zP37+y z40xuHJDBtn-G7vV95*Oei9Wxu@UCo&S`vTWI(J^w?LL7chVh?~wlg!2t*Z{4KO$u6 zKEd>vUv4he)p>?>w&`*+ExU%WVm8HN8vqD|0f`*l0+++-;C(cSDFkR_y0gG*(PsYY zwvLsDff7Eis74F#L0JL=Yn;hQxd&4ao`6)H+#?cf`@bEQ2YnGz++pLBEqyTbVoU)w`na@I2pmkk_5URb z_;>fo_yec%dm7aT2ms7`&@b$9!Oa}ixId97!rQyEqXNwza1{Fv4pP$EKx)l8bKJuX z;&fdh+NzwF!R|&>kB&Y7s0$J*{5BzZW#`R_R@uw$9GHqRxSE{7-rp}fK=m^a@lr4~ zH*0b^tx@M1*$cnjF0X{RZL-{zJ3u?CL!ocxdbKf5N%~1#kL~H-TzAWDc#;2c9EZEP zvKI_rKRsV?J-`t7uIvB$!nM1*8&DV9qe;ry;c@Hbj`gB@A^91IB^GpHVa+?Y{BQa< z;%qJeL1zq+k(}2txZexbeuRQ^)7Wxi0DLe&KW`w9KH6Ws=h{tY!bbpX$>fCSX3;DE zj}_Z7|35Wda8m!`>tbi&O^(3y%yslG6)auzT?KjNwmq&wrhir4CL|NlUG^@I`|boq z$7f$Jw`dsSe->J$6770M*sXu9ab_=ONGa4WoeT~vql|Ran|ObAkd$|d{LxZnj($uU za>YKc4&~BcDMVieNf?!y#}W~TwD*J* zf>V_zqc~0Ut7tLlDlj|HUjl37AjQIFF4qM?9qpTFrZNJHDp!ovfbE(B3M zon@Uy89!^;`pv$y2DtSmbM@@)DZIEXM;G_D#Xx?Ec&TWNQ48v8ReGRzdZlIHvms~g z{>K!tM*}zvA}}@eJFKsqd~n%0D9h9}922(_s=Sk<5p1&dPnVur_mph zKrV@&3b}H0gdN{{>Z1XSEvqb+6UeqiRc6qAXnvkArb1Up_HSnYq=aWfD>;!09~Lg$ z9T^&u=1((qb`CURDLL8Vn2ZC#WvfA>LCIHhQXc0GsN(Ic?ftCSk=Adoh&DMok#yTC zs^0UnJ5k{NwO9&h3)J_WMt*PDnt-In+TVwk4*sNK+Kv{?DHxcTqWhNBw6zyEMp?@x zT9(EVsIH^@>n<_{5CQAW)w}y4WF)^z5o4U5TK3Am_1Cc1I$4isv zXRA=u$w`$v*=`~Sw=RCj&1#+6z6JxhmZD+)!b2-BPXt}=W`Db447~tq3;P1@q0t9AmH+4%yhh| z35Ixc^TGSO9Cui4S+Cs^^(}vu%BCzj0K%q#^ecJKi!z^qxQ2CQ zdBT5))~+;;@=qMEIsW1_iwyfU_9)W{1s}CBUH&S<4;OJgUCnuuRcO=G!7+DqW^T)U zC#dO5mq~Dyx~dBY5antNr?GjH*Q}g*bc*5%3mKX9fEbpN)m<1;)y=KInZAMs&xdU; zaU*@sG_UA_IvqeskZxN4Cpu&*KwrLZjzdJr9avJQP15kXh_t*jW65XvRk*Cv(QfoA zb^U$Z**Za8^cR7RMXi~F#f9LG^V~T3Y=Tir#LD@wATIQcx(5+amW7tecivvI z`=1DCuJ#9Mvg#FO;!f85`qnKurCZ9Npn@TS40F#PpXTxWx*WeSF)evN5qX8B`xoQb zUHD1NSfX*D{$L)O;0?k5zXnT-^3II_wdK&)a`GUaQ-0a}IxK+ZmN#qlubj+#gHC<5 z_fl=F7F@ipFWv94l4t*@@yPWAKj!uSt0S`sy6G#V6_7!9(D)GH?)GPSjQO7Q0LhE{ zC(&{{m!{h?{_`CJXT3hGWm{)$g2~jccdp$@?WsdT3N)n-H(>}DW8M3Rvg9F0>c7VSLLvS72gpgFeor_+do8MP%FtCz3U=N__0ciy*zBW@t%z9Z=) zy`loB-Y*SJZiKn>-+TC4=_w1q!3KjxY0H<)3LZZc@8=ShzVoxAJ~~fNsaW!zi}(em^dL<=o*;SO_j7PYOwP zNY%S|kng$7A6zN7Ov+9gLJ$;@7y#;)Yh1iRT~}1TpED5BwV18&%;#IX_kU3&W#hHyd!}wDF@2@L ziv#xCA@uDH^)HwLJqbxW1^{AU(Bf6MI62j)mDsrb7?;Il>>(rN%G9v}1h{|)2? z3#`&-HBEaBb|v50RVzWG;;}80!Wv+Ei9^uL{2K>N8wK<|Vh^|d@S*25 zQX(HazIIB+-d%-E5I%lKgl0_Ss!dpF5;=>0?OSeMwBPbv(*}wjgc8yN&in@*871yY7_J z>pOy8V_R`0PsC69DbH@eDxAo_7rl$l`+o=ephc75=H_9;ctZ7Gb z$$ZrJtA6}SwQnIATO#*mC)vzCn#XbN8^?AE{`gdrXkA^Mh09*!6}g6V_?OjBZ+>~b z6HSXB0t@bB#l^+X&|C{t0Gx;zn708T9kVn+&+MZpDHd+`+c{lNecFTc)QMWdaTv8c zgAz1ZSE}nAqJx%>&K^wE2FWoyPJe9y#!iaHZML=VlT@}dKhDVY{f35XP+i}!t}tC5 zpu`fDhmHz_GVcqwwvZ}cEfU3;3FnSW2tG9FGptXJ-yUzCV#1rxth`D%7Z+%*yj$X@ zQyICWFr5k`(lt8Uy*dBu1!zYypX=h!y{s7JN6;Ofdd3?2A@m*)g_;{6=pRVW7iDvw z)Y^WybaIPI6(3-zb!kNCCfh9Fg}c~G>PGjd0KXzA2^#+EZ!B(ufP z4&HaQ{-@4wc2%30wFLkG!q9~gRmk{!BimJ_aH5qO9)9Cmx?H>*T`;H|M+Za1GU*UP zFf9f}N>{=4-va}0Wo?*tUCEV|IXzuJuC6|Vw2a7@vE_z`nbs$6W5ZNiTMJ#A7#@WI zNEFJ;Uo{w@3Ms57t3|UEtT8xYkap7JP>wzpYFnkem>%79X=UXJYdmf36wo<=f<-0o zvt`QsQXPD_S=$e;yb)cSZEV=^TP!W}pxcb!GWC zS=?%B@usj?saTg1ehcWpEXwIu9YON}Q!F6Q_ba%THEISLi_T>SHc}idM&hV9ggyrcdU_NtTvK zlUiiPAoiuS$U-M0kp4Bzq!=v z*61+t@$tEO>8u@aADm`-OuK9Gt$4eUP!3%f=wJ5b69pUDsluonlVbrtL_qg3Q6`!TYD^>^w`RgNXnBI_S) z>uD&zENNgX(RlpzgRcu5fQS^%Mwq$@Zk-!MC{MZ0znUu%$(tR|ro-HI_3Q5!=Cxas z0KO+&%)e?>ol%Rk?__`3j6DfdVL{D?L3aX#@(T*>Y#j;XxZ{x_s8(+Wy^B+ z7ouhD);eiJ+UH2JJJXxRj|+T`lB8s1?O^XF*lefGY@h$Rl;Xsn&CN+&>ZDC;o8R3T zD!RbtD3oR4|3{O!G?S-$HgMhrn=TVlt0l5DKnDUtZ@QPKX|u4NA(@}Ax9J?|{}B1d z?31d_3B%+h@;5oIN|`#NZe0tW&#@O2z6b<ny|mjTt-lz*yrZnV3g;$(SjT9)<2HX$qdN(35H84hU4uhHEEgOs)rOl>!p1in zXMY1zq1j|ij2nceZS%+KRs-gtM^@LOi1I7A9^qoO+MQJ=NKW!)zwfpGj~1Z!@JuyR zK4;X*Adv<)hae3lo+&Rrz@{YK%+fRLO}cr+CvN$^JLSmKBdOqVF<*ZBP~nm#8!1~- z&k=9sviDJ!ur_hUS=~_=O~p9K|3s9BhW8Jh#wUt0=m5e>mLX2eHcU@U zHA0H65gQWVXG|I&8)}glpV$^?vWsVMr|tpv{`2Q=KTc)gFJHJL6lRe_x6cuJ#@1xdwA-xomeHE%(;<6s&6Ayy4x} z7O~gO+IO7@)MgkPvC|?{y#N5$pXOcSHNO6olja>b-yT_3TGQQ=ggUvHzGSbOAjQD_ z__@=>b-f1#y+-Ba*5S+RL`%yjhZXg$V{4>E-dp?U^OyUS&~D|bXcR%>WoV}#HGQ&q z*$o&xu!wS;A2Pl>Iy&NqbbszzwB>xb@$f;qPEoW>kz5`M?#V(<{pl;~$+}jK`V$W; zLiVeW%bMnPM_Q4~!6aES%Wui{H;SWSq2-m%StDM2tyfZ0Tbppf^_BgT<6p8qF>tvk z|24X(YpFd-Set3DKYnU|@(M9zk@shB5`z5l!R|@lB^_`#Y)Lr4RClcx)r&!y;Q040 z_>)k@)#(Q}l2EHVI&>jJC=W}9uiMf8lE8w|#mP|oO zdl!2r?%$ujmwa9XIRhXKVESr%uy!9bOVaE~jkC6Y`uiIrFGh&rmcambmD1eOAddHr zKc$?xvN@=dneQ&J!j@`a{maVATnhdwD&K-*vXUzwvcJ<@+jSd0JKWAp`UCB!Rxo>2@;>*JYAj z{dx--r3Mxzs>-ygU87=R79XlEO>Mc<53U~sRWssM>t0Ki!I0%UAcSKJBI4X3M9oPX znUs`Prd)B}7i~sj7^ho+EmV%q&VS6DJdllWfaUK5RzDEk=M@RPnr~~aTP7i|I zasC_C3XTkfrm03YNgtK+`ffwhkA@~Q9O9D7Z(PT@Q{MkJ+PDSMB<8&uf(nBce=_{j zu#RDh4Ldi;@OO|Qrpcb9nLtofIaqJ=#Vfu~V|urv8g?srvluV+Yp-ga@xM$|-*iOF zv+surnJy8#yQ)vQ$#Ffr>Us%*J>YUi0076!x zT=ETsRU}h9LX2@}4Q$x#?3h=Q5STYuE9cHO&Op#t*h~Ys6#XW9`5<)vt=7ERh;II-X z(?F?bZXOa4;AT; z&F-HD)8ae2xX2ewRM9FaKaG;w?H=fZ7XryGM~$9u(6VduaHk0?t#Q#Fw*7IEk&%7l z=60PuAs%~s1H2a^DEI=WDUBd-fg%mERLxG)TcfhP{DK1SujRb|Yo0P;SoJRD@8Q?K zOBonmzib@SYKHz>ImQQ4Ifn1u`edD@fQ*aTRe6$J)JaM!mp32zBBhuCp*%A-0Txna z`vTpsUXFeT73Sg>ky5AdqO6PUSfi9cSiYoq;~=A0xIdB=dyp->u+W+T3n*aFE^Rs_ zq^1IuD36YgK0fZ^oBbF_zJv5Lo zz^3C3^&jimao(xn?QN5Fho#teVPv8ZloyV72|(-!ZAzowCuo_N`B+8Mi@p0UfR%=l zbCi|s0|Jqs&k)_USm`#8Uao=DRSJ?5?5(MAaID$yX5Ad_ctb78O!5txM;6&$cxtuA z4X|ZQ%>7@B_Gg?>;dh2eh>0CWNoL1G!Tsp&*ZTT2j%n9uNA7T@8B@>@!?-gp1$kCZ z4o2~Fb|ezH3aimhhuQQh?7;w_bhP{Dr%ip5>P8q~fRXx=k|!;5FZZf=K~$miJm&1D zcVf0guG+$IfhMTN9&u)zwa=9b*dY;j|d_@ z?4C$UX(1(z-`*|Dl~XgdwvNpmE+?g+NQcF}LqiNzTDYR}P;RfdN4I8)G7M11{F1l1 zn7k&{^-YV>VX51kh?w|id7btB5HU{Iox7+aUDFqFNXtdlqe5*sM-Vw#hAf=Aye#Vj zw_O+kGH;o)!;PSro6Ew2CXZJK51z|;?EKKW6H5Xc0jkhIg9Zbayk+}n9`EMZtV@+v zhE^d|B`^tfHSZGHekY*${RM}Hwl;*_z@Z^*c%T3N2_9}dFnQ;6p8@H|NQfz)`vqux z0C?wiU6~!xuwafL2!Vhtys^+d1BmDmbaXFdY~5(8z+lgs!m*yW+sWiC7rA#WXC{==yoAHDCzP|KkLnGBPxK>cQeQck99JBUy)av)(COvOX zvjkOwfu7!7QQssEYdANx1-DLgpwgMQb6DBYmx+voxg617i}=VrE?Av3dRYGgjC+KG zB5mEzU(nDL!e-pxPX4fTw;uv9d}Ag0%@O2(2-z_wD3V&9l%8DI0PBJQoidwo=6i~Z zKeP9Uk?zO+a#6aHOawk6_wg}zOtIYfRT+2Rh7i_oAHq{ivLs2&ZuQ6=BpY<{p5=c$ zlby5v%9^2XjH23MTIGUOT@o&cXqb=q^&y$bb+8D` z{5$WBSqfCz1dNZ3k(%}YoVjC;Y*g&Qt4Kj}N<&qnIh);_(^G4k^C6eGAT!-^0S26h0rR@2l(ntEgu zu1{3jr3@(}Um&#@73uQlkIw8klVJo{*{({9jVv6AZlQ_ zAPq-{v}$7J8f;754Ln0xg*A*PzLk}wl*tM6WNe3Td~ljFpBN|s46DcVnGMgOcTm?N z4Mo_%=x8fm-DNwWW{jq$TdfWR@EQsx0s_=e?KH`(^9Bc~91NYDVxnnf@8OEyzInq8 zAxRTGO2lH!nlSvEjAwfH%Y1-5^jv=(| zROxGZZ1*v4Tmf;-LG8!>0>@s!rczX&!bH>r1qbkSTGrvgI5)_6K*6!O zx%l@u2?%DaW@e!I2FaZ8L#QD>ZF4jIPbRhd>5*Kpcy}oUvsBBE<02ga8*JQNlq##| zQ=1B1e#{j2XrGeOj%^IT^Ay+5#?s}@XvSsSwwBNLC;c(s*K18R6#95DM;hBn+SvC3 z=Jo=+xj}B@E`9^cW+U1W&s0z&Gqy+ZdxUSsNIkFf(?mq>=K3{fxZpp!|NbR}3~4D) zNQVh-Oz~~n>%g>G?so1>a%hBeP@lnWw&{d-noOnlRrpQ zwoIU*VdA}{y8JhN$pdFO!Z;D=$h!R$8*op2pFV!yA=Cgb#EfkXP_}dL%fl2KeG+ug z#C+)z6`H*(EG!H~5LoI&X)%hIjkYvpsN}um;AtPXNgHKd;n0GqcbjyUl$`^})L z+Lw}*F3Zaannb#=GBbC;C{>F~-TsT-RIj9=p`jE3^pTN+Pe!AKk(jXIt>sssMAdbz|Uw0)jh@fl_S1o6MxdFV)_%e|d5Fdxb{sVL$&VP5|8 z9i1f?4Hv3`((yJ9G`9g}b2hTWYxvT}UVME4Z;3ndO}OmlsNsjce|ZZGq;JKPI~taU zTn9kJyRJ1C-V2V^AaC=M-Ij%phvKk$V%=Mw@Rqd0j6D}8{NUN)re(bgT>n_r*kT5( zprwZO1IQiQu-6PT;P%FN(3BN^h{zrBru?FDOJe@u3|hVFq942CA?(6`%RxjO(joy^hZOri_=$vFv_A@WY(^?_dC0Y z9PvX%K|$1g!pR0DDaYoCpE|RX5l8yWQqdb0v4;N$0G3L|6-SOeOOV39BmVPUeO)ST zf+Q5h6*%{H&n`gpMmT@r`FXMigMvI)BR1d$-LF^+k&RGfNJw5X=gG}X-$&~Kyd2hA zKB_VEDsVJ|Z;Mmqo0MtQ6!#82S0y2z=rPs3AU`{#1g0fGAy+C(>oI-=3)jnj+)z(` z$`GT^Vq3FY05v6~)JlWu4+Ad(e8H-m7bQJ5ivbK|tPtb9C(Mxub36!e!@`Ek`U$TM zm+EsaVZgx+6fNylRRrjLm+n8zhbh{SMJ8Eqdy>Q&>&K(x_B7Uh#>vwT@Yt@eLM=CM zIxEu0$Po^u@=uH;Tjl8`5+(e_^f|8;n1gVFy*=55)mIPVX#D8tXhKSRbzhjQ=2m!^ z%yV|gr}_G5a~!YXpfluQUqf^1TW_zF=c+|4r9PAoA8KFm*i}{IJTA_%Q^TL)#w$#Y zGcOM@;MxL2b7gGzD|S7f{*W04cLbpqUv5{jRA zlXVL^Kt&+S@TaALvW+Fd3S-;lDrb@v)khdVs5zd4-{ukC+k;xUhz}gqnI2p%Mdh+d z6Nt(KLJ$2B!$3yA8Dzs>Hvig+qWYF!YHpkB1^taYJ^gR&Gx%uR-}@9_Xd>ug-RN{u z_C>9EJV~}-nfcdsbQ^AMPklYSOSS}|X@#sq!CTVNx}AkPX(~jVdWp_X$r%}lwG{ds zmDX_;*`ak2$_xdg=SAjw`+4eGG8l|GfV>p`l^=51zRc8H;f5?}kSV7JWo@$i+B0aX z06^xn+oP`a@`~3S{+N_lEm5wZZ)8MCo9620N+n1?)YwTYv%8j;W@u!jo40v1`-)VW zP&uopC^Dj#k(Z)RyGXQb^qWpmx&^6+xY(O)h0S!T>Ou#HU#a=rY`jwRqm3=)mYboa zND$jW^j*r+y?6k#mNIOltw3Oew}Qj#poKEFu&KUXsuX*VqU@D9Lgu&64-3}!Z|a^Z z3P|YcP9w9)r?2`nU^Fkz@IJqxPDo6(s9+=>M!`YGe3&Z(i@$q+?=Y9BB?I44w-dl* zzc#4&P2nNW;qerxUD-$%bL!6Tr+OW#S66SWKMZesL;YDTR$?Cw{hoW7M3xd&l+=tf za`)uCh2W0RtSwJRKFWe5P=?+ZFBht8D2~ssBWv&L0ZM(PZRXR#58({Li-aAIFi`5~ z_|5fTsIPxo;C)6zTO0bK!UNHg=V}}_lu)7{qk;6)6r5ti+c(X(DL1b1#7NFLR)Lnv zQ?)!EF?QVu(*2M|_~_{9yFN5LFGdjA!1;dT=rSp!jb1KJreZ%u{Z}c78hE(Q#WgnLA*5yMBHBP>^D&dSct# zoIOcuvPOa>fr=D{Wwmh8{b2~BErL8fCx^bN=+fqY+5moZg?n@@;xjU$$=VOU z#}maG2v}(lMh2X(~Z_EYch;@_(nW1%MviGp1Bt9c?+s5Se&Zim~`eIv6^ z{vI5nIVTz9DvcdBvVkJ__z%w|-Dk zS~`K*xnYR_n*#9VE6G&Kdj*f7+`XXO2MXNg`CXU`)m&$?_UYjw$34W|&Kk8UP3)Q2 zKNaY%TIspM?cfLl{!vw4u7b7NT>O06#3cKQQ5rQ(6XtMCmO=6PxdedDT<;l?cYWG~ zM#So>IW&B^N}s_j7{=U%%T;c5S%+xrr~~b3K!T2jdyN z*n<2;s5+ybh$ke~zEjossdIVY{vYrR?$v|2iiB^UPB3yTD%{B&B2CuRoS&$w7_Bu8 zrcHBCG|2=@FE*zXs6E^>>-O3IHxWij&_juRxz~#kaF>!oRKCF?Tzdo`{YE~5w4N-y zbjjW>L!t2?ScvsLr*gqgfMf_61=CxZoJoQp?H7jX?~P}b2>kEXnag`nA5%yu|j`C=jbP!J`TO&K6$e(ebQRlln!g!9njRB^E81-l^4v>4r~SfNJt#BQcMV9mIc#)H-7OHcDaNCg zH?s%KC#+RH=u7lTw9=9n{$#xcJTAi=mzRPg+uS}+dC`gKDwK1Fe0ajZ_yUFyOjY>` z3TF3DAPL??dyK8Uyf*Y)3+Wzk&Nn>gh~xwKerb7$&WiB2(`4cC{wY|t8}Ow8iI_pg zU2YMs$0@}|3X>EH^f4NWhMOvzV$Bp8_b>w_sPWAb{h_s!qVdn5}nXTfz&-WuY8 zAC*p)f#u~c6~a6zGJp~pKs!7-s?N?n#YeItxctY8y`K#S>=mlCu<^EyP23YlN5{v9 zi$02F5{8i(u_PRFC&5G?tn{RbPFJE=$o&!`IuCgkG`o;{xl>G_Zj~~*qIS}SgFx%d zHv1;tmG`Q>Y2sPFs#>AVV#ZdI&H`zT2rn>f)b**$rw8jWpR2D<1i)m&ahc3JwA3Q70&&fd>e=*^|71!i`ec%U*wszX-I@0)1=jdvz1N`IR zg@_sg40882`sfHMRN<$OZ!Gx{M+U%k5n%rM29rI1@( zB43Q=6NiNr2BtdfC`BA}VUf(2*3+fBK1s7V=83=~gH`}cv?0&Ju|GLc|C4YZrm#8- z3ZiuT=J!vb4523IJba%J5OCu0^Tq$MFDh9|$4JT2yzQwpFu|q_Ezpn8c%N}K!+{v{ zCuNh)8ZSN0vP$fmTogXVIM{B!_s^S6rngixR(hc2Mry9|NuT9vN>V*-J@9J+Yg_4~ zgOJ7{Dwqs3F!wl%c3=20*adkpnR#yQ3xJ+iZ*7UNsQzDbN>YfduPtY{?qzFzXGQ&i z^pxB3IdV*dGK)`Gn2k*O|3}`JxKp{dZ&!*^p^_w_*is}RWG+P{q{uwaa|vZkl8}TD zGFM_*<{_DqDP+o=Ovy}0=IJ}v-tYVV_W$thqhlZK-D+9udG6=Fuj{gZor(x)L)QIN$6qeRXB_T5RlF{n(c9UQ^8()xIl9%ZXPW%`q{D4Slrm z4xpn`^DBO`CewO+&3yQ-@Gf#M++2{cIj;Kq%U|p1EQp|)=EWu+W=yf>1fS)Q1CBho z=X+L*(La!ehfqGel1^*@ZCYLS%%(4O;m;5M=^llXF(Nn2D;93jVbHyP@MdKi2>{R7 zR+Zp zAv@XdjHyasrI|Jk|mwc6VKE|yN@WTKQRDnsYe18>ziF*D4#TjlMX_@GeSd?}o6 zV3BRVZ-$c*2uNjLe;l{B&;B{L93AzyB?jpSP+xv1c}!gYn|_>e{JZh!amh9+GLSqI zQ`RakK8vk4Vd~-uqW0RcRuHtW!NnC{`h!iAnLzX2!c%tHe_j7Sj^mH=aIAyYXllx1 z;^GU=o^(0wO?;0TE{;n*~HttH}RZze$BPZ14jy-myh&_(ehh^ zEq8du@|?S)ahHv4J3nLOrtQFt?s=pq{2_Afsc?3%dV# zfByJ;6cl^B+sC&PF5f3+#)-LPf_p+r4+YE(ZS-i(J3IaQVK^6XH_tbG&J}mQJvpfhJVDYoMjj6L*NLsKc|GH{7_Z(`wpHAhmx}uq`PRmEU*7A> zYJaaj{A(%0b#3ec%@4Q24j!1#lkTL=%$bY&?nZV`n8_cCxUVF3=n`h_IqMb}Jc%bi zMZWDZ-xo&nKmP7g6KU}#eP7T&u4?)6iMI_{j|z$L_D8%+n|jL6Opf==wlEi`o95;0 z6k#OtC}}+UuU+aB>L?7cMcD<)CAVM+C^h9w>L0&Ws4b*HuwC{ItX`ng7uo*rYg7(< zRGPq`sq#x2ZJq#zBG;^JLQ9Lox|Ug){WmlMVz1gp94|UAbm`we1K}JOMIYy>QW%u= zY3L57AN=jaw7Pw1rTye5s)*xU|1iNxzNaK|%~@l0IzQvt#ogyO?wA{bC@J#qm*o8Y zlA$dd>GS6{vOZTv9$$fi?D+4g@IL;*{gNvc$hYo=1ec%(e`ij(y|)ld-? z&#(XYNk#XQ7V69US=UEK#62yy^(yMRx%g)!&a1Ti>$cvz`LiXLCNN?%Ij7ksd7a-p ze<$G-=ukdy|Gi{)lGu8N!)nq5N+aeuL>}kD;UErW20mtS$zPSq<&rGp zpDH`n?xS{;e$V64>1k6vz2_LH2g{}_rF#hbWQwLLaeSGX;VE=>w)=iUNg?SL0!sKl zq|L>Jo)jZNS*xPi+4-QJL1Z}j{nCFPB6PXEvA-YD#A+OR#jSJg?rgr_#F`oL;zxcb zo8P{IYJ~Vxr_A7SqfWJ_rQ&9r>XOsu%ovEE$|M$}LbR~AdE_hZaOPE(rYXl}95ORA zI$8>cpm9_ZdfGRQ*&>xx$5uPx=vQK^0*`0=6|D2S%Q??@gfSN_ko{gR!V3TAgUp^K zZ9&zoes5=QCERwue(lcprY_6Fd&Y#x0?5|`go|?-(kT8CVrGrif3VFjB~Al!;Q>3L z3@&hDRdNa2a4-zqO%OLC*d;bs@H3|=^M;P=ffUOSz|Ok5a2Djm+}yV4C^1zuff7p_ z%yXbzVBLc=YWHXK`s2qw%K^HZf>7*liL56NkRFsGe*W)1J!|&&QUf?nyMya$Jk_h) z1^27RDu(X#H}Ugdlgj22c8JC!ydjN$hxR&?e*epP-B4HZ?zf4{=JmVslE|a5;l{%n z_+eLV>?`g=kaxk<4|9buvF|+v*(4Q^2($YkAdII%KMl^>{hI84di4B74o1W>d{NZ* z9xCVE;{|zCuEq`)MoJKEVB2>w{$rK&){N=1ySD!4A^g!oIxv|uDb?u0%=PsWI6fSu zigbKnm~v`26@`D<7TbNV&pkV|V@Hy4bBkG%E}>a7y;&E(2+g+$K~@4zOruh>-O03i zT`HboN69TBy;DwgQa^n7&_JEzBj5>)b{!{&sEWIcoJ}G*!_Q2+j;BFcjzJrgh`i$B z4Wsc=AP=GQkm1gU^&q_Gu^3Rz1@VJuq#v8PX)) z4Xm!m1>CuvtZ1X0S((rQ2Zx_C1FVzZ+N3gXRy19GRK5=gTp3m-xKLZ5t-WLShX#Cl zD_TL&VI^5U50uLQjeHtd>Z|{fQCzfYrneX=H($s2BZu{X_ih=wK*p)ijyjolHa#svo>@Ny36y7~(C-V4yoH-YEfC2BQ7gDJ&;({;TW{GWe_;3SmaHa+N~&!K zMb>W67WRa-cM$cvO(frK@k>$8;bIqM!mlTtV{r+cTMg7Y4x6=(5!yyAcRX5HJSR%s zrQpI%|0CRSx+;T9a%*Lp#rD<3t{NVBI=Vye1#SlzovQ5b{}mmjL{yC^cJuc?)LUR0 z`b{+@1rmzD1P=6`&1S6;_3athF1>k^Jv{KN>2R@x#!CD#% z5971vSJ;G{|ImYwhUWwnf*|OCJ3Hy2@a0^ojbo<**T;{bx2QlT|wzR z;heYAw}~N%6F1gucq>he-XG3`gV5V98}-~g(flz$DWHipx3u`Tj9E$8sMB>>J?`kc z7j2Nd^l^TjM0j0nY3r#6V846!?$HkoU_VGx2Lz8_8E`Co*ETuV3)0$K`u$O~|D8d;4R41KL{Ak{h`9TcCBlCY*ioBXh;j-2pq{u58nnRs!Xf zyAPS=q}Ah%;juu^!1NaEVdXJ~NRkxmjS`2Rer8EYLw?D!ZWGDp7Uq1&!vj)ZsqAY( zd>lW4M|D1pu5Xc*@tK|89~Kh5DopDEB&6MQZsMB-%s|`2aU1hIs)p{62&UvK6bNRU zc3)gn*KIUZXaAebQZ2+M-T;ASZe+3a0HOxL`hyXm>|Zxd; zr%b04m*Js3PQM2w_kSKaCm83`cx=n*epIjOtw-4GxM`N#yR9}XF8$!-Nyl&br?=#E z`%a~B(SAGl$m!eDX{*Gz98Rimm4JgD5BN4DCmuMR+SMhBhWzciE8%!kjyzYL4xxcZ zzObz;Yw}wDBhQGtks#LtRn5^fDoZ2RdKo(cdMub83xkV4?1T<~<9pgSLi(7gsi|=j z!ucj9?_Lm~5rT&;rX1uf48EZE$tLAfv#7%?>TgHdLdU63V|O#ItDVSqOd_gvIGETr zCU7`L*_%2Yg7;HWjC-V%50&leI>InukOnb)N{UvYW9W^fn4gLs>qh_)7-7%GBMm9b z*}G)L$$Yn`P9;*v+#m36%<$NB2VEs1BE|%qtgjSWGL2KW5BOI?!D{Q{xaDy?guxFI zB!P7g&gR65@H&DIQw_4<=8R@(B|M)*p5Jx(4!^dbD{S|MveWaJZ>j9?VEO$0dulPc zelwN5f93J|;phcj;FN7CLi`j|)zK{fEk-Mjk}B5|6(;m%aE#Fu>9X{`t$DGaeQ+v{ zN~9@qekQtofVkCq(BK`!~d=za*FsX{(sf(df34BJidgiH>Mhc4Ud z#=7aG)b{tY5G)CQ<`?t5By-Otck%}i3qjieus>iIXLicZfFe_bb5@`u%U*~Pm6frE zR-r(d$VemHt*_Ijw8<4-oQ0kRWM3GBV!y`;Ksv+Iv`fsb#-ETl87(a>QlddD zbpF{+_s(Dr0sDeqWW;^%I4B`_pcft<-Z?^-I4@$|%N)h;BmG9XEQ{;eQ3>!bcWCGP zG-7K>JA&s(*7>h%#qK9^RNw-Z{Q1Wx)B{^OQ|)@(wd%4cs;$J{{-?`+B0}mP6rb1g zJU@NG*Eqt_p=Vf%c#8jWrc^l^;M(*rjt@F0=Q{Un%ir!sT(>2^u&`ideqJ>{m)TbJ zKpy8VO$l3dRT0q^2d}qj`Gjr6`lc+0k}crAMvR@rvY}__y_)&HEZ|6pJkqsXXrR+@ zE=IBtth7E4-I+RBtf$EI>{24u$6ym9$gFR)q;H)26wfmj8oH1duS6f)c(p(|Uh9-0 zJv(f~C0Ux%s&1&b5Jkf4>c4%1E&ncU+pL(z+k;g<^HRj%DF4>{=N-$JVV4tiOcxfc z!@|R!R1a1doK+CN?T0xj&VKKUTUAulb<_>q#1whxK}+U)?;=<(_*+z z6m<=fq98Nc@a{HuEfp15pl?dJEH3|5?ZE81q1kqR?l0r*tl`Pr6IfUOzfbT%Ve%q-JK>@&Z}%&pI^De#>=jMXY$wBs~htr z?_$VJwmgqB@~6EmA#>cfikR|i+{IR9eZ^^d2dOT})wrB=W78ey5j;h#9FKTOiM))8 zH8gNdE$EjCkQct@DpuCnsb-mLtR9vLpE1A7u!G~I;n?|*<)2@!caGz~8ebCaCz3tO zuASL>WQd`D^Bk+|yEDm~$?v*tCeseCS#I1mObTA}t_Ml(1#D1Yr*aEr`xqzS580w>lx~fyajC)#QB6ZFZtaD7^ndTb&QF8Bl5s4egL&jF z0`JuCD^l*asX2aA*NBz#c>vc%CB9vM$!ZtSKOdLl6ne+>5V;{b4f*ablRQqiB zTL&cutV874L0#RyD!pL8{PnVlY3pUKn8$4BiA(EYEX69M=-wYHORzEk209!Dv z$7OVM(&)ZWP1a$hGuIe0(;b55A+*ukYmjD8NT^gwu34pM!-9 z5tg;}u{#B+3|y@iU3qTL;W7w<;(NCVfncsomqwDfGE~8u@~fLNs;fe$Uw6>vEKK(J zs3x(NFr8?k>;G6Lg>Bbs*?XB7g6;F=4EU1#V1omPmNJD{q2%U@g;@*dlb($asd81gpe4|G{OuB@(t z+07oUAa;jDCJ6e>P;)c5tn8RgUkRMs84oo?8yjtMq{rOb>)$3P9y_uyrKwfm>MO6R zO*8ndjq}CTzaW&T$lqKN8U5qj-eIU!d?$i%D?R7g?fF_`Kksd5G=E0*Ezt=Vd%{33 zx;y{9ipufUW!P0BNaHp+DCb73|kn9I*YV609eF zZNEVC&#y;GY|9U$OV>lrW{)dBN5On!AlQIPv_r|Y zHW^4k&fSrGlQXs2fYzT{wY&$SWV;Vq=$ElQzw4NIDbEgYMj?E6v<^}S&*YLa| z8;l$S2y|gimc@1B)IrcPVPQJ%;E=fwf23gzZCg8K8B}COydZ0s?F~E^RS)q8Bh?Av z=x5H_$D&jY?SusG!G|Ad)q}9y*XNIv4CXlKU(s%8#Mjk+@hEep5%0jA0=(6iFY>mL zHpO^jsUYH=gwS5}aZzTO1o-~+h=dC`sjHH%ygct*m22_&m(cc=et z5RF-#;}6-kc|K%W>lHnJWharPznw|eVtw$yj`{yx@a-4wvE+SV@r^J0`(@nE7g>Zl z*A@*8yaT%x{&Q3C;zx?o+qdnwuyoUxCH6l@01kpR_s^QT|Mw!&n-0v$kY4z&|2c4& zh4dNzcXaH0IJ1YwQ}W+0xp0sC3HGvoy@W-SjP$tu>toWyY$Y8z|9+#!E&F!T{`)15 zOdssrPWkVbeBzV*|M%lewIBNX>MSj?%I+uk+6wPk@z^9S?nI8-c7xbc>S4_j^DysZ zQ-2FaJjSyf6Po^{t5=$+IQJp0+3akD{OG(hVgf?tj4k((Zm#`5tH6t0cE58mlULaT zt~wao!FKH}uLhAWyXz^JB?@g&eN)=T-|~K9W{OtuDboX$K$)O|DwLlgfLJMR|3_G? zOz+825ub<>iTWR()>s`DTG(Xwn`C?2xrnTjt()Zv51X1sM80CvU0PZ^DZ3vW8~;i_ zHdzp9@PyzeCpKRxPJ?8yqWmq(+7Z5}dhCNnvKGbdX8i9u4qD_ggj#qz6BnB3Vm-3B z3}vT$XjWz;~uI`8K^Q`_)|xXq1E5?g}53PTYs152jn+ zl;yDamQoLp7V1Xa*t|1#+%L0(XMP|>#BG9IVyUc8nJ9j*lVtW6)wd$xDS70;fx%Z| zbK*G4+|AB>Vovbfuom@L10}HMX+YpyqQ^#cU$rh*u-_j#(zixul6_bYipLrxTy&Awb+bwS0-Ve#ReO?kPwVIRNf)Bf_%!?66_9VSJ;)6sbWNxS_oJ}5j zVvkw4w*;xAjH#(0I2R+frJI8I1njPn9o`sO=aRR_}nyl6=7aIr$E1800PSPz1|OWRERBeG3s7zom(_7AG>Qq`P{u-bnL^->L_(q7njp?FFXqN zt7`(W=wGA|y1NAH>0)_>r}nE0r-4~&Ch|-=y4VY4M;<2ab!+#9GF3U;};Wy_h`e50np@ z{;oDKK4NFDf=|VzgnfukZ9g7+%BS43aasn^Nv5U+p!8>F^BD-OPx~S(vLmgh^Qa?U z9}yAJrEzJAaRP+N#$Ux;T-vcS{6qm;F*q@L*BS9QqljBKGoz5h z30bH7D(3CN;V*mm>7fMQli_AJ>RWz8A~5Ez_LAEl3Iuq-%?{p(X!VnnxeW!PMyJM% z8++YQ+?bedP6cw}>$^JtU2{p?oB!~s*u@FlQAQ!V=kaAnw{P2uBOX@4z@)b8c}D)1 z3vm4u9SM2~%H5eI?bR{#X>dW0hryhm0UO8HWLog$b6Fk&nJkd7*%R=>CH->QpqPMUa(qEH)@!?bLZ(i>o!vzy;vY!kx`xowIXb@4Pj{99a77H?F z(3zjt$H&Q@bJYQDLdnXWy-Ph9eE`xJ&<_sz3=d~^PrcW&NfqGK2nYk?3N~;N^6>iB z7?Ni{ppdj1?m;@~xC0o{;F4Ie`+rpmw9f8=J_m6WIT}-M@4)F@I?zUZd>65?9McIM=wPvQu# zMaozENJ_^9JmT8h+uyZW1V;PYv0f#qLR!X7hWWwv)kwVxyeZfaYiJ}iD>Y5bgQh4i zeZaYRYhbm1-!#OD(5%NAWL`>)*URq4mU)5DoB0Y!0E9K9dm@$V>S8H)nSeMD1AVCt(tNq8)y3spw_?5kF5sE&%`zh z=ylm6Rt*LDbK`>hI@)L>i~`=ObJwjnPaX(&QDbS6hKavMG?i@dPM>b1 zlbO2fz*2APM;j+3QZePsIcGS#z&>bWkG?|@y z9V`o1{z$iH-`+C+vJb8ohxuH5vl+=lhLLLiReH5Xp9=>gfXf@{ZIFJ!To>5^$tGT5 zbzl<17{=kUz8Ia0(ar=mS?p%`AF71C(F!u!$u~Y9LKTXX3e^W!(mN31g4&t>5B0d@ zsZh3{D>*B7u&d`CPCpb<&}EWxFzayc>6?VMb|(`adWbEMevzYbdfpk*OHw!&q`B!G zXQS#-kYmlGoc=LOqTyma!tfFf(gj+14r1_Wc(WBwtr#aU1s)3Ey1_yFq`Ctx!)E*p zK*E9A;y0 zO{g&A*Tl^!uFd>pcrCWQJ6%?solCdpQ#6PM zxf)$1ZZw4Y$9S|}DL77dT{W@}Fyfv4T$G?e%xkNXm!5Zq7uA&{5`0jrS&KRyc2n*i zTS%>h^0834eF0TUw7F@cd&wsq3!Odmc(z!SMkpj<`P?A1YjjYiS6_w25mO*+l#|;m z*?wS0Xk~R%!2gSo7hkY{u+qy^!fnPMnKVuER}#_jE@n$qyYCJo~k{)1P~bSB375(%1xsODA67&#EFu2_o@)&+K~!dWNH7 zA8+-pobpSU*<2g)FvhIxV!Wh>hs5T@=0YjiOt{Cgt}m#=ESRG_9QWVpmRX zP~*^2lE)ea0{b+nrN)&QaNt{yd~O~=J_J$%Fr89YdpWYcsK|F#TmdGWVa9MPq@X@( z(pRz%2n|EP%18I1abxi!$55mb(q7)nwU>I@=*=Irs55Mh9syKWB_yhG-C1m~CjI@2iX~R{6VR!zjm2(Iq>`FgKGC9( zJV~_Lx`Q$jD~H(B4epI_Q!xvZ4CK+XTCtaRc8aBG6@2M@DLm=IiOp#Hw|i5$9p~@- zIS>2=_AAVw-#@E2F`e!$W)yYZ9@y=l(29;Y{igG1qpc56$d5)L*D zkCC3y)YT^MXX+ME`B=M*SNcpx%!t~Mo|_CNg^)}8j1CYSzf-s zu`yku2*+{n!85;q_@6oJ;Ncg$IeB8w-l_h2!O|;0J2p2;HvpaO28S4C|?vl?`(zCD#=0m{>JvgE-yR1z5KD$fH zw5^Zbb@uZXZQ*MvTI@ZE>vd}vi;{q8h=md zZl-iK_#76qdw@7Kd3L@^1JBIav)tN6pF4{S1Gn2i1a?BlEdYb+JDVGBz3!`m;85>~ zR=_yc<^KA-;Mtc?wTkRKJyw#K4f4Cs-yP*~SxmNePHZf2oTBVV(>B!CM`!ra_W((6 zCV@HIE8%6T@F;t6@y)f{p!CaehYumP^{k-n_x=FE(vP07=?JWRZ#N(+6DTfIqC^7e zkR|f{?V=?Q{pk3w;mW}?%^iXdDlOubi5W#X6`^(E1%NHRFP0qU*!9lA)o6QC9n=Mo z2HNy4Jx5iUec3{x(m8e7T=Wh(5ayvq5c^oUQXtVd^uf9@6fvCS|cFweG>Kc!v^=N%q+B#kA zZ1>VHnXR|IGqPaq{yW6O*xlWx<-W5eIv$JuYC17$%APr5!v|{D*gTUMQT~?PFR`AZS|#jW8pN7=CH zwWMGY1BP1s{m1d~TGozA$vEp4hXH1fC9*u*Bd!J>Gf=l>8N0p5tieH(I-AT70|j*%ZY(>AgN$MIT{#gYtF& z4;i_;#{*!ibGJO^H$l6CaQ>FATfpF%l1o-%Rh!GY8`RJOqxU08f&OvFhZ^iledFz^ zahTG4fN~#vxAHx3)^r! zgbo?+k!A&kai-+wF?!11P9Cdnyb+4x6oIM)!~q_X4ST103VI}o-&ZqqY~vD(L$DJD z-gXg1X+%dyXV*yz9ePr4B9+u)51VH^C%X412$NmKhk!Z7E3t&veQl@vncLC((MaHi z>xgx*?{*xk!=bknFhYUK^+_sp8>{q3#o|oH&5dk&iY{Z>>aKkaKTO{#oqYa#wM~AD zL{nhPP=!tYT!Tm{f(c@8DZC;jBS6O0*{LmRLk+#x%X;>^8b`yqwSO*;==OUbdImZT zpxsOD?Kt3vFb^2r>kP@kjgS!P=)WAq6MSoSJ$~Gp`tj27vM*ouT&=5X9e2>VKf4_p zkq_EL1V#B@2F-|3{0?nwpJJ}+&_-+PTQ|AjN6kh*A-pr0E^z~B+bc0A4)?!ui`?Iz zW)I!}Rbcp_0{+s{iCar0K3=V-_{6-P?_o1_mCy!J>8@_?5sh#=jMwqCq~t-yF6#} zMbTZdS}gGwjTtLw7O+^8P7Iprrhp#9b#v9Dd`eSrm-nZ&W^9>eb~|N*KO6D!(|V`< zV*2***mJgX?-QEsmOftxezX_I8G7Jw_?9>eZTzS+a}aKb5i1|BJ%y+i*Hw`|06#%; z>}qlqnx14nF?T*zNHTUX4(%#Xho_lyag3DAvzgku6F3V%)Bwz4zI%J81g~GquL>*P+XJ7L zudRMD$$lCb2*4RpG$70LI- z(YF+fq>EJ{smoSWNymMb;*J{JSU>srv7=t@H*{7{1AAEWm=afBO4jZ^Q}h{y8zwrJ z5-n4!+tDcwK?#awym7XqSL1?uVsle(bMqHR)seFh20eXN`=Zvk*KI_QelI(!idz3O z#gEu(z$7!|XRs^y&gk}w-X?H0Nb+URSpU-1GuULn2SkM2ES^y~Dx3or9T}meRqZKdmMeJNeanJw*f@crfxekl^{@1A{ z5ho6qor_|oXc?nLowI$LH9jpocnJgo7q?A`4$h7|YAT=$W*hbkgvFKqLbnKYs;)>P##<^!>)hJM!x) z`}3ymeYfE<*`1^iZFRI8@VA@U6OCNl8>#EGm^Ej1Sz&~IXS!EAN2BM4c8Eu}WC^g{ z(nJ3oCU9)=o}E3r5HM*=wQhHj?Cmeb+e5X+z-2_poth+gBr!c4u0Qfh#D$#A7c1ah z*IhR2pj?son&x&rVC((%gFi!aG%$ zyTPkhi~^kcmiNZ%(WBmlt`YUSzWM!KxZWTG&#sbjrE|>@VmF`OWUrr@;a-?##<#ME zb1ghG1*ck!_~8R!OWGYUXGEyW?b%N|;9ZwULB+$vBMD=j9~30SgKaNjh4x{fu3tUF zGhOTvc}KmzA=r5D-u^#hEl3?1oLfe-6MIyu{LlPeQODeFct_$3o@EF?leYHfgams? z4X;oR$$7~jyDQJ;>sK?F0ba)_9jv=E#bR#qPXmD^L0n4G7LS<7zEyto>6qh`YW8tF z5kTDOfe&CK$CG~$t9kzi28^swGH>|c7%v2-91ewVH%yR!_u3xb$wfV2J0dbN zEEjd2O0(imN$wv;ycaeOZZCf>eA<=llhX zS&oW4#*IzNe52^W;2a&}lI;YR4jCNkTo$H=K8{`ho(ziz5NLlyJN1?gEg0mB0Ma|} zG7NVl6WKTJi}$T9=NXnS0%R&P(Ut5`c-SYS{8}qlet7PJH&J!Gk< z&MjHYPDMPG0z>pOOvEfB8ANYAXaCA{Ru#YF)>VUlcsHJ z*h3{BCfCR&1nopUf>0ogb9$X8EJ-{mCL5U~6`zY<&d)kjZ{1(*D1EDS(tfgYZrqGK z+#mY~w#vvpmlOCNIA%ci*-7q&;{z~J$bmuZ62M=YVSO(gJ^UqN@x8=3@9M#U&p{)d z;zFN+YG@TW?^0(aOsgt;w650#ddTyJ8ev2Q$o4665>T-N1VUyOP8rsqoo~J-x{*$r zq|1NP3%+;0JVIi-kk&_b7xeF_)eoS2$210^@cnZuvPn0<>4~nX*@Yo5Zmp-MH8${X zBEn2HFPs_t5}r4_KFoY%@K=vW;86vYbi&-owVv1t8>cuy`kg)^JIUJy*f8V8WU$Qw zvB8kjpca=`>?2WPq0z`x(}T+!Y$;oNv zps_+hp7Cw6HRYVJh)8DF)E0aWE;>GiB;i{(%7*g}>Qk=h;*fHj`{jR>H#D z3Vwa#BO?7DzhE6BDMiJuYiaT;(eXr5r!o^2nY?!Q~WL3fpOC9vS( zW6q|YP+WYpR3gJ6{6r768l-mfi+fdRSB6zMHQbueKH&gxhgQ?c|qbiHsA9o5dt@wGTYgozPz|o^eac{x@YF2xZ+ZH-Jb9wA!opl&urleV0CoHyz z1kDa?$0)WSdS?8}%xy-x|wY_4iq;c6?vbw~?#01d|@f(=_VbuLk z0Bf1jOXuR=J@hYdQvRH?sCtSJ1SJlLR!Gz=^Crn)J~A(d`mnYWcO&1 z{P!-4&BwkR`Qa;+&DXMB>ewIWqw#hxB{jE%)I4I7#k30TgibnjdWRHu_{g_50$}yy zvhebHh`CngO*UZsZ9UgqWJCZji8$Hv2{?u$J6@D2NjVMU5MSxzOKajNrGnYcN=P(T zED2$L49XFRM6(p%FsPb+FP55a+wj?0gTTr8z38?VLWvd94eeH+3pc*0S18soy{{hK zO^oNj|mprrbhggmOUz&fPaA&qZS! z`AUamVo6o`MN(k+C#%e+zP`Z91QXr#G$M^Z5e~#>1$D`w)Pq@c1kSi*H8xtx1C+`3 z8ns!ZI4Wa@!)AKCQM2c=N5SO6ip}oAck27YDwnG~gu@$GFuCh_z4+BI<89W~TR8Ua zz-m_|z*%V!Ps(S8@%sC_Vt>l6Ul1lz8TQ6;jIR~f)p1(&*_02?!;cCl5ZZb?&*R_k zjf=)_JYc?TP7@$4o7A?a$!BQpKL72Ai}p4paJs`Z!oMzV)cXjx)i2iI!)gW9 zIk)W~?PYy^_h+-dXUX3jbD)YlFwWDZ##YVBr7bBQ> z9ziKjQsD(l2VN2AibXbaUEkBU6X-E-&6=H zXdTUMr?Eia?dAyequ+C+yp)wVU=_9U%3_Cln6Gp@N9fgYFJjkM3(kz$b%}ceiQ`g8 zPIPd{b+E|~X4?g3TF1zZkth67&Et39?QU0l&bCWEvCN29pEsh(ET`47%_J`%vRUNZ zxti8iud$u2%&MuamJS%HA~KJ|k70|BwzhfbZgMXqc7d?lJnFR`di5_9pWtU&>qrPJ zzoTBmX!Sy-8e8nGLkDF|TQ@EzHe0Re5BB-%q;sbpugm(t5}JU`hdC#(!VC7uf1RY; z&Cg(injE20tYn_3fiK2iA*vc1mT@Uf5NnK_$DQY8Vb-Icrv_FHY2M@b!l%ZBmn;2U z%birQKkEVvd;Q)RaBhJw1crs5vz{st$k_0VawqveYv6`ip+*2*V$Gw*MHVIYI$mnQ z2O2~*z{1oS341T@x7htRB3u_>%bxn{07DVph@d3#@7! zWe-Vqh+&hhukBMpDBVb;|D|~HlULvDR|r24tx(UXg~SAg02(N|$HtI_Bj6R!0Hy#g zHC#IBp8{ifd-G<}VCT*|!&zObnmOv$#052C%I>o&mgDnl11?*m6*`KT#Cp!%XDz=D zN@DhpzTuOS_zfQ%`S}C|TPW8m56oUGH+%8nqSWVhr+Qd z5$V2?*;*Lj!YPtIz(gU&HLBV&CdtR<`GkYFwAA_+h5$O*Fmn#fnCP$z#2k9Fp{Lnu zpSy2omKqm0F?>b#Bv)GJ;%5o1*BM|o`U1f>9Y7M5B3D~2aycB%9T+KF{AL!@ID9r{ z%|W~=^+Yh6H6^Xh`drA(QwM{0IkdGyVTt+{M;o9mv=SJS(eB3N`$94&I#&|%ef6q8 zewQmgF@Giaby{nr>aBYDB)&aVQ!KQ5_U-Y;+BL#=i!Lu;o7deu2$WF6VQtXLf|_A( zR%%{!fKO&$DClMwF1pTX_Mt{Rdp6m`2z<*gbbP%g?Q)6nO1Efp#Vm3^XMGc3ldaNg zGUTBL2?H4@?t}sT#apK>Tr-)R0Nr(gXD}`*3S+fI!nI?t$u#5E>SfxQL0|f znuAhKYVTT0s@IWf#8}V=u(wVoitc^mseFrU-8q^`T{#tRAK*!7qAH z_F_^S%)p_Ky~t__R1VaQr{v{QQ&LlgZ42?2Th`?L5^}~XLtI; z93VEeXK7md)&IXP0~HTrlQ-eR0+g3mASH&mxKN--xNHuGsZPdI8$YMhhIaY5Ek(wa zG%0OvZpTy$^n~A4QMUM=>gqZM1{b5Zfx@SktC4S$z%)1@Au;TtsjdANgKt8!#pw80 ze185RpPmcC(aJvO!|OQYiqE~)4KoHQ7}T#WkK~SQjceDZH<{8-5I3FII2B#4H4J5a z&PwgI=Llqy!Tz&2Ril_qn!rhc$R{u0g;l+}Z~924`1hmdU`n zN(p6X6mxny0x`65njHcde)SehWvW$J;K|=UIzDNHOSbS#fkduFeAD~e>%tPNU5dWa z3HQG1>dLLOD0UJ%e zS^H;^x~WIv!S+iD*YkS&J@$8{3Xeo}PsL*tNmQkN0W^NQ*8s7SnKP=MNBk^FuC==G zOppIC4psS{SmX#{_x)^a4-y*K4CKWzYW$x7Az>mLw4V6#Df{mNQE4wjh>u^rV|6s9#_8VtMM{+<kvLA-9!d$S*xKS|xkts+LjN6?8D~=FxU1E9ud=1i0Rv)Q z^PW7_QwR6^8WEyb*WH0=BcCh|y?uVSSEQ^a+d@-D|6a)OyqE8zjJLM7CWV32*=*l7 zg3cGES^IJ7`SbPO79e(kfKY9c8&sDZ@x(7d2{9m?4ygjU;#Yzr>ql<8U~ofJQIpsO z&SuAmOj5_$Ql7@X_4P&BBxO+1FFH9n5wuVkM_tdpw}+gyJKq{Y1mMnH63!2h@K}dA zDwshVVe$e}$M;oFQ}YPrNbOBIS>3*X(cz6k^3B)HX8jBAGrw8kjIa{mgw>~ykD|LWQPL;p?2B8*XaHdp z?JEB3dr6D%Ms@SpU8}yl=#dx^X_xn2ACyfUO~MKa?*9>%BDevw&U*h|l0D>2aWPq8 zxi43pk$u;2>z2}J<>WuD^C`_{O-~*2({=~HZYW>mkqzdF_=0EU2wHN?=vSv<64*Sm za>Ukdrb!>inRbs@Ma*$l7b*Bgqum1$MPhTg@x9aZGv{?`@nzwK4CUl2?9p$PljAxj zlH0~B60Tz&K;;us4$lab_xwJs;zZ(l*&wa|4!9m5HSN*EV@3gwjea9|6*TY9bE2iC ze085(r0Dl=AN>&3Q*UDbEwC%o(qxM0c&pIq>-x#B_TKVWsQ<{vH+d_Zn3}TrUfFE(xh#I~O-r3?=N-HEo5p}j6k^Xy+1u}4JaJ-a zrabnnm>A~z6rhjTtp5nCKS|g1{hN`!p%)$;c;jgc7YawjMj^&)Ya?He*6XitvodmX z16q(95;h-5d#Cn7-_HI5{cm|y%4J+%3UE8-|CRgdTPL@z?1*rl@l^DzzAWEEnTgEICV~s8PjZauyNI(t^Ya70kT0tQc@In z%Uyh?V`Ec83sX_4#Pnc=qyoov2HVnk0n^6fONNH50EQTk(Et2d6Jlj;otc|^x$LCf z&~M`dbkAO4g1at$LR#9~%nYOCknLU`Q^Ft%7^M=r+24=3{~j69k$|s=A%jm zAN%+$H#n76_pMi#8s9N^7$2{Xu&ck^N4ops^GjnN9M#j)d+_WTRl8~j$IrP?zov8p zm`~4teNuyART2lc5~~@tN#{xcuV!k$hX5+ zuU`FL=n{@|N2F-A*9FGt!40p+evJ<=&D_RFRnWHgV|AiOKfP_~I#uE9|7-6pqoQoT z_F<$!loU`(5kZlXMpDEgRa#o4Q-)^f76lRM5)lxPF6j<|VML^n4(S-_`tRZQJn#E_ zde`&m{q&!8ubU;q#C4tf+~?lMKK8KztwQYWy?vY1f{}1`aRF}8Vbg*EN7RqP(o!`` z%cHx1=YjKwnv~-9AL9V3h-uM_fyfj?zK)H}8K{6n!X1ewG`e%#?7Jvp_1Yp5Jnq54 z;r{rpSHtas8tkmJ-;1h_PELsJkxS(+VS8j(fxz8AKnlCvtC#y8sl~ z23;%A1dgpn0sFon$vfKoJ|4(umX?;M z%FPV}rc5Pb0kmUYLbalLcWtsNlN{Z>eA(T@!);em;Ij(?al5&>*=f`Z2}A7LUlSAD zcXV;u9MG|w5q;3s*2ejV-e*7FK=;Mu$!|~nySr4Wx_LJpj;S+ z(1b2mVdu_NSrVqfWSi;fRt2&PObgYpH418X?%L#K8q`co3J?Itu2MG!aB#0va<2{` zLVfpeNs5f(fFf}LOdol`#t2(bhy21{Sp2zKL*+69v*x7NuD_(t5ltAiuRugjE z$R}At9Y{xgq zaWZGbQ46v6vB+rxTKe!K44sp=pFWfdlue0@q=XWw1k|}Aqtd^qK2c7UQnFGwFD@=_ z{juuQRTritz3fdZ%X=p>&bJ_cT4bCg<#bTQxu-j5;^C2q4I|nZ=-f_^$?56ouL5{G zIEn_PY7C-8@lS!U-l@~YDrW33m&L_nyo5_(4*)RL(Mbe-oY<rEw){ty#$|By01 zj+d_!(Pd_Z@CQwRhYywcotFfs?Bm|OQvz?d;mOi|i%;xz1QhC^dwG9GdS4YnH6?+$ zNXnfZ#nX(?7UpCoat&{(?wJ#1TTAQdqkT=-PW39B@zZvvGpAkM{~V8( zeBt8ZvIhnMlqlLGSQeTBMdVX|F2sL#i2x<;;@Yyn8PRWC1@@S>3omp=!D87N!=Yb9 z{-ua-pWQ*!e(??!3C#X|qM}011fo>l+d|Ie6+h+>qT#BRcVF4wgbHu{-hMp*NiYHf zpSK=aM&w@srlz7!?!G-e%HR})oM);H8`o@;9=E7jh=w5(xCE>ed~J zbt#0gMR|5tYs;?S(s94l4mHC#*4nJ90CL2Zgh67U>=Z-qdz(TA;Aa z>sEOLgS^PE#de*wPw!coC+48zKA_nM4qH*rd9p;EM2O0*cuU~m0O*IUFC&2l%+A419DE%PXsS@*!pfq1{PAofKc7~twnsh5g6IgV2kqN< z4^q2|$83u9kwbqn(k8wQw!`?M6cy?HOSHfpY1qdUyd0)gZZtw3(WZJH+}d;{Lu0Uo zcALDsx8cB*{}(S$uyr&hVW4}Gv<;ib#RXVkvvl=)Vg*Uk=#8Iz9O0=A+Y0_eieoe5 zwbg9S)X;Fp&dwoq{dW4CvRuU$^`rf6LFc)NmfGsl@^a7)Yll+?PQI3% zot-+;oR>u%z+8ZQh>VMd<{!7qoYuyf%uL-!)HJ0shbu3`bc?pz3kGw) z7X?bo%Sx&lvL@s16?!pE><+_;kZzDr=N23sjF|z%4}3qO$>CGMTKQtVlNj$aqkYu4`!vFEL~&yA~6OocSl0tg^QgEudmFf z-@F+i9VOJ}mKKNWOB`=P7)>D~KRNMwDK4%!p88EN_8i1%Y*f`iy&)wC2HmZl9ojwt zRo!~$cR+B~$U*VPgVx%c&&wZ_Glqu743S5|FbirZ1~o9iJ~LDCWbFn?pr30U8tyf0 zwlB}g!#hal$*2CfGS>h5;R*`mPBwvXp1steg~M+wHR+XwMWk$+;oSwNwwC;jCs_hCqy(gae!~^nPq2~LYzscP&(&3KXkH)IjghT0 zOz_RiyCdb5$RJ`{_+8X{lBGX0TbXeXar>~esIKQ_cHer7zMrlzw1nP>A2SA=0@!JY znKmckfx%7B)Sw_j)?Q*D;qM1R)3)i*@ExWRq7@vl^G(;cAXYvwI0ztGTuupY(a=Sx zq(Z?oId?E0svRWw{&4C}9!dd05U!|MjU&)cP*4t#GoVu=cGr@LIA2SkuN$}@)6!Ol z>Oo0GOJBR~7A@ALi5JlWe@RfuB|Va;hi*dTSV>5Z;c_u0U*eUP44Mgh6BX2Z)flx<04Z z`mg4}IKMRr=#&Mo+@K*VF2*+akc|qZ3;Jghc9{yyVhFYZafjbtcEoCWC9m52iWda; z5R>51u4SNeJrx~^O2Bwpc_d~Z?(YBVQ;ACzP@00)siI`257}&$)-j5An{6dvCM+W~ zlb9Usa07)me>q0Kj~1STRzny#WNe%aQRYS~U8?4Rm;B0VQAO<4ShQ-#!Vgo$vPr1o z?H`4q>wY^B1)dL|p$Ln&lH;`4u>hTYxCn?1vR?sf;69I4zDie@spBfFbV=!Vt@n?1%0kO{q^uqoeuNQm?iMjb7`OC#cb;|66 z4S9>&-50Ckx)SdxKhLJY$|lf;Nj~iz1&#q!*0FQeQA*_%!mxM2Unl5P*v0f13%nGM zBmJ&r9b8*03BB*b-!7Y*8+oOGld)f(zffMm!uaRPS2En<+FHFO1-oXXIrYuslXtD( z4GxYIyXKgeYjCMyaMZ2hcrqYd|M{awOE(W5nl*Jo`j;aYt+5^Ny}GBLCgTvm^T?oi zV_*gg>|@h6-iw`r00I1ARFsbe|DUn3w+rrE+`Rm-`vFk}1&qHij==!{C&;o*;hW2j zznw-d4=5$c`ocUvA}>uJu}pFC(fNcZf$M?mH+G>>diG%33QK}W#tXM#qY~TLZEDUZ zvdSeF<}T;zi}Kj4w zmpT+5ctj8*{esg%l*-hs{fJpl{{`-+qFyrdkMbFDsj0?ZUS1PoOK!}N=cX*jv?M7~Hp>PiW9inGJZd|~|DOlFg>Bg=%&>3`(`yQm+?8|zAr}yX2(IioQyGY%p zlC!h(p211hX=HT&oP5YNR)--7w_y5ZL5)L-H^%M+APv;fUi)cBJBzp4*+?`24IB3BYm&gf#Pj!0YF^lW`rljtda=+M(Xq?*dKQ^% zTY^G@f*Ty(2L<#D4C$vscRoDnV=>{X!^o(|hjbV@ob(SuGuj30Sak&j0nnC$s7zQy zWQpz)Wh50OFRZNfX`uAG_x-ZbRt91Lfjq4ea{}V#7`-1!nL109Pn=v(@_4`Lk#!q+y3Vr7|#Ll_TR4w$2q%Q z|9QvN~vK$2@>(BvhdkWQ0ZB=ecsd?!e!>5h5qr5t2!t z?@Oh&Vlya`$im(4NCQ5F>w2JBWAx&FuBk`Z2JU~1i# z_!X~sY>oZB@{OGxb8B-$SNlS*80<^0EnR;qcTs4x7@Ae!_;7IB=4E3=6Ll3YaWGx3 zD|r2Pb`vI?_6^!8DEyCio-)-Aki8~>ZbkHSdP$<~akT%#YFlJpSH=EMoHS=@F80u;HNgL#^(cM-#J^NmM&>?I6k4A@ zKN=8J&o25c>*_P?y638%S@5Gb>xUVi3PP6e_J1nSYC(jNCV1h^Ep_mwKesU-)rxs% zGm4LU54Z8EuS|#`pWIdYulPYk>WoX0U{;iF5@+@uUg$3yeZP5kGu!Ts)k$>XntMu^ zPM_l-BFuF>HrFAFBX{dWa@wvy8se01|q{9`OnF~D@T4lW*d2Yl|Cn>x{h2!=<8w5Lg_-) zY_Ua>Y|3ZV1`M*fm146wVanK_8aTt7?krr zxJX%Fx0I)LFEGO3;=X0hpPUF5<`*F~#7VNuS?@XGL*Oh46&9up6{aE!MyX{SFs zB_=Q(Uv@f7Kh#Grn+Yeg#{T#@K77Blh;o94Gse&J=6aW%u@2UmL@0pw=s z67acK*_o?V|2-sx@spP0O?K)pQ6$!*>{K>vG{DpkD)c|cbsOhn?iNya@J1@?{gd@6 z>CdT61x>q>)8Y({Kkut5Fw~hzec3#6Kp;z4Nb$gZ&00JIQ`w?%vyDXZC|pa;#rLW@ zM?>kx50QG}lStH;B{NC&&1CM+kvDtW*mcp|+Y=V?IkpDT*wbO_AJ#d#kxC5SNS1%^ z(I%1(zq7XfR=~&aoM6u<*URte@$y_s#Dd#@J}VpRShoV^5ZWKAN2?mCDaD#3(9KSy zy2xccz{h+I-|I@D4-N=RN=j5D$yPvbswpr`utG4FP*6;ZwWten9jj$4_8M@=k@uCb zcgF6XC}U=AZSuf?FetV>&Qh8)5Kd+*qbtyP0W0viHPEeYXJ8ZpJ?c=oTQp4ki)7_C zzIKxRrcIzE0jR7uHW-NQdd9`fxRuAn3m8;m+k6n#eMiz^y?Eq=ACz2p^lMs{>BcA5 zPuJ`!y}dsmd2%VhkU5bP3!QVke-~GqcVTSehpsu2A>q0OVHDsx0hP0cs#Yi9|tdtsJjLpOGI&H4BhC8gN(%OWNyT5ci*UKXu;01N@g zfeY$!vr5=<6&E+p*8V~&RDCq08F0{;TeM6y6I&sj*hR30MTorKRcxJ*nCONMtIu9gss#z+ScLm;2EXRMPO8{$WyoK{~XsCnb^hauOX{p?`)Pr{&VLK z7a1%dg(yq6Q0NP8R^m@DJh}f~RI=I3V zJ7|vpD5DXw{3&f--T31>L|A}ihtE-@VY&l`FmP_yK7)aVf0Mn22Fd*%Aa{wm?A$OlHG^uPF{qH# zPBW)0K!*+pT2BW{A6*AEW(#Y}&lwrfQO4=We_aM}0Yeqa6T3g=_zyEfLqa|h_+O)q zrNyx)y$IsLU7W!_11Evl0LrWD%r>HVX`snp%GAv*emq5gWMtI!xQPJTIBcX2{?aKb zk8?yliF(WiosF5fC5bQ>0n5fWE{&`lz6=cp$Ce-pxg7=XhGTAFa|3#A59gb&qcMeC zidjBq=h!R>_Dp;fyB^hL8lUtXiytKGB?IvTq%2rK6QJ|$ThUZ3ug=Ze@1)MFC)tB! z&w#2F4w`{4|4|DKdHfEBKfrFBdW_$Ni{9Pz6mYO_e61Kb zsY-?$^@EL?dUr>ugi9bq1EGrX&3H3qPv7;N$rmigC=+WrY=cgrtn82 zX_7sgER>-wm!trW^#kp$lEQT;xB-F;9KajV%8=K|6#dm0h*i#jj*H2iJ#MHZE^~4B zXwHKHA!iaNfMECicVNJStMm=8->~gabt|IP9;Wc_GVO7JC_DqIa*z*aW zeg+|drVZxPt*Kx+RwKoNb@cp0Wx13Z@JY~=O%)0f$f0uSa!r(1u3RyL4HyoZu3S%2Zvbt|s4K@{0E z1sb8-=&G%&G!O>1zh=HN4p||T?_qzT61=8!@U-HNZ__f7?&H?2t2&0wV#JE$xnK{q z-}+d$w$7`*Bkr^$XjoKSrMus6s7;%{3`AyoNpds>Rk`_Awn2-lt*Hr@12hDRiWVFA z_!Ch8L!g$H{u3#Sv7PNcY}HR~sUgz4YsCjjvKe5dzP|UKFA9QC9wW_GWqub-=!`Mx z{W&BjjM>G0MUl~OBy_JedmA)&s}QK)ExY6K-2Aql~K zfFz>2<^Y6xuWZJdmb&iou}^wp7iES=OOu34kkv4*|I7Ld&umVBez04>=9a=&26jmb z(mwd_>5GQqZ+Nj6@bR!gxb|M0*XG#sn{i#H&~N~?9PlgO*ZfhcJb!R90SM$8yH}1pFEXMb3FYkbWBsPYibZb0|$O6jCoyTh&L!&s_ zzq`%c1t@!HbTrpsbwP4=IZSSK1@eSDLK4X%wep1p8B z)xyC_TjNGtiA`d8xiF-Ap~8X`g*I>U!I`nvF+iI`^npF5QRLdY^+Xw>uWI({O(_m0 zvGD{SOOh?WV?H8MCfg7>zGy4vG@kY|iJnh1ZI9;Y|6QxCB`7HP>*vqM zW@dCre8&asRMji&&Oa6$qD@jo%9*Y*3O73F=!nC4DRjnUV`Ff;cx;&V2-+6rq>rRef%xz^ZSv_&iJ^csBi3HRk-Jq-S}K;!LM4P? z1KNwq-DG5EBu$i>YGS82PpDMy;0yU!LtC*m_1e>=+?Drt3$rb3@}DOd==bb;>Y`0t zTw+`FajOM6bJh=C>mrtEbB)3cNRK3_|3xRdAJl1TxAAiOt5{qvQ4%P-B6WpmWf_s{ zPN5W-YUd}_#eeTAt(IY;8bxk#(!S+rfBRwGKtQ0$+_s3I@UNlYEk(Zf0KuuQeoa;V znm=CAWH<}LuXj-Je=$13*_X3!u`Q(5EUhZJbU43|qf7F)ikYB2?Qhlh6iu<%&MqvJ zAwhCx#f?sSzZM;jXCFb%GIpr_^Y@rM7H~rxrzLNPNp#**x7(fwmc8beMltm??y1E_ zFl<#m`kVmnXu~v6Y?f!@Bv%spHC4_lQ)F4kOTaZZxT1Q&tQ$X-)wJ*;_1?1!oAT(J zEY~q*^B$OgRc;xpdvi|0|0Y3SQ;=Q?^;n-!S#zrHvPYM;I#L&B;a#!dXrGDtMK71*nUq2fQIUJ1k4Y*Fp zIz^oJ^s5?5eV3P>je<{!Wv=z#&%#efF@u4mWxiTMA)MSRho%qTb#9?oXbzSb@-OU? zsm^JM7ckB~ySUfw+lZds*5ur}~RUon@^B zgf8rhc!PO_UUMd%n2eJI$Bo^&8RH^e#Zskuzd4+mlHA1nd}buFI9?D!S!gf0o1Bw^ zXAlV!vxP(w8()r$m|Iw6i@9|3&vS314t2%I6-`q2nI`@1aHS@8HzicvmMXn&;Rr_i zq-Y}akAn`mv2p(L+17rEL{2n2U85)a+28lbMTKQp@y#m-^xGWmn=83AWP!37?|BtP z8MCFr<-lu@j|r}K$#aUl?+>lYMs7-Mq`YwIlRq9jw^yfmfvr10zU8GX>5gQ5Rl@P; z*NIt7{+2tpytsiR;ao$(m9aPr)AD`yrzWYImZZAc28;CZ`x&W~39A|t)B#V(auZcYw9?;Mcg@ePWIDI5;#9fHwQS&LL|=36aG{qIEYJ>?s6g_ z#4Rl?hY6_dw}s|UzrKtGdp4HDYm*%2M4|8y@4ji5e{&Y=!tK7x z)lh6>oqI)8gDB*dWH}e^xlw#%BZY>-`ON1=s<}S|l98cy0g^pcW}Z$+Ceb zRlZ<6N?WJ5=2-98r(4A7iV`!%`vK~HWx_Y9ipa1C!bhQIik*jti zB+$fzouZTrvKuU!gPn$pC@{ukr-+gL`5}FM>DEX?ag9IiUYYcxek=Qo&H@@-_x$V? zgkFVU?ZJz#g=D)F-F@vAkx}8W0jBd{2az0dSa5)P_HeFKh8q8%E@FK+^NAL~ZiU1{ z^Yi^<-6LwZLxx;tNHRk&f6P_tcEpe)RP_#C)c)X-uF!Q$PejpmHC|FL>+6g_X+M=R zlV4D9BkW(_&0F(vl0KC`M9O61|9%^!TkW$iHqxH;Pe82#d5bG&w*eFJ-e7km_mbw!cXpb8T;~V33$3Y12ZDU&ya>9C4ENowq>y(GHHUBHCJkxt zeM}5VT#_8z-q_sKrN)U#+>I${&Nm~(-$Y%E9nichRX5yJXRLnk=PK462;RbCFHM~H z6cD}Ow0;EVA5Ly&uVMV%56VQ{>Z=rm}Xwe#?|gn>vRI**qL zU*hfq?3z93u6&lDRbA`w_*ufPY#`NK>{j8R8p{UL7xsT1Y2hfJG(l=KCRV$>ncJbWPjh}eJW*OX&S?FppSB2(r_K>$A290*>HYeO zoKRBnrWWbuMv?A$uC7^o9<6elo|Wg@2CEn=mO)Mfg|0#M2}MDamuE?`e7*0-{NcL# z(Jt^91;5X>>ibaATVzhJIYw_LK))?%KNo(?Ky9~R@AELqBmtsi{1aK7Nz z@9k@9`|P}*4#50LW1B@)xwO`H(f_!$^a@8`18d$x7sJ;jU> z&GU}1uRAsQ1+@5m6^0gm`!a1`+)ej`bvcy2YMtaGSGkpP0|ID2ZKy!%dyyP)4TrCQ z$J|Y3hnA#^!9W3m^WUXYHmPw)8=UyZO56j zO49vL>ZG8P`}hDY zy3mu7URfCr2#wA17CUSPi6XA^;)Wn&U}0r7g9^hkGGMaKb{ND+9n>$k8O8G>9z2+R z3ehY`sn?w}5@G3{z#<|6;=zwsRPC>q=;&a5%%ENG*T6s<%&79-Y4`5tl{yGn1{y_4 zNxHleJfCF%tKYxx54Hg&0+S5cpx3^r z@<;aykW)wpotDqaJRFZNVKLYLJb1t7l|4|%;Q#M`v;Ke7oc@0*ZT;VmIm4M?AHw5* zTMztS-Za0n4N&c4(#v#_e}p1KgfUZ+=945n+bbO{t?jTdz`+|ak1Kgd+D+PD$NiWe z>K31sC^)N{fp2?=&G64R<0kl@dw7KvnU@zYqN77^5%QDaVjsgr$_qnp&OJzZpR`Qn zqASc4T&C-r`-3LdC29=)YWNn-<}y?)u@9Bxe#FZ66Jff@`@DwQf<)Fm6@pu_?e2R< znjA`vI58ijBh8w&ky3A0w@z)WFZl?_NF_{ zDM*YAB7QciL40$IjKDgqz@_|k@tw|$0os#@XeZiYg24aSJNiB0d4S`aZlm7mTG|+u z-jO%H>XS$FbT&S0M7X(^ICdn#EjKT^FfUaBycBHWCueTzT-Rr5#%YFRo0^edkADxC zD9yT271<~Y%k9^$T_n72^#8p3S{!(W^V+lp6@r@@Is*Q^_5kI%T`UdutLY!_PP9Rl z67}E4o?JjR!)75D%R+26^&j1qoT7+n!>4uQ(U$RNn$$_Q`4@11y9A49%FW)wR#k!_ z%NOmXNV`MvHT4E7I?{&#FOv8IBv{xxveo^!;5DV#Z`_#Hr)=Ns@6C$Q6><@>8ht)@ z{OznrEphw6N*5}V4Cds4f;he%h@Nt;s^)vFq^oBik#hN1h=(;e!9+X2=KLu5q%DaO zpEenvg%`i2ad4<_JdwMn=HsRDUw?by4+nT=uJcVs#DP~S1haz{d}n0RaPoEZgs%{c z2EFX<7Js8(YD__T&-nT){&}H&uVbouvC*KX^s@Il=DM9zXuJ3e3XsauC>y|r;ZCTg zWAm}WTfsiD<9>rY4I6v`*C`?zQ4IE&yIkBFv8M+WpVIM6GpCm3mj0#BJ`g7~>uEAL zw%V&d<&8@Xv@Z7wozQ(mr0YuEljNUzbiEt(n|E_oP`D}e^hV1JD9rZ#!B%!5pcOjH za9fK%RT2OX-q4Wv`K`Sp0ejM)y(9%m!96_RkHp5RjZ>)K#TnjU9Iwwm`>-^=(z1BV zT8{qG{);kfxF{3_vNPRKhgMK1UcM!()&^@Rlx~)1hrYbR`I>*ENuHN8*AolvY*2!! z*6Ti+efCIvo*E<0R)@+1p|fuS--Yf!FL=bETZ8Z6VZVPqE}sAR>$w%{X4`H-|J60$ zOw*2qUCCNjsyoX|fBDoMT3J`t5;EiB9i1x8{k1dmm{^VMC5IGbxCpbqEI!IlZ&thY zA|{*F$~pjbVdx#p7)z>6qGdsfen~`($w5`vdP9%0Q)SyjYTNRPMAGk{@j?SEaFg?g z+n*A@c#)Px#QF>&@xg;))b|yDf0dmpvtLQnJSQ02wYs@Ze{NT1Zt>F!6dXTeHcQnR z{Zw|z?;iD}v!jp6ePQEr%3Lu*UmvlDwVwS_80VQxbhANLZL``1TD=maF<#4bVWsWC zdutp2d>(UiK~F_fL}3}p;_v3e*%Gckvf2W4%|hd+?1xHhhKRlzeZKYAY%j-W=1qx% zx@%^ct*zq*_0|UY=miT3@=%P2$Z`Cka?W#Swy5uTww`UpimnI;8n2`4)FU77Hxwr` zefPRhRjovipcoDEy+?gB#T$js7f+_B9Cw1rWLJ7>tj&jH4VMak+?99^x-YtdeT6x;{hdlmw86yj1C_kjt0)a;AET7-mEco2m!AB zQNVCJg7?0Hz!!l`(ygUS^z|lwY+Zi&wyxVwu7^y0TqCy{9J6^FMnzCo=cxHFTx`x3 z;1ed)%3QDPN=cZ zna>n6tv`xgl8U`8Q@_bg9U~U*rc}wrUh5H1vd~@k3h{HC@VLF(>UbeF;nRBA`Hi** z7%%M@vDCV~-!%nAc;g~`jejR8kcZXwFY&K@X1A{OW;vNNo8J}(n^qWsSRDICeD_Ig1*a-R_4G@$yZ%u~RH37pbZbZ=dht>cS6OuOZKt+}l0v!GFY? z8a&7wx3OS$N^n3lnY`QW?!6UJSZA48yDzjizaD3b&i+VpX~GR1@M5OIa4RL--eZRK zsK-UoY516=WYrjt{rBMtHT8=N7vn#zEKm3a5>USs5^fq@PcXzRUBW=Ub81^;^4Ko! z>iR*y|81sV6^U^v|LlR~HQ`Iir-!Ge<59cg!6LlzyS7Vp*(24iKUUE5K_uSXU1T)S zE=}S3_@_>8Ez`rhihPGNEb-e~5U>Nf=Y^AwVK-66xkqVO1 z1>GKpQQm_6VR-jVCljO(RQIx28mIll%Ds0M-YYh$cv;J~HD1G9ffYxL=jF?KOC#4^ zjLeCpj-$m2fM~kR%;=YwcTh`lwj^}ex&$mqkmAi?6Ti4%p$W&Z$pIBElEBHbK_vlH z_MvIOlp>+vQ4B z!b(YWbd#Da@tM`WpGa^#JQ@pzgJ1m$u$~*NskHDbjxx4iiLAiRH`X6a9%V1RO`~{YV%e@C?-y~Om6hr6pYOxY2KD=~Lw_nb@7`6U7#bm! zK0(jNEg&-ecoT*0O-{ZaM!&nT*XzwcIx!;H{`o1N(aL0DHjt=LRuUdP0rf6zDB<*H z2(MInH&^xCGpAicaptn$uKO<}uC$lezbN@(_*0O3Z7pwSL33c#%rC*AWbiXy7$(!Z zq0X3Zz?yUCAR>Oh42^oF_*Z?jed1n~NB3Q4XG5FRVe!8|FBFrg$il#P zxUqKFzg9_4$>e zC%gucr#JT*zZE3%6-wAEs!}IO8Ou(E#pd+gzoz<*hn98mOJwJ`Qa3NFsU?5X$ZJ3MCswdbX)&DF=+mglR zHd}n*#++s@iH}2 zOm**5?bn{0%zZDSZg<>1>2lg2_^#HYo$MbFvriW9DnuI_Xt?=A80x7fn?w^bki?lb z8=FlYlPd-e_jmD$+vM!>c%lSLxG~5Eew43OG!c()g3qrBmaj}L7(<(WGU4Z=Dk&!M z-uZ`dIUIE3ifsSC}0XcwnqD-ApCQ>p$mawRbPC<%d7l>DpFA{I2t&Zd+~3#f*$9 zMQaq9%f_jiDfa!cn%P)v@Ao=|%lc=stKRaGeQ$A5DB5nW_cg;6CDoxG)?_ zugk7H^CgUyXQ7LU8H3a*Sx|U$MV$>{TwLny3*o(HvJC^ms)1#(g7=iTvv4YGo5)of z_6HT|OG;n)fmoFQ3y+y9 z5@vLgfA1ZEPpz|(eE}j=*+C9bx$%c=<|D$^`H_~YaPbP9PWtY#YzjbSC7xEVP;R^`sMUn?eXC$GYZg z5qhpk^Nrii5NgL<&Jc^*KOL>EX31XT_nAQ#@~$vgSJaf!_zRDJx@4teUBj0bs@cZC zTl4$$!ReerXD+I zbdOB&{=8VdLEYf77l<`e7Mu!B*VfPZ-kcd2MDVt=)Fp86r+V=23Q0JxghjoJwVPdV zKYrWVULSdC%g&CGl-fS7u8?{Zgwn~SO!cPSJW%0h)US^@B&>71n=XihQRUvtG)m}ExM}I~u0YPa&M~|7XO4F-UokV?3K(yGv^8S3uoW|UI~L<{dYB%vUpbb# zVJ3}^`)xi;F&4WkX)TOdR#JIXb0nW4BYr26($a?e{)j8tF()cIB#dP~57f2AuIpdt zUvav-zs+3wXtG%!(>yZPeeSaL48bAGH=~SqNp*Q zilWG<1j>C$O%2wb6S3*&KFTbEcdk>v|J-W+@wRFAd_E3NL&}{y-iDhZGpYDP+_dZ* z(}QTHcY&Ld8_ZdsJAU#rn(B(V^1U?W;n?HR?+C4D7_8Si{ry}Sbic)Xg&5}@2fucY z-j9vpPtiLOoIX0d?C~(2Ot#r*Jk#y3eOq~=$aRevfw(+jjIk|`@i=Pk=hGULw5ccFMA%9 zp}d?^&kJkXq7;8RTa#Isqi_bwxD$tooGA~XcQ{x)6wj6IWvI*6I1rnWZe_Ng7iVuprxs>L1G}@W#Ut(JEmA-Bf8?*BF?N$}776 z3J1rB!`2EhQ}OP4yRt+l60aeAW94Mg74z@>Cj8tC_F?*~$%16G8wWLdRves-GHt!O z5!V2vk2vt~`SXw%-?{9W`h)75#-jXVWa7hLb3RLQeRlnsHxA26&4G_w{X$#4XpBWp zMc0QZ?`;Uf@jb_50|Fc$o9k!KJ1XP% zv-`qOvbsLW)}lGnzchG-&-XIp;FO0^5U*I)_TD@xt)uKZzV|WO6W54?Gney4GwZm% z-2((4qc=Sc&RznsZ$rL@hPv+R_Do*c=#LXdCS=W=#%w@j`p-bJ`Gv5}8x6usA5C<}R@zt+mW!mg6xZNSg%cQ0@f&RaJJHRL51rpnf4|` zU^(ym$Z{)hsu*LvsQb-}N-C|t>mDi!Z{fK*Mh9z(lvNq;YX?h<_CI>!k+Wn(|Wm3GKLd3ub21qll6j1>g3ssxd_)ENx{c zSMwb`UYpilTAvtx6Mb^^;Cj6!EQzxYtREjG@ye|S>aD9rlnW!tdo>~<{?ycWr0-B- zKwKF69^W4JGN|`*KPpm>>18CFQGV9;lkF-F&I-Nk)xrfe%3hvMbGo^``(Of3b(Aj< zVol)+1@1Zc`H3(<27cgtJ$H=)`_obeR`dTp{lB~|*gJ+Zbp8a--LFCSy6kEh_TNt) LD9h!`8v6YolOhHelp&About` and scroll to the bottom. +You can expand "Access token" to copy it. + +![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) + +**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_matrix_registration_bot_enabled: true +# Token obtained via logging into the bot account (see above) +matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE" + +# Enables registration +matrix_synapse_enable_registration: true + +# Restrict registration to users with a token +matrix_synapse_registration_requires_token: true +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +In this room send `help` and the bot will reply with all options. + +You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). +If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) +or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index c842a870..5233a662 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -151,6 +151,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) +- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) ### Backups diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 91324025..738c71ba 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -987,6 +987,35 @@ matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architectu # ###################################################################### + +###################################################################### +# +# matrix-bot-matrix-registration-bot +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_matrix_registration_bot_enabled: false + +matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_bot_matrix_registration_bot_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + + +###################################################################### +# +# /matrix-bot-matrix-registration-bot +# +###################################################################### + + ###################################################################### # # matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml new file mode 100644 index 00000000..40538478 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -0,0 +1,49 @@ +--- +# matrix-registration-bot creates and manages registration tokens for a matrix server +# See: https://github.com/moan0s/matrix-registration-bot + +matrix_bot_matrix_registration_bot_enabled: true +matrix_bot_matrix_registration_bot_container_image_self_build: false +matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" +matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" + +matrix_bot_matrix_registration_bot_version: latest +matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" +matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" + +matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot" +matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config" +matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data" + +matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" + +# The access token that the bot uses to communicate in Matrix chats +# This does not necessarily need to be a privileged (admin) access token. +matrix_bot_matrix_registration_bot_bot_access_token: '' + +# The access token that the bot uses to call the Matrix API for creating registration tokens. +# This needs to be a privileged (admin) access token. +# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is. +# If necessary, you can define your own other access token here, which might even be for a different Matrix user. +matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}" + +matrix_bot_matrix_registration_bot_logging_level: info +matrix_bot_matrix_registration_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_bot_matrix_registration_bot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_bot_matrix_registration_bot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_bot_matrix_registration_bot_systemd_wanted_services_list: [] + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_matrix_registration_bot_user_password`. +matrix_bot_matrix_registration_bot_matrix_user_id_localpart: "bot.matrix-registration-bot" + +matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}:{{ matrix_domain }}' + +matrix_bot_matrix_registration_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml new file mode 100644 index 00000000..03235b80 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}" + when: matrix_bot_matrix_registration_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml new file mode 100644 index 00000000..c90da6a8 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml new file mode 100644 index 00000000..716d67bc --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +- name: Ensure matrix-registration-bot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} + - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure matrix-registration-bot configuration file created + template: + src: "{{ role_path }}/templates/config/config.yml.j2" + dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure matrix-registration-bot image is pulled + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}" + when: "not matrix_bot_matrix_registration_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-registration-bot repository is present on self-build + git: + repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}" + dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_matrix_registration_bot_git_pull_results + when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + +- name: Ensure matrix-registration-bot image is built + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + source: build + force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" + pull: true + when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + mode: 0644 + register: matrix_bot_matrix_registration_bot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation + service: + daemon_reload: true + when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary + service: + name: "matrix-bot-matrix-registration-bot.service" + state: restarted diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml new file mode 100644 index 00000000..9881592f --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-matrix-registration-bot service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + register: matrix_bot_matrix_registration_bot_service_stat + +- name: Ensure matrix-matrix-registration-bot is stopped + service: + name: matrix-bot-matrix-registration-bot + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + state: absent + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal + service: + daemon_reload: true + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure Matrix matrix-registration-bot paths don't exist + file: + path: "{{ matrix_bot_matrix_registration_bot_base_path }}" + state: absent + +- name: Ensure matrix-registration-bot Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + state: absent diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml new file mode 100644 index 00000000..d5db028d --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_matrix_registration_bot_bot_access_token" + - "matrix_bot_matrix_registration_bot_api_token" diff --git a/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 new file mode 100644 index 00000000..756efb01 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 @@ -0,0 +1,12 @@ +bot: + server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} + username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} + access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }} +api: + # API endpoint of the registration tokens + base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }} + # Access token of an administrator on the server + token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }} +logging: + level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }} + diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 new file mode 100644 index 00000000..ba2a9593 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix registration bot +{% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_matrix_registration_bot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ + --log-driver=none \ + --cap-drop=ALL \ + -e "CONFIG_PATH=/config/config.yml" \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_matrix_registration_bot_config_path }}/env \ + {{ matrix_bot_matrix_registration_bot_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-matrix-registration-bot + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index de86665b..d24c3c99 100755 --- a/setup.yml +++ b/setup.yml @@ -37,6 +37,7 @@ - matrix-bridge-heisenbridge - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot + - matrix-bot-matrix-registration-bot - matrix-bot-honoroit - matrix-bot-go-neb - matrix-bot-mjolnir From e435c55458571ee379a821070bc4877e8103e5eb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 11:10:45 +0300 Subject: [PATCH 241/419] Announce matrix-registration-bot support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1771 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7800da0..a5811c68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-04-21 + +## matrix-registration-bot support + +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moanos/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. + +See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started. + + # 2022-04-19 ## Borg backup support From 27ec1d8bde2711817f78937dc7a38ed0ffeb8bc6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 11:21:29 +0300 Subject: [PATCH 242/419] Fix matrix-registration-bot repository URL --- CHANGELOG.md | 2 +- docs/configuring-playbook-bot-matrix-registration-bot.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5811c68..0fdac2aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## matrix-registration-bot support -Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moanos/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started. diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index 78d0bd0b..b1f65a89 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -1,9 +1,9 @@ # Setting up matrix-registration-bot (optional) -The playbook can install and configure [matrix-registration-bot](https://github.com/moanos/matrix-registration-bot) for you. +The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you. The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server, -where you invite someone by sending them a registration token. They can register as normal but have to provide a valid +where you invite someone by sending them a registration token. They can register as normal but have to provide a valid registration token in a final step of the registration. See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it @@ -26,7 +26,7 @@ Choose a strong password for the bot. You can generate a good password with a co ## Obtaining an admin access token -In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the +In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account (using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom. You can expand "Access token" to copy it. From 12198a147ba6fd5014b97a635ec66e821b2c2449 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Thu, 21 Apr 2022 06:49:07 -0500 Subject: [PATCH 243/419] Update matrix-bot-matrix-registration-bot.service.j2 --- .../systemd/matrix-bot-matrix-registration-bot.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index ba2a9593..e1aa8954 100644 --- a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -25,7 +25,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reg --mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \ --mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_bot_matrix_registration_bot_config_path }}/env \ {{ matrix_bot_matrix_registration_bot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' From 92384360f53cd1a111997deb522dfecc22dca155 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Thu, 21 Apr 2022 06:50:24 -0500 Subject: [PATCH 244/419] Fixed documentation to reflect needed user --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index b1f65a89..c47d5bfd 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -63,7 +63,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. From de3fc61129beef1368d2cd8bfd685ba05028ec21 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Thu, 21 Apr 2022 13:53:01 +0200 Subject: [PATCH 245/419] Updated: mautrix-signal v0.3.0 & signald 0.18.0 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 4e95f1f9..c63874e0 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -8,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.3 -matrix_mautrix_signal_daemon_version: 0.17.0 +matrix_mautrix_signal_version: v0.3.0 +matrix_mautrix_signal_daemon_version: 0.18.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 0b5e4aa784a7d4dc72e5a2b389c5882658f92676 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 15:53:05 +0300 Subject: [PATCH 246/419] Use non-root image for Signald MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1775 Related to https://signald.org/articles/install/docker/#migrating-from-versions-before-0180 > Prior to 0.18.0 the signald container image used the root user, which is not recommended for security reasons. This was fixed in the 0.18.0 release which will start as root, fix permissions on the volume, then drop to the non-root user and start signald. Future images will start as the non-root user, so if you’re upgrading make sure to run 0.18.0 at least once. > A special tag, 0.18.0-non-root, will be published. it starts as the non-root user and does not fix permissions on the volume. --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index c63874e0..e6b9678d 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -18,8 +18,9 @@ matrix_mautrix_signal_daemon_container_image_self_build: false matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" -matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}" -matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" +matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}-non-root" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" From 69f684255cf89ac36c5e33037d30eaade1b4a759 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 15:54:29 +0300 Subject: [PATCH 247/419] Fix Signald git repository to unbreak self-building The maunium fork of Signald is no longer up-to-date (does not publish 0.18.0.. at least not yet) and all the necessary changes are now upstream. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1775 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index e6b9678d..a7532fed 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -15,7 +15,7 @@ matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautr matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" matrix_mautrix_signal_daemon_container_image_self_build: false -matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" +matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" From 380e8656442cd432c8c1eec7a76ebc36ba9bf79e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 22 Apr 2022 07:41:10 +0200 Subject: [PATCH 248/419] Change list of public servers, old as not functional The old link returned a 404 so I thought I throw in joinmatrix.org :) --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index d9c7a586..f2df8698 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -55,7 +55,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee - **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting. -- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. +- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://joinmatrix.org/servers/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. - **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server). From 9e0d969ba47480a6355e47c550d828dca5c45afc Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Fri, 22 Apr 2022 13:56:34 +0300 Subject: [PATCH 249/419] Upgrade Heisenbridge (1.10.1 -> 1.12.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 80b3c95a..96ab3382 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.1 +matrix_heisenbridge_version: 1.12.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From fa108b8ae4a4876e8254c1d432d4491cd0e76685 Mon Sep 17 00:00:00 2001 From: Matthew Cengia Date: Fri, 22 Apr 2022 21:47:30 +1000 Subject: [PATCH 250/419] Bump signald to 0.18.1 According to https://signald.org/articles/install/docker/#migrating-from-versions-before-0180, This release only chowns files if the container is running as root. See also this upstream commit: https://gitlab.com/signald/signald/-/commit/3bb7e8d2c128681473e324f811cff25e0883b88d --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index a7532fed..14a2c35f 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.0 +matrix_mautrix_signal_daemon_version: 0.18.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" @@ -20,7 +20,7 @@ matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }} matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" -matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}-non-root" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" From 68424e68e595e01e68824992062898ec92b26d3f Mon Sep 17 00:00:00 2001 From: Andrea Tartaglia Date: Sat, 23 Apr 2022 11:13:36 +0100 Subject: [PATCH 251/419] feat: make synapse htpasswd file path configurable When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated --- roles/matrix-nginx-proxy/defaults/main.yml | 1 + .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 0aaa53ed..8067b916 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -221,6 +221,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "/nginx-data/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index b15546fe..9a1576d4 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -161,7 +161,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} @@ -177,7 +177,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} From 290754371a8407c8b21044d40678799d2ad6d633 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 23 Apr 2022 16:19:24 +0300 Subject: [PATCH 252/419] add matrix-bot-buscarron --- docs/configuring-dns.md | 3 + docs/configuring-playbook-bot-buscarron.md | 75 +++++++++++++ group_vars/matrix_servers | 42 +++++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-bot-buscarron/defaults/main.yml | 96 ++++++++++++++++ roles/matrix-bot-buscarron/tasks/init.yml | 5 + roles/matrix-bot-buscarron/tasks/main.yml | 23 ++++ .../tasks/setup_install.yml | 100 +++++++++++++++++ .../tasks/setup_uninstall.yml | 36 ++++++ .../tasks/validate_config.yml | 9 ++ roles/matrix-bot-buscarron/templates/env.j2 | 19 ++++ .../systemd/matrix-bot-buscarron.service.j2 | 39 +++++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-bot-buscarron.conf.j2 | 104 ++++++++++++++++++ setup.yml | 1 + 16 files changed, 575 insertions(+) create mode 100644 docs/configuring-playbook-bot-buscarron.md create mode 100644 roles/matrix-bot-buscarron/defaults/main.yml create mode 100644 roles/matrix-bot-buscarron/tasks/init.yml create mode 100644 roles/matrix-bot-buscarron/tasks/main.yml create mode 100644 roles/matrix-bot-buscarron/tasks/setup_install.yml create mode 100644 roles/matrix-bot-buscarron/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-buscarron/tasks/validate_config.yml create mode 100644 roles/matrix-bot-buscarron/templates/env.j2 create mode 100644 roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index c16ab2fc..666f8a63 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -38,6 +38,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `sygnal` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | +| CNAME | `buscarron` | - | - | - | `matrix.` | ## Subdomains setup @@ -60,6 +61,8 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. +The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. + ## `_matrix-identity._tcp` SRV record setup To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md new file mode 100644 index 00000000..3e2a395a --- /dev/null +++ b/docs/configuring-playbook-bot-buscarron.md @@ -0,0 +1,75 @@ +# Setting up Buscarron (optional) + +The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/buscarron) for you. + +It's a bot you can use to setup **your own helpdesk on matrix** +It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room + +## Registering the bot user + +By default, the playbook will set up the bot with a username like this: `@buscarron:DOMAIN`. + +(to use a different username, adjust the `matrix_bot_buscarron_login` variable). + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_buscarron_enabled: true + +# Adjust this to whatever password you chose when registering the bot user +matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT + +# Adjust accepted forms +matrix_bot_buscarron_forms: + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) + +matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically +matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically +``` + +You will also need to add a DNS record so that buscarron can be accessed. +By default buscarron will use https://buscarron.DOMAIN so you will need to create an CNAME record for `buscarron`. +See [Configuring DNS](configuring-dns.md). + +If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain): + +```yaml +matrix_server_fqn_buscarron: "form.{{ matrix_domain }}" +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, invite the `@buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: + +```html +
+ +
+``` + +You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/buscarron). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 738c71ba..225d2913 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1047,6 +1047,37 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [ # ###################################################################### +###################################################################### +# +# matrix-bot-buscarron +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_buscarron_enabled: false + +matrix_bot_buscarron_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" + +###################################################################### +# +# /matrix-bot-buscarron +# +###################################################################### + ###################################################################### # @@ -1472,6 +1503,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}" matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}" matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" +matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" @@ -1556,6 +1588,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-client-cinny.service'] if matrix_client_cinny_enabled else []) + + (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else []) + + (['matrix-client-element.service'] if matrix_client_element_enabled else []) + (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else []) @@ -1587,6 +1621,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else []) + + ([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else []) + + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) @@ -1698,6 +1734,12 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_buscarron_database_name, + 'username': matrix_bot_buscarron_database_username, + 'password': matrix_bot_buscarron_database_password, + }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_registration_database_name, 'username': matrix_registration_database_username, diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 498a6c32..64556378 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -37,6 +37,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}" # This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default). matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}" +# This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default). +matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" + # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml new file mode 100644 index 00000000..ca13bf30 --- /dev/null +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -0,0 +1,96 @@ +--- +# buscarron is a helpdesk bot +# See: https://gitlab.com/etke.cc/buscarron + +matrix_bot_buscarron_enabled: true + +matrix_bot_buscarron_container_image_self_build: false +matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" +matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" + +matrix_bot_buscarron_version: latest +matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" +matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" + +matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron" +matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config" +matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data" +matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store" + +# A list of extra arguments to pass to the container +matrix_bot_buscarron_container_extra_arguments: [] + +# List of systemd services that matrix-bot-buscarron.service depends on +matrix_bot_buscarron_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-buscarron.service wants +matrix_bot_buscarron_systemd_wanted_services_list: [] + + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_bot_buscarron_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_bot_buscarron_database_*` variables +matrix_bot_buscarron_database_engine: 'sqlite' + +matrix_bot_buscarron_sqlite_database_path_local: "{{ matrix_bot_buscarron_data_path }}/bot.db" +matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db" + +matrix_bot_buscarron_database_username: 'buscarron' +matrix_bot_buscarron_database_password: 'some-password' +matrix_bot_buscarron_database_hostname: 'matrix-postgres' +matrix_bot_buscarron_database_port: 5432 +matrix_bot_buscarron_database_name: 'buscarron' + +matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable' + +matrix_bot_buscarron_storage_database: "{{ + { + 'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container, + 'postgres': matrix_bot_buscarron_database_connection_string, + }[matrix_bot_buscarron_database_engine] +}}" + +matrix_bot_buscarron_database_dialect: "{{ + { + 'sqlite': 'sqlite3', + 'postgres': 'postgres', + }[matrix_bot_buscarron_database_engine] +}}" + + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_buscarron_password`. +matrix_bot_buscarron_login: "buscarron" + +# The password that the bot uses to authenticate. +matrix_bot_buscarron_password: '' + +# the homeserver URL, uses internal synapse container address by default +matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" + +# forms configuration +matrix_bot_buscarron_forms: [] + +# Sentry DSN +matrix_bot_buscarron_sentry: + +# Log level +matrix_bot_buscarron_loglevel: INFO + +# spam hosts/domains +matrix_bot_buscarron_spam_hosts: [] + +# spam email addresses +matrix_bot_buscarron_spam_emails: [] + +# Additional environment variables to pass to the buscarron container +# +# Example: +# matrix_bot_buscarron_environment_variables_extension: | +# BUSCARRON_LOGLEVEL=DEBUG +matrix_bot_buscarron_environment_variables_extension: '' diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/matrix-bot-buscarron/tasks/init.yml new file mode 100644 index 00000000..3da32948 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" + when: matrix_bot_buscarron_enabled|bool diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/matrix-bot-buscarron/tasks/main.yml new file mode 100644 index 00000000..63e87dfb --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml new file mode 100644 index 00000000..0ebe7e42 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -0,0 +1,100 @@ +--- +- set_fact: + matrix_bot_buscarron_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + register: matrix_bot_buscarron_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + dst: "{{ matrix_bot_buscarron_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_bot_buscarron_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-bot-buscarron.service'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_bot_buscarron_requires_restart: true + when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_buscarron_database_engine == 'postgres'" + +- name: Ensure buscarron paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_buscarron_config_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure buscarron environment variables file created + template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_bot_buscarron_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure buscarron image is pulled + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" + when: "not matrix_bot_buscarron_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure buscarron repository is present on self-build + git: + repo: "{{ matrix_bot_buscarron_docker_repo }}" + dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_buscarron_git_pull_results + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure buscarron image is built + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: build + force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_buscarron_docker_src_files_path }}" + pull: true + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure matrix-bot-buscarron.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + mode: 0644 + register: matrix_bot_buscarron_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation + service: + daemon_reload: true + when: "matrix_bot_buscarron_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-buscarron.service restarted, if necessary + service: + name: "matrix-bot-buscarron.service" + state: restarted + when: "matrix_bot_buscarron_requires_restart|bool" diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml new file mode 100644 index 00000000..cc70e79a --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-buscarron service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + register: matrix_bot_buscarron_service_stat + +- name: Ensure matrix-buscarron is stopped + service: + name: matrix-bot-buscarron + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-buscarron.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + state: absent + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal + service: + daemon_reload: true + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure Matrix buscarron paths don't exist + file: + path: "{{ matrix_bot_buscarron_base_path }}" + state: absent + +- name: Ensure buscarron Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/matrix-bot-buscarron/tasks/validate_config.yml new file mode 100644 index 00000000..5a517d39 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_buscarron_password" diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 new file mode 100644 index 00000000..c833f27b --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -0,0 +1,19 @@ +BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }} +BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }} +BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }} +BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} +BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} +BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} +BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} +BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +{% set forms = [] %} +{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} +BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} +BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} +BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +{% endfor %} +BUSCARRON_LIST={{ forms|join(" ") }} + +{{ matrix_bot_buscarron_environment_variables_extension }} diff --git a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 new file mode 100644 index 00000000..fd6d0310 --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -0,0 +1,39 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix web forms bot +{% for service in matrix_bot_buscarron_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_buscarron_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_buscarron_config_path }}/env \ + --mount type=bind,src={{ matrix_bot_buscarron_data_path }},dst=/data \ + {% for arg in matrix_bot_buscarron_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_buscarron_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-buscarron + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 0aaa53ed..ed8a8817 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -159,6 +159,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}" matrix_nginx_proxy_proxy_cinny_enabled: false matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}" +# Controls whether proxying the buscarron domain should be done. +matrix_nginx_proxy_proxy_buscarron_enabled: false +matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}" + # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" @@ -303,6 +307,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf). matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf). +matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 30001dd2..a559e109 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -110,6 +110,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_cinny_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_buscarron_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for dimension domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" @@ -259,6 +266,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 new file mode 100644 index 00000000..0ce1473b --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 @@ -0,0 +1,104 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header Content-Security-Policy "frame-ancestors 'none'"; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-buscarron:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/setup.yml b/setup.yml index d24c3c99..ce36d1ce 100755 --- a/setup.yml +++ b/setup.yml @@ -38,6 +38,7 @@ - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-matrix-registration-bot + - matrix-bot-buscarron - matrix-bot-honoroit - matrix-bot-go-neb - matrix-bot-mjolnir From 5ae93fbf2bc5c2288ede6f338c9f404dd3035cf5 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 23 Apr 2022 17:11:24 +0300 Subject: [PATCH 253/419] add buscarron to the readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 631dc297..26f10940 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation +- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. From b720b15de64d5e12e2543cb9d57e710c4236148d Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 24 Apr 2022 09:50:23 +0300 Subject: [PATCH 254/419] buscarron v1.0.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index ca13bf30..6322144e 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: latest +matrix_bot_buscarron_version: v1.0.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" From 2d21a70b3e9f835c94080f0298cec68c56956c3d Mon Sep 17 00:00:00 2001 From: Sekki21956 Date: Mon, 25 Apr 2022 02:05:13 +0200 Subject: [PATCH 255/419] Update path to signald Dockerfile --- roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index c7202f05..06f77348 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -70,7 +70,7 @@ force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: Containerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" From c83c70ac35687cb620c3c23656c62bdfd8ac7a9f Mon Sep 17 00:00:00 2001 From: Matthew Cengia Date: Mon, 25 Apr 2022 10:21:48 +1000 Subject: [PATCH 256/419] Don't self-build signald image on arm64, as upstream image exists --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 738c71ba..bcd26b99 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != ['amd64', 'arm64'] }}" ###################################################################### # From 47e5bab784339b416f67b5a5d5a006c1df9a289a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 09:22:01 +0300 Subject: [PATCH 257/419] Fix self-building if condition --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bcd26b99..d4256734 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != ['amd64', 'arm64'] }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # From c92af9fe894d466e9b02e1279ecda9f7161b1a60 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 25 Apr 2022 09:40:49 +0300 Subject: [PATCH 258/419] matrix-bot-buscarron: feedback --- docs/configuring-playbook-bot-buscarron.md | 14 +++++++------- roles/matrix-bot-buscarron/defaults/main.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 3e2a395a..5a2c327d 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -7,7 +7,7 @@ It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matri ## Registering the bot user -By default, the playbook will set up the bot with a username like this: `@buscarron:DOMAIN`. +By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`. (to use a different username, adjust the `matrix_bot_buscarron_login` variable). @@ -32,11 +32,11 @@ matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT # Adjust accepted forms matrix_bot_buscarron_forms: - - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact - room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted - redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission - ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m - extensions: [] # (optional) list of form extensions (not used yet) + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically @@ -64,7 +64,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, invite the `@buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: +To use the bot, invite the `@bot.buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: ```html
diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 6322144e..96e8ef91 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -65,7 +65,7 @@ matrix_bot_buscarron_database_dialect: "{{ # The bot's username. This user needs to be created manually beforehand. # Also see `matrix_bot_buscarron_password`. -matrix_bot_buscarron_login: "buscarron" +matrix_bot_buscarron_login: "bot.buscarron" # The password that the bot uses to authenticate. matrix_bot_buscarron_password: '' From 4a0b8397680119432287c175dad68f479324cb82 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 09:42:36 +0300 Subject: [PATCH 259/419] Automatically do the right thing with regards to Synapse Metrics htpasswd .. regardless of whether matrix-nginx-proxy runs in a container or not --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8067b916..3c68e775 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -221,7 +221,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "/nginx-data/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From 2f33b330ff58d676e5db5081a60d6a3fadcf56c6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 10:29:09 +0300 Subject: [PATCH 260/419] Announce Buscarron bot support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fdac2aa..03ce5c7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-04-25 + +## buscarron bot support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [the Buscarron bot](https://gitlab.com/etke.cc/buscarron). It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room + +See our [Setting up Buscarron](docs/configuring-playbook-bot-buscarron.md) documentation to get started. + + # 2022-04-21 ## matrix-registration-bot support From 1163e9880fda08bb55d46e6b388c35efb0c4fc75 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 10:37:35 +0300 Subject: [PATCH 261/419] Link to Buscarron bot from configuring docs page Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782 --- docs/configuring-playbook.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 5233a662..16a7aeeb 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -145,13 +145,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) +- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) -- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) +- [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional) + ### Backups From 4d08e935a2f235f36f261a54aa5233e77848a70e Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 25 Apr 2022 12:36:27 +0300 Subject: [PATCH 262/419] matrix-bot-buscarron: fix username in docs --- docs/configuring-playbook-bot-buscarron.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 5a2c327d..3a5822ab 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -14,7 +14,7 @@ By default, the playbook will set up the bot with a username like this: `@bot.bu You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): ``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. From cbb924dec7d54f738077b45b749add2135a13155 Mon Sep 17 00:00:00 2001 From: Devin Dooley Date: Mon, 25 Apr 2022 19:17:40 -0700 Subject: [PATCH 263/419] Support ansible vault strings for homeserver secret key --- group_vars/matrix_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 24ecc5f2..67a9339a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -533,14 +533,14 @@ matrix_mautrix_twitter_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_twitter_appservice_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}" +matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}" -matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}" +matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}" matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # @@ -2357,9 +2357,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}" -matrix_dendrite_registration_shared_secret: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}" +matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}" -matrix_dendrite_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.db') | to_uuid }}" +matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. From e41fcf27464f7175e6b43b093d4115cd24ee2243 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Apr 2022 15:44:02 +0300 Subject: [PATCH 264/419] Fix file name (vars.yaml -> vars.yml) to prevent confusion --- docs/alternative-architectures.md | 4 ++-- roles/matrix-dendrite/defaults/main.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index a6c2a02a..c8097b60 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -2,7 +2,7 @@ As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. -To that end add the following variable to your `vars.yaml` file: +To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)): ```yaml matrix_architecture: @@ -13,7 +13,7 @@ Currently supported architectures are the following: - `arm64` - `arm32` -so for the Raspberry Pi, the following should be in your `vars.yaml` file: +so for the Raspberry Pi, the following should be in your `vars.yml` file: ```yaml matrix_architecture: "arm32" diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 7f2e629a..f3876875 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -61,7 +61,7 @@ matrix_dendrite_systemd_wanted_services_list: [] # Specifies which template files to use when configuring Dendrite. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 44b82e95..db61cb72 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -74,7 +74,7 @@ matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars//homeserver.yaml.j2" matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" From 4f1f3555f2c5f54658da9419e3733a72957f8671 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Apr 2022 16:10:36 +0000 Subject: [PATCH 265/419] Update element 1.10.10 -> 1.10.11 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 205f3480..e4545875 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.10 +matrix_client_element_version: v1.10.11 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 1ee118bd49e87181640991bc2e528bc6871f9e21 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Apr 2022 17:48:28 +0000 Subject: [PATCH 266/419] matrix-change-user-admin-status: do not allocate tty --- .../templates/usr-local-bin/matrix-change-user-admin-status.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 index 6c3082ef..f378a10f 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -9,7 +9,7 @@ if [ $# -ne 2 ]; then fi docker run \ - -it \ + -i \ --rm \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ From 7776c2e0bb8e216fa0b733768a2555a331d2491a Mon Sep 17 00:00:00 2001 From: Brandon Kraft Date: Mon, 2 May 2022 12:37:56 -0500 Subject: [PATCH 267/419] Upgrade to Grafana 8.5.1 https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-1/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-0/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-7/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-6/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-5/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-4/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-3/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-2/ --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 0ee7a86a..ee184e1d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.4.1 +matrix_grafana_version: 8.5.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 7adc167412b95917ff04012ff5a01577211ef41c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 May 2022 08:10:16 +0300 Subject: [PATCH 268/419] Fail if trying to use Jitsi on an architecture other than amd64 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1797 --- roles/matrix-jitsi/tasks/init.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index efab8745..c4ed61a6 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -3,3 +3,8 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool + +- name: Fail if on an unsupported architecture + fail: + msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" + when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' From 03674e1a36e8a7591a506333038ff4ec5b341b2c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 May 2022 14:32:32 +0300 Subject: [PATCH 269/419] Upgrade Synapse (1.57.1 -> 1.58.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index db61cb72..77694dba 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.57.1 +matrix_synapse_version: v1.58.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 1439be2743cfb0659aeb506b83aa2f91606125a4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 4 May 2022 11:10:00 +0300 Subject: [PATCH 270/419] Upgrade matrix-appservice-irc (0.33 -> 0.34) Related to https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 5dfe3623..d0843836 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.33.0 +matrix_appservice_irc_version: release-0.34.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 549e4418b9d107e9b7a0c4dd1873bd7ab5d88168 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 May 2022 08:56:06 +0200 Subject: [PATCH 271/419] Upgrade Synapse (1.58.0 -> 1.58.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 77694dba..ad1d863f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.58.0 +matrix_synapse_version: v1.58.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 058fedff9124ee3bcfdcf2c6d67d26555e968a83 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 May 2022 09:02:24 +0200 Subject: [PATCH 272/419] Fix "endpoint seems conditional" determination in workers-doc-to-yaml.awk" This prevented us from keeping our workers reverse-proxying definitions updated since Synapse v1.54.0. The last `workers.md` file we could parse is at commit 02632b3504ad4512c5f5a4f859b3fe326b19c788. Parsing regressed at commit c56bfb08bc071368db23f3b1c593724eb4f205f0, because the introduction message for `synapse.app.generic_worker` said "If": > If a worker is set up to handle a.. .. which made the AWK script think that definitions below were conditional (which they're not in this case). This patch fixes up the regex for determining if a line is conditional or not, so that it doesn't trip up. Hopefully, it doesn't miss something important. --- .../files/workers-doc-to-yaml.awk | 2 +- roles/matrix-synapse/vars/workers.yml | 155 ++++++++++++++---- 2 files changed, 122 insertions(+), 35 deletions(-) diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.awk b/roles/matrix-synapse/files/workers-doc-to-yaml.awk index ca58b486..5b99d396 100755 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.awk +++ b/roles/matrix-synapse/files/workers-doc-to-yaml.awk @@ -120,7 +120,7 @@ enable_parsing { worker_stanza_append(" # " line linefeed) # and take note of words hinting at additional conditions to be met - if (line ~ /(^| )[Ii]f |(^| )[Ff]or /) { + if (line ~ /(^[Ii]f|care must be taken|can be handled for)/) { endpoints_seem_conditional = 1 } } diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 48530312..f1dfb940 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -1,12 +1,15 @@ --- matrix_synapse_workers_generic_worker_endpoints: - # This worker can handle API requests matching the following regular - # expressions: + # This worker can handle API requests matching the following regular expressions. + # These endpoints can be routed to any worker. If a worker is set up to handle a + # stream then, for maximum efficiency, additional endpoints should be routed to that + # worker: refer to the [stream writers](#stream-writers) section below for further + # information. # Sync requests - - ^/_matrix/client/(v2_alpha|r0|v3)/sync$ - - ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ + - ^/_matrix/client/(r0|v3)/sync$ + - ^/_matrix/client/(api/v1|r0|v3)/events$ - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ @@ -20,19 +23,14 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/query/ - ^/_matrix/federation/v1/make_join/ - ^/_matrix/federation/v1/make_leave/ - - ^/_matrix/federation/v1/send_join/ - - ^/_matrix/federation/v2/send_join/ - - ^/_matrix/federation/v1/send_leave/ - - ^/_matrix/federation/v2/send_leave/ - - ^/_matrix/federation/v1/invite/ - - ^/_matrix/federation/v2/invite/ - - ^/_matrix/federation/v1/query_auth/ + - ^/_matrix/federation/(v1|v2)/send_join/ + - ^/_matrix/federation/(v1|v2)/send_leave/ + - ^/_matrix/federation/(v1|v2)/invite/ - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/ - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ # Inbound federation transaction request @@ -45,22 +43,25 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/devices$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ + - ^/_matrix/client/(r0|v3|unstable)/joined_groups$ + - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ + - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ + # Encryption requests + - ^/_matrix/client/(r0|v3|unstable)/keys/query$ + - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ + - ^/_matrix/client/(r0|v3|unstable)/room_keys/ + # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ @@ -74,11 +75,27 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ + # Device requests + - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # Account data requests + - ^/_matrix/client/(r0|v3|unstable)/.*/tags + - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # Receipts requests + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # Presence requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # Additionally, the following REST endpoints can be handled for GET requests: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually # ^/_matrix/federation/v1/groups/ + # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ + # ^/_matrix/client/(r0|v3|unstable)/groups/ # Pagination requests can also be handled, but all requests for a given # room must be routed to the same instance. Additionally, care must be taken to @@ -155,16 +172,17 @@ matrix_synapse_workers_generic_worker_endpoints: # #### Stream writers - # Additionally, there is *experimental* support for moving writing of specific - # streams (such as events) off of the main process to a particular worker. (This - # is only supported with Redis-based replication.) - - # Currently supported streams are `events` and `typing`. + # Additionally, the writing of specific streams (such as events) can be moved off + # of the main process to a particular worker. + # (This is only supported with Redis-based replication.) # To enable this, the worker must have a HTTP replication listener configured, - # have a `worker_name` and be listed in the `instance_map` config. For example to - # move event persistence off to a dedicated worker, the shared configuration would - # include: + # have a `worker_name` and be listed in the `instance_map` config. The same worker + # can handle multiple streams, but unless otherwise documented, each stream can only + # have a single writer. + + # For example, to move event persistence off to a dedicated worker, the shared + # configuration would include: # ```yaml # instance_map: @@ -176,8 +194,20 @@ matrix_synapse_workers_generic_worker_endpoints: # events: event_persister1 # ``` - # The `events` stream also experimentally supports having multiple writers, where - # work is sharded between them by room ID. Note that you *must* restart all worker + # An example for a stream writer instance: + + # ```yaml + # {{#include systemd-with-workers/workers/event_persister.yaml}} + # ``` + + # Some of the streams have associated endpoints which, for maximum efficiency, should + # be routed to the workers handling that stream. See below for the currently supported + # streams and the endpoints associated with them: + + # ##### The `events` stream + + # The `events` stream experimentally supports having multiple writers, where work + # is sharded between them by room ID. Note that you *must* restart all worker # instances when adding or removing event persisters. An example `stream_writers` # configuration with multiple writers: @@ -188,9 +218,51 @@ matrix_synapse_workers_generic_worker_endpoints: # - event_persister2 # ``` + # ##### The `typing` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `typing` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing + + # ##### The `to_device` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `to_device` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # ##### The `account_data` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `account_data` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/.*/tags + # ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # ##### The `receipts` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `receipts` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # ##### The `presence` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `presence` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # #### Background tasks - # There is also *experimental* support for moving background tasks to a separate + # There is also support for moving background tasks to a separate # worker. Background tasks are run periodically or started via replication. Exactly # which tasks are configured to run depends on your Synapse configuration (e.g. if # stats is enabled). @@ -206,6 +278,12 @@ matrix_synapse_workers_generic_worker_endpoints: # You might also wish to investigate the `update_user_directory` and # `media_instance_running_background_jobs` settings. + # An example for a dedicated background worker instance: + + # ```yaml + # {{#include systemd-with-workers/workers/background_worker.yaml}} + # ``` + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the @@ -292,18 +370,27 @@ matrix_synapse_workers_user_dir_endpoints: # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$ + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - # When using this worker you must also set `update_user_directory: False` in the + # When using this worker you must also set `update_user_directory: false` in the # shared configuration file to stop the main synapse running background # jobs related to updating the user directory. + # Above endpoint is not *required* to be routed to this worker. By default, + # `update_user_directory` is set to `true`, which means the main process + # will handle updates. All workers configured with `client` can handle the above + # endpoint as long as either this worker or the main process are configured to + # handle it, and are online. + + # If `update_user_directory` is set to `false`, and this worker is not running, + # the above endpoint may give outdated results. + matrix_synapse_workers_frontend_proxy_endpoints: # Proxies some frequently-requested client endpoints to add caching and remove # load from the main synapse. It can handle REST endpoints matching the following # regular expressions: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload + - ^/_matrix/client/(r0|v3|unstable)/keys/upload # If `use_presence` is False in the homeserver config, it can also handle REST # endpoints matching the following regular expressions: From be95918a2f28ee516c844dc7d5b335dd06221cdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20T=C3=B6tterman?= Date: Fri, 6 May 2022 11:37:40 +0300 Subject: [PATCH 273/419] typo --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 38e13a8a..208ce4e6 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From 83b7fcee453f39388456f0bccc8f2783905f75ae Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 7 May 2022 09:36:40 +0200 Subject: [PATCH 274/419] Do not proxy some endpoints to the generic Synapse worker These endpoints should not be proxied to a generic Synapse worker without other preparation (setting up stream writers, sending traffic to a specific stream writer, etc.). Disabling them for now. In the future, we'd like to fix up our awk script to disable them automatically. This is a fix up for 058fedff9124ee3bcf --- roles/matrix-synapse/vars/workers.yml | 30 +++++++++++++++------------ 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index f1dfb940..33bf585b 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -75,19 +75,23 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - # Device requests - - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # Account data requests - - ^/_matrix/client/(r0|v3|unstable)/.*/tags - - ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # Receipts requests - - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # Presence requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # These appear to be conditional and should not be enabled by default. + # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. + # For now, they've been commented out manually. + # + # # Device requests + # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # # Account data requests + # - ^/_matrix/client/(r0|v3|unstable)/.*/tags + # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # # Receipts requests + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # # Presence requests + # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ # Additionally, the following REST endpoints can be handled for GET requests: From 3f45805fd2b3b05cd1f3893767d9f25b0760ad3a Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Sat, 7 May 2022 12:40:17 +0200 Subject: [PATCH 275/419] Change back to original mx-puppet-discord Closes: #1801 --- .../defaults/main.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 52257689..d6e6f859 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,27 +1,21 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord) -# -# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See: -# - https://github.com/matrix-discord/mx-puppet-discord/issues/201 -# - https://github.com/matrix-discord/mx-puppet-discord/issues/202 -# - https://github.com/matrix-discord/mx-puppet-discord/issues/203 -# - (other similar issues in the past) +# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" -matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" +matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_version: v0.1.1 +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" From 84ea5f6eccf1d5c8962f265e7dfab1384334763e Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Sat, 7 May 2022 14:34:33 +0200 Subject: [PATCH 276/419] Upgrade Hookshot (1.5.0 -> 1.6.1) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 45807ba9..181bc2cc 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.5.0 +matrix_hookshot_version: 1.6.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 7390646cd5d2879b7928c28701c0cddf42b0bf03 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 7 May 2022 18:42:15 +0200 Subject: [PATCH 277/419] add hookshot feeds support --- roles/matrix-bridge-hookshot/defaults/main.yml | 5 +++++ roles/matrix-bridge-hookshot/templates/config.yml.j2 | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 45807ba9..74ac714a 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -121,6 +121,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: '_webhooks_' +matrix_hookshot_feeds_enabled: false +# polling interval in seconds +matrix_hookshot_feeds_interval: 600 + + # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index c1771509..6fbce770 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -78,6 +78,13 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} +{% if matrix_hookshot_feeds_enabled %} +feeds: + # (Optional) Configure this to enable RSS/Atom feed support + # + enabled: {{ matrix_hookshot_feeds_enabled }} + pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }} +{% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers From 04aa609ae51dcc7eb8cdeff478ed651249fe8892 Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:20:36 +0200 Subject: [PATCH 278/419] clarifying reverse proxying of well-known files --- docs/configuring-well-known.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 27a4001c..9a6da547 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -116,8 +116,22 @@ server { **For Caddy 2**, it would be something like this: ```caddy -reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN { - header_up Host {http.reverse_proxy.upstream.hostport} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/*:x + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } } ``` From 6abdb6e6f086a77b0b4a3b4dccce3e04794de7ad Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:20:36 +0200 Subject: [PATCH 279/419] clarifying reverse proxying of well-known files --- docs/configuring-well-known.md | 18 ++++++++++++++++-- examples/caddy2/Caddyfile | 17 +++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 27a4001c..9a6da547 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -116,8 +116,22 @@ server { **For Caddy 2**, it would be something like this: ```caddy -reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN { - header_up Host {http.reverse_proxy.upstream.hostport} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/*:x + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } } ``` diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 6370cb01..7d8c193d 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -214,3 +214,20 @@ element.DOMAIN.tld { # } # } #} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/* + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } +} From 527f5bc46973b368101488d1b1b56f9cee9bbbc1 Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:56:14 +0200 Subject: [PATCH 280/419] clarifying where well-known files are created --- docs/configuring-well-known.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a6da547..4a68047b 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS. -To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them. +To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them. You have 3 options when it comes to installing the files on the base domain's server: From fcfd00bcb4e71f7a20d3717650842d1431e93260 Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Mon, 9 May 2022 23:38:01 +0200 Subject: [PATCH 281/419] Change back to original mx-puppet-slack Closes: #1808 --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index d6e6f859..2a2ecd58 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8..0560128f 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) +# See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: v0.1.0 +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 9fc60d8c868158af533b7c7ea6e70c926f1be181 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 May 2022 16:20:34 +0300 Subject: [PATCH 282/419] Revert "Change back to original mx-puppet-slack" This reverts commit fcfd00bcb4e71f7a20d3717650842d1431e93260. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1808 Reverts https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1809 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1810 --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 2a2ecd58..d6e6f859 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 0560128f..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: v0.1.0 -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 62cb801878dd448025e604560ee180d8da099789 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 10 May 2022 13:57:12 +0000 Subject: [PATCH 283/419] Update cinny v1.8.2 -> v2.0.0 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 2ded4048..32e17311 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.8.2 +matrix_client_cinny_version: v2.0.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 02d4a841c4f96ab6b1d9ec617b6d3033debd613a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 10 May 2022 14:31:41 +0000 Subject: [PATCH 284/419] Update Element 1.10.11 -> 1.10.12 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index e4545875..ef89bca3 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.11 +matrix_client_element_version: v1.10.12 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 3dfda42f3d0e5fcb402e41711e8b859fd0d9ac5a Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 10 May 2022 16:50:46 +0200 Subject: [PATCH 285/419] Update configuring-playbook-bridge-hookshot.md --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 208ce4e6..ef6bc0ab 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -26,7 +26,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | listener | default path | variable | used as | |---|---|---|---| -| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | From 8c505e8a2cab0036541b87163cd7febd09fab3c1 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 10 May 2022 18:38:57 +0300 Subject: [PATCH 286/419] matrix-bot-buscarron v1.1.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 17 ++++++++++++++++- roles/matrix-bot-buscarron/templates/env.j2 | 7 +++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 96e8ef91..1e6faec0 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.0.0 +matrix_bot_buscarron_version: v1.1.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -88,6 +88,21 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# Ban duration in hours +matrix_bot_buscarron_ban_duration: + +# Banlist size +matrix_bot_buscarron_ban_size: + +# Postmark token (confirmation emails) +matrix_bot_buscarron_pm_token: + +# Postmark sender signature +matrix_bot_buscarron_pm_from: + +# Postmark confirmation email's reply-to +matrix_bot_buscarron_pm_replyto: + # Additional environment variables to pass to the buscarron container # # Example: diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index c833f27b..876072e1 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -7,12 +7,19 @@ BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} +BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} +BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} +BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} +BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} +BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }} {% endfor %} BUSCARRON_LIST={{ forms|join(" ") }} From d09934c79c270a674cc8d77d1bad8a20d1503712 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 10 May 2022 18:44:20 +0300 Subject: [PATCH 287/419] matrix-bot-buscarron - set defaults --- roles/matrix-bot-buscarron/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 1e6faec0..c2b44fa1 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -89,10 +89,10 @@ matrix_bot_buscarron_spam_hosts: [] matrix_bot_buscarron_spam_emails: [] # Ban duration in hours -matrix_bot_buscarron_ban_duration: +matrix_bot_buscarron_ban_duration: 24 # Banlist size -matrix_bot_buscarron_ban_size: +matrix_bot_buscarron_ban_size: 10000 # Postmark token (confirmation emails) matrix_bot_buscarron_pm_token: From eda75e6492e42d63c6ee1c3a28fb2838cf11c5b8 Mon Sep 17 00:00:00 2001 From: Didier 'OdyX' Raboud Date: Wed, 11 May 2022 10:43:57 +0200 Subject: [PATCH 288/419] Bump Slack Appservice to 1.11.0 --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index e303f834..ae3f55df 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git" matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src" -matrix_appservice_slack_version: release-1.10.0 +matrix_appservice_slack_version: release-1.11.0 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" From 34de6c9c664d3299a82b7fcf6dee541a191a0c73 Mon Sep 17 00:00:00 2001 From: brush Date: Fri, 13 May 2022 03:44:16 -0700 Subject: [PATCH 289/419] Update configuring-well-known.md --- docs/configuring-well-known.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 4a68047b..c27635a5 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -98,16 +98,15 @@ server { } ``` -**For Apache**, it would be something like this: +**For Apache2**, it would be something like this: ```apache ServerName DOMAIN SSLProxyEngine on - - ProxyPass "https://matrix.DOMAIN/.well-known/matrix" - + ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon # other configuration From 3499b9cd0314746404a9fcd350ea15d967df3c51 Mon Sep 17 00:00:00 2001 From: brush Date: Fri, 13 May 2022 03:45:08 -0700 Subject: [PATCH 290/419] Update configuring-well-known.md --- docs/configuring-well-known.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index c27635a5..9a519343 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -105,8 +105,8 @@ server { ServerName DOMAIN SSLProxyEngine on - ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon - ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon # other configuration From 1431a351ab325a905c47491f787146b6f2e80fb4 Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 13 May 2022 11:57:59 -0300 Subject: [PATCH 291/419] Update configuring-playbook-bridge-hookshot.md fix Hookshot instructions link --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index ef6bc0ab..ea7d80c0 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From 8ec1f4bee01d9eed0ad569708804563a68f934ca Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 13 May 2022 16:20:04 +0000 Subject: [PATCH 292/419] Update Cinny v2.0.0 -> v2.0.1 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 32e17311..dd9c4dc7 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.0 +matrix_client_cinny_version: v2.0.1 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From dca593cf7a8fd5898f1a04fba212258d21f571bb Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 14 May 2022 11:33:19 +0000 Subject: [PATCH 293/419] Update Cinny v2.0.1 -> v2.0.2 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index dd9c4dc7..20d6a870 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.1 +matrix_client_cinny_version: v2.0.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 894669eca2092351e6105ef7beba981d96419b5e Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Sat, 14 May 2022 21:07:57 +0200 Subject: [PATCH 294/419] Change back to working original mx-puppet-slack Now that v0.1.1 is out, which depends on the functional matrix-slack-parser it works again. --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index d6e6f859..2a2ecd58 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8..3b069ea2 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) +# See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: v0.1.1 +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From c58c7dc643f2984daa82ef28202dc959a01ff7df Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 15 May 2022 05:45:07 +0000 Subject: [PATCH 295/419] Update Cinny v2.0.2 -> v2.0.3 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 20d6a870..5b0991cd 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.2 +matrix_client_cinny_version: v2.0.3 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 2a9b52a1c2757fcb2093198245cf51581f29847f Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 16 May 2022 04:29:29 +0000 Subject: [PATCH 296/419] Update Element self build repo URL It forwards to the correct place but might as well just update it to the current URL. --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index ef89bca3..7abaf50c 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" +matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git" # Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM): # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357 # - https://github.com/vector-im/element-web/issues/19544 From 311f44a19cdfd805ba851d601aa0513c3801ae07 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 16 May 2022 04:36:18 +0000 Subject: [PATCH 297/419] Document `git` as a potential prereq Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1792 --- docs/prerequisites.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 0da1c715..1ed4befe 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. +- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components. + - An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). From 8ecdfc3ed6818cf77ed42a0f6d5976753635c080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 16 May 2022 09:26:15 +0200 Subject: [PATCH 298/419] Automatically enable admin api access via nginx (#1830) --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 67a9339a..8788ba10 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1495,7 +1495,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |- }[matrix_homeserver_implementation]|int }} -matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" +matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}" matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}" From f21269f4418ebe707dac079a505cb4fcecd6b267 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 16 May 2022 21:40:31 +0300 Subject: [PATCH 299/419] Upgrade mx-puppet-slack (v0.1.1 -> v0.1.2) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1829 --- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 3b069ea2..b77614f7 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: v0.1.1 +matrix_mx_puppet_slack_version: v0.1.2 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 4109dc3bcd784865b6a71d8be3567260595635af Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 May 2022 19:56:54 +0000 Subject: [PATCH 300/419] Update Postgres (CVE-2022-1552 + last 9.x update) CVE: https://security-tracker.debian.org/tracker/CVE-2022-1552 Source: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ Postgres 9.6 upgrade (**not a CVE fix, 9.x still vulnerable**): https://www.postgresql.org/docs/release/9.6.24/ --- roles/matrix-postgres/defaults/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 8593bb83..bb820217 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -22,12 +22,12 @@ matrix_postgres_architecture: amd64 # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From bab1ee22335c3437f227ee4168c9b57174a58e72 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 May 2022 11:31:25 +0300 Subject: [PATCH 301/419] Work around mx-puppet-discord failing with "No relay found" after reboot Related to https://gitlab.com/mx-puppet/discord/mx-puppet-discord/-/issues/117 Looks like the bridge is too quick to start and fails to initialize itself by connecting to Synapse. It's mostly observed after a system reboot, because Synapse (and everything else) is slower to start. Once mx-puppet-discord fails to initialize itself, a "No relay found" error will be observed any time you try to relay a Matrix message to Discord. Relaying messages in the other direction (Discord to Matrix) also fails. With this workaround (longer delay on mx-puppet-discord startup), I observe mx-puppet-discord working well, even after a full reboot. Of course, a proper fix is preferable, instead of delaying by a magic number of seconds. --- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 7a4c4a38..52b12c3d 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 +ExecStartPre={{ matrix_host_command_sleep }} 15 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ --log-driver=none \ From f972a80224bb6ba8b6338188a6ef031dc525d56e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 May 2022 13:08:17 +0300 Subject: [PATCH 302/419] Upgrade Synapse (1.58.1 -> 1.59.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 21 ++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ad1d863f..bf2a765d 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.58.1 +matrix_synapse_version: v1.59.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 37cad10f..97f73c34 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -432,6 +432,11 @@ manhole_settings: # sign up in a short space of time never to return after their initial # session. # +# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but +# applies a different trial number if the user was registered by an appservice. +# A value of 0 means no trial days are applied. Appservices not listed in this +# dictionary use the value of `mau_trial_days` instead. +# # 'mau_limit_alerting' is a means of limiting client side alerting # should the mau limit be reached. This is useful for small instances # where the admin has 5 mau seats (say) for 5 specific people and no @@ -442,6 +447,8 @@ manhole_settings: #max_mau_value: 50 #mau_trial_days: 2 #mau_limit_alerting: false +#mau_appservice_trial_days: +# "appservice-id": 1 # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -742,11 +749,11 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js # #allow_profile_lookup_over_federation: false -# Uncomment to disable device display name lookup over federation. By default, the -# Federation API allows other homeservers to obtain device display names of any user -# on this homeserver. Defaults to 'true'. +# Uncomment to allow device display name lookup over federation. By default, the +# Federation API prevents other homeservers from obtaining the display names of +# user devices on this homeserver. Defaults to 'false'. # -#allow_device_name_lookup_over_federation: false +#allow_device_name_lookup_over_federation: true ## Caching ## @@ -1375,7 +1382,11 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} # registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }} - +# Allow users to submit a token during registration to bypass any required 3pid +# steps configured in `registrations_require_3pid`. +# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow. +# +#enable_registration_token_3pid_bypass: false # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. From 2cce91fe1d33f6ca1130a7067260ab3440dcd78c Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Wed, 18 May 2022 12:38:07 +0300 Subject: [PATCH 303/419] Upgrade Heisenbridge (1.12.0 -> 1.13.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 96ab3382..dfbddd42 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.12.0 +matrix_heisenbridge_version: 1.13.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 4297af5c51f34439590c1e450394cc15baef49e0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 May 2022 10:19:43 +0000 Subject: [PATCH 304/419] Update mautrix-whatsapp v0.3.1 -> v0.4.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index d920be51..0bea0536 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.3.1 +matrix_mautrix_whatsapp_version: v0.4.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 99de38280df9ca928f9825375c882db100e31933 Mon Sep 17 00:00:00 2001 From: Paul B Date: Thu, 12 May 2022 12:24:35 +0200 Subject: [PATCH 305/419] bridge-signal: add variable to enable encryption --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 14a2c35f..ce89a381 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -127,3 +127,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}" matrix_mautrix_signal_log_level: 'DEBUG' + +matrix_mautrix_signal_bridge_encryption_allow: false +matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" +matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2f427b90..b831fe9a 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -152,15 +152,15 @@ bridge: # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false + default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. - allow: false + allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }} # Require the requesting device to have a valid cross-signing signature? # This doesn't require that the bridge has verified the device, only that the user has verified it. # Not yet implemented. From e1e83353b400033a07d3d259bfdd5d96c4a8f9fb Mon Sep 17 00:00:00 2001 From: Paul B Date: Thu, 12 May 2022 12:57:29 +0200 Subject: [PATCH 306/419] bridge-whatsapp: add variable to enable end-to-bridge encryption --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 5 +++++ .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index d920be51..f2523fa8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -123,3 +123,8 @@ matrix_mautrix_whatsapp_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_whatsapp_bridge_encryption_allow: false +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 0e3b855c..c8318f96 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -158,16 +158,16 @@ bridge: # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. - default: false + default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. - allow: false + allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} # Require the requesting device to have a valid cross-signing signature? # This doesn't require that the bridge has verified the device, only that the user has verified it. # Not yet implemented. From de8d6f8d6c14bed13370bec40c622115ce82660a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 May 2022 11:37:34 +0000 Subject: [PATCH 307/419] Update Synapse v1.59.0 -> v.1.59.1 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index bf2a765d..23dfebf7 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.59.0 +matrix_synapse_version: v1.59.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From a1e5ecf5513f804cd099724266e7c7d0b7a7259d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 May 2022 14:43:16 +0300 Subject: [PATCH 308/419] Upgrade hookshot (1.6.1 -> 1.7.0) This new version should be buildable on arm64. See: https://github.com/matrix-org/matrix-hookshot/releases/tag/1.7.0 There's still no prebuild arm64 image, so we continue relying on self-building there. --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 61f689a5..ecc99770 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.6.1 +matrix_hookshot_version: 1.7.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 677a2fc50310aa15126dec7edb5c21b70b61bf58 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 May 2022 15:43:39 +0300 Subject: [PATCH 309/419] Fix compatibility with ansible=6 / ansible-core=2.13 Details here: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_6.html#id36 Basically: ```yaml - name: Prior to 2.13 debug: msg: '[1] + {{ [2] }}' - name: 2.13 and forward debug: msg: '{{ [1] + [2] }}' ``` Interestingly, we had been using the new/safe syntax in lofs of places. We were using the broken one in many others though. Hopefully all instances were fixed by this patch. --- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../matrix-bridge-heisenbridge/tasks/init.yml | 16 ++++++---- roles/matrix-bridge-hookshot/tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- roles/matrix-bridge-sms/tasks/init.yml | 16 ++++++---- .../ext/encryption-disabler/setup_install.yml | 16 ++++++---- .../tasks/ext/ldap-auth/setup.yml | 8 +++-- .../ext/mjolnir-antispam/setup_install.yml | 32 +++++++++++-------- .../tasks/ext/rest-auth/setup_install.yml | 16 ++++++---- .../ext/shared-secret-auth/setup_install.yml | 16 ++++++---- .../synapse-simple-antispam/setup_install.yml | 26 ++++++++------- 29 files changed, 298 insertions(+), 184 deletions(-) diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index e16a6979..a53112ad 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -14,12 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-discord-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-discord-registration.yaml"] + }} when: matrix_appservice_discord_enabled|bool diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index 5e181412..a35144f0 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -21,12 +21,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-irc-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-irc-registration.yaml"] + }} when: matrix_appservice_irc_enabled|bool diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 8cbc7182..c8331817 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -21,14 +21,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-slack-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-slack-registration.yaml"] + }} when: matrix_appservice_slack_enabled|bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index b888c51f..370b835d 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -14,14 +14,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-webhooks-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-webhooks-registration.yaml"] + }} when: matrix_appservice_webhooks_enabled|bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 977db925..64057301 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -7,12 +7,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-beeper-linkedin-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-beeper-linkedin-registration.yaml"] + }} when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index a66d7199..ef3efb76 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -14,12 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/heisenbridge-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/heisenbridge-registration.yaml"] + }} when: matrix_heisenbridge_enabled|bool diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 384f6d3b..14bbcbb3 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -14,14 +14,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/hookshot-registration.yml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/hookshot-registration.yml"] + }} when: matrix_hookshot_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 200e9846..f2cd5963 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-facebook-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-facebook-registration.yaml"] + }} when: matrix_mautrix_facebook_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index f458df1b..27845148 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-googlechat-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-googlechat-registration.yaml"] + }} when: matrix_mautrix_googlechat_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 680dcd88..d00e5252 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-hangouts-registration.yaml"] + }} when: matrix_mautrix_hangouts_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index d33acd09..86713380 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-instagram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-instagram-registration.yaml"] + }} when: matrix_mautrix_instagram_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 21d52066..b9b698c5 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -7,12 +7,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-signal-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-signal-registration.yaml"] + }} when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index a97dcd8e..93b4d9f8 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-telegram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-telegram-registration.yaml"] + }} when: matrix_mautrix_telegram_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 5b526bbd..34f4ebde 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -7,14 +7,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-twitter-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-twitter-registration.yaml"] + }} when: matrix_mautrix_twitter_enabled|bool # ansible lower than 2.8, does not support docker_image build parameters diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index 57166386..d4fb8221 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -6,12 +6,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-whatsapp-registration.yaml"] + }} when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 69458093..115ccf35 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-discord-registration.yaml"] + }} when: matrix_mx_puppet_discord_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index db28f324..9bada5d8 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-groupme-registration.yaml"] + }} when: matrix_mx_puppet_groupme_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index d16e6be0..ae6302b3 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-instagram-registration.yaml"] + }} when: matrix_mx_puppet_instagram_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index d28f6ca1..699ad6f6 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-skype-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-skype-registration.yaml"] + }} when: matrix_mx_puppet_skype_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 66d51784..ed6753a2 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-slack-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-slack-registration.yaml"] + }} when: matrix_mx_puppet_slack_enabled|bool - block: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index efca4110..9a171af7 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-steam-registration.yaml"] + }} when: matrix_mx_puppet_steam_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 757f1f41..d774de15 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-twitter-registration.yaml"] + }} when: matrix_mx_puppet_twitter_enabled|bool - block: diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index b8af8e60..9ee96b3e 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -15,12 +15,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-sms-bridge-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-sms-bridge-registration.yaml"] + }} when: matrix_sms_bridge_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 90411a34..cdcdd082 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -27,11 +27,15 @@ }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index 374c9e55..b483f688 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -4,7 +4,9 @@ matrix_synapse_password_providers_enabled: true matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] + }} when: matrix_synapse_ext_password_provider_ldap_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index ec298ccd..1d224bc9 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -34,19 +34,23 @@ - set_fact: matrix_synapse_spam_checker: > - {{ matrix_synapse_spam_checker }} - + - [{ - "module": "mjolnir.AntiSpam", - "config": { - "block_invites": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }}, - "block_messages": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }}, - "block_usernames": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }}, - "ban_lists": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }} - } - }] + {{ + matrix_synapse_spam_checker + + + [{ + "module": "mjolnir.AntiSpam", + "config": { + "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites, + "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages, + "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames, + "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists, + } + }] + }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] + }} diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 13a64c58..22ad318d 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -22,11 +22,15 @@ matrix_synapse_password_providers_enabled: true matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'rest_auth_provider', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index 843f0370..091b0eb2 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -37,11 +37,15 @@ }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 740d9474..579a707c 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -39,16 +39,20 @@ - set_fact: matrix_synapse_modules: > - {{ matrix_synapse_modules }} - + - [{ - "module": "synapse_simple_antispam.AntiSpamInvites", - "config": { - "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }} - } - }] + {{ + matrix_synapse_modules + + + [{ + "module": "synapse_simple_antispam.AntiSpamInvites", + "config": { + "blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers + } + }] + }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] + }} From a906fad12ebfb24cdea35da404ca9f4465f29081 Mon Sep 17 00:00:00 2001 From: Vicx Date: Fri, 20 May 2022 19:09:16 +0200 Subject: [PATCH 310/419] Fix synapse LDAP simple bind config When using LDAP simple bind, the `bind_dn` and `bind_password` configuration values must not be present. --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 37cad10f..266c3243 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2521,8 +2521,10 @@ password_providers: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }} name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }} +{% if matrix_synapse_ext_password_provider_ldap_bind_dn %} bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }} bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }} +{% endif %} filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }} {% endif %} {% endif %} From 0c741e8d166bcc73792cbb44810be59e7031c330 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 19:58:22 +0200 Subject: [PATCH 311/419] Set version to v1.1.5 --- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 40538478..99e6e3a9 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: latest +matrix_bot_matrix_registration_bot_version: v1.1.5 matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" From 275943c0f8cee716ca70b53e35da451dca2e4df7 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:03:59 +0200 Subject: [PATCH 312/419] Updated: mjolnir v1.4.2 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 0093576c..dd248379 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.4.1" +matrix_bot_mjolnir_version: "v1.4.2" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 751a8f8a5d9532447f6d92b9681ac6d062fcb7f2 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:16:04 +0200 Subject: [PATCH 313/419] Updated: mautrix-googlechat to v0.3.2 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index e334e8d6..bdedef07 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: v0.3.1 +matrix_mautrix_googlechat_version: v0.3.2 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From d804e97ff6bcc682ba91af64599680fcab3f2543 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:19:58 +0200 Subject: [PATCH 314/419] Updated: mautrix-twitter to v0.1.4 --- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 3dd4667c..b2e292ff 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_twitter_enabled: true matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" -matrix_mautrix_twitter_version: v0.1.3 +matrix_mautrix_twitter_version: v0.1.4 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}" From e779ec45f4e9d52b66e21c188e79922ba176df89 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:24:38 +0200 Subject: [PATCH 315/419] Updated: hydrogen-web to v0.2.29 --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 905e5086..27b6c0d0 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-skype +# See: https://github.com/Sorunome/mx-puppet-instagram matrix_mx_puppet_skype_enabled: true From 8a65e3a0db33f08e989f010eac924125c843ebd4 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:24:56 +0200 Subject: [PATCH 316/419] Updated: hydrogen to v0.2.29 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 4b91eb2b..88d52ba5 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.26 +matrix_client_hydrogen_version: v0.2.29 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From 2c312435c63b129cba07982bf512f0529ab32633 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:25:41 +0200 Subject: [PATCH 317/419] Reverted URL change --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 27b6c0d0..905e5086 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-instagram +# See: https://github.com/Sorunome/mx-puppet-skype matrix_mx_puppet_skype_enabled: true From 554615d72712ec61536b9915b2f214fb1b082318 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:28:01 +0200 Subject: [PATCH 318/419] Updated: ddclient to v3.9.1-ls89 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 5d733eb3..95a1188b 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls79 +matrix_dynamic_dns_version: v3.9.1-ls89 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 64850531baf73b73809597856aea6c2ddfa212e5 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:30:06 +0200 Subject: [PATCH 319/419] Updated: etherpad to 1.8.18 --- roles/matrix-etherpad/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 0daf24a3..8a024860 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -4,7 +4,7 @@ matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" -matrix_etherpad_version: 1.8.16 +matrix_etherpad_version: 1.8.18 matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}" matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}" From 9c24167b8de0286ac28a6cdc032d8df2cd48db88 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:32:19 +0200 Subject: [PATCH 320/419] Updated: grafana to 8.5.3 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index ee184e1d..991cb19d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.1 +matrix_grafana_version: 8.5.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 271a8d0a738c621d0748a854eb1a28834fefb2b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 21 May 2022 10:20:56 +0300 Subject: [PATCH 321/419] Upgrade certbot (v1.23.0 -> v1.27.0) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index dfbac32e..64e2e06b 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From 3b40d8b0a09036af58fce0a39c7df5c1ec23acb6 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Sat, 21 May 2022 10:24:27 -0500 Subject: [PATCH 322/419] Update Matrix-Registration-Bot main.yml Line 10, which sets the tag to which docker version to pull was reverted from `v1.1.15` to latest. This gets the playbook working again --- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 99e6e3a9..40538478 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: v1.1.5 +matrix_bot_matrix_registration_bot_version: latest matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" From f448cca73254c7a94920ece4c766f1d53116a9d9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 May 2022 11:26:01 +0000 Subject: [PATCH 323/419] Update coturn 4.5.2-r11 -> 4.5.2-r12 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 46492e21..bf3564cd 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r11 +matrix_coturn_version: 4.5.2-r12 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From e37bcd1dafb2f07316022161b331e69ec9ef163c Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 May 2022 14:14:41 +0000 Subject: [PATCH 324/419] Updated Element 1.10.12 -> 1.10.13 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 7abaf50c..b0625dba 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.12 +matrix_client_element_version: v1.10.13 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From f60eb7232948c1d222de7c27c9ec33418a653bd4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 25 May 2022 09:00:32 +0000 Subject: [PATCH 325/419] Updated signal daemon 0.18.1 -> 0.18.5 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ce89a381..ad0752e3 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.1 +matrix_mautrix_signal_daemon_version: 0.18.5 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 883317ac2fdb74cf3bb250fa71e2b2a2684692a3 Mon Sep 17 00:00:00 2001 From: shukon Date: Wed, 25 May 2022 17:29:43 +0200 Subject: [PATCH 326/419] Update configuring-playbook-bridge-hookshot.md --- docs/configuring-playbook-bridge-hookshot.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index ea7d80c0..f47f24c0 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -4,13 +4,13 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. -See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. +See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you. Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions -Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do. +Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). From 2e527338d3fe1952a6295bb1ecf5fb4d22f25ea0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 29 May 2022 08:23:17 +0000 Subject: [PATCH 327/419] Update Cinny 2.0.3 -> 2.0.4 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 5b0991cd..89105800 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.3 +matrix_client_cinny_version: v2.0.4 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From fd3a9b2fbb9eaabff3300e73c4dcc1f9234978ef Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 May 2022 09:20:49 +0000 Subject: [PATCH 328/419] Update Honoroit 0.9.7 -> 0.9.8 * add `NOENCRYPTION` option * fix race condition on thread start * fix greetings messages * updated deps --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 9e7cf2b5..709cd472 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.7 +matrix_bot_honoroit_version: v0.9.8 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From 78204619ea8a68615448f91e81e7932deea823da Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 16:28:33 +0300 Subject: [PATCH 329/419] Stop using deprecated (in Synapse v1.59) user_dir and appservice workers Source: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types As an alternative, we should probably find a way to run one or a few more generic workers (which will handle appservice and user_dir stuff) and update `homeserver.yaml` so that it would point to the name of these workers using `notify_appservices_from_worker` and `update_user_directory_from_worker` options. For now, this solves the deprecation, so we can have a peace of mind going forward. We're force-setting these worker counts to 0, so that we can clean up existing homeservers which use these worker types. In the future, these options will either be removed or repurposed (so that they transparently create more generic workers that handle user_dir/appservice loads). --- roles/matrix-synapse/defaults/main.yml | 13 ++++-- .../matrix-synapse/tasks/validate_config.yml | 13 +++++- .../templates/synapse/homeserver.yaml.j2 | 6 --- roles/matrix-synapse/vars/workers.yml | 42 ++++++++++++++++++- 4 files changed, 63 insertions(+), 11 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 23dfebf7..67c28b49 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -358,10 +358,13 @@ matrix_synapse_workers_presets: one-of-each: generic_workers_count: 1 pusher_workers_count: 1 - appservice_workers_count: 1 + # appservice workers are deprecated since Synapse v1.59. This will be removed. + appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 1 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. + # user_dir workers are deprecated since Synapse v1.59. This will be removed. + # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types user_dir_workers_count: 0 frontend_proxy_workers_count: 1 @@ -383,7 +386,9 @@ matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. -matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" +# appservice workers are deprecated since Synapse v1.59. This will be removed. +# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types +matrix_synapse_workers_appservice_workers_count: 0 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 # matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now. @@ -397,7 +402,9 @@ matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. -matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" +# user_dir workers are deprecated since Synapse v1.59. This will be removed. +# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types +matrix_synapse_workers_user_dir_workers_count: 0 matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 89107c0a..bb8a2bcd 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -12,13 +12,24 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" +- name: Fail if asking to configure deprecaed workers (appservice, userdir) + fail: + msg: >- + `{{ item }}` cannot be more than 0. + This type of worker has been deprecated since Synapse v1.59. + Please remove your `{{ item }}` configuration to solve this problem. + See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types + when: "vars[item]|int != 0" + with_items: + - "matrix_synapse_workers_appservice_workers_count" + - "matrix_synapse_workers_user_dir_workers_count" + - name: Fail if asking for more than 1 instance of single-instance workers fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item]|int > 1" with_items: - - "matrix_synapse_workers_appservice_workers_count" - "matrix_synapse_workers_pusher_workers_count" - "matrix_synapse_workers_federation_sender_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8ab98527..cce71330 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -352,9 +352,6 @@ worker_app: synapse.app.homeserver # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ # reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'appservice')|list %} -notify_appservices: false -{% endif %} {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'federation_sender')|list %} send_federation: false {% endif %} @@ -364,9 +361,6 @@ enable_media_repo: false {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'pusher')|list %} start_pushers: false {% endif %} -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'user_dir')|list %} -update_user_directory: false -{% endif %} daemonize: false {% endif %} diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 33bf585b..91b289c7 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -279,7 +279,7 @@ matrix_synapse_workers_generic_worker_endpoints: # run_background_tasks_on: background_worker # ``` - # You might also wish to investigate the `update_user_directory` and + # You might also wish to investigate the `update_user_directory_from_worker` and # `media_instance_running_background_jobs` settings. # An example for a dedicated background worker instance: @@ -288,6 +288,40 @@ matrix_synapse_workers_generic_worker_endpoints: # {{#include systemd-with-workers/workers/background_worker.yaml}} # ``` + # #### Updating the User Directory + + # You can designate one generic worker to update the user directory. + + # Specify its name in the shared configuration as follows: + + # ```yaml + # update_user_directory_from_worker: worker_name + # ``` + + # This work cannot be load-balanced; please ensure the main process is restarted + # after setting this option in the shared configuration! + + # This style of configuration supersedes the legacy `synapse.app.user_dir` + # worker application type. + + + # #### Notifying Application Services + + # You can designate one generic worker to send output traffic to Application Services. + + # Specify its name in the shared configuration as follows: + + # ```yaml + # notify_appservices_from_worker: worker_name + # ``` + + # This work cannot be load-balanced; please ensure the main process is restarted + # after setting this option in the shared configuration! + + # This style of configuration supersedes the legacy `synapse.app.appservice` + # worker application type. + + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the @@ -305,6 +339,9 @@ matrix_synapse_workers_generic_worker_endpoints: # ] # appservice worker (no API endpoints) [ + # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the + # `notify_appservices_from_worker` option instead.](#notifying-application-services) + # Handles sending output traffic to Application Services. Doesn't handle any # REST endpoints itself, but you should set `notify_appservices: False` in the # shared configuration file to stop the main synapse sending appservice notifications. @@ -371,6 +408,9 @@ matrix_synapse_workers_media_repository_endpoints: # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately). matrix_synapse_workers_user_dir_endpoints: + # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the + # `update_user_directory_from_worker` option instead.](#updating-the-user-directory) + # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: From 246c43be1ea4e353eeaa3f97b45c0f265b4d6491 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 17:24:38 +0300 Subject: [PATCH 330/419] Upgrade Synapse (v1.59.1 -> v1.60.0) --- CHANGELOG.md | 35 ++++++++++++++++++++++++++ roles/matrix-synapse/defaults/main.yml | 6 +++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03ce5c7b..4a56f6fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +# 2022-05-31 + +## Synapse v1.60 upgrade may cause trouble and require manual intervention + +Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted. + +We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky. + +**If Synapse fails to start** after your next playbook run, you'll need to: + +- SSH into the Matrix server +- launch `/usr/local/bin/matrix-postgres-cli` +- switch to the `synapse` database: `\c synapse` +- run the following SQL query: + +```sql +BEGIN; +DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN ( + SELECT row_id, state_group, prev_state_group + FROM ( + SELECT + ctid AS row_id, + MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id, + state_group, + prev_state_group + FROM state_group_edges + ) AS t1 + WHERE row_id <> min_row_id +); +COMMIT; +``` + +You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` + + # 2022-04-25 ## buscarron bot support diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 67c28b49..a39235ae 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.59.1 +matrix_synapse_version: v1.60.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -559,7 +559,9 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py" +# Using a fork for this until this gets merged to make it compatible with Synapse v1.60: https://github.com/digitalentity/matrix_encryption_disabler/pull/9 +# See: https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#new-signature-for-the-spam-checker-callback-check_event_for_spam +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/spantaleev/matrix_encryption_disabler/60b0e211281954f70f8202636cea8d6e27b83148/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 2c1da0ac2a3b2b72773b247a4272d45ab95607c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 17:35:22 +0300 Subject: [PATCH 331/419] Switch matrix_encryption_disabler back to upstream repository Now that https://github.com/digitalentity/matrix_encryption_disabler/pull/9 has been merged, we can get the module from there. Continuation of 246c43be1ea4e3 --- roles/matrix-synapse/defaults/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a39235ae..d0debe85 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -559,9 +559,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -# Using a fork for this until this gets merged to make it compatible with Synapse v1.60: https://github.com/digitalentity/matrix_encryption_disabler/pull/9 -# See: https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#new-signature-for-the-spam-checker-callback-check_event_for_spam -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/spantaleev/matrix_encryption_disabler/60b0e211281954f70f8202636cea8d6e27b83148/matrix_e2ee_filter.py" +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/cdc37a07441acb7c2a3288bcb29b376658d5e766/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 25fd7f0cff116c60e25692174531a1d316358afb Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 31 May 2022 20:32:10 +0300 Subject: [PATCH 332/419] update Honoroit 0.9.8 -> 0.9.9 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 709cd472..292de0bf 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.8 +matrix_bot_honoroit_version: v0.9.9 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Disable encryption +matrix_bot_honoroit_noencryption: false + # Max items in cache matrix_bot_honoroit_cachesize: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 7f1eef5b..de8b9d84 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -8,6 +8,7 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} +HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} From 8ea7cd73cf12428acd80f4e575c6020050ed8930 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Jun 2022 09:36:48 +0300 Subject: [PATCH 333/419] Fix self-building for matrix-registration Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 Related to https://github.com/zeratax/matrix-registration/issues/93 This is a poor way to do things though. It may break again in the future. matrix-registration is a poorly maintained project and should likely be removed from the playbook. --- docs/configuring-playbook-matrix-registration.md | 2 ++ roles/matrix-registration/defaults/main.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/docs/configuring-playbook-matrix-registration.md b/docs/configuring-playbook-matrix-registration.md index b0240d3f..2b4b07ff 100644 --- a/docs/configuring-playbook-matrix-registration.md +++ b/docs/configuring-playbook-matrix-registration.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you. +**WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it. + > matrix-registration is a simple python application to have a token based matrix registration. Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account. diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index d924551a..a5db3022 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -7,6 +7,10 @@ matrix_registration_enabled: true matrix_registration_container_image_self_build: false matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration" matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}" +# Controls whether we'll be patching the dependencies in `setup.py` when self-building. +# Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`). +# This is an attempt to get matrix-registration in its current (outdated) version to build. +matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration" matrix_registration_config_path: "{{ matrix_registration_base_path }}/config" diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 6ff2de30..36cd0fd4 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -68,6 +68,14 @@ register: matrix_registration_git_pull_results when: "matrix_registration_container_image_self_build|bool" +# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 +- name: Patch setup.py to allow self-built version to work + lineinfile: + path: "{{ matrix_registration_docker_src_files_path }}/setup.py" + regexp: 'flask-limiter' + line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",' + when: "matrix_registration_container_image_self_build|bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled|bool" + - name: Ensure matrix-registration Docker image is built docker_image: name: "{{ matrix_registration_docker_image }}" From c05e78fc9a6cf2db54575c831d831b25ff367e1b Mon Sep 17 00:00:00 2001 From: roughnecks Date: Thu, 2 Jun 2022 16:52:15 +0200 Subject: [PATCH 334/419] Fix string null in status_endpoint --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index c8318f96..fbd41be7 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -10,7 +10,7 @@ homeserver: # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. - status_endpoint: "null" + status_endpoint: null appservice: # The address that the homeserver can use to connect to this appservice. From fc38f4a6a90541f8d610ce1b2d3444266e0a50df Mon Sep 17 00:00:00 2001 From: Ruben Hias Date: Mon, 6 Jun 2022 11:27:10 +0200 Subject: [PATCH 335/419] Updated mautrix-googlechat to v0.3.3 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index bdedef07..dd5b8368 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: v0.3.2 +matrix_mautrix_googlechat_version: v0.3.3 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From 4a72c90a6b1286f9e2206c7b07b0338cc61f4f14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 7 Jun 2022 14:34:02 +0300 Subject: [PATCH 336/419] Upgrade Element (v1.10.13 -> v1.10.14) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index b0625dba..86b0ee6a 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.13 +matrix_client_element_version: v1.10.14 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 12b28a47494f4b3b09dc625f5581ea05cdb66e8a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:13:53 +0300 Subject: [PATCH 337/419] Upgrade Hookshot (1.7.0 -> 1.7.2) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index ecc99770..cdfde23d 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.0 +matrix_hookshot_version: 1.7.2 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 959a6ac0b1a7aedf97d775788d2e9feabebd1f9c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:42:04 +0300 Subject: [PATCH 338/419] Upgrade devture/ansible version and documen nsenter usage Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1772 --- docs/ansible.md | 51 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 50cf83ed..5802e8cb 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting ## Using Ansible via Docker -Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). +Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). -Here's a sample command to get you started (run this from the playbook's directory): +This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook. + +There are 2 ways to go about it: + +- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) +- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server) + + +### Running Ansible in a container on the Matrix server itself + +To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. +Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it: + +- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker +- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around + +Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md). + +You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH. +Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...` + +Run this from the playbook's directory: + +```bash +docker run -it --rm \ +--privileged \ +--pid=host \ +-w /work \ +-v `pwd`:/work \ +--entrypoint=/bin/sh \ +docker.io/devture/ansible:2.13.0-r0 +``` + +Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. +The `/work` directory contains the playbook's code. + +You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. + + +### Running Ansible in a container on another computer (not the Matrix server) + +Run this from the playbook's directory: ```bash docker run -it --rm \ @@ -51,7 +92,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.11.6-r1 +docker.io/devture/ansible:2.13.0-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook` commands as per normal now. +You can execute `ansible-playbook ...` commands as per normal now. -### If you don't use SSH keys for authentication +#### If you don't use SSH keys for authentication If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`). To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run: From c05f47666f3544a5410d3e5e1c9882755700ebdb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:47:04 +0300 Subject: [PATCH 339/419] Announce the ability to run Ansible in a container on the Matrix server Continuation of 959a6ac0b1a7a --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a56f6fc..6f9fe2aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# 2022-06-09 + +## Running Ansible in a container can now happen on the Matrix server itself + +If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself). + + # 2022-05-31 ## Synapse v1.60 upgrade may cause trouble and require manual intervention From 8cc39c5eb5b6d238496d100886c9085d2c8edc15 Mon Sep 17 00:00:00 2001 From: Kai Biebel <38378574+seclution@users.noreply.github.com> Date: Thu, 9 Jun 2022 14:09:47 +0200 Subject: [PATCH 340/419] update PIP install-link --- docs/ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ansible.md b/docs/ansible.md index 5802e8cb..bd1fe927 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff - by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website. -- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`). +- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`). If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path. From 99c24ef0e84c9a773a2377a94f06969a6c5c5144 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 20:52:46 +0300 Subject: [PATCH 341/419] Upgrade Hookshot (1.7.2 -> 1.7.3) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index cdfde23d..3a2d5bc9 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.2 +matrix_hookshot_version: 1.7.3 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 39914881a7cd997d6c01578a33ee99e073479d57 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 07:55:44 +0200 Subject: [PATCH 342/419] whatsapp bridge: disable logging to external files The same logs still go to the systemd journal. --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index fbd41be7..cfecc2cf 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -211,7 +211,8 @@ logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. - file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" + # empy/null = journal logging only + file_name_format: # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" # Log file permissions. From 6b94ccbcff3b133688c5d461781e3f7634f90742 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 08:05:11 +0200 Subject: [PATCH 343/419] whatsapp bridge: add matrix_mautrix_whatsapp_log_level Fixes #1873 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e7b5e6f6..4ffca69f 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -128,3 +128,7 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_whatsapp_log_level: 'debug' diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index cfecc2cf..d73718ea 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -221,4 +221,4 @@ logging: timestamp_format: "Jan _2, 2006 15:04:05" # Minimum severity for log messages. # Options: debug, info, warn, error, fatal - print_level: debug + print_level: {{ matrix_mautrix_whatsapp_log_level }} From cebbe0beecd0e225c5bf2df62df2dd243c34d80e Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 08:11:28 +0200 Subject: [PATCH 344/419] whatsapp bridge: set the default log level to warning Debug logs are inappropriate for production use. --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 4ffca69f..5be70051 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -131,4 +131,4 @@ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_ # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal -matrix_mautrix_whatsapp_log_level: 'debug' +matrix_mautrix_whatsapp_log_level: 'warn' From a3d19ad31815e97fa7027408093cf03fe2434bed Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Sun, 12 Jun 2022 21:29:43 +0000 Subject: [PATCH 345/419] Add Go Skype Bridge Based on mautrix-whatsapp, as that's what the bridge software is based on. --- ...iguring-playbook-bridge-go-skype-bridge.md | 23 ++ docs/configuring-playbook.md | 2 + group_vars/matrix_servers | 44 ++++ .../defaults/main.yml | 132 ++++++++++ .../tasks/init.yml | 21 ++ .../tasks/main.yml | 23 ++ .../tasks/setup_install.yml | 147 +++++++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 10 + .../templates/config.yaml.j2 | 238 ++++++++++++++++++ .../systemd/matrix-go-skype-bridge.service.j2 | 43 ++++ setup.yml | 1 + 12 files changed, 709 insertions(+) create mode 100644 docs/configuring-playbook-bridge-go-skype-bridge.md create mode 100644 roles/matrix-bridge-go-skype-bridge/defaults/main.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/init.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/main.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 diff --git a/docs/configuring-playbook-bridge-go-skype-bridge.md b/docs/configuring-playbook-bridge-go-skype-bridge.md new file mode 100644 index 00000000..1eec9e72 --- /dev/null +++ b/docs/configuring-playbook-bridge-go-skype-bridge.md @@ -0,0 +1,23 @@ +# Setting up Go Skype Bridge (optional) + +The playbook can install and configure +[go-skype-bridge](https://github.com/Sorunome/go-skype-bridge) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Skype](https://www.skype.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_go_skype_bridge_enabled: true +``` + + +## Usage + +Once the bot is enabled, you need to start a chat with `Skype Puppet Bridge` +with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Send `help` to the bot to see the commands available. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 16a7aeeb..774e54d1 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -134,6 +134,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional) +- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8788ba10..f727da55 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -252,6 +252,44 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge # ###################################################################### +###################################################################### +# +# matrix-bridge-go-skype-bridge +# +###################################################################### + +# We don't enable bridges by default. +matrix_go_skype_bridge_enabled: false + +matrix_go_skype_bridge_container_image_self_build: true + +matrix_go_skype_bridge_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}" + +matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}" + +matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-go-skype-bridge +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -1770,6 +1808,12 @@ matrix_postgres_additional_databases: | 'password': matrix_beeper_linkedin_database_password, }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_go_skype_bridge_database_name, + 'username': matrix_go_skype_bridge_database_username, + 'password': matrix_go_skype_bridge_database_password, + }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml new file mode 100644 index 00000000..95213a00 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -0,0 +1,132 @@ +--- +# Go Skype Bridge is a Matrix <-> Skype bridge +# See: https://github.com/kelaresg/go-skype-bridge + +matrix_go_skype_bridge_enabled: true + +matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" +matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" + +matrix_go_skype_bridge_version: latest +matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" +matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" +matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" + +matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge" +matrix_go_skype_bridge_config_path: "{{ matrix_go_skype_bridge_base_path }}/config" +matrix_go_skype_bridge_data_path: "{{ matrix_go_skype_bridge_base_path }}/data" +matrix_go_skype_bridge_docker_src_files_path: "{{ matrix_go_skype_bridge_base_path }}/docker-src" + +matrix_go_skype_bridge_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_go_skype_bridge_homeserver_domain: "{{ matrix_domain }}" +matrix_go_skype_bridge_appservice_address: 'http://matrix-go-skype-bridge:8080' + +# A list of extra arguments to pass to the container +matrix_go_skype_bridge_container_extra_arguments: [] + +# List of systemd services that matrix-go-skype-bridge.service depends on. +matrix_go_skype_bridge_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-go-skype-bridge.service wants +matrix_go_skype_bridge_systemd_wanted_services_list: [] + +matrix_go_skype_bridge_appservice_token: '' +matrix_go_skype_bridge_homeserver_token: '' + +matrix_go_skype_bridge_appservice_bot_username: skypebridgebot + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_go_skype_bridge_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_go_skype_bridge_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_go_skype_bridge_database_*` variables +matrix_go_skype_bridge_database_engine: 'sqlite' + +matrix_go_skype_bridge_sqlite_database_path_local: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" +matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge.db" + +matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge' +matrix_go_skype_bridge_database_password: 'some-password' +matrix_go_skype_bridge_database_hostname: 'matrix-postgres' +matrix_go_skype_bridge_database_port: 5432 +matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' + +matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable' + +matrix_go_skype_bridge_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_go_skype_bridge_database_engine] +}}" + +matrix_go_skype_bridge_appservice_database_uri: "{{ + { + 'sqlite': matrix_go_skype_bridge_sqlite_database_path_in_container, + 'postgres': matrix_go_skype_bridge_database_connection_string, + }[matrix_go_skype_bridge_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_go_skype_bridge_login_shared_secret: '' +matrix_go_skype_bridge_bridge_login_shared_secret_map: + "{{ {matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_login_shared_secret} if matrix_go_skype_bridge_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_go_skype_bridge_bridge_double_puppet_server_map: + "{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}" + +# Default go-skype-bridge configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_go_skype_bridge_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_go_skype_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_go_skype_bridge_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_go_skype_bridge_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_go_skype_bridge_configuration_yaml`. + +matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml|from_yaml if matrix_go_skype_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`. +matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml|from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" + +matrix_go_skype_bridge_registration_yaml: | + id: skype + url: {{ matrix_go_skype_bridge_appservice_address }} + as_token: "{{ matrix_go_skype_bridge_appservice_token }}" + hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_go_skype_bridge_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml|from_yaml }}" + +# Enable End-to-bridge encryption +matrix_go_skype_bridge_bridge_encryption_allow: false +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_go_skype_bridge_log_level: 'warn' diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml new file mode 100644 index 00000000..452d835b --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}" + when: matrix_go_skype_bridge_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-go-skype-bridge-registration.yaml"] + }} + when: matrix_go_skype_bridge_enabled|bool diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml new file mode 100644 index 00000000..456ea53c --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml new file mode 100644 index 00000000..c884625b --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -0,0 +1,147 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_go_skype_bridge_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" + register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" + dst: "{{ matrix_go_skype_bridge_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_go_skype_bridge_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-go-skype-bridge.service'] + pgloader_options: ['--with "quote identifiers"'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_go_skype_bridge_requires_restart: true + when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_go_skype_bridge_database_engine == 'postgres'" + + +- name: Ensure Go Skype Bridge paths exists + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_go_skype_bridge_base_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_data_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"} + when: item.when|bool + +- name: Ensure Go Skype Bridge image is pulled + docker_image: + name: "{{ matrix_go_skype_bridge_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}" + when: not matrix_go_skype_bridge_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure Go Skype Bridge repository is present on self-build + git: + repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}" + dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}" + version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_go_skype_bridge_git_pull_results + when: "matrix_go_skype_bridge_container_image_self_build|bool" + +- name: Ensure Go Skype Bridge Docker image is built + docker_image: + name: "{{ matrix_go_skype_bridge_docker_image }}" + source: build + force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_go_skype_bridge_docker_src_files_path }}" + pull: true + when: "matrix_go_skype_bridge_container_image_self_build|bool" + +- name: Check if an old database file exists + stat: + path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db" + register: matrix_go_skype_bridge_stat_database + +- name: Check if an old matrix state file exists + stat: + path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json" + register: matrix_go_skype_bridge_stat_mx_state + +- name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped + service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true + failed_when: false + when: "matrix_go_skype_bridge_stat_database.stat.exists" + +- name: (Data relocation) Move go-skype-bridge database file to ./data directory + command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" + when: "matrix_go_skype_bridge_stat_database.stat.exists" + +- name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory + command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json" + when: "matrix_go_skype_bridge_stat_mx_state.stat.exists" + +- name: Ensure go-skype-bridge config.yaml installed + copy: + content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure go-skype-bridge registration.yaml installed + copy: + content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-go-skype-bridge.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service" + mode: 0644 + register: matrix_go_skype_bridge_systemd_service_result + +- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation + service: + daemon_reload: true + when: "matrix_go_skype_bridge_systemd_service_result.changed" + +- name: Ensure matrix-go-skype-bridge.service restarted, if necessary + service: + name: "matrix-go-skype-bridge.service" + state: restarted + when: "matrix_go_skype_bridge_requires_restart|bool" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml new file mode 100644 index 00000000..19acff85 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-go-skype-bridge service + stat: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + register: matrix_go_skype_bridge_service_stat + +- name: Ensure matrix-go-skype-bridge is stopped + service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true + when: "matrix_go_skype_bridge_service_stat.stat.exists" + +- name: Ensure matrix-go-skype-bridge.service doesn't exist + file: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + state: absent + when: "matrix_go_skype_bridge_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal + service: + daemon_reload: true + when: "matrix_go_skype_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml new file mode 100644 index 00000000..7e9f3daf --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_go_skype_bridge_appservice_token" + - "matrix_go_skype_bridge_homeserver_token" diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 new file mode 100644 index 00000000..fb50b0dd --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -0,0 +1,238 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_go_skype_bridge_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_go_skype_bridge_homeserver_domain }} + # If you don’t know what this is, no need to modify(for parse "mention user/reply message, etc") + server_name: matrix.to + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_go_skype_bridge_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_go_skype_bridge_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + uri: {{ matrix_go_skype_bridge_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision/v1 + # Shared secret for authentication. If set to "disable", the provisioning API will be disabled. + shared_secret: disable + + # The unique ID of this appservice. + id: skype + # Appservice bot details. + bot: + # Username of the appservice bot. + username: skypebridgebot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Skype bridge bot + avatar: mxc://matrix.org/kGQUDQyPiwbRXPFkjoBrPyhC + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_go_skype_bridge_appservice_token }}" + hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Skype users. + # {{ '{{.}}' }} is replaced with the phone number of the Skype user. + username_template: {{ 'skype-{{.}}' }} + # Displayname template for Skype users. + # {{ '{{.Notify}}' }} - nickname set by the Skype user + # {{ '{{.Jid}}' }} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{ '{{.Name}}' }} - display name from contact list + # {{ '{{.Short}}' }} - short display name from contact list + # To use multiple if's, you need to use: {{ '{{else if .Name}}' }}, for example: + # "{{ '{{if .Notify}}' }}{{ '{{.Notify}}' }}{{ '{{else if .Name}}' }}{{ '{{.Name}}' }}{{ '{{else}}' }}{{ '{{.Jid}}' }}{{ '{{end}}' }} (WA)" + displayname_template: "{{ '{{if .DisplayName}}' }}{{ '{{.DisplayName}}' }}{{ '{{else}}' }}{{ '{{.PersonId}}' }}{{ '{{end}}' }} (Skype)" + # Localpart template for per-user room grouping community IDs. + # On startup, the bridge will try to create these communities, add all of the specific user's + # portals to the community, and invite the Matrix user to it. + # (Note that, by default, non-admins might not have your homeserver's permission to create + # communities.) + # {{ '{{.Localpart}}' }} is the MXID localpart and {{ '{{.Server}}' }} is the MXID server part of the user. + community_template: skype-{{ '{{.Localpart}}' }}={{ '{{.Server}}' }} + + # Skype connection timeout in seconds. + connection_timeout: 20 + # If Skype doesn't respond within connection_timeout, should the bridge try to fetch the message + # to see if it was actually bridged? Use this if you have problems with sends timing out but actually + # succeeding. + fetch_message_on_timeout: false + # Whether or not the bridge should send a read receipt from the bridge bot when a message has been + # sent to Skype. If fetch_message_on_timeout is enabled, a successful post-timeout fetch will + # trigger a read receipt too. + delivery_receipts: false + # Number of times to regenerate QR code when logging in. + # The regenerated QR code is sent as an edit and essentially multiplies the login timeout (20 seconds) + login_qr_regen_count: 2 + # Maximum number of times to retry connecting on connection error. + max_connection_attempts: 3 + # Number of seconds to wait between connection attempts. + # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts + connection_retry_delay: -1 + # Whether or not the bridge should send a notice to the user's management room when it retries connecting. + # If false, it will only report when it stops retrying. + report_connection_retry: true + # Maximum number of seconds to wait for chats to be sent at startup. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + chat_list_wait: 30 + # Maximum number of seconds to wait to sync portals before force unlocking message processing. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + portal_sync_wait: 600 + + # Whether or not to send call start/end notices to Matrix. + call_notices: + start: true + end: true + + # Number of chats to sync for new users. + # Since some of the obtained conversations are not the conversations that the user needs to see, + # the actual number of conversations displayed on the matrix client will be slightly less than the set value + initial_chat_sync_count: 10 + # Number of old messages to fill when creating new portal rooms. + initial_history_fill_count: 20 + # Whether or not notifications should be turned off while filling initial history. + # Only applicable when using double puppeting. + initial_history_disable_notifications: false + # Maximum number of chats to sync when recovering from downtime. + # Set to -1 to sync all new chats during downtime. + recovery_chat_sync_limit: -1 + # Whether or not to sync history when recovering from downtime. + recovery_history_backfill: true + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # sync contact, Non-martix-standard parameter, defaults to false + sync_contact: false + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_go_skype_bridge_homeserver_domain }}": {{ matrix_go_skype_bridge_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_go_skype_bridge_bridge_login_shared_secret_map|to_json }} + + # Whether or not to invite own Skype user's Matrix puppet into private + # chat portals when backfilling if needed. + # This always uses the default puppet instead of custom puppets due to + # rate limits and timestamp massaging. + invite_own_puppet_for_backfilling: true + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This can be useful if the previous field works fine, + # but causes room avatar/name bugs. + private_chat_portal_meta: true + + # Whether or not thumbnails from Skype should be sent. + # They're disabled by default due to very low resolution. + Skype_thumbnail: false + + # Allow invite permission for user. User can invite any bots to room with Skype + # users (private chat and groups) + allow_user_invite: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!wa" + + # End-to-bridge encryption support options. This requires login_shared_secret to be configured + # in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_go_skype_bridge_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + # It is recommended to also set private_chat_portal_meta to true when using this. + default: {{ matrix_go_skype_bridge_bridge_encryption_default|to_json }} + + puppet_id: + # when set to true, the matrixid of the contact (puppet) from the bridge to the matrix will be encrypted into another string + allow: false + # 8 characters + key: '12dsf323' + # Use the username_template prefix. (Warning: At present, username_template cannot be too complicated, otherwise this function may cause unknown errors) + username_template_prefix: 'skype-' + + # Permissions for using the bridge. + # Permitted values: + # relaybot - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Skype account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_go_skype_bridge_homeserver_domain }}": user + + relaybot: + # Whether or not relaybot support is enabled. + enabled: false + # The management room for the bot. This is where all status notifications are posted and + # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting + # the command prefix completely like in user management rooms is not possible. + management: '!foo:example.com' + # List of users to invite to all created rooms that include the relaybot. + invites: [] + # The formats to use when sending messages to Skype via the relaybot. + message_formats: + m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.notice: "{{ '{{ .Sender.Displayname }}' }}:: {{ '{{ .Message }}' }}" + m.emote: "* {{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.file: "{{ '{{ .Sender.Displayname }}' }}: sent a file" + m.image: "{{ '{{ .Sender.Displayname }}' }}: sent an image" + m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" + m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" + m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" + +# Logging config. +logging: + # The directory for log files. Will be created if not found. + directory: ./logs + # Available variables: .Date for the file date and .Index for different log files on the same day. + # empy/null = journal logging only + file_name_format: + # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants + file_date_format: "2006-01-02" + # Log file permissions. + file_mode: 0600 + # Timestamp format for log entries in the Go time format. + timestamp_format: "Jan _2, 2006 15:04:05" + # Minimum severity for log messages. + # Options: debug, info, warn, error, fatal + print_level: {{ matrix_go_skype_bridge_log_level }} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 new file mode 100644 index 00000000..fe5ab2d6 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Go Skype Bridge bridge +{% for service in matrix_go_skype_bridge_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_go_skype_bridge_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_go_skype_bridge_config_path }}:/config:z \ + -v {{ matrix_go_skype_bridge_data_path }}:/data:z \ + --workdir=/data \ + {% for arg in matrix_go_skype_bridge_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_go_skype_bridge_docker_image }} \ + /usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-go-skype-bridge + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index ce36d1ce..5ea7e5a7 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc - matrix-bridge-beeper-linkedin + - matrix-bridge-go-skype-bridge - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-twitter - matrix-bridge-mautrix-hangouts From 5e9e8f9e29e2d3afc567a73ea933ad71c5094444 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Jun 2022 08:02:31 +0300 Subject: [PATCH 346/419] Announce go-skype-bridge support --- CHANGELOG.md | 11 +++++++++++ docs/configuring-playbook-bridge-mx-puppet-skype.md | 2 ++ docs/configuring-playbook.md | 2 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f9fe2aa..0e90acca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2022-06-13 + +## go-skype-bridge bridging support + +Thanks to [CyberShadow](https://github.com/CyberShadow), the playbook can now install the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) bridge for bridging Matrix to [Skype](https://www.skype.com/). + +See our [Setting up Go Skype Bridge](docs/configuring-playbook-bridge-go-skype-bridge.md) documentation to get started. + +The playbook has supported [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridging (see [Setting up MX Puppet Skype bridging](docs/configuring-playbook-bridge-mx-puppet-skype.md)) since [2020-04-09](#2020-04-09), but `mx-puppet-skype` is reportedly broken. + + # 2022-06-09 ## Running Ansible in a container can now happen on the Matrix server itself diff --git a/docs/configuring-playbook-bridge-mx-puppet-skype.md b/docs/configuring-playbook-bridge-mx-puppet-skype.md index cca5e305..ff4e636e 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-skype.md +++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md @@ -1,5 +1,7 @@ # Setting up MX Puppet Skype (optional) +**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this. + The playbook can install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 774e54d1..3bfb01bd 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) +- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) From d6a38810924b3f92a23fe75d2cb3381d37bbcc50 Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Mon, 13 Jun 2022 06:40:15 +0000 Subject: [PATCH 347/419] docs/configuring-playbook-bridge-go-skype-bridge: Fixups Fixup for #1877. --- docs/configuring-playbook-bridge-go-skype-bridge.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-go-skype-bridge.md b/docs/configuring-playbook-bridge-go-skype-bridge.md index 1eec9e72..a7a4fbc8 100644 --- a/docs/configuring-playbook-bridge-go-skype-bridge.md +++ b/docs/configuring-playbook-bridge-go-skype-bridge.md @@ -1,7 +1,7 @@ # Setting up Go Skype Bridge (optional) The playbook can install and configure -[go-skype-bridge](https://github.com/Sorunome/go-skype-bridge) for you. +[go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you. See the project page to learn what it does and why it might be useful to you. @@ -16,7 +16,7 @@ matrix_go_skype_bridge_enabled: true ## Usage -Once the bot is enabled, you need to start a chat with `Skype Puppet Bridge` +Once the bot is enabled, you need to start a chat with `Skype bridge bot` with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). From b2f9ede87c6cf1d5b43f0b36c129cdbfe62bfcc8 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 14 Jun 2022 13:45:46 +0000 Subject: [PATCH 348/419] Update Element v1.10.14 -> v1.10.15 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 86b0ee6a..083621f2 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.14 +matrix_client_element_version: v1.10.15 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 37b584ef5825fd7b435f7c542fe2d53b47ef83f9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jun 2022 16:44:25 +0300 Subject: [PATCH 349/419] Upgrade matrix-corporal (2.2.3 -> 2.3.0) matrix-corporal 2.3.0 supports Synapse v1.61.0 (which removed communities/groups support). --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 66896e0e..bd91564a 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.3 +matrix_corporal_version: 2.3.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 6a573399aea8e0236d6807a4e784f4a0ef4a7f3b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jun 2022 16:45:21 +0300 Subject: [PATCH 350/419] Upgrade Synapse (v1.60.0 -> v1.61.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- roles/matrix-synapse/vars/workers.yml | 55 ++++++++++++++------------ 2 files changed, 30 insertions(+), 27 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d0debe85..29cf00b5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.60.0 +matrix_synapse_version: v1.61.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 91b289c7..e535d2cc 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -29,9 +29,8 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ + - ^/_matrix/federation/v1/hierarchy/ # Inbound federation transaction request - ^/_matrix/federation/v1/send/ @@ -43,15 +42,14 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ + - ^/_matrix/client/v1/rooms/.*/hierarchy$ + - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ - ^/_matrix/client/(r0|v3|unstable)/devices$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(r0|v3|unstable)/joined_groups$ - - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ - - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ @@ -75,31 +73,27 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - # These appear to be conditional and should not be enabled by default. - # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. - # For now, they've been commented out manually. - # - # # Device requests - # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # # Account data requests - # - ^/_matrix/client/(r0|v3|unstable)/.*/tags - # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # # Receipts requests - # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # # Presence requests - # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ - +# These appear to be conditional and should not be enabled by default. +# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. +# For now, they've been commented out manually. +# # Account data requests +# - ^/_matrix/client/(r0|v3|unstable)/.*/tags +# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data +# +# # Receipts requests +# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt +# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers +# +# # Presence requests +# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + + # User directory search requests + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ # Additionally, the following REST endpoints can be handled for GET requests: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/federation/v1/groups/ # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ - # ^/_matrix/client/(r0|v3|unstable)/groups/ # Pagination requests can also be handled, but all requests for a given # room must be routed to the same instance. Additionally, care must be taken to @@ -301,6 +295,15 @@ matrix_synapse_workers_generic_worker_endpoints: # This work cannot be load-balanced; please ensure the main process is restarted # after setting this option in the shared configuration! + # User directory updates allow REST endpoints matching the following regular + # expressions to work: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + + # The above endpoints can be routed to any worker, though you may choose to route + # it to the chosen user directory worker. + # This style of configuration supersedes the legacy `synapse.app.user_dir` # worker application type. From 7b0e5ef9955cc82802cd97bcefefc4fcd64abd91 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:55:11 +0000 Subject: [PATCH 351/419] Update mautrix-whatsapp 0.4.0 -> 0.5.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 5be70051..6e95eeb7 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.4.0 +matrix_mautrix_whatsapp_version: v0.5.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 5eff67371da7f49fcad0da570371374c674ebe9a Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 17 Jun 2022 14:32:17 +0300 Subject: [PATCH 352/419] add synapse media_retention --- roles/matrix-synapse/defaults/main.yml | 8 ++++++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b5..b7ea94f3 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -86,6 +86,14 @@ matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" matrix_synapse_max_upload_size_mb: 50 +# Controls whether local media should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_local_media_lifetime: +# Controls whether remote media cache (media that is downloaded from other homeservers) +# should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_remote_media_lifetime: + # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce71330..1b4edb29 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1048,6 +1048,14 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" +media_retention: +{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} + local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" +{% endif %} +{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} + remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" +{% endif %} + # Maximum number of pixels that will be thumbnailed # #max_image_pixels: 32M From 323f5aa60d3be35bb8cf21813b0ab299a19a5fd9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:25:49 +0300 Subject: [PATCH 353/419] Synchronize homeserver.yaml config with the one from Synapse 1.61.0 --- roles/matrix-synapse/defaults/main.yml | 3 --- roles/matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 10 ---------- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b5..5cf82ef1 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -215,9 +215,6 @@ matrix_synapse_recaptcha_private_key: '' # Disabling this option will not delete any tokens previously generated. matrix_synapse_registration_requires_token: false -# Allows non-server-admin users to create groups on this server -matrix_synapse_enable_group_creation: false - # A list of 3PID types which users must supply when registering (possible values: email, msisdn). matrix_synapse_registrations_require_3pid: [] diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index bb8a2bcd..ab0ca3a7 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -60,6 +60,7 @@ - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} + - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce71330..d9a2974f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2600,16 +2600,6 @@ spam_checker: {{ matrix_synapse_spam_checker|to_json }} encryption_enabled_by_default_for_room_type: {{ matrix_synapse_encryption_enabled_by_default_for_room_type|to_json }} -# Uncomment to allow non-server-admin users to create groups on this server -# -enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }} - -# If enabled, non server admins can only create groups with local parts -# starting with this prefix -# -#group_creation_prefix: "unofficial_" - - # User Directory configuration # From 5987589436c7ed86897140f53eb8e1b1528c1317 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:30:22 +0300 Subject: [PATCH 354/419] Use |to_json --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1b4edb29..20b8135a 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1050,10 +1050,10 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: {% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} - local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" + local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} {% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} - remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" + remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} # Maximum number of pixels that will be thumbnailed From 38027e72f6d541f46991eec4ea4ff6d40ae4aa90 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:45:25 +0300 Subject: [PATCH 355/419] Fix "object of type 'NoneType' has no len()" error Fixup for 5eff67371da7f49fc - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1884 --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d1f13407..c2364650 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1049,10 +1049,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: -{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_local_media_lifetime %} local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} -{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_remote_media_lifetime %} remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} From f6a73231ab64629a11aea445c854819cff06db75 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 18 Jun 2022 16:13:08 +0200 Subject: [PATCH 356/419] Synapse workers should respect X-Forwarded headers Currently, Synapse workers ignore the X-Forwarded headers, which leads to internal Docker IP addresses randomly appearing in the users' device list. This adds the `x_forwarded: true` option to the worker config, fixing the issue. --- roles/matrix-synapse/templates/synapse/worker.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 40714f44..239de1f2 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -26,6 +26,7 @@ worker_listeners: {% if http_resources|length > 0 %} - type: http bind_addresses: ['::'] + x_forwarded: true port: {{ matrix_synapse_worker_details.port }} resources: - names: {{ http_resources|to_json }} From 970afa4578b78951af7fded07fd9495990b2260c Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 21 Jun 2022 00:02:17 +0300 Subject: [PATCH 357/419] Update Buscarron 1.1.0 -> 1.2.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 8 +++++++- roles/matrix-bot-buscarron/templates/env.j2 | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index c2b44fa1..56686f42 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.1.0 +matrix_bot_buscarron_version: v1.2.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -76,6 +76,9 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" # forms configuration matrix_bot_buscarron_forms: [] +# Disable encryption +matrix_bot_buscarron_noencryption: + # Sentry DSN matrix_bot_buscarron_sentry: @@ -88,6 +91,9 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# spam email localparts +matrix_bot_buscarron_spam_localparts: [] + # Ban duration in hours matrix_bot_buscarron_ban_duration: 24 diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index 876072e1..42da0d34 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -5,6 +5,7 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} @@ -12,10 +13,12 @@ BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} +BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} From fff4b9116c8fdf608669c543af3a5fa279a2751e Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Wed, 22 Jun 2022 10:10:41 +0200 Subject: [PATCH 358/419] Use prebuilt ARM images for coturn / synapse-admin * synapse-admin arm64 builds available since 2021-12-17 v.0.8.4 [awesometechnologies/synapse-admin:0.8.5](https://hub.docker.com/layers/synapse-admin/awesometechnologies/synapse-admin/0.8.5/images/sha256-eb54b8660c4641641b8acd08fd2dfc94ecc3fc604860f9e8b286a38008e3f3b6?context=explore) * coturn arm32/arm64 builds available since 2021-04-15 v.4.5.2-r0-alpine [coturn/coturn:4.5.2-r12](https://hub.docker.com/layers/coturn/coturn/coturn/4.5.2-r12/images/sha256-94887581bb1093085033be0494c3a651bd40034afba1867ddc78b8ba32dc2faf?context=explore) --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f727da55..19cde0af 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1260,7 +1260,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -2196,7 +2196,7 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" -matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" ###################################################################### # From 5963a387f06cf11eefa17b2e49f53a8b9c10169c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:43:55 +0300 Subject: [PATCH 359/419] Upgrade Postgres (14.3 -> 14.4) --- roles/matrix-postgres/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index bb820217..b6cbc205 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -27,7 +27,7 @@ matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }} matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.4{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From f943e82384c2707f0ec45618352884901e819a21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:44:12 +0300 Subject: [PATCH 360/419] Upgrade Certbot (1.27 -> 1.28) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 64e2e06b..466825c9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From f4cf7b9cc190e00b4b7188659a0d24e856b20cfa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:17:51 +0300 Subject: [PATCH 361/419] Remove unused variable (matrix_nginx_proxy_synapse_workers_enabled_list) definition --- roles/matrix-nginx-proxy/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 466825c9..f3ec27ba 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -218,7 +218,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_synapse_workers_enabled_list: [] matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. # Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. From 2e68c9963ba4ab8b1e7d644a9185717012edfe06 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:50:43 +0300 Subject: [PATCH 362/419] Fix matrix-prometheus-postgres-exporter port number in some comments --- roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index c96a6ea8..9ad60405 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -29,14 +29,14 @@ matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). +# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) +# - or listens on a loopback interface only (--net=host and 127.0.0.1:9187), which is not reachable from another container (like `matrix-prometheus`) # # Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, # but that's trickier to accomplish and won't necessarily work (hasn't been tested). From a3a6e14f7b730bdf0534f8821966b68d2c49cb1d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 23:04:27 +0300 Subject: [PATCH 363/419] Add matrix_nginx_proxy_proxy_synapse_metrics_addr_{with,sans}_container variables to defaults We redefine these variables in `group_vars/matrix_servers`, but it's better to have some defaults in the role as well. --- roles/matrix-nginx-proxy/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f3ec27ba..6fb7217e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -225,6 +225,8 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" +matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From ba51997f7b0c72755b19aeafc2db51ce90fc2112 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:44:11 +0300 Subject: [PATCH 364/419] (BC Break) Redo how metrics are exposed to external Prometheus servers --- CHANGELOG.md | 29 +++++++ docs/configuring-playbook-bridge-hookshot.md | 15 +++- ...configuring-playbook-prometheus-grafana.md | 85 +++++++++---------- ...onfiguring-playbook-prometheus-postgres.md | 8 +- group_vars/matrix_servers | 18 ++-- .../matrix-bridge-hookshot/defaults/main.yml | 13 ++- roles/matrix-bridge-hookshot/tasks/init.yml | 25 ++---- .../tasks/validate_config.yml | 13 +++ roles/matrix-nginx-proxy/defaults/main.yml | 66 +++++++++++--- .../tasks/nginx-proxy/setup_metrics_auth.yml | 53 ++++++++++++ .../tasks/setup_nginx_proxy.yml | 31 +++---- .../tasks/validate_config.yml | 23 +++++ .../nginx/conf.d/matrix-domain.conf.j2 | 13 +++ .../nginx/conf.d/matrix-synapse.conf.j2 | 39 --------- .../nginx/matrix-synapse-metrics-htpasswd.j2 | 3 - .../defaults/main.yml | 7 ++ .../tasks/init.yml | 36 ++++++++ .../defaults/main.yml | 6 ++ .../tasks/init.yml | 36 ++++++++ roles/matrix-synapse/defaults/main.yml | 8 ++ roles/matrix-synapse/tasks/init.yml | 60 +++++++++++++ .../tasks/synapse/setup_install.yml | 9 ++ .../tasks/synapse/setup_uninstall.yml | 6 ++ .../external_prometheus.yml.example.j2 | 18 ++-- setup.yml | 2 +- 25 files changed, 453 insertions(+), 169 deletions(-) create mode 100644 roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml delete mode 100644 roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 rename roles/{matrix-nginx-proxy/templates => matrix-synapse/templates/synapse}/prometheus/external_prometheus.yml.example.j2 (51%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e90acca..3c5fdac5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,32 @@ +# 2022-06-23 + +## (Potential Backward Compatibility Break) Changes around metrics collection + +**TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below. + +**Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all). + +**The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. + +**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that: +1. **Metrics may not be enabled by default anymore**: + - If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network. + - **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below. +2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. +3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`. + +**If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`. + +**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`. + +**If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that: + +1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them. +2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation +3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` +4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). + + # 2022-06-13 ## go-skype-bridge bridging support diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index f47f24c0..3e8a54a2 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -14,7 +14,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. @@ -32,8 +32,8 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | -| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). @@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics -If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). +Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them. + +To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however. + +**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to: + +- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature) +- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true` ### Collision with matrix-appservice-webhooks diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index f178def2..e1b82643 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -9,8 +9,12 @@ Remember to add `stats.` to DNS as described in [Configuring DNS](c ```yaml matrix_prometheus_enabled: true +# You can remove this, if unnecessary. matrix_prometheus_node_exporter_enabled: true +# You can remove this, if unnecessary. +matrix_prometheus_postgres_exporter_enabled: true + matrix_grafana_enabled: true matrix_grafana_anonymous_access: false @@ -34,6 +38,7 @@ Name | Description -----|---------- `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures +`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. `matrix_grafana_default_admin_user`
`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here @@ -48,28 +53,54 @@ Most of our docker containers run with limited system access, but the `prometheu ## Collecting metrics to an external Prometheus server -If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation. +**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly". + +When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network. + +The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below. -To do this, you may be interested in the following variables: +The following variables may be of interest: Name | Description -----|---------- +`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead. `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) -`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics` -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`) -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx. -`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`) +`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). +`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) +`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) +`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` +`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below) + +Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations: +```nginx +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: + - 'location /metrics/another-service { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-another-service:9100/metrics; + }' +``` + +Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). + -### Collecting worker metrics to an external Prometheus server +### Collecting Synapse worker metrics to an external Prometheus server -If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. -The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. +The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: ```yaml scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics + metrics_path: /metrics/synapse/main-process scheme: https basic_auth: username: prometheus @@ -80,7 +111,7 @@ scrape_configs: job: "master" index: 1 - job_name: 'synapse-generic_worker-1' - metrics_path: /_synapse-worker-generic_worker-18111/metrics + metrics_path: /metrics/synapse/worker/generic_worker-18111 scheme: https basic_auth: username: prometheus @@ -92,38 +123,6 @@ scrape_configs: index: 18111 ``` -### Collecting system and Postgres metrics to an external Prometheus server (advanced) - -When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats. - -It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network. - -Use the following variables in addition to the ones mentioned above: - -Name | Description ------|---------- -`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy -`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain -`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter -`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter -`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below) - -```nginx -matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: - - 'location /node-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-node-exporter:9100/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' - - 'location /postgres-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-postgres-exporter:9187/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' -``` -You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187. ## More information diff --git a/docs/configuring-playbook-prometheus-postgres.md b/docs/configuring-playbook-prometheus-postgres.md index 34407aae..6fd13a9e 100644 --- a/docs/configuring-playbook-prometheus-postgres.md +++ b/docs/configuring-playbook-prometheus-postgres.md @@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv ```yaml matrix_prometheus_postgres_exporter_enabled: true - -# the role creates a postgres user as credential. You can configure these if required: -matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' -matrix_prometheus_postgres_exporter_database_password: 'some-password' - ``` ## What does it do? @@ -20,7 +15,8 @@ Name | Description -----|---------- `matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' `matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' -`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. +`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) ## More information diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 19cde0af..394e26dc 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -711,8 +711,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" -matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" -matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled. +# +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_hookshot_metrics_enabled` +# - `matrix_hookshot_metrics_proxying_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}" matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" @@ -1586,13 +1591,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" -# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore. -# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public. -# A local Prometheus can consume them over the container network. -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" - matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" @@ -1614,8 +1612,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" -matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}" - matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 3a2d5bc9..5d618a6e 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -29,13 +29,20 @@ matrix_hookshot_public_endpoint: /hookshot matrix_hookshot_appservice_port: 9993 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" -# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc -matrix_hookshot_metrics_enabled: true +# Controls whether metrics are enabled in the bridge configuration. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`. +matrix_hookshot_metrics_enabled: false + +# Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_hookshot_metrics_proxying_enabled: false + # There is no need to edit ports. # Read the documentation to learn about using hookshot metrics with external Prometheus # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 -matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_webhook_port: 9000 diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 14bbcbb3..96d5740a 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -103,11 +103,10 @@ [matrix_hookshot_matrix_nginx_proxy_configuration] }} - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | - {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} - location {{ matrix_hookshot_metrics_endpoint }} { + matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/hookshot { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; @@ -117,24 +116,18 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; {% endif %} - proxy_set_header Host $host; - {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - {% endif %} } - {% endif %} + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} - tags: - - always + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool when: matrix_hookshot_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml index 5da8809e..b9622332 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -57,3 +57,16 @@ when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" with_items: - "matrix_hookshot_provisioning_secret" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot, + which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`. + + We now recommend exposing Hookshot metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_hookshot_proxy_metrics + - matrix_hookshot_metrics_endpoint + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6fb7217e..f19eb4ab 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,58 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) +# If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. +# This is only useful when an external Prometheus will be collecting metrics. +# +# To control what kind of metrics are exposed under `/metrics/` (e.g `/metrics/node-exporter`, `/metrics/postgres-exporter`, etc.), +# use `matrix_SERVICE_metrics_proxying_enabled` variables in each respective role. +# Roles inject themselves into the matrix-nginx-proxy configuration. +# +# To protect the metrics endpoints, see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` +matrix_nginx_proxy_proxy_matrix_metrics_enabled: false + +# Controls whether Basic Auth is enabled for all `/metrics/*` endpoints. +# +# You can provide the Basic Auth credentials in 2 ways: +# 1. A single username/password pair using `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` +# 2. Using raw content (`htpasswd`-generated file) provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled: false + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` specify +# the Basic Auth username/password for protecting `/metrics/*` endpoints. +# Alternatively, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username: "" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password: "" + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` value will be written verbatim to the htpasswd file protecting `/metrics/*` endpoints. +# Use this when a single username/password is not enough and you'd like to get more control over credentials. +# +# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. +# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` +# The whole thing is needed here. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "" + +# Specifies the path to the htpasswd file holding the htpasswd credentials for protecting `/metrics/*` endpoints +# This is not meant to be modified. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + +# Specifies the Apache container image to use +# when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. +# This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. +# To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. +# Learn more in: `roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" + +# A list of strings containing additional configuration blocks to add to the `location /metrics` configuration (matrix-domain.conf). +# Do not modify `matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks` and `matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks`. +# If you'd like to inject your own configuration blocks, use `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`. +matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks: "{{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks + matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks }}" +matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: [] +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: [] + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -216,18 +268,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" -# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false -# The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. -# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. -# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` -# The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" - # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-proxy:12080" @@ -260,8 +300,6 @@ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: | (['/_synapse/oidc'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled else []) + (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else []) - + - (['/_synapse.*/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else []) }} # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml new file mode 100644 index 00000000..55163c94 --- /dev/null +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -0,0 +1,53 @@ +# When we're dealing with raw htpasswd content, we just store it in the file directly. +- name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content }}" + dest: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + when: not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username + +# Alternatively, we need to use the `htpasswd` tool to generate the htpasswd file. +# There's an Ansible module that helps with that, but it requires passlib (a Python module) to be installed on the server. +# See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module +# We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. +# As a workaround, we run `htpasswd` from an Apache container image. +- block: + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" + + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent + when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a559e109..0da9e52c 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -31,23 +31,9 @@ mode: 0644 when: matrix_nginx_proxy_enabled|bool -- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI) - template: - src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2" - dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0400 - when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool" - -- name: Generate sample prometheus.yml for external scraping - template: - src: "{{ role_path }}/templates/prometheus/external_prometheus.yml.example.j2" - dest: "{{ matrix_base_data_path }}/external_prometheus.yml.example" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0644 - when: matrix_nginx_proxy_proxy_synapse_metrics|bool +- name: Setup metrics + include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" + when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool - name: Ensure Matrix nginx-proxy configured (generic) template: @@ -324,10 +310,15 @@ file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool" -- name: Ensure sample prometheus.yml for external scraping is deleted +# This file is now generated by the matrix-synapse role and saved in the Synapse directory +- name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted file: path: "{{ matrix_base_data_path }}/external_prometheus.yml.example" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics|bool" + +- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs) + file: + path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + state: absent + when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 0de93873..c6697e93 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -27,6 +27,14 @@ `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" +- name: Fail if Basic Auth enabled for metrics, but no credentials supplied + fail: + msg: | + Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: + - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) + - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) + when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" + - block: - name: (Deprecation) Catch and report renamed settings fail: @@ -36,6 +44,7 @@ with_items: - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} + - {'old': 'matrix_nginx_proxy_proxy_synapse_workers_enabled_list', 'new': ''} when: "item.old in vars" - name: Fail if required variables are undefined @@ -49,3 +58,17 @@ - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse, + which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`. + + We now recommend exposing Synapse metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_nginx_proxy_proxy_synapse_metrics + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 4abcd40a..2895ba14 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,6 +45,19 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} + location /metrics { + {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path }}; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 9a1576d4..69f13a1a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -145,45 +145,6 @@ server { {{- configuration_block }} {% endfor %} - {% if matrix_nginx_proxy_proxy_synapse_metrics %} - location /_synapse/metrics { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - - {% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_proxy_synapse_metrics %} - {% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} - {% if worker.metrics_port != 0 %} - location /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; - proxy_pass http://$backend/_synapse/metrics; - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - {% endfor %} - {% endif %} - {# Everything else just goes to the API server ##} location / { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 b/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 deleted file mode 100644 index 1a7247ac..00000000 --- a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# User and password for protecting /_synapse/metrics URI -prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }} diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 5e50a1d7..1a086b31 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -17,10 +17,17 @@ matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service # List of systemd services that matrix-prometheus.service wants matrix_prometheus_node_exporter_systemd_wanted_services_list: [] +# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_node_exporter_metrics_proxying_enabled: false + # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index db44a7ab..d08340a8 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + location /metrics/node-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-node-exporter:9100"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 9ad60405..8c3f435e 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -28,11 +28,17 @@ matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres' matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' +# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index ddea23ab..996cc975 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + location /metrics/postgres-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-postgres-exporter:9187"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 50e84302..848d8beb 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -334,6 +334,14 @@ matrix_url_preview_accept_language: ['en-US', 'en'] matrix_synapse_metrics_enabled: false matrix_synapse_metrics_port: 9100 +# Controls whether Synapse metrics should be proxied (exposed) on: +# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process +# - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process +# +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_synapse_metrics_proxying_enabled: false + # Enable the Synapse manhole # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md matrix_synapse_manhole_enabled: false diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 88065049..ffaec05f 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -25,3 +25,63 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_synapse_nginx_metrics_configuration_block: | + location /metrics/synapse/main-process { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse:{{ matrix_synapse_metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_synapse_metrics_port }}/_synapse/metrics; + {% endif %} + } + + - name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_nginx_metrics_configuration_block] + }} + + - name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_synapse_worker_nginx_metrics_configuration_block: | + {% for worker in matrix_synapse_workers_enabled_list %} + {% if worker.metrics_port != 0 %} + location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + proxy_set_header Host $host; + } + {% endif %} + {% endfor %} + when: matrix_synapse_workers_enabled_list|length > 0 + + - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_worker_nginx_metrics_configuration_block] + }} + when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_enabled|bool and matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 2302a6f2..1aaaf7b3 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -119,3 +119,12 @@ src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0755 + +- name: Generate sample prometheus.yml for external scraping + template: + src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2" + dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + when: matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 911d1285..1d4fe7ad 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -29,3 +29,9 @@ docker_image: name: "{{ matrix_synapse_docker_image }}" state: absent + +- name: Ensure sample prometheus.yml for external scraping is deleted + file: + path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + state: absent + when: "not matrix_synapse_metrics_proxying_enabled|bool" diff --git a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 similarity index 51% rename from roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 rename to roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index cbb2e6f3..b194c3c2 100644 --- a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -11,29 +11,29 @@ rule_files: scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/main-process + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "master" index: "0" -{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} +{% for worker in matrix_synapse_workers_enabled_list %} - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "{{ worker.type }}" index: "{{ worker.instanceId }}" diff --git a/setup.yml b/setup.yml index 5ea7e5a7..27aac7a7 100755 --- a/setup.yml +++ b/setup.yml @@ -47,6 +47,7 @@ - matrix-dendrite - matrix-synapse-admin - matrix-prometheus-node-exporter + - matrix-prometheus-postgres-exporter - matrix-prometheus - matrix-grafana - matrix-registration @@ -63,6 +64,5 @@ - matrix-coturn - matrix-aux - matrix-postgres-backup - - matrix-prometheus-postgres-exporter - matrix-backup-borg - matrix-common-after From 9aab7f9c37f546a22a7b54c1a34bc6a3e519834a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:57:53 +0300 Subject: [PATCH 365/419] Make yamllint happy Fixup for ba51997f7b0 --- .../matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 55163c94..1d39b8d6 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -1,3 +1,5 @@ +--- + # When we're dealing with raw htpasswd content, we just store it in the file directly. - name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) copy: From 1727ecd888317db71f7e35f4e022ef728bdf854c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 18:00:32 +0300 Subject: [PATCH 366/419] Make yamllint happy (take 2) > Error: 19:3 error wrong indentation: expected 4 but found 2 (indentation) --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 1d39b8d6..35dabefa 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -16,40 +16,40 @@ # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. # As a workaround, we run `htpasswd` from an Apache container image. - block: - - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - docker_image: - name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" - # We store the password in a file and make the `htpasswd` tool read it from there, - # as opposed to passing it directly on stdin (which will expose it to other processes on the server). - - name: Store metrics password in a temporary file - copy: - content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" - dest: "/tmp/matrix-nginx-proxy-metrics-password" - mode: 0400 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" - - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - command: - cmd: >- - {{ matrix_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network=none - --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data - --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro - --entrypoint=/bin/sh - {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} - -c - 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' - - name: Delete temporary metrics password file - file: - path: /tmp/matrix-nginx-proxy-metrics-password - state: absent + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' From 37d7e75e9bf2499e64ef8c7847b99c4ae44e081b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 20:37:56 +0300 Subject: [PATCH 367/419] Add support for passing extra arguments to prometheus-node-exporter --- .../defaults/main.yml | 12 ++++++++++++ .../matrix-prometheus-node-exporter.service.j2 | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 1a086b31..a7f25c21 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -11,6 +11,18 @@ matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_n # A list of extra arguments to pass to the container matrix_prometheus_node_exporter_container_extra_arguments: [] +# A list of extra arguments to pass to the node_exporter process +# +# Example: +# matrix_prometheus_node_exporter_process_extra_arguments: +# - "--collector.systemd" +# - "--collector.logind" +# +# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. +# In fact, the systemd collector is exhibiting issues: +# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +matrix_prometheus_node_exporter_process_extra_arguments: [] + # List of systemd services that matrix-prometheus.service depends on matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service'] diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index e38b42e3..d0bfa4cc 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -32,7 +32,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod --pid=host \ --mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ {{ matrix_prometheus_node_exporter_docker_image }} \ - --path.rootfs=/host + --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' From 569b52f0c1818d988aa0ebf0eb93a7ff9e37b503 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Jun 2022 08:33:17 +0300 Subject: [PATCH 368/419] Document how the systemd node-exporter collector can be made to work --- roles/matrix-prometheus-node-exporter/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index a7f25c21..d061d59c 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -18,9 +18,10 @@ matrix_prometheus_node_exporter_container_extra_arguments: [] # - "--collector.systemd" # - "--collector.logind" # -# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. -# In fact, the systemd collector is exhibiting issues: -# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +# Note: the above is just an example. Various collectors may require various tweaks to be able to run. +# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`: +# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`) +# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`) matrix_prometheus_node_exporter_process_extra_arguments: [] # List of systemd services that matrix-prometheus.service depends on From 5f6ad0f603693d4ea8b31298fe4b8c42d004c724 Mon Sep 17 00:00:00 2001 From: nono-lqdn Date: Fri, 24 Jun 2022 17:45:52 +0200 Subject: [PATCH 369/419] Added a note on managing the basic_auth password on external prometheus servers --- CHANGELOG.md | 1 + docs/configuring-playbook-prometheus-grafana.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c5fdac5..2779b369 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index e1b82643..b2878c12 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,6 +90,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server @@ -130,4 +131,3 @@ scrape_configs: - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2) - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) - From 83f1574a085831ac58d22de6cffb5d4f1569e5fc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 Jun 2022 18:59:28 +0300 Subject: [PATCH 370/419] Upgrade exim-relay (4.95-r0-2 -> 4.95-r0-4) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 682126d2..6d3bb2e2 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0-2 +matrix_mailer_version: 4.95-r0-4 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From b784f88af5cb8f3883ade58fee175cb76f892f66 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:06:35 +0000 Subject: [PATCH 371/419] Update Grafana (8.5.3 -> 9.0.1) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 991cb19d..618eaef7 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.3 +matrix_grafana_version: 9.0.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From c793fc5ff0a47d078022751fd2be588a2782187f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:07:30 +0000 Subject: [PATCH 372/419] Update Prometheus (v2.33.3 -> v2.36.2) --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 843a90e8..cb1e6c01 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.33.3 +matrix_prometheus_version: v2.36.2 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 574f57c82cb44a6dce204fbdfda197753d8752de Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 08:41:22 +0300 Subject: [PATCH 373/419] expose prometheus process args --- roles/matrix-prometheus/defaults/main.yml | 7 +++++++ .../templates/systemd/matrix-prometheus.service.j2 | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index cb1e6c01..ffe2ddc0 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,6 +26,13 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 8de57201..296a3adf 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} + {{ matrix_prometheus_docker_image }} \ + {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 1542e8bca036360c6eb3d2cdaa5415e7eacb805f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 26 Jun 2022 06:59:46 +0000 Subject: [PATCH 374/419] Update roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 Co-authored-by: Slavi Pantaleev --- .../templates/systemd/matrix-prometheus.service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 296a3adf..57969f8a 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,8 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} \ - {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From c71fea70d334506571dd268824e09f05b5f80acf Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 12:01:57 +0300 Subject: [PATCH 375/419] matrix-prometheus feedback --- roles/matrix-prometheus/defaults/main.yml | 10 ++++++++-- .../templates/systemd/matrix-prometheus.service.j2 | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index ffe2ddc0..28395bd9 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,13 +26,19 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' -# A list of extra arguments to pass to the prometheus process -matrix_prometheus_process_extra_arguments: +# A list of default arguments to pass to the prometheus process +matrix_prometheus_process_default_arguments: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: [] + +# holds the final list of process arguments +matrix_prometheus_process_arguments: "{{ matrix_prometheus_process_default_arguments + matrix_prometheus_process_extra_arguments }}" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 57969f8a..56e13c13 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 5801017df0b1005c6513bce4bfa2a3c11e36309c Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:16:09 +0300 Subject: [PATCH 376/419] mx-puppet-bridges - set log level = warn, set presence interval = 5s --- .../matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 | 4 ++-- .../matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 | 2 +- .../templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 index edb0c280..a1c0cc48 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -25,7 +25,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -117,7 +117,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 index a9ab7701..357baec7 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 index 1c4bb1bd..57c5b0f0 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -18,7 +18,7 @@ presence: # Bridge Instagram online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -61,7 +61,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 index 1d6d4828..647f8fc7 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 @@ -29,7 +29,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Optionally, you can apply filters to the console logging #console: # level: info @@ -80,7 +80,7 @@ presence: # Bridge online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 # if the im.vector.user_status state setting should be diabled #disableStatusState: false # A blacklist of remote user IDs for the im.vector.user_status state setting diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index c7497a84..b84fe221 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -32,7 +32,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -75,7 +75,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 index fd59471d..0919907d 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 index 1d269057..5418ccaf 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -28,7 +28,7 @@ presence: # Bridge Twitter online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -71,7 +71,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files From 2689a0981a820138b05218b27cf4e5178d08d64b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:31:51 +0300 Subject: [PATCH 377/419] mautrix-based bridges - set log level = warn(ing) --- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 10 +++++----- .../templates/config.yaml.j2 | 6 +++--- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 6 +++--- 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 4fb6b055..77a73a96 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -256,12 +256,12 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [ console] diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index c3cb1932..d4823c42 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -250,11 +250,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index e2af8830..65732343 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 7ff7d539..a8a52b7c 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -135,11 +135,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index cb74d5c1..a4ba96d6 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -216,13 +216,13 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING mauigpapi: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index b831fe9a..47671af5 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 6569ce87..177c5f0a 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -401,11 +401,11 @@ logging: formatter: precise loggers: mau: - level: DEBUG + level: WARNING telethon: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f0ae69b2..d0aec60f 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -195,9 +195,9 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] From d426dbbc32614aa9e2c65c2ceb2d0fbbf9f29737 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:41:23 +0300 Subject: [PATCH 378/419] missing var --- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index e622522d..5b84643c 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -25,6 +25,8 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url } matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" +matrix_beeper_linkedin_bridge_presence: true + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] From 55d8e3dfddb6a8c66ac65ad5923e35d32b1ab102 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:03:21 +0300 Subject: [PATCH 379/419] mautrix-based bridges: add matrix_admin --- roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 3 +++ .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 +++ 10 files changed, 30 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 77a73a96..7310676d 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,6 +238,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index fb50b0dd..f3dd7c29 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,6 +199,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index d4823c42..7dca6aff 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,6 +203,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 65732343..b7b90832 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,6 +119,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index a8a52b7c..5b7bd8be 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,6 +116,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index a4ba96d6..c0965ad2 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 47671af5..2c49c833 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,6 +225,9 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 177c5f0a..40549721 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,6 +291,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index d0aec60f..debddc4b 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,6 +175,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d73718ea..d3b26ba6 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Settings for relay mode relay: From ed8ef0d1f871b2b671a75a1af8786d2c27f7bc8b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:09:31 +0300 Subject: [PATCH 380/419] mautrix-telegram: update defaults --- .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 40549721..b2288257 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -105,11 +105,11 @@ bridge: # synced when they send messages. The maximum is 10000, after which the Telegram server # will not send any more members. # Defaults to no local limit (-> limited to 10000 by server) - max_initial_member_sync: -1 + max_initial_member_sync: 10 # Whether or not to sync the member list in channels. # If no channel admins have logged into the bridge, the bridge won't be able to sync the member # list regardless of this setting. - sync_channel_members: true + sync_channel_members: false # Whether or not to skip deleted members when syncing members. skip_deleted_members: true # Whether or not to automatically synchronize contacts and chats of Matrix users logged into @@ -204,7 +204,7 @@ bridge: # been sent to Telegram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From cd88c06994c881f9be24bf700ae55c535ffe7d5a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:16:43 +0300 Subject: [PATCH 381/419] mautrix-twitter: update defaults --- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index debddc4b..2b3b4140 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -149,7 +149,7 @@ bridge: # been sent to Twitter. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Whether or not non-fatal polling errors should send notices to the notice room. temporary_disconnect_notices: true # Number of seconds to sleep more than the previous error when a polling error occurs. From 00192f6e94b349750545861f0c251ac6821f606a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:19:56 +0300 Subject: [PATCH 382/419] mautrix-instagram, mautrix-signal: set delivery_error_reports: true --- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index c0965ad2..9ac7e2e3 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -166,7 +166,7 @@ bridge: # been sent to Instagram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2c49c833..3ca35b2f 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -177,7 +177,7 @@ bridge: # Note that this is not related to Signal delivery receipts. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From 44f2234c9947549bd88066b03ba36d350dfffbee Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 27 Jun 2022 10:34:04 +0300 Subject: [PATCH 383/419] define matrix_admin in matrix-base --- roles/matrix-base/defaults/main.yml | 3 +++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 11 files changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 64556378..d303bf15 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -8,6 +8,9 @@ # Example value: example.com matrix_domain: ~ +# The optional matrix admin MXID, used in bridges' configs to set bridge admin user +matrix_admin: '' + # This will contain the homeserver implementation that is in use. # Valid values: synapse, dendrite # diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 7310676d..6b33ffea 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,7 +238,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index f3dd7c29..6f7277fe 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,7 +199,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 7dca6aff..2555e985 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,7 +203,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index b7b90832..db4394b7 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,7 +119,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 5b7bd8be..07f5b2d7 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,7 +116,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 9ac7e2e3..994a39a7 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 3ca35b2f..53aa550d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,7 +225,7 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index b2288257..20055ab7 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,7 +291,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 2b3b4140..6b32d47b 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,7 +175,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d3b26ba6..b9862e94 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} From e27ecd6e76f0044f2a94d1e05cf3e5cc2d0accbb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 27 Jun 2022 11:02:10 +0300 Subject: [PATCH 384/419] Add matrix_admin example --- roles/matrix-base/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index d303bf15..4d63fc56 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,6 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user +# Example value: "@someone:{{ matrix_admin }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 23ed70a6bb02f371e57989c85de7594eeb40b002 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 27 Jun 2022 11:38:21 +0000 Subject: [PATCH 385/419] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 4d63fc56..6b717f80 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,7 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user -# Example value: "@someone:{{ matrix_admin }}" +# Example value: "@someone:{{ matrix_domain }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 5b38ee537144f32721a6a43153341cc5c93172c0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:27:57 +0000 Subject: [PATCH 386/419] add missing retry to the apache docker image pull --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 35dabefa..046746df 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # We store the password in a file and make the `htpasswd` tool read it from there, # as opposed to passing it directly on stdin (which will expose it to other processes on the server). From e36894f93b808a7219424605d9ecd79ac0b173a7 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 03:35:12 -0800 Subject: [PATCH 387/419] Update configuring-playbook-bridge-mautrix-facebook.md Logging in from the IP address is no longer always enough, but 2FA seems to work eventually --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 1845682f..bb8d1430 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -91,3 +91,5 @@ Once connected, you should be able to verify that you're browsing the web throug Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/). Once logged in, proceed to [set up bridging](#usage). + +If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change From bff35926dc24704e1eed7acea83c803fb865dcdc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:13:14 +0300 Subject: [PATCH 388/419] Upgrade Synapse (v1.61.0 -> v1.61.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 848d8beb..43ee9e57 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.0 +matrix_synapse_version: v1.61.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 75746943be412a7197bdf7be0550273d925e22db Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 28 Jun 2022 17:51:06 +0300 Subject: [PATCH 389/419] Update README.md to include Go Skype Bridge Update README.md to include Go Skype Bridge, added in #1877 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 26f10940..1d58eed0 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation +- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation + - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation From c614b61e01e1ec1de5b86cd265b3b36e9c5b3b4d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:53:57 +0300 Subject: [PATCH 390/419] Fix mautrix-signal permissions configuration Fixup for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ad0752e3..61f8695d 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -99,6 +99,9 @@ matrix_mautrix_signal_relaybot_enabled: false matrix_mautrix_signal_bridge_permissions: | '*': relay '{{ matrix_mautrix_signal_homeserver_domain }}': user + {% if matrix_admin %} + "{{ matrix_admin }}": admin + {% endif %} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 53aa550d..c5fbba8e 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,11 +223,8 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: + permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From c15bf2e0194e63f30df700b2465960d91120f811 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Jun 2022 08:42:13 +0300 Subject: [PATCH 391/419] Upgrade Grafana (9.0.1 -> 9.0.2) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 618eaef7..7765ae48 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.1 +matrix_grafana_version: 9.0.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 523a7b4a6e428eb21efb343463d576152ade1cc9 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 23:38:08 -0800 Subject: [PATCH 392/419] Update configuring-playbook-own-webserver.md Adding a bit on how to bind the synapse ports if the webserver isn't in the same docker network, or on a different machine. --- docs/configuring-playbook-own-webserver.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index c7e56f14..155b5995 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. +If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) +'''yaml +# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. +matrix_synapse_container_client_api_host_bind_port: '' +matrix_synapse_container_federation_api_plain_host_bind_port: '' +''' + + ### Using your own external Apache webserver From 6a99b3d5323a25b3f9a289b2b0d90675ff1d180b Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 29 Jun 2022 15:09:29 +0000 Subject: [PATCH 393/419] Fix Hydrogen self check Thanks to Julian for pointing this out --- roles/matrix-client-hydrogen/tasks/main.yml | 7 +++++++ roles/matrix-client-hydrogen/tasks/self_check.yml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 13d157cc..d027fe66 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -21,3 +21,10 @@ tags: - setup-all - setup-client-hydrogen + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index 28af9c78..0c664231 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}" + matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json" - name: Check Hydrogen uri: From 9cf2b37352f940bdfeb4208be88d67c5b245ee62 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 00:43:01 -0800 Subject: [PATCH 394/419] Update configuring-playbook-bridge-mautrix-instagram.md Copy/Pasting from docs/configuring-playbook-bridge-mautrix-facebook.md but with the relevant variable names changed to add turning on encryption and a puppet admin. --- ...uring-playbook-bridge-mautrix-instagram.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 38d107d0..08b35d1d 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -7,6 +7,27 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i ```yaml matrix_mautrix_instagram_enabled: true ``` +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. + ## Usage From 3fbff1a78909170426ce15ad9b81a3fdc5b3b9e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 11:57:01 +0300 Subject: [PATCH 395/419] Mention matrix_admin Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- docs/configuring-playbook-bridge-mautrix-instagram.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 08b35d1d..cbfdcb0b 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -20,13 +20,18 @@ matrix_mautrix_instagram_configuration_extension_yaml: | If you would like to be able to administrate the bridge from your account it can be configured like this: ```yaml +# The easy way. The specified Matrix user ID will be made an admin of all bridges +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" + +# OR: +# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins. matrix_mautrix_instagram_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage From 95ca182ab50bc3cf04e56d7ae1cc57cb49e59265 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 12:08:37 +0300 Subject: [PATCH 396/419] Remove outdated logging configuration from Dimension Related to https://github.com/turt2live/matrix-dimension/commit/123a45bb217126875a5a9aaabbe22c5f8f66727a Provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1879 Not sure how bot-sdk's logging level can be adjusted. Seems like Dimension now hardcodes `LogService.setLevel(LogLevel.DEBUG);` in its startup code. --- roles/matrix-dimension/templates/config.yaml.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 index 39721d71..592c65ac 100644 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -73,13 +73,3 @@ dimension: # This is where Dimension is accessible from clients. Be sure to set this # to your own Dimension instance. publicUrl: "https://{{ matrix_server_fqn_dimension }}" - -# Settings for controlling how logging works -logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 From 60c14c3550b41174dae723048b48ac011541cc45 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 03:46:24 -0800 Subject: [PATCH 397/419] Update configuring-playbook-own-webserver.md Fixing code block formatting --- docs/configuring-playbook-own-webserver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 155b5995..76fa2d8b 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -58,11 +58,11 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -'''yaml +```yaml # Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' matrix_synapse_container_federation_api_plain_host_bind_port: '' -''' +``` From 84346cae9cb4f2633a3acee3b1425900cc32fa67 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 21:28:38 -0800 Subject: [PATCH 398/419] Update configuring-playbook-bridge-mautrix-facebook.md Adding the defaults in addition to template, switching YOUR_DOMAIN to {{ matrix_domain }}, and giving example of the two combined, as the playbook gives a warning about things being defined twice, so only using the last one in the vars.yml --- ...nfiguring-playbook-bridge-mautrix-facebook.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index bb8d1430..926c6f02 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can matrix_mautrix_facebook_configuration_extension_yaml: | bridge: permissions: - '@YOUR_USERNAME:YOUR_DOMAIN': admin + '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure. +Using both would look like + +```yaml +matrix_mautrix_facebook_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. ## Set up Double Puppeting From 4ca0d23b813e1f8f6123bd9cd5db233869f5e8be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 08:42:23 +0300 Subject: [PATCH 399/419] FIx code blocks --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 926c6f02..4429f004 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting From 02cc201f14afb6480b55d86eac918474db0875e7 Mon Sep 17 00:00:00 2001 From: freiit Date: Fri, 1 Jul 2022 12:28:10 +0200 Subject: [PATCH 400/419] Add configuration instruction for AWS CloundFront --- docs/configuring-well-known.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a519343..36e53996 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -168,6 +168,11 @@ backend matrix-backend /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! ``` +**For AWS CloudFront** + + 1. Add a custom origin with matrix. to your distribution + 1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin. + Make sure to: - **replace `DOMAIN`** in the server configuration with your actual domain name From 06e51b06f1b6d442a78d0a3343df521d75637596 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 03:22:02 -0800 Subject: [PATCH 401/419] Adding logging variable for facebook and setting it's default (#1909) Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index d1469863..06bde727 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -128,3 +128,6 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" + +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: DEBUG diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 2555e985..f1d59b1a 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -253,11 +253,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} handlers: [console] From 71006393e0a2c9e62213f8849eed7349c4f3bc94 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:31:28 +0300 Subject: [PATCH 402/419] Default mautrix-facebook to WARNING loggers by default Overlooked in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 06bde727..778f31fc 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -130,4 +130,4 @@ matrix_mautrix_facebook_registration_yaml: | matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" # Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: DEBUG +matrix_mautrix_facebook_logging_level: WARNING From a6a5f79a6fe5509fd1dd620079b61b9dd9011b14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:32:42 +0300 Subject: [PATCH 403/419] Relocate matrix_mautrix_facebook_logging_level in defaults/main.yml Improvement to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 778f31fc..5acc1ec7 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -89,6 +89,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -128,6 +131,3 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" - -# Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: WARNING From 1c8f21c738d33e17da277cdbac7e3710d568fbd8 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 04:05:28 -0800 Subject: [PATCH 404/419] Adding logging configuration and default to the rest of the mautrixes that don't have them --- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-hangouts/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 12 ++++++------ roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- .../matrix-bridge-mautrix-telegram/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- 12 files changed, 42 insertions(+), 24 deletions(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index dd5b8368..d0d90614 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_googlechat_login_shared_secret: '' matrix_mautrix_googlechat_appservice_bot_username: googlechatbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_googlechat_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index db4394b7..864e3e1b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -141,11 +141,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 911c81c6..f4f67a58 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -75,6 +75,9 @@ matrix_mautrix_hangouts_login_shared_secret: '' matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_hangouts_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 07f5b2d7..d207681e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 4ae2d374..a227b085 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -68,6 +68,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_instagram_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 994a39a7..99ceee0e 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -135,7 +135,7 @@ bridge: # Whether or not the bridge should backfill chats when reconnecting. resync: true # Should even disconnected users be reconnected? - always: false + always: false # End-to-bridge encryption support options. These require matrix-nio to be installed with pip # and login_shared_secret to be configured in order to get a device for the bridge bot. # @@ -219,13 +219,13 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} mauigpapi: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 61f8695d..d35e12af 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -57,6 +57,9 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_signal_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_signal_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index c5fbba8e..0044a0fc 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 65a446e0..4708266a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -43,6 +43,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_telegram_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_telegram_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 20055ab7..276bd461 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -404,11 +404,11 @@ logging: formatter: precise loggers: mau: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} telethon: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b2e292ff..b32f57ef 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -66,6 +66,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt matrix_mautrix_twitter_appservice_bot_username: twitterbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_twitter_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 6b32d47b..f9bc8941 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -198,9 +198,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} handlers: [console] From c3f85ae827af0e942b5e9dc68e30649316050de4 Mon Sep 17 00:00:00 2001 From: Kabir Kwatra Date: Fri, 1 Jul 2022 07:56:09 -0700 Subject: [PATCH 405/419] feat(jitsi+arm64): Enable Jitsi on arm64 fixes spantaleev/matrix-docker-ansible-deploy#1889 Support for arm64 images tracked in jitsi/docker-jitsi-meet#1214 and added in jitsi/docker-jitsi-meet#1269 --- roles/matrix-jitsi/defaults/main.yml | 2 +- roles/matrix-jitsi/tasks/init.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index c3268267..70dc035d 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7001 +matrix_jitsi_version: stable-7439-2 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index c4ed61a6..58567d92 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -7,4 +7,4 @@ - name: Fail if on an unsupported architecture fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' + when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] From 2e4fad61944a7d2f5082c9f4e19e23cf30c23f67 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 2 Jul 2022 15:02:35 +0300 Subject: [PATCH 406/419] Use 127.0.0.1 instead of localhost for federation API when nginx disabled `localhost` may resolve to `::1` on some IPv6-enabled systems, which will not work, because we only potentially expose container ports on `127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`), not on `::1`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914 --- group_vars/matrix_servers | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 394e26dc..8d392276 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1578,7 +1578,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f19eb4ab..195b16fd 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -311,7 +311,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "" # Controls whether proxying for the Matrix Federation API should be done. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088" -matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088" +matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088" matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem" From ec9f8e29319e6150eb6daa6417fa1afab7078b70 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 21 Jun 2022 14:31:21 +0100 Subject: [PATCH 407/419] Add a role to install 'ntfy' push-notification server. This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with simple configuration, and plumbing to add the role to the playbook. TODO: documentation, self-check, database persistence. --- group_vars/matrix_servers | 19 ++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-ntfy.conf.j2 | 100 ++++++++++++++++++ roles/matrix-ntfy/README.md | 40 +++++++ roles/matrix-ntfy/defaults/main.yml | 16 +++ roles/matrix-ntfy/tasks/init.yml | 5 + roles/matrix-ntfy/tasks/main.yml | 10 ++ roles/matrix-ntfy/tasks/setup.yml | 58 ++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 37 +++++++ setup.yml | 1 + 12 files changed, 309 insertions(+) create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 create mode 100644 roles/matrix-ntfy/README.md create mode 100644 roles/matrix-ntfy/defaults/main.yml create mode 100644 roles/matrix-ntfy/tasks/init.yml create mode 100644 roles/matrix-ntfy/tasks/main.yml create mode 100644 roles/matrix-ntfy/tasks/setup.yml create mode 100644 roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d392276..1c30405d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,6 +1552,7 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}" +matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -1634,6 +1635,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-sygnal.service'] if matrix_sygnal_enabled else []) + + (['matrix-ntfy.service'] if matrix_ntfy_enabled else []) + + (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) @@ -1667,6 +1670,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for @@ -1960,6 +1965,20 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### +###################################################################### +# +# matrix-ntfy +# +###################################################################### + +matrix_ntfy_enabled: false + +###################################################################### +# +# /matrix-ntfy +# +###################################################################### + ###################################################################### # # matrix-redis diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 6b717f80..9b6d45f8 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,6 +59,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}" # This is where you access the Sygnal push gateway. matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" +# This is where you access the ntfy push notification service. +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" + matrix_federation_public_port: 8448 # The architecture that your server runs. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 195b16fd..f9b7a019 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying the ntfy domain should be done. +matrix_nginx_proxy_proxy_ntfy_enabled: false +matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" + # Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) # If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. # This is only useful when an external Prometheus will be collecting metrics. @@ -365,6 +369,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf). matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf). +matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 0da9e52c..70541fdc 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -138,6 +138,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_sygnal_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_ntfy_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" @@ -288,6 +295,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 new file mode 100644 index 00000000..39818c1a --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -0,0 +1,100 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + +{% for configuration_block in matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-ntfy:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:80; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md new file mode 100644 index 00000000..8b4f760a --- /dev/null +++ b/roles/matrix-ntfy/README.md @@ -0,0 +1,40 @@ +# A role to install the [ntfy](https://ntfy.sh) push-notification server. + +The ntfy server and clients implement self-hosted support push notifications +from Matrix (and other) servers to Android (and other) clients, using the +[UnifiedPush](https://unifiedpush.org) standard. + +This role installs ntfy server in Docker. It is intended to support push +notifications, via UnifiedPush, from the Matrix and Matrix-related services +that are installed alongside it to any clients that support UnifiedPush. + +This role is not intended to support other features of the ntfy server and +clients. + + +# Using the ntfy role + +Configure the role by adding settings in your Ansible inventory. + +The only required setting is to enable ntfy: + + matrix_ntfy_enabled: true + +The default domain for ntfy is `ntfy.`. This can be changed +with the `matrix_server_fqn_ntfy` variable: + + matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" + +Other ntfy settings can be configured by adding extra arguments to the +docker run command, e.g.: + + matrix_ntfy_container_extra_arguments: + - '--env=NTFY_LOG_LEVEL=DEBUG' + + +# TODO + +- Documentation. +- Self-check. +- Mount the ntfy database to disk so subscriptions persist across restarts. +- Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml new file mode 100644 index 00000000..19e8af8f --- /dev/null +++ b/roles/matrix-ntfy/defaults/main.yml @@ -0,0 +1,16 @@ +--- +matrix_ntfy_enabled: true + +matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" + +matrix_ntfy_version: v1.27.2 +matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" +matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" + +# Controls whether the container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. +matrix_ntfy_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_ntfy_container_extra_arguments: [] diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/matrix-ntfy/tasks/init.yml new file mode 100644 index 00000000..e2622655 --- /dev/null +++ b/roles/matrix-ntfy/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" + when: matrix_ntfy_enabled|bool diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml new file mode 100644 index 00000000..3f3975f5 --- /dev/null +++ b/roles/matrix-ntfy/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup.yml" + tags: + - setup-all + - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml new file mode 100644 index 00000000..c06195ec --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -0,0 +1,58 @@ +--- +# +# Tasks related to setting up matrix-ntfy +# + +- name: Ensure matrix-ntfy image is pulled + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" + when: "matrix_ntfy_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-ntfy.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" + mode: 0644 + register: matrix_ntfy_systemd_service_result + when: matrix_ntfy_enabled|bool + +- name: Ensure systemd reloaded after matrix-ntfy.service installation + service: + daemon_reload: true + when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" + +# +# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) +# + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 new file mode 100644 index 00000000..85d03277 --- /dev/null +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-ntfy +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + {% for arg in matrix_ntfy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_ntfy_container_http_host_bind_port %} + -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ + {% endif %} + --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + {{ matrix_ntfy_docker_image }} \ + serve --behind-proxy + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ntfy + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 27aac7a7..c99da4d1 100755 --- a/setup.yml +++ b/setup.yml @@ -60,6 +60,7 @@ - matrix-etherpad - matrix-email2matrix - matrix-sygnal + - matrix-ntfy - matrix-nginx-proxy - matrix-coturn - matrix-aux From 2a516a16fbfd71339609df855ac48dc44cfd8af3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 24 Jun 2022 22:20:51 +0100 Subject: [PATCH 408/419] matrix-ntfy: enable WebSocket proxying --- .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 39818c1a..e095e721 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -27,6 +27,8 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:80; {% endif %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; From 85b12b74a75d2e4360948843325238edac16cffd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 27 Jun 2022 22:20:02 +0100 Subject: [PATCH 409/419] matrix-ntfy: documentation --- docs/configuring-dns.md | 3 + docs/configuring-playbook-ntfy.md | 62 +++++++++++++++++++ docs/configuring-playbook-ssl-certificates.md | 1 + docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + roles/matrix-ntfy/README.md | 35 ----------- roles/matrix-ntfy/defaults/main.yml | 2 +- 7 files changed, 71 insertions(+), 36 deletions(-) create mode 100644 docs/configuring-playbook-ntfy.md diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 666f8a63..aec3c253 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -36,6 +36,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `stats` | - | - | - | `matrix.` | | CNAME | `goneb` | - | - | - | `matrix.` | | CNAME | `sygnal` | - | - | - | `matrix.` | +| CNAME | `ntfy` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | | CNAME | `buscarron` | - | - | - | `matrix.` | @@ -57,6 +58,8 @@ The `goneb.` subdomain may be necessary, because this playbook coul The `sygnal.` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.` DNS record. +The `ntfy.` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.` DNS record. + The `hydrogen.` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.` DNS record. The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md new file mode 100644 index 00000000..03684b9c --- /dev/null +++ b/docs/configuring-playbook-ntfy.md @@ -0,0 +1,62 @@ +# Setting up ntfy (optional) + +The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you. + +Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices. + +This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features. + +**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enabling it is the only required setting +matrix_ntfy_enabled: true + +# Some other options +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" +matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +``` + +For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. + +For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). + + +## Installing + +Don't forget to add `ntfy.` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook. + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.) + +Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app. + +If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". + +If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below. + + +## Troubleshooting + +First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app. + +Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`. + +To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL. + +If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app. + +The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device. diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index eae584e7..30a8f0b8 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -74,6 +74,7 @@ By default, it obtains certificates for: - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). - possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). - possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). +- possibly for `ntfy.`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3bfb01bd..f71a23f5 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -168,3 +168,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Other specialized services - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) + +- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index bf5885e0..25005d5a 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -109,3 +109,5 @@ These services are not part of our default installation, but can be enabled by [ - [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards) - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix + +- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 8b4f760a..2a5301f7 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,40 +1,5 @@ -# A role to install the [ntfy](https://ntfy.sh) push-notification server. - -The ntfy server and clients implement self-hosted support push notifications -from Matrix (and other) servers to Android (and other) clients, using the -[UnifiedPush](https://unifiedpush.org) standard. - -This role installs ntfy server in Docker. It is intended to support push -notifications, via UnifiedPush, from the Matrix and Matrix-related services -that are installed alongside it to any clients that support UnifiedPush. - -This role is not intended to support other features of the ntfy server and -clients. - - -# Using the ntfy role - -Configure the role by adding settings in your Ansible inventory. - -The only required setting is to enable ntfy: - - matrix_ntfy_enabled: true - -The default domain for ntfy is `ntfy.`. This can be changed -with the `matrix_server_fqn_ntfy` variable: - - matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" - -Other ntfy settings can be configured by adding extra arguments to the -docker run command, e.g.: - - matrix_ntfy_container_extra_arguments: - - '--env=NTFY_LOG_LEVEL=DEBUG' - - # TODO -- Documentation. - Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 19e8af8f..2df79674 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -12,5 +12,5 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. matrix_ntfy_container_http_host_bind_port: '' -# A list of extra arguments to pass to the container +# A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] From 763586e878fbf78b07ea3ef0fa31199bab0e4235 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Wed, 29 Jun 2022 10:48:40 +0100 Subject: [PATCH 410/419] matrix-ntfy: add self-check --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/main.yml | 7 +++++++ roles/matrix-ntfy/tasks/self_check.yml | 25 +++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-ntfy/tasks/self_check.yml diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 2a5301f7..41f83f66 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,5 +1,4 @@ # TODO -- Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 2df79674..916591e7 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -14,3 +14,6 @@ matrix_ntfy_container_http_host_bind_port: '' # A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] + +# Controls whether the self-check feature should validate SSL certificates. +matrix_ntfy_self_check_validate_certificates: true diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index 3f3975f5..b2abac66 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -8,3 +8,10 @@ tags: - setup-all - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_ntfy_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml new file mode 100644 index 00000000..324a2d95 --- /dev/null +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -0,0 +1,25 @@ +--- + +# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax. +# Expect an empty response (because we query 'since=1s'). + +- set_fact: + matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + +- name: Check ntfy + uri: + url: "{{ matrix_ntfy_url_endpoint_public }}" + follow_redirects: none + validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}" + register: matrix_ntfy_self_check_result + check_mode: false + ignore_errors: true + +- name: Fail if ntfy not working + fail: + msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}" + when: "matrix_ntfy_self_check_result.failed" + +- name: Report working ntfy + debug: + msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)" From 3866fff5a830d75575ae959dd28a2374ffad31b1 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:35:53 +0100 Subject: [PATCH 411/419] matrix-ntfy: persist cache on disk --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 1 + roles/matrix-ntfy/tasks/setup.yml | 11 +++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 41f83f66..26da0a42 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,4 +1,3 @@ # TODO -- Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 916591e7..5dff2ec3 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml index c06195ec..9a2c1559 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -15,6 +15,17 @@ delay: "{{ matrix_container_retries_delay }}" until: result is not failed +- name: Ensure matrix-ntfy paths exists + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_data_path }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 85d03277..78963a08 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,6 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ + --env NTFY_CACHE_FILE=/data/cache.db \ --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From 408e2e9b4ee97802422a67405f28a3ac14c271cd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:37:45 +0100 Subject: [PATCH 412/419] matrix-ntfy: remove almost-empty README.md --- roles/matrix-ntfy/README.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 roles/matrix-ntfy/README.md diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md deleted file mode 100644 index 26da0a42..00000000 --- a/roles/matrix-ntfy/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# TODO - -- Authentication? From efe1f21f05c483aa785a707eea454ecaed4c8daf Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 14:51:55 +0100 Subject: [PATCH 413/419] matrix-ntfy: fix and separate out uninstall tasks --- roles/matrix-ntfy/tasks/main.yml | 9 ++++- .../tasks/{setup.yml => setup_install.yml} | 36 +------------------ roles/matrix-ntfy/tasks/setup_uninstall.yml | 36 +++++++++++++++++++ 3 files changed, 45 insertions(+), 36 deletions(-) rename roles/matrix-ntfy/tasks/{setup.yml => setup_install.yml} (53%) create mode 100644 roles/matrix-ntfy/tasks/setup_uninstall.yml diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index b2abac66..5dd0d172 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -4,7 +4,14 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_ntfy_enabled|bool" + tags: + - setup-all + - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_ntfy_enabled|bool" tags: - setup-all - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup_install.yml similarity index 53% rename from roles/matrix-ntfy/tasks/setup.yml rename to roles/matrix-ntfy/tasks/setup_install.yml index 9a2c1559..b674d320 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -1,7 +1,4 @@ --- -# -# Tasks related to setting up matrix-ntfy -# - name: Ensure matrix-ntfy image is pulled docker_image: @@ -9,7 +6,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" - when: "matrix_ntfy_enabled|bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -32,38 +28,8 @@ dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result - when: matrix_ntfy_enabled|bool - name: Ensure systemd reloaded after matrix-ntfy.service installation service: daemon_reload: true - when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) -# - -- name: Check existence of matrix-ntfy service - stat: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - register: matrix_ntfy_service_stat - -- name: Ensure matrix-ntfy is stopped - service: - name: matrix-ntfy - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure matrix-ntfy.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - state: absent - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-ntfy.service removal - service: - daemon_reload: true - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + when: "matrix_ntfy_systemd_service_result.changed" diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/matrix-ntfy/tasks/setup_uninstall.yml new file mode 100644 index 00000000..e63caa9a --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy path doesn't exist + file: + path: "{{ matrix_ntfy_base_path }}" + state: absent + +- name: Ensure ntfy Docker image doesn't exist + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + state: absent From e119512c5928ded244ef629fbf8ef37f7694c4b3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 15:27:23 +0100 Subject: [PATCH 414/419] matrix-ntfy: add variable 'matrix_ntfy_base_url' --- roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/self_check.yml | 2 +- roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 5dff2ec3..6c540beb 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -8,6 +8,9 @@ matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" +# Public facing base URL of the ntfy service +matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" + # Controls whether the container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml index 324a2d95..e9104734 100644 --- a/roles/matrix-ntfy/tasks/self_check.yml +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -4,7 +4,7 @@ # Expect an empty response (because we query 'since=1s'). - set_fact: - matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s" - name: Check ntfy uri: diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 78963a08..5bb28470 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -25,7 +25,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% endif %} --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From e60d20dc6a6ca11efb58ba8993e307e0912a164e Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 21:30:29 +0100 Subject: [PATCH 415/419] matrix-ntfy: store settings in a config file --- docs/configuring-playbook-ntfy.md | 5 ++-- roles/matrix-ntfy/defaults/main.yml | 23 +++++++++++++++++++ roles/matrix-ntfy/tasks/setup_install.yml | 9 ++++++++ .../matrix-ntfy/templates/ntfy/server.yml.j2 | 3 +++ .../templates/systemd/matrix-ntfy.service.j2 | 5 ++-- 5 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 roles/matrix-ntfy/templates/ntfy/server.yml.j2 diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 03684b9c..56c859f3 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -19,12 +19,13 @@ matrix_ntfy_enabled: true # Some other options matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" -matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +matrix_ntfy_configuration_extension_yaml: | + log_level: DEBUG ``` For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. -For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). +For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). ## Installing diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 6c540beb..4f0e2e55 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 @@ -21,3 +22,25 @@ matrix_ntfy_container_extra_arguments: [] # Controls whether the self-check feature should validate SSL certificates. matrix_ntfy_self_check_validate_certificates: true + +# Default ntfy configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}" + +matrix_ntfy_configuration_extension_yaml: | + # Your custom YAML configuration for ntfy goes here. + # This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_ntfy_configuration_yaml`. + +matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml|from_yaml if matrix_ntfy_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final ntfy configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. +matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml|from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/matrix-ntfy/tasks/setup_install.yml index b674d320..461d3176 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -20,8 +20,17 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_config_dir_path }}" - "{{ matrix_ntfy_data_path }}" +- name: Ensure matrix-ntfy config installed + copy: + content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 new file mode 100644 index 00000000..4cafcd62 --- /dev/null +++ b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -0,0 +1,3 @@ +base_url: {{ matrix_ntfy_base_url }} +behind_proxy: true +cache_file: /data/cache.db diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 5bb28470..da292e5c 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,11 +23,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ - serve --behind-proxy + serve ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' From 097c23c0b626b4e75e3096b4dcd5ae977141a038 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Mon, 4 Jul 2022 22:53:43 +0200 Subject: [PATCH 416/419] bots: make command_prefix configurable --- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 ++ roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 ++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 22 files changed, 33 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 76b153e7..0fdf8a41 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -17,6 +17,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data" matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store" +matrix_bot_matrix_reminder_bot_command_prefix: "!" + # A list of extra arguments to pass to the container matrix_bot_matrix_reminder_bot_container_extra_arguments: [] diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 index 59643958..338bffba 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 @@ -1,5 +1,5 @@ # The string to prefix bot commands with -command_prefix: "!" +command_prefix: "{{ matrix_bot_matrix_reminder_bot_command_prefix }}" # Options for connecting to the bot's Matrix account matrix: diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 5b84643c..514cfb14 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true +matrix_beeper_linkedin_command_prefix: "!li" + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 6b33ffea..e0729549 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -226,7 +226,7 @@ bridge: # The prefix for commands. Only required in non-management rooms. - command_prefix: "!li" + command_prefix: "{{ matrix_beeper_linkedin_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 95213a00..b6b4db34 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -36,6 +36,8 @@ matrix_go_skype_bridge_homeserver_token: '' matrix_go_skype_bridge_appservice_bot_username: skypebridgebot +matrix_go_skype_bridge_command_prefix: "!skype" + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_go_skype_bridge_federate_rooms: true diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 6f7277fe..56e37f84 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -165,7 +165,7 @@ bridge: allow_user_invite: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}" # End-to-bridge encryption support options. This requires login_shared_secret to be configured # in order to get a device for the bridge bot. diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5acc1ec7..22d7fda6 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -17,6 +17,8 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" +matrix_mautrix_facebook_command_prefix: "!fb" + # Whether or not the public-facing endpoints should be enabled (web-based login) matrix_mautrix_facebook_appservice_public_enabled: true diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index f1d59b1a..4b27e66a 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -86,7 +86,7 @@ bridge: - first_name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" + command_prefix: "{{ matrix_mautrix_facebook_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index d0d90614..2077d210 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_ur matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080' +matrix_mautrix_googlechat_command_prefix: "!gc" + # Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 864e3e1b..ad86219c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_googlechat_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index f4f67a58..31fec100 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' +matrix_mautrix_hangouts_command_prefix: "!HO" + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index d207681e..6dca06ff 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_hangouts_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a227b085..79ff1bf0 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330' +matrix_mautrix_instagram_command_prefix: "!ig" + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 99ceee0e..11b1d997 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -176,7 +176,7 @@ bridge: unimportant_bridge_notices: true # The prefix for commands. Only required in non-management rooms. - command_prefix: "!ig" + command_prefix: "{{ matrix_mautrix_instagram_command_prefix }}" # Permissions for using the bridge. # Permitted values: # user - Use the bridge with puppeting. diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index d35e12af..4375c422 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -30,6 +30,8 @@ matrix_mautrix_signal_homeserver_address: '' matrix_mautrix_signal_homeserver_domain: '' matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' +matrix_mautrix_signal_command_prefix: "!signal" + # Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0044a0fc..f0644ee2 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -197,7 +197,7 @@ bridge: shared_secret: generate # The prefix for commands. Only required in non-management rooms. - command_prefix: "!signal" + command_prefix: "{{ matrix_mautrix_signal_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 4708266a..e3ee2fe9 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config" matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data" +matrix_mautrix_telegram_command_prefix: "!tg" + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 276bd461..19bacbde 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -276,7 +276,7 @@ bridge: list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tg" + command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b32f57ef..291bd6a5 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url } matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' +matrix_mautrix_twitter_command_prefix: "!tw" + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f9bc8941..b59864f1 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -163,7 +163,7 @@ bridge: resend_bridge_info: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tw" + command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6e95eeb7..ef5d1065 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" +matrix_mautrix_whatsapp_command_prefix: "!wa" + # A list of extra arguments to pass to the container matrix_mautrix_whatsapp_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b9862e94..544e10ad 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -139,7 +139,7 @@ bridge: federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. From 5a0e977df84064d6c91b9fa308f5df6d6e1f7187 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Jul 2022 09:46:26 +0300 Subject: [PATCH 417/419] Announce ntfy role --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2779b369..65e57a7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-05 + +## Ntfy push notifications support + +Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you. + +See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started. + + # 2022-06-23 ## (Potential Backward Compatibility Break) Changes around metrics collection @@ -26,7 +35,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). -**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 From 95fd21552118093585fa9284801aa14d30be439b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:11:52 +0000 Subject: [PATCH 418/419] Update element 1.10.15 -> 1.11.0 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 083621f2..aacc2f11 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.15 +matrix_client_element_version: v1.11.0 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From fe347c85d9a4f6396c391a92ba0e181610a58321 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:20:48 +0000 Subject: [PATCH 419/419] Update Synapse 1.61.1 -> 1.62.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 43ee9e57..1925ffc2 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.1 +matrix_synapse_version: v1.62.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"