From 408aec7d5bbf2aeee4f759916580c9ffb2432024 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 9 Oct 2023 11:03:26 +0100 Subject: [PATCH 01/20] client-hydrogen: fix self-build Self-build now requires the new docker buildx/buildkit, so switch from the ansible docker module to running a docker build command, like elsewhere. --- .../tasks/setup_install.yml | 56 +++++++++++-------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 0e114804..375e3c69 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -12,6 +12,40 @@ - {path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}"} when: "item.when | bool" +- when: "matrix_client_hydrogen_container_image_self_build | bool" + block: + - name: Ensure Hydrogen repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}" + dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" + version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_client_hydrogen_git_pull_results + + - name: Check if Hydrogen Docker image exists + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_client_hydrogen_docker_image }}'" + register: matrix_client_hydrogen_docker_image_check_result + changed_when: false + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Hydrogen Docker image is built + ansible.builtin.shell: + chdir: "{{ matrix_client_hydrogen_docker_src_files_path }}" + cmd: | + {{ devture_systemd_docker_base_host_command_docker }} build \ + -t "{{ matrix_client_hydrogen_docker_image }}" \ + -f Dockerfile \ + --push \ + . + environment: + DOCKER_BUILDKIT: 1 + changed_when: true + when: "matrix_client_hydrogen_git_pull_results.changed | bool or matrix_client_hydrogen_docker_image_check_result.stdout == ''" + - name: Ensure Hydrogen Docker image is pulled community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" @@ -24,17 +58,6 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- name: Ensure Hydrogen repository is present on self-build - ansible.builtin.git: - repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}" - dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" - version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_client_hydrogen_git_pull_results - when: "matrix_client_hydrogen_container_image_self_build | bool" - - name: Ensure Hydrogen configuration installed ansible.builtin.copy: content: "{{ matrix_client_hydrogen_configuration | to_nice_json }}" @@ -54,17 +77,6 @@ - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/labels.j2", name: "labels"} -- name: Ensure Hydrogen Docker image is built - community.docker.docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: build - force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: true - when: "matrix_client_hydrogen_container_image_self_build | bool" - - name: Ensure Hydrogen container network is created community.general.docker_network: name: "{{ matrix_client_hydrogen_container_network }}" From 3e43b9d1c73101183bdd348f033ba09161efba30 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 9 Oct 2023 13:28:50 +0100 Subject: [PATCH 02/20] client-hydrogen: remove unrelated change (docker push) --- roles/custom/matrix-client-hydrogen/tasks/setup_install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 375e3c69..5ca6cb73 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -39,7 +39,6 @@ {{ devture_systemd_docker_base_host_command_docker }} build \ -t "{{ matrix_client_hydrogen_docker_image }}" \ -f Dockerfile \ - --push \ . environment: DOCKER_BUILDKIT: 1 From ccbff150cd2deaa82af09af110939528b4a01576 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Oct 2023 10:19:20 +0300 Subject: [PATCH 03/20] Upgrade ddclient (v3.10.0-ls135 -> v3.10.0-ls136) --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index ca50813d..dc586545 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls135 +matrix_dynamic_dns_version: v3.10.0-ls136 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From dc9ff4e01b4ef1293af6bd5fb4b10753033a2814 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Oct 2023 11:10:21 +0300 Subject: [PATCH 04/20] Add support for external-IP-address-autodetection to Coturn --- docs/configuring-playbook-turn.md | 13 +++++++- examples/vars.yml | 16 ++++++++++ group_vars/matrix_servers | 3 ++ roles/custom/matrix-coturn/defaults/main.yml | 19 ++++++++++- .../matrix-coturn/tasks/setup_install.yml | 32 +++++++++++++++++++ .../templates/turnserver.conf.j2 | 2 +- 6 files changed, 82 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-turn.md b/docs/configuring-playbook-turn.md index 365fea4b..c7bf998f 100644 --- a/docs/configuring-playbook-turn.md +++ b/docs/configuring-playbook-turn.md @@ -16,13 +16,24 @@ matrix_coturn_enabled: false In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail. ## Manually defining your public IP + In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring Coturn. + If you'd rather use a local IP for `ansible_host`, make sure to set up `matrix_coturn_turn_external_ip_address` replacing `YOUR_PUBLIC_IP` with the pubic IP used by the server. ```yaml matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP" ``` +If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set `matrix_coturn_turn_external_ip_address` to an empty value. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable. + +If your server has multiple external IP addresses, the Coturn role offers a different variable for specifying them: + +```yaml +# Note: matrix_coturn_turn_external_ip_addresses is different than matrix_coturn_turn_external_ip_address +matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7'] +``` + ## Using your own external Coturn server If you'd like to use another TURN server (be it Coturn or some other one), you can configure the playbook like this: @@ -49,4 +60,4 @@ jitsi_web_stun_servers: You can put multiple host/port combinations if you like. ## Further variables and configuration options -To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml +To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml diff --git a/examples/vars.yml b/examples/vars.yml index 784bf061..dd9a97c4 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -41,3 +41,19 @@ devture_traefik_config_certificatesResolvers_acme_email: '' # The playbook creates additional Postgres users and databases (one for each enabled service) # using this superuser account. devture_postgres_connection_password: '' + +# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file. +# If this value is an external IP address, you can skip this section. +# +# If `ansible_host` is not the server's external IP address, you have 2 choices: +# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below) +# 2. Uncomment and adjust the line below to specify an IP address manually +# +# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API. +# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role +# (see `roles/custom/matrix-coturn/defaults/main.yml`). +# +# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses. +# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']` +# +# matrix_coturn_turn_external_ip_address: '' diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index eaac3385..ad6433c4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2245,6 +2245,9 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +# We make the assumption that `ansible_host` points to an external IP address, which may not always be the case. +# Users are free to set `matrix_coturn_turn_external_ip_address` to an empty string +# to allow auto-detection (via an EchoIP service) to happen at runtime. matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}" diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 1e87d808..c090d038 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -73,8 +73,25 @@ matrix_coturn_turn_udp_max_port: 49172 matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. +# If do not define an IP address here or in `matrix_coturn_turn_external_ip_addresses`, auto-detection via an EchoIP service will be done. +# See `matrix_coturn_turn_external_ip_address_auto_detection_enabled` matrix_coturn_turn_external_ip_address: '' -matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] +matrix_coturn_turn_external_ip_addresses: "{{ [matrix_coturn_turn_external_ip_address] if matrix_coturn_turn_external_ip_address != '' else [] }}" + +# Controls whether external IP address auto-detection should be attempted. +# We try to do this if there is no external IP address explicitly configured and if an EchoIP service URL is specified. +# See matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url +matrix_coturn_turn_external_ip_address_auto_detection_enabled: "{{ matrix_coturn_turn_external_ip_addresses | length == 0 and matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url != '' }}" + +# Specifies the address of the EchoIP service (https://github.com/mpolden/echoip) to use for detecting the external IP address. +# By default, we use the official public instance. +matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url: https://ifconfig.co/json + +# Controls whether SSL certificates will be validated when contacting the EchoIP service (matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url) +matrix_coturn_turn_external_ip_address_auto_detection_echoip_validate_certs: true + +matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_count: "{{ devture_playbook_help_geturl_retries_count }}" +matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay: "{{ devture_playbook_help_geturl_retries_delay }}" matrix_coturn_allowed_peer_ips: [] diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 503ffae1..6064b360 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -1,5 +1,37 @@ --- +- when: matrix_coturn_turn_external_ip_address_auto_detection_enabled | bool + block: + - when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == '' + name: Fail if enabled, but EchoIP service URL unset + ansible.builtin.fail: + msg: "To use the external IP address auto-detection feature, you need to set matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url" + + # NOTE: + # `ansible.builtin.uri` does not provide a way to configure whether IPv4 or IPv6 is used. + # Luckily, the default instance we use does not define AAAA records for now, so it's always IPv4. + - name: Fetch IP address information from EchoIP service + ansible.builtin.uri: + url: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}" + headers: + Content-Type: application/json + follow_redirects: none + validate_certs: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_validate_certs }}" + register: result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response + ignore_errors: true + check_mode: false + retries: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_count }}" + delay: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay }}" + until: not result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed + + - when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)" + name: Fail if EchoIP service failed + ansible.builtin.fail: + msg: "Failed contacting EchoIP service API at `{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}` (controlled by `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url`). Full error: {{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response }}" + + - ansible.builtin.set_fact: + matrix_coturn_turn_external_ip_address: "{{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.json.ip }}" + - name: Ensure Matrix Coturn path exists ansible.builtin.file: path: "{{ item.path }}" diff --git a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 index 3ed7b99f..b4688ff9 100644 --- a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -{% for ip in matrix_coturn_turn_external_ip_addresses|select('ne', '') %} +{% for ip in matrix_coturn_turn_external_ip_addresses %} external-ip={{ ip }} {% endfor %} From 15763e5418527b44432d3388e2a670f6e0a34f66 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Oct 2023 12:14:25 +0300 Subject: [PATCH 05/20] Upgrade Element (v1.11.45 -> v1.11.46) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f80dea84..e86eaed1 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.45 +matrix_client_element_version: v1.11.46 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 37195d49dc42cd32ffc567042e0de409b85c42d2 Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Tue, 10 Oct 2023 19:26:37 +0800 Subject: [PATCH 06/20] Update main.yml --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 32ae30f4..8a2e94e6 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.93.0 +matrix_synapse_version: v1.94.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 954634b580fbe802764d55a088fe23f2f1f738d5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 11:12:28 +0300 Subject: [PATCH 07/20] Make ansible-lint happy --- roles/custom/matrix-coturn/tasks/setup_install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 6064b360..fbeba92d 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -2,8 +2,8 @@ - when: matrix_coturn_turn_external_ip_address_auto_detection_enabled | bool block: - - when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == '' - name: Fail if enabled, but EchoIP service URL unset + - name: Fail if enabled, but EchoIP service URL unset + when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == '' ansible.builtin.fail: msg: "To use the external IP address auto-detection feature, you need to set matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url" @@ -24,8 +24,8 @@ delay: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay }}" until: not result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed - - when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)" - name: Fail if EchoIP service failed + - name: Fail if EchoIP service failed + when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)" ansible.builtin.fail: msg: "Failed contacting EchoIP service API at `{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}` (controlled by `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url`). Full error: {{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response }}" From 7e54417fcad034209ac90c51a43239c4be5a750a Mon Sep 17 00:00:00 2001 From: throny Date: Wed, 11 Oct 2023 11:26:42 +0200 Subject: [PATCH 08/20] Update maintenance-postgres.md no postgres 16 support with borg, 15 works. --- docs/maintenance-postgres.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 7c52b313..a6992284 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -87,7 +87,7 @@ This playbook can upgrade your existing Postgres setup with the following comman just run-tags upgrade-postgres ``` -**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.** +**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 16 support yet.** **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`. To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"` From 2441cf3ab10a7e8cecc8610f61393df93d02aaa7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 20:37:17 +0300 Subject: [PATCH 09/20] Upgrade sliding-sync (v0.99.10 -> v0.99.11) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 73afcaf3..ac1fe903 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.10 +matrix_sliding_sync_version: v0.99.11 matrix_sliding_sync_scheme: https From c301c06a538efdd75e588119f1fe9d1e48f1eb22 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 20:38:42 +0300 Subject: [PATCH 10/20] Add support for injecting additional environment-variables into sliding-sync --- roles/custom/matrix-sliding-sync/defaults/main.yml | 3 +++ roles/custom/matrix-sliding-sync/templates/env.j2 | 2 ++ 2 files changed, 5 insertions(+) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index ac1fe903..c6a3f94c 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -85,6 +85,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: '' # Controls the SYNCV3_DB environment variable matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}' +# Additional environment variables. +matrix_sliding_sync_environment_variables_additional_variables: '' + matrix_sliding_sync_database_username: 'matrix_sliding_sync' matrix_sliding_sync_database_password: '' matrix_sliding_sync_database_hostname: '' diff --git a/roles/custom/matrix-sliding-sync/templates/env.j2 b/roles/custom/matrix-sliding-sync/templates/env.j2 index 1269bd2a..5d800a1b 100644 --- a/roles/custom/matrix-sliding-sync/templates/env.j2 +++ b/roles/custom/matrix-sliding-sync/templates/env.j2 @@ -2,3 +2,5 @@ SYNCV3_SERVER={{ matrix_sliding_sync_environment_variable_syncv3_server }} SYNCV3_SECRET={{ matrix_sliding_sync_environment_variable_syncv3_secret }} SYNCV3_BINDADDR=:8008 SYNCV3_DB={{ matrix_sliding_sync_environment_variable_syncv3_db }} + +{{ matrix_sliding_sync_environment_variables_additional_variables }} From 495a890e1c77accbc9033d5e30a5b1a3a6b278d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Gonz=C3=A1lez?= Date: Wed, 11 Oct 2023 21:24:29 +0200 Subject: [PATCH 11/20] Update Admin-API link the old one is deprecated (says the page at the link target), and refers to this new one. --- docs/configuring-playbook-synapse-admin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-synapse-admin.md b/docs/configuring-playbook-synapse-admin.md index 1099553b..001d0044 100644 --- a/docs/configuring-playbook-synapse-admin.md +++ b/docs/configuring-playbook-synapse-admin.md @@ -15,7 +15,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. matrix_synapse_admin_enabled: true ``` -**Note**: Synapse Admin requires Synapse's [Admin APIs](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). +**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). ## Installing From af899a6558290a292ba1658891acb428bb931911 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 22:31:07 +0300 Subject: [PATCH 12/20] Update Synapse Admin APIs link --- docs/configuring-playbook-synapse-admin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-synapse-admin.md b/docs/configuring-playbook-synapse-admin.md index 001d0044..fdd11f2e 100644 --- a/docs/configuring-playbook-synapse-admin.md +++ b/docs/configuring-playbook-synapse-admin.md @@ -15,7 +15,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. matrix_synapse_admin_enabled: true ``` -**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). +**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). ## Installing From 4e46fb3cce3aa416fa3e29001eb82790615e98bd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 12 Oct 2023 01:09:42 +0300 Subject: [PATCH 13/20] Upgrade Traefik (v2.10.4-1 -> v2.10.5-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 49ae0a0f..a35625a4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.4-1 + version: v2.10.5-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 3b2cb1cbc274fd255d592355d50ebe1ba8ce421a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 12 Oct 2023 18:54:16 +0300 Subject: [PATCH 14/20] update grafana 10.1.4 -> 10.1.5 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index a35625a4..86ee8e65 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.4-0 + version: v10.1.5-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi From 968bf38a29ebdac0c61d5f45c5e749fa36f9e1f6 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 15 Oct 2023 23:13:01 +0300 Subject: [PATCH 15/20] migrate prometheus exporter roles --- requirements.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 86ee8e65..be4febcb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -44,8 +44,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.47.1-0 name: prometheus -- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.6.1-0 + name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.14.0-0 name: prometheus_postgres_exporter From 7ba5dee782810a004b5962cb64e292d4d4870c44 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:45:15 +0300 Subject: [PATCH 16/20] Update mautrix-discord 0.6.2 -> 0.6.3 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 0f54689b..d3b047af 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.2 +matrix_mautrix_discord_version: v0.6.3 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From 153a582e989bd9b38e94b60865e19e841f343319 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:46:18 +0300 Subject: [PATCH 17/20] Update mautrix-gmessages 0.2.0 -> 0.2.1 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 1075379d..fb1d66fd 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: v0.2.0 +matrix_mautrix_gmessages_version: v0.2.1 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" From 5e91025c3b393865101a7c655137885f38fdcb9f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:48:55 +0300 Subject: [PATCH 18/20] Update borgmatic 1.8.2 -> 1.8.3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index be4febcb..e65a35ef 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.2-0 + version: v1.2.6-1.8.3-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From fca22ae9229918b98c7fd3070eb0087a21db0132 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:52:14 +0300 Subject: [PATCH 19/20] Update prometheus 2.47.1 -> 2.47.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index be4febcb..e47237c6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,7 +42,7 @@ - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.47.1-0 + version: v2.47.2-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.6.1-0 From 8ca935fca97c5b0a72dadbdf6b16f70b56a35811 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 15:44:43 +0300 Subject: [PATCH 20/20] Update mautrix-whatsapp 0.10.2 -> 0.10.3 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 515d648c..137ef445 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.10.2 +matrix_mautrix_whatsapp_version: v0.10.3 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"