From d02f6b8b93b5e70039ede01f593b88fad36ebecf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 6 Jul 2023 20:18:18 +0300 Subject: [PATCH 001/340] Force-build customized container image for Synapse when its Dockerfile changes --- roles/custom/matrix-synapse/tasks/synapse/setup_install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml index 169be60b..7bdf5ddc 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml @@ -72,12 +72,13 @@ owner: "{{ matrix_synapse_uid }}" group: "{{ matrix_synapse_gid }}" mode: 0640 + register: matrix_synapse_container_image_customizations_dockerfile_result - name: Ensure customized Docker image for Synapse is built community.docker.docker_image: name: "{{ matrix_synapse_docker_image_customized }}" source: build - force_source: "{{ matrix_synapse_docker_image_customized_force_source }}" + force_source: "{{ matrix_synapse_container_image_customizations_dockerfile_result.changed or matrix_synapse_docker_image_customized_force_source }}" build: dockerfile: Dockerfile path: "{{ matrix_synapse_customized_docker_src_files_path }}" From 3fc217ded2a588bb667fde19a778cf51f8d9e1d2 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 9 Jul 2023 15:45:42 +0200 Subject: [PATCH 002/340] Upgrade sliding-sync (v0.99.1 -> v0.99.3) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index fa6e65a4..1f28d305 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.1 +matrix_sliding_sync_version: v0.99.3 matrix_sliding_sync_scheme: https From db47c6f1e3a5607f731289ffde4863ba0ae68d5e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 11 Jul 2023 14:43:44 +0300 Subject: [PATCH 003/340] Upgrade Grafana (v10.0.1-1 -> v10.0.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index da29a379..05e1120c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.1-1 + version: v10.0.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 name: jitsi From c09c1265e8f2ac1da04a38a4269a767e99d4d4d8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 11 Jul 2023 17:20:21 +0300 Subject: [PATCH 004/340] Stop using deprecated worker settings (worker_replication_host, worker_replication_http_port) Related to: - https://github.com/matrix-org/synapse/commit/e4f545c452df817daa2f22dfda906f3451d98351 - https://github.com/matrix-org/synapse/commit/2481b7dfa41c1c890346136f04344a4e1660ef32 We've prepared for this by adding the `main` process to the `instance_map` a long time ago, in 49cb8b7b11a72b. --- roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 index f0e6fe90..18b96a55 100644 --- a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -5,11 +5,6 @@ worker_name: {{ matrix_synapse_worker_details.name }} worker_daemonize: false worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config -{% if matrix_synapse_replication_listener_enabled %} -worker_replication_host: matrix-synapse -worker_replication_http_port: {{ matrix_synapse_replication_http_port }} -{% endif %} - {% set http_resources = [] %} {% if matrix_synapse_worker_details.type == 'user_dir' %} From 3037bf3a562fb50e91add0962a3ab7467ebb4a38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jul 2023 16:16:59 +0000 Subject: [PATCH 005/340] Bump ansible-community/ansible-lint-action from 6.16.0 to 6.17.0 Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.16.0 to 6.17.0. - [Release notes](https://github.com/ansible-community/ansible-lint-action/releases) - [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.16.0...v6.17.0) --- updated-dependencies: - dependency-name: ansible-community/ansible-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 579ab719..f38ae352 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -21,6 +21,6 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run ansible-lint - uses: ansible-community/ansible-lint-action@v6.16.0 + uses: ansible-community/ansible-lint-action@v6.17.0 with: path: roles/custom From 68c9652947d0c32cb6a752e7fe5f73c4fc0dd1ac Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 12 Jul 2023 08:05:40 +0300 Subject: [PATCH 006/340] Upgrade Grafana (v10.0.2-0 -> v10.0.2-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 05e1120c..3cad12d4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.2-0 + version: v10.0.2-1 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 name: jitsi From 9d76e7391381e8cfdbcac58e525537770ec88c1e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 12 Jul 2023 08:05:45 +0300 Subject: [PATCH 007/340] Upgrade Jitsi (v8615-0 -> v8615-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3cad12d4..a8c39821 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.0.2-1 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8615-0 + version: v8615-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.6.2-0 From 54412c361d2bc36f89daaadf4819522ed5ca21bf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 12 Jul 2023 08:15:58 +0300 Subject: [PATCH 008/340] Disable var-naming[no-role-prefix] ansible-lint rule --- .config/ansible-lint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index 00d62f20..0ff5748c 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -9,6 +9,7 @@ skip_list: - schema - command-instead-of-shell - role-name + - var-naming[no-role-prefix] # We frequently load configuration from a template (into a variable), then merge that with another variable (configuration extension) # before finally dumping it to a file. - template-instead-of-copy From 78bd1dbd1bc8b760e7a1f4fd9d6fa76a91d0655d Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Wed, 12 Jul 2023 01:09:27 -0500 Subject: [PATCH 009/340] Added matrix-media-repo role --- README.md | 1 + .../configuring-playbook-matrix-media-repo.md | 106 ++ ...configuring-playbook-prometheus-grafana.md | 1 + docs/configuring-playbook-s3.md | 3 +- group_vars/matrix_servers | 67 +- .../matrix-media-repo/defaults/main.yml | 681 ++++++++++++ roles/custom/matrix-media-repo/tasks/main.yml | 17 + .../matrix-media-repo/tasks/setup_install.yml | 74 ++ .../tasks/setup_uninstall.yml | 19 + .../templates/grafana/media-repo.json | 991 ++++++++++++++++++ .../templates/media-repo/media-repo.yaml.j2 | 359 +++++++ .../systemd/matrix-media-repo.service.j2 | 52 + .../matrix-nginx-proxy/defaults/main.yml | 5 + .../nginx/conf.d/matrix-domain.conf.j2 | 90 ++ .../defaults/main.yml | 20 + roles/custom/matrix-synapse/defaults/main.yml | 6 +- setup.yml | 1 + 17 files changed, 2486 insertions(+), 7 deletions(-) create mode 100644 docs/configuring-playbook-matrix-media-repo.md create mode 100644 roles/custom/matrix-media-repo/defaults/main.yml create mode 100644 roles/custom/matrix-media-repo/tasks/main.yml create mode 100644 roles/custom/matrix-media-repo/tasks/setup_install.yml create mode 100644 roles/custom/matrix-media-repo/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-media-repo/templates/grafana/media-repo.json create mode 100644 roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 create mode 100644 roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 diff --git a/README.md b/README.md index 8b026509..912febc0 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,7 @@ Use alternative file storage to the default `media_store` folder. | ---- | -------- | ----------- | ------------- | | [Goofys](https://github.com/kahing/goofys) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3-goofys.md) | | [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3.md) | +| [matrix-media-repo](https://github.com/turt2live/matrix-media-repo) | x | matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification. | [Link](docs/configuring-playbook-media-repo.md) | ### Bridges diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md new file mode 100644 index 00000000..e011e1e6 --- /dev/null +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -0,0 +1,106 @@ +# Setting up matrix-media-repo (optional) + +matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification. + +Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption - please do your research before deploying this as this project may not be useful for your environment. + +More documentation about the project can be found at: https://docs.t2bot.io/matrix-media-repo/ + +## Quickstart + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_media_repo_enabled: true + +# (optional) Turned off by default +# matrix_media_repo_metrics_enabled: true +``` + +The repo is pre-configured for integrating with the postgres database, NGINX proxy and prometheus/grafana (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles). + +By default, the media-repo will use the local filesystem for data storage. Additional options include `s3` and `IPFS` (experimental). Access token caching is also enabled by default since the logout endpoints are proxied through the media repo. + +## Configuring the media-repo + +Additional common configuration options: +```yaml + +# The postgres database pooling options + +# The maximum number of connects to hold open. More of these allow for more concurrent +# processes to happen. +matrix_media_repo_database_max_connections: 25 + +# The maximum number of connects to leave idle. More of these reduces the time it takes +# to serve requests in low-traffic scenarios. +matrix_media_repo_database_max_idle_connections: 5 + +# These users have full access to the administrative functions of the media repository. +# See https://github.com/turt2live/matrix-media-repo/blob/release-v1.2.8/docs/admin.md for information on what these people can do. They must belong to one of the +# configured homeservers above. +matrix_media_repo_admins: + admins: [] +# admins: +# - "@your_username:example.org" + +# Datastores are places where media should be persisted. This isn't dedicated for just uploads: +# thumbnails and other misc data is also stored in these places. The media repo, when looking +# for a datastore to use, will always use the smallest datastore first. +matrix_media_repo_datastores: + datastores: + - type: file + enabled: true # Enable this to set up data storage. + # Datastores can be split into many areas when handling uploads. Media is still de-duplicated + # across all datastores (local content which duplicates remote content will re-use the remote + # content's location). This option is useful if your datastore is becoming very large, or if + # you want faster storage for a particular kind of media. + # + # The kinds available are: + # thumbnails - Used to store thumbnails of media (local and remote). + # remote_media - Original copies of remote media (servers not configured by this repo). + # local_media - Original uploads for local media. + # archives - Archives of content (GDPR and similar requests). + forKinds: ["thumbnails", "remote_media", "local_media", "archives"] + opts: + path: /data/media + + - type: s3 + enabled: false # Enable this to set up s3 uploads + forKinds: ["thumbnails", "remote_media", "local_media", "archives"] + opts: + # The s3 uploader needs a temporary location to buffer files to reduce memory usage on + # small file uploads. If the file size is unknown, the file is written to this location + # before being uploaded to s3 (then the file is deleted). If you aren't concerned about + # memory usage, set this to an empty string. + tempPath: "/tmp/mediarepo_s3_upload" + endpoint: sfo2.digitaloceanspaces.com + accessKeyId: "" + accessSecret: "" + ssl: true + bucketName: "your-media-bucket" + # An optional region for where this S3 endpoint is located. Typically not needed, though + # some providers will need this (like Scaleway). Uncomment to use. + #region: "sfo2" + # An optional storage class for tuning how the media is stored at s3. + # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. + #storageClass: STANDARD + + # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If + # the feature is not enabled, this will not work. Note that IPFS support is experimental at + # the moment and not recommended for general use. + # + # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo + # puts authentication on the download endpoints. Only use this option for cases where you + # expect your media to be publicly accessible. + - type: ipfs + enabled: false # Enable this to use IPFS support + forKinds: ["local_media"] + # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured + # in the IPFS section of your main config. + opts: {} + +``` + +Full list of configuration options with documentation can be found in `roles/custom/matrix-media-repo/templates/defaults/main.yml` + diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 7e4764c2..49a47f1a 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -83,6 +83,7 @@ Name | Description `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below) +`matrix_media_repo_metrics_enabled`|Set this to `true` to make media-repo expose metrics (locally, on the container network) Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations: ```nginx diff --git a/docs/configuring-playbook-s3.md b/docs/configuring-playbook-s3.md index 539f96d3..941ae0db 100644 --- a/docs/configuring-playbook-s3.md +++ b/docs/configuring-playbook-s3.md @@ -9,7 +9,7 @@ First, [choose an Object Storage provider](#choosing-an-object-storage-provider) Then, [create the S3 bucket](#bucket-creation-and-security-configuration). -Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring-playbook-s3-goofys.md) or [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)). +Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring-playbook-s3-goofys.md), [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md), or use s3 datastore with the [matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/configuration/s3-datastore.html)). ## Choosing an Object Storage provider @@ -105,3 +105,4 @@ To set up Synapse to store files in S3, follow the instructions for the method o - using [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) (recommended) - using [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md) +- using [matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/configuration/s3-datastore.html) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d225cc30..cc60b975 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -326,6 +326,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else []) + + ([{'name': 'matrix-media-repo.service', 'priority': 4000, 'groups': ['matrix', 'media_store']}] if matrix_media_repo_enabled else []) + + ([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else []) + ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else []) @@ -395,7 +397,6 @@ devture_systemd_service_manager_services_list_auto: | ######################################################################## - ###################################################################### # # com.devture.ansible.role.playbook_state_preserver @@ -418,7 +419,6 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d ###################################################################### - ###################################################################### # # matrix-base @@ -2557,6 +2557,38 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr # ###################################################################### +###################################################################### +# +# matrix-media-repo +# +###################################################################### + +matrix_media_repo_enabled: false +matrix_media_repo_identifier: matrix-media-repo +matrix_media_repo_container_network: "{{ matrix_docker_network }}" + +matrix_media_repo_container_labels_traefik_enabled: false +matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_media_repo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_media_repo_database_username: matrix_media_repo +matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}" +matrix_media_repo_database_name: matrix_media_repo + +matrix_media_repo_systemd_required_services_list: | + {{ + (['docker.service']) + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + }} + +###################################################################### +# +# /matrix-media-repo +# +###################################################################### ###################################################################### # @@ -2638,6 +2670,10 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled } matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +matrix_nginx_proxy_proxy_media_repo_enabled: "{{ matrix_media_repo_enabled }}" +matrix_nginx_proxy_proxy_media_repo_addr_with_container: "matrix-media-repo:{{ matrix_media_repo_port }}" +matrix_nginx_proxy_proxy_media_repo_addr_sans_container: "127.0.0.1:{{ matrix_media_repo_port }}" + # By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy. # Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: |- @@ -2696,6 +2732,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) + + (['matrix-media-repo.service'] if matrix_media_repo_enabled else []) + + (['matrix-client-cinny.service'] if matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) + (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) @@ -3050,6 +3088,12 @@ devture_postgres_managed_databases_auto: | 'username': prometheus_postgres_exporter_database_username, 'password': prometheus_postgres_exporter_database_password, }] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else []) + + + ([{ + 'name': matrix_media_repo_database_name, + 'username': matrix_media_repo_database_username, + 'password': matrix_media_repo_database_password, + }] if (matrix_media_repo_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname) else []) }} @@ -3424,6 +3468,9 @@ matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled el matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" +# Disable creation of media repository Synapse worker when using media-repo +matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}" + ###################################################################### # # /matrix-synapse @@ -3653,6 +3700,8 @@ prometheus_container_additional_networks: | ([matrix_hookshot_container_network] if matrix_prometheus_services_connect_scraper_hookshot_enabled and matrix_hookshot_container_network != prometheus_container_network else []) + ([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else []) + + + ([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else []) ) | unique }} @@ -3678,6 +3727,8 @@ prometheus_config_scrape_configs_auto: | (matrix_prometheus_services_connect_scraper_hookshot_scrape_configs if matrix_prometheus_services_connect_scraper_hookshot_enabled else []) + (matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else []) + + + (matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else []) }} ###################################################################### @@ -3713,6 +3764,9 @@ matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ m matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}" matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_container_hostname }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}" +matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}" +matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}" + ###################################################################### # # /matrix-prometheus-services-connect @@ -3777,6 +3831,8 @@ grafana_dashboard_download_urls: | (prometheus_postgres_exporter_dashboard_urls if prometheus_postgres_exporter_enabled else []) + (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else []) + + + (matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else []) }} grafana_provisioning_dashboard_template_files: | @@ -3785,6 +3841,11 @@ grafana_provisioning_dashboard_template_files: | 'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json', 'name': 'nginx-proxy.json', }] if matrix_prometheus_nginxlog_exporter_enabled else []) + + + ([{ + 'path': 'roles/custom/matrix-media-repo/templates/grafana/media-repo.json', + 'name': 'media-repo.json', + }] if matrix_media_repo_metrics_enabled else []) }} grafana_default_home_dashboard_path: |- @@ -3803,7 +3864,6 @@ grafana_default_home_dashboard_path: |- ###################################################################### - ###################################################################### # # matrix-registration @@ -3853,7 +3913,6 @@ matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_gener ###################################################################### - ###################################################################### # # matrix-sliding-sync diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml new file mode 100644 index 00000000..87ffcbe8 --- /dev/null +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -0,0 +1,681 @@ +--- +# matrix-media-repo is a highly customizable multi-domain media repository for Matrix. +# Intended for medium to large environments consisting of several homeservers, this +# media repo de-duplicates media (including remote media) while being fully compliant +# with the specification. +# See: https://github.com/turt2live/matrix-media-repo + +matrix_media_repo_enabled: true + +matrix_media_repo_container_image_self_build: false +matrix_media_repo_container_image_self_build_repo: "https://github.com/turt2live/matrix-media-repo.git" + +matrix_media_repo_docker_image_path: "turt2live/matrix-media-repo" +matrix_media_repo_docker_image: "{{ matrix_media_repo_docker_image_name_prefix }}{{ matrix_media_repo_docker_image_path }}:{{ matrix_media_repo_docker_image_tag }}" +matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_repo_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_media_repo_docker_image_tag: "v1.2.13" +matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}" + +matrix_media_repo_base_path: "{{ matrix_base_data_path }}/media-repo" +matrix_media_repo_docker_src_files_path: "{{ matrix_media_repo_base_path }}/docker-src" + +# List of systemd services that matrix-conduit.service depends on +matrix_media_repo_systemd_required_services_list: ["docker.service"] + +# List of systemd services that matrix-conduit.service wants +matrix_media_repo_systemd_wanted_services_list: [] + +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_media_repo_container_network: "{{ matrix_docker_network }}" + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_media_repo_container_additional_networks: [] + +# Extra arguments for the Docker container +matrix_media_repo_container_extra_arguments: [] + +# matrix_media_repo_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. +matrix_media_repo_dashboard_urls: + - https://raw.githubusercontent.com/spantaleev/matrix-docker-ansible-deploy/master/roles/custom/matrix-media-repo/templates/grafana/media-repo.json + +# ***************************************************************************** +# Configuration File Settings +# ***************************************************************************** + +# General repo configuration +matrix_media_repo_bind_address: '0.0.0.0' +matrix_media_repo_port: 8000 + +# Where to store the logs, relative to where the repo is started from. Logs will be automatically +# rotated every day and held for 14 days. To disable the repo logging to files, set this to +# "-" (including quotation marks). +# +# Note: to change the log directory you'll have to restart the repository. This setting cannot be +# live reloaded. +matrix_media_repo_log_directory: logs + +# Set to true to enable color coding in your logs. Note that this may cause escape sequences to +# appear in logs which render them unreadable, which is why colors are disabled by default. +matrix_media_repo_log_colors: false + +# Set to true to enable JSON logging for consumption by things like logstash. Note that this is +# incompatible with the log color option and will always render without colors. +matrix_media_repo_json_logs: false + +# The log level to log at. Note that this will need to be at least "info" to receive support. +# +# Values (in increasing spam): panic | fatal | error | warn | info | debug | trace +matrix_media_repo_log_level: "info" + +# If true, the media repo will accept any X-Forwarded-For header without validation. In most cases +# this option should be left as "false". Note that the media repo already expects an X-Forwarded-For +# header, but validates it to ensure the IP being given makes sense. +matrix_media_repo_trust_any_forwarded_address: false + +# If false, the media repo will not use the X-Forwarded-Host header commonly added by reverse proxies. +# Typically this should remain as true, though in some circumstances it may need to be disabled. +# See https://github.com/turt2live/matrix-media-repo/issues/202 for more information. +matrix_media_repo_use_forwarded_host: true + +# Options for dealing with federation + +# On a per-host basis, the number of consecutive failures in calling the host before the +# media repo will back off. This defaults to 20 if not given. Note that 404 errors from +# the remote server do not count towards this. +matrix_media_repo_federation_backoff_at: 20 + +# The database configuration for the media repository +# Do NOT put your homeserver's existing database credentials here. Create a new database and +# user instead. Using the same server is fine, just not the same username and database. +matrix_media_repo_database_username: "matrix_media_repo" +matrix_media_repo_database_password: "your_password" +matrix_media_repo_database_hostname: "matrix-postgres" +matrix_media_repo_database_port: 5432 +matrix_media_repo_database_name: "matrix_media_repo" + +# Currently only "postgres" is supported. +matrix_media_repo_database_postgres: "postgres://{{ matrix_media_repo_database_username }}:{{ matrix_media_repo_database_password }}@{{ matrix_media_repo_database_hostname }}:{{ matrix_media_repo_database_port }}/{{ matrix_media_repo_database_name }}?sslmode=disable" + +# The database pooling options + +# The maximum number of connects to hold open. More of these allow for more concurrent +# processes to happen. +matrix_media_repo_database_max_connections: 25 + +# The maximum number of connects to leave idle. More of these reduces the time it takes +# to serve requests in low-traffic scenarios. +matrix_media_repo_database_max_idle_connections: 5 + +# The configuration for the homeservers this media repository is known to control. Servers +# not listed here will not be able to upload media. +matrix_media_repo_homeservers: + homeservers: + # This should match the server_name of your homeserver, and the Host header + # provided to the media repo. + - name: "{{ matrix_server_fqn_matrix }}" + + # The base URL to where the homeserver can actually be reached + csApi: "https://{{ matrix_server_fqn_matrix }}/" + + # The number of consecutive failures in calling this homeserver before the + # media repository will start backing off. This defaults to 10 if not given. + backoffAt: 10 + + # The kind of admin API the homeserver supports. If set to "matrix", + # the media repo will use the Synapse-defined endpoints under the + # unstable client-server API. When this is "synapse", the new /_synapse + # endpoints will be used instead. Unknown values are treated as the + # default, "matrix". + adminApiKind: "matrix" + +# Options for controlling how access tokens work with the media repo. It is recommended that if +# you are going to use these options that the `/logout` and `/logout/all` client-server endpoints +# be proxied through this process. They will also be called on the homeserver, and the response +# sent straight through the client - they are simply used to invalidate the cache faster for +# a particular user. Without these, the access tokens might still work for a short period of time +# after the user has already invalidated them. +# +# This will also cache errors from the homeserver. +# +# Note that when this config block is used outside of a per-domain config, all hosts will be +# subject to the same cache. This also means that application services on limited homeservers +# could be authorized on the wrong domain. +# +# *************************************************************************** +# * IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE. * +# *************************************************************************** +matrix_media_repo_access_tokens: + accessTokens: + # The maximum time a cached access token will be considered valid. Set to zero (the default) + # to disable the cache and constantly hit the homeserver. This is recommended to be set to + # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and + # zero for servers who do not proxy the endpoints through. + maxCacheTimeSeconds: 43200 + + # Whether or not to use the `appservices` config option below. If disabled (the default), + # the regular access token cache will be used for each user, potentially leading to high + # memory usage. + useLocalAppserviceConfig: false + + # The application services (and their namespaces) registered on the homeserver. Only used + # if `useLocalAppserviceConfig` is enabled (recommended). + # + # Usually the appservice will provide you with these config details - they'll just need + # translating from the appservice registration to here. Note that this does not require + # all options from the registration, and only requires the bare minimum required to run + # the media repo. + # appservices: + # - id: Name_of_appservice_for_your_reference + # asToken: Secret_token_for_appservices_to_use + # senderUserId: "@_example_bridge:yourdomain.com" + # userNamespaces: + # - regex: "@_example_bridge_.+:yourdomain.com" + # # A note about regexes: it is best to suffix *all* namespaces with the homeserver + # # domain users are valid for, as otherwise the appservice can use any user with + # # any domain name it feels like, even if that domain is not configured with the + # # media repo. This will lead to inaccurate reporting in the case of the media + # # repo, and potentially leading to media being considered "remote". + +# These users have full access to the administrative functions of the media repository. +# See docs/admin.md for information on what these people can do. They must belong to one of the +# configured homeservers above. +matrix_media_repo_admins: + admins: [] +# admins: +# - "@your_username:example.org" + +# Shared secret auth is useful for applications building on top of the media repository, such +# as a management interface. The `token` provided here is treated as a repository administrator +# when shared secret auth is enabled: if the `token` is used in place of an access token, the' +# request will be authorized. This is not limited to any particular domain, giving applications +# the ability to use it on any configured hostname. +# Set this to true to enable shared secret auth. +matrix_media_repo_shared_secret_auth_enabled: false + +# Use a secure value here to prevent unauthorized access to the media repository. +matrix_media_repo_shared_secret_auth_token: "PutSomeRandomSecureValueHere" + +# Datastores are places where media should be persisted. This isn't dedicated for just uploads: +# thumbnails and other misc data is also stored in these places. The media repo, when looking +# for a datastore to use, will always use the smallest datastore first. +matrix_media_repo_datastores: + datastores: + - type: file + enabled: true # Enable this to set up data storage. + # Datastores can be split into many areas when handling uploads. Media is still de-duplicated + # across all datastores (local content which duplicates remote content will re-use the remote + # content's location). This option is useful if your datastore is becoming very large, or if + # you want faster storage for a particular kind of media. + # + # The kinds available are: + # thumbnails - Used to store thumbnails of media (local and remote). + # remote_media - Original copies of remote media (servers not configured by this repo). + # local_media - Original uploads for local media. + # archives - Archives of content (GDPR and similar requests). + forKinds: ["thumbnails", "remote_media", "local_media", "archives"] + opts: + path: /data/media + + - type: s3 + enabled: false # Enable this to set up s3 uploads + forKinds: ["thumbnails", "remote_media", "local_media", "archives"] + opts: + # The s3 uploader needs a temporary location to buffer files to reduce memory usage on + # small file uploads. If the file size is unknown, the file is written to this location + # before being uploaded to s3 (then the file is deleted). If you aren't concerned about + # memory usage, set this to an empty string. + tempPath: "/tmp/mediarepo_s3_upload" + endpoint: sfo2.digitaloceanspaces.com + accessKeyId: "" + accessSecret: "" + ssl: true + bucketName: "your-media-bucket" + # An optional region for where this S3 endpoint is located. Typically not needed, though + # some providers will need this (like Scaleway). Uncomment to use. + # region: "sfo2" + # An optional storage class for tuning how the media is stored at s3. + # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. + # storageClass: STANDARD + + # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If + # the feature is not enabled, this will not work. Note that IPFS support is experimental at + # the moment and not recommended for general use. + # + # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo + # puts authentication on the download endpoints. Only use this option for cases where you + # expect your media to be publicly accessible. + - type: ipfs + enabled: false # Enable this to use IPFS support + forKinds: ["local_media"] + # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured + # in the IPFS section of your main config. + opts: {} + +# Options for controlling archives. Archives are exports of a particular user's content for +# the purpose of GDPR or moving media to a different server. + +# Whether archiving is enabled or not. Default enabled. +matrix_media_repo_archiving_enabled: true +# If true, users can request a copy of their own data. By default, only repository administrators +# can request a copy. +# This includes the ability for homeserver admins to request a copy of their own server's +# data, as known to the repo. +matrix_media_repo_archiving_self_service: false +# The number of bytes to target per archive before breaking up the files. This is independent +# of any file upload limits and will require a similar amount of memory when performing an export. +# The file size is also a target, not a guarantee - it is possible to have files that are smaller +# or larger than the target. This is recommended to be approximately double the size of your +# file upload limit, provided there is enough memory available for the demand of exporting. +matrix_media_repo_archiving_target_bytes_per_part: 209715200 # 200mb default + +# The file upload settings for the media repository +matrix_media_repo_uploads: + uploads: + # The maximum individual file size a user can upload. + maxBytes: 104857600 # 100MB default, 0 to disable + + # The minimum number of bytes to let people upload. This is recommended to be non-zero to + # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend + # to waste more CPU and database resources than small files, thus a default of 100 bytes + # is applied here as an approximate break-even point. + minBytes: 100 # 100 bytes by default + + # The number of bytes to claim as the maximum size for uploads for the limits API. If this + # is not provided then the maxBytes setting will be used instead. This is useful to provide + # if the media repo's settings and the reverse proxy do not match for maximum request size. + # This is purely for informational reasons and does not actually limit any functionality. + # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. + reportedMaxBytes: 0 + + # Options for limiting how much content a user can upload. Quotas are applied to content + # associated with a user regardless of de-duplication. Quotas which affect remote servers + # or users will not take effect. When a user exceeds their quota they will be unable to + # upload any more media. + quotas: + # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo + # will track how much media a user has uploaded. This is disabled by default. + enabled: false + + # The quota rules that affect users. The first rule to match the uploader will take effect. + # An implied rule which matches all users and has no quota is always last in this list, + # meaning that if no rules are supplied then users will be able to upload anything. Similarly, + # if no rules match a user then the implied rule will match, allowing the user to have no + # quota. The quota will let the user upload to 1 media past their quota, meaning that from + # a statistics perspective the user might exceed their quota however only by a small amount. + users: + - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. + maxBytes: 53687063712 # 50GB default, 0 to disable + +# Settings related to downloading files from the media repository + +# The maximum number of bytes to download from other servers +matrix_media_repo_downloads_max_bytes: 104857600 # 100MB default, 0 to disable + +# The number of workers to use when downloading remote media. Raise this number if remote +# media is downloading slowly or timing out. +# +# Maximum memory usage = numWorkers multiplied by the maximum download size +# Average memory usage is dependent on how many concurrent downloads your users are doing. +matrix_media_repo_downloads_num_workers: 10 + +# How long, in minutes, to cache errors related to downloading remote media. Once this time +# has passed, the media is able to be re-requested. +matrix_media_repo_downloads_failure_cache_minutes: 5 + +# The cache control settings for downloads. This can help speed up downloads for users by +# keeping popular media in the cache. This cache is also used for thumbnails. +matrix_media_repo_downloads_cache_enabled: true + +# The maximum size of cache to have. Higher numbers are better. +matrix_media_repo_downloads_cache_max_size_bytes: 1048576000 # 1GB default + +# The maximum file size to cache. This should normally be the same size as your maximum +# upload size. +matrix_media_repo_downloads_cache_max_file_size_bytes: 104857600 # 100MB default + +# The number of minutes to track how many downloads a file gets +matrix_media_repo_downloads_cache_tracked_minutes: 30 + +# The number of downloads a file must receive in the window above (trackedMinutes) in +# order to be cached. +matrix_media_repo_downloads_cache_min_downloads: 5 + +# The minimum amount of time an item should remain in the cache. This prevents the cache +# from cycling out the file if it needs more room during this time. Note that the media +# repo regularly cleans out media which is past this point from the cache, so this number +# may need increasing depending on your use case. If the maxSizeBytes is reached for the +# media repo, and some cached items are still under this timer, new items will not be able +# to enter the cache. When this happens, consider raising maxSizeBytes or lowering this +# timer. +matrix_media_repo_downloads_cache_min_cache_time_seconds: 300 + +# The minimum amount of time an item should remain outside the cache once it is removed. +matrix_media_repo_downloads_cache_min_evicted_time_seconds: 60 + +# How many days after a piece of remote content is downloaded before it expires. It can be +# re-downloaded on demand, this just helps free up space in your datastore. Set to zero or +# negative to disable. Defaults to disabled. +matrix_media_repo_downloads_expire_after_days: 0 + +# URL Preview settings +matrix_media_repo_url_previews: + urlPreviews: + enabled: true # If enabled, the preview_url routes will be accessible + maxPageSizeBytes: 10485760 # 10MB default, 0 to disable + + # If true, the media repository will try to provide previews for URLs with invalid or unsafe + # certificates. If false (the default), the media repo will fail requests to said URLs. + previewUnsafeCertificates: false + + # Note: URL previews are limited to a given number of words, which are then limited to a number + # of characters, taking off the last word if it needs to. This also applies for the title. + + numWords: 50 # The number of words to include in a preview (maximum) + maxLength: 200 # The maximum number of characters for a description + + numTitleWords: 30 # The maximum number of words to include in a preview's title + maxTitleLength: 150 # The maximum number of characters for a title + + # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are + # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be + # an image and the image's type must be allowed by the thumbnailer. + filePreviewTypes: + - "image/*" + + # The number of workers to use when generating url previews. Raise this number if url + # previews are slow or timing out. + # + # Maximum memory usage = numWorkers multiplied by the maximum page size + # Average memory usage is dependent on how many concurrent urls your users are previewing. + numWorkers: 10 + + # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they + # will be merged. URL previews will be disabled if neither is supplied. Each entry must be + # a CIDR range. + disallowedNetworks: + - "127.0.0.1/8" + - "10.0.0.0/8" + - "172.16.0.0/12" + - "192.168.0.0/16" + - "100.64.0.0/10" + - "169.254.0.0/16" + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + allowedNetworks: + # "Everything". The blacklist will help limit this. + # This is the default value for this field. + - "0.0.0.0/0" + + # How many days after a preview is generated before it expires and is deleted. The preview + # can be regenerated safely - this just helps free up some space in your database. Set to + # zero or negative to disable. Defaults to disabled. + expireAfterDays: 0 + + # The default Accept-Language header to supply when generating URL previews when one isn't + # supplied by the client. + # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language + defaultLanguage: "en-US,en" + + # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for + # sites that do not support OpenGraph or page scraping, such as Twitter. For information on + # specifying providers for oEmbed, including your own, see the following documentation: + # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html + # Defaults to disabled. + oEmbed: false + +# The thumbnail configuration for the media repository. +matrix_media_repo_thumbnails: + thumbnails: + # The maximum number of bytes an image can be before the thumbnailer refuses. + maxSourceBytes: 10485760 # 10MB default, 0 to disable + + # The maximum number of pixels an image can have before the thumbnailer refuses. Note that + # this only applies to image types: file types like audio and video are affected solely by + # the maxSourceBytes. + maxPixels: 32000000 # 32M default + + # The number of workers to use when generating thumbnails. Raise this number if thumbnails + # are slow to generate or timing out. + # + # Maximum memory usage = numWorkers multiplied by the maximum image source size + # Average memory usage is dependent on how many thumbnails are being generated by your users + numWorkers: 100 + + # All thumbnails are generated into one of the sizes listed here. The first size is used as + # the default for when no width or height is requested. The media repository will return + # either an exact match or the next largest size of thumbnail. + sizes: + - width: 32 + height: 32 + - width: 96 + height: 96 + - width: 320 + height: 240 + - width: 640 + height: 480 + - width: 768 # This size is primarily used for audio thumbnailing. + height: 240 + - width: 800 + height: 600 + + # To allow for thumbnails to be any size, not just in the sizes specified above, set this to + # true (default false). When enabled, whatever size requested by the client will be generated + # up to a maximum of the largest possible dimensions in the `sizes` list. For best results, + # specify only one size in the `sizes` list when this option is enabled. + dynamicSizing: false + + # The content types to thumbnail when requested. Types that are not supported by the media repo + # will not be thumbnailed (adding application/json here won't work). Clients may still not request + # thumbnails for these types - this won't make clients automatically thumbnail these file types. + types: + - "image/jpeg" + - "image/jpg" + - "image/png" + - "image/apng" + - "image/gif" + - "image/heif" + - "image/webp" + # - "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files + - "audio/mpeg" + - "audio/ogg" + - "audio/wav" + - "audio/flac" + # - "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files + + # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated + # thumbnails, set this to false. If disabled, regular thumbnails will be returned. + allowAnimated: true + + # Default to animated thumbnails, if available + defaultAnimated: false + + # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image + # is larger than this, the thumbnail will be generated as a static image. + maxAnimateSizeBytes: 10485760 # 10MB default, 0 to disable + + # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try + # and thumbnail animated content? Defaults to 0.5 (middle of animation). + stillFrame: 0.5 + + # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail + # can be regenerated safely - this just helps free up some space in your datastores. Set to + # zero or negative to disable. Defaults to disabled. + expireAfterDays: 0 + +# Controls for the rate limit functionality + +# Set this to false if rate limiting is handled at a higher level or you don't want it enabled. +matrix_media_repo_rate_limit_enabled: true + +# The number of requests per second before an IP will be rate limited. Must be a whole number. +matrix_media_repo_rate_limit_requests_per_second: 1 + +# The number of requests an IP can send at once before the rate limit is actually considered. +matrix_media_repo_rate_limit_burst: 10 + +# Identicons are generated avatars for a given username. Some clients use these to give users a +# default avatar after signing up. Identicons are not part of the official matrix spec, therefore +# this feature is completely optional. +matrix_media_repo_identicons_enabled: true + +# The quarantine media settings. + +# If true, when a thumbnail of quarantined media is requested an image will be returned. If no +# image is given in the thumbnailPath below then a generated image will be provided. This does +# not affect regular downloads of files. +matrix_media_repo_quarantine_replace_thumbnails: true + +# If true, when media which has been quarantined is requested an image will be returned. If +# no image is given in the thumbnailPath below then a generated image will be provided. This +# will replace media which is not an image (ie: quarantining a PDF will replace the PDF with +# an image). +matrix_media_repo_quarantine_replace_downloads: false + +# If provided, the given image will be returned as a thumbnail for media that is quarantined. +matrix_media_repo_quarantine_thumbnail_path: "" + +# If true, administrators of the configured homeservers may quarantine media for their server +# only. Global administrators can quarantine any media (local or remote) regardless of this +# flag. +matrix_media_repo_quarantine_allow_local_admins: true + +# The various timeouts that the media repo will use. + +# The maximum amount of time the media repo should spend trying to fetch a resource that is +# being previewed. +matrix_media_repo_timeouts_url_preview_timeout_seconds: 10 + +# The maximum amount of time the media repo will spend making remote requests to other repos +# or homeservers. This is primarily used to download media. +matrix_media_repo_timeouts_federation_timeout_seconds: 120 + +# The maximum amount of time the media repo will spend talking to your configured homeservers. +# This is usually used to verify a user's identity. +matrix_media_repo_timeouts_client_server_timeout_seconds: 30 + +# Prometheus metrics configuration +# For an example Grafana dashboard, import the following JSON: +# https://github.com/turt2live/matrix-media-repo/blob/master/docs/grafana.json + +# If true, the bindAddress and port below will serve GET /metrics for Prometheus to scrape. +matrix_media_repo_metrics_enabled: false + +# The address to listen on. Typically "127.0.0.1" or "0.0.0.0" for all interfaces. +matrix_media_repo_metrics_bind_address: "0.0.0.0" + +# The port to listen on. Cannot be the same as the general web server port. +matrix_media_repo_metrics_port: 9000 + +# Plugins are optional pieces of the media repo used to extend the functionality offered. +# Currently there are only antispam plugins, but in future there should be more options. +# Plugins are not supported on per-domain paths and are instead repo-wide. For more +# information on writing plugins, please visit #matrix-media-repo:t2bot.io on Matrix. +matrix_media_repo_plugins: + plugins: [] + + # An example OCR plugin to block images with certain text. Note that the Docker image + # for the media repo automatically ships this at /plugins/plugin_antispam_ocr +# - exec: /plugins/plugin_antispam_ocr +# config: +# # The URL to your OCR server (https://github.com/otiai10/ocrserver) +# ocrServer: "http://localhost:8080" +# # The keywords to scan for. The image must contain at least one of the keywords +# # from each list to qualify for spam. +# keywordGroups: +# - - elon +# - musk +# - elonmusk +# - - bitcoin +# # The minimum (and maximum) sizes of images to process. +# minSizeBytes: 20000 +# maxSizeBytes: 200000 +# # The types of files to process +# types: ["image/png", "image/jpeg", "image/jpg"] +# # The user ID regex to check against +# userIds: "@telegram_.*" +# # How much of the image's height, starting from the top, to consider before +# # discarding the rest. Set to 1.0 to consider the whole image. +# percentageOfHeight: 0.35 + +# Options for controlling various MSCs/unstable features of the media repo +# Sections of this config might disappear or be added over time. By default all +# features are disabled in here and must be explicitly enabled to be used. +matrix_media_repo_feature_support: + featureSupport: + # MSC2248 - Blurhash + MSC2448: + # Whether or not this MSC is enabled for use in the media repo + enabled: false + + # Maximum dimensions for converting a blurhash to an image. When no width and + # height options are supplied, the default will be half these values. + maxWidth: 1024 + maxHeight: 1024 + + # Thumbnail size in pixels to use to generate the blurhash string + thumbWidth: 64 + thumbHeight: 64 + + # The X and Y components to use. Higher numbers blur less, lower numbers blur more. + xComponents: 4 + yComponents: 3 + + # The amount of contrast to apply when converting a blurhash to an image. Lower values + # make the effect more subtle, larger values make it stronger. + punch: 1 + + # IPFS Support + # This is currently experimental and might not work at all. + IPFS: + # Whether or not IPFS support is enabled for use in the media repo. + enabled: false + + # Options for the built in IPFS daemon + builtInDaemon: + # Enable this to spawn an in-process IPFS node to use instead of a localhost + # HTTP agent. If this is disabled, the media repo will assume you have an HTTP + # IPFS agent running and accessible. Defaults to using a daemon (true). + enabled: true + + # If the Daemon is enabled, set this to the location where the IPFS files should + # be stored. If you're using Docker, this should be something like "/data/ipfs" + # so it can be mapped to a volume. + repoPath: "./ipfs" + + # Support for redis as a cache mechanism + # + # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing. + # It can be safely disabled once Redis support is enabled. + # + # See docs/redis.md for more information on how this works and how to set it up. + redis: + # Whether or not use Redis instead of in-process caching. + enabled: false + + # The Redis shards that should be used by the media repo in the ring. The names of the + # shards are for your reference and have no bearing on the connection, but must be unique. + shards: + - name: "server1" + addr: ":7000" + - name: "server2" + addr: ":7001" + - name: "server3" + addr: ":7002" + +# Optional sentry (https://sentry.io/) configuration for the media repo + +# Whether or not to set up error reporting. Defaults to off. +matrix_media_repo_sentry_enabled: false + +# Get this value from the setup instructions in Sentry +matrix_media_repo_sentry_dsn: "https://examplePublicKey@ingest.sentry.io/0" + +# Optional environment flag. Defaults to an empty string. +matrix_media_repo_sentry_environment: "" + +# Whether or not to turn on sentry's built in debugging. This will increase log output. +matrix_media_repo_sentry_debug: false diff --git a/roles/custom/matrix-media-repo/tasks/main.yml b/roles/custom/matrix-media-repo/tasks/main.yml new file mode 100644 index 00000000..59f962a2 --- /dev/null +++ b/roles/custom/matrix-media-repo/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- tags: + - setup-all + - setup-media-repo + - install-all + - install-media-repo + block: + - when: matrix_media_repo_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-media-repo + block: + - when: not matrix_media_repo_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-media-repo/tasks/setup_install.yml b/roles/custom/matrix-media-repo/tasks/setup_install.yml new file mode 100644 index 00000000..af02d4b0 --- /dev/null +++ b/roles/custom/matrix-media-repo/tasks/setup_install.yml @@ -0,0 +1,74 @@ +--- + +- name: Ensure media-repo paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_media_repo_base_path }}" + when: true + - path: "{{ matrix_media_repo_docker_src_files_path }}" + when: "{{ matrix_media_repo_container_image_self_build }}" + when: "item.when | bool" + +- name: Ensure media-repo configuration installed + ansible.builtin.template: + src: "{{ role_path }}/templates/media-repo/media-repo.yaml.j2" + dest: "{{ matrix_media_repo_base_path }}/media-repo.yaml" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure media-repo Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_media_repo_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_media_repo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_media_repo_docker_image_force_pull }}" + when: "not matrix_media_repo_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- when: "matrix_media_repo_container_image_self_build | bool" + block: + - name: Ensure media-repo repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_media_repo_container_image_self_build_repo }}" + dest: "{{ matrix_media_repo_docker_src_files_path }}" + version: "{{ matrix_media_repo_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_media_repo_git_pull_results + + - name: Check if media-repo Docker image exists + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_media_repo_docker_image }}'" + register: matrix_media_repo_docker_image_check_result + changed_when: false + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure media-repo Docker image is built + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_media_repo_docker_image }} {{ matrix_media_repo_docker_src_files_path }}" + environment: + DOCKER_BUILDKIT: 1 + changed_when: true + when: "matrix_media_repo_git_pull_results.changed | bool or matrix_media_repo_docker_image_check_result.stdout == ''" + +- name: Ensure media-repo container network is created + community.general.docker_network: + name: "{{ matrix_media_repo_container_network }}" + driver: bridge + +- name: Ensure matrix-media-repo.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/media-repo/systemd/matrix-media-repo.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-media-repo.service" + mode: 0640 diff --git a/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml b/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml new file mode 100644 index 00000000..d5f08994 --- /dev/null +++ b/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml @@ -0,0 +1,19 @@ +--- + +- name: Check existence of matrix-media-repo service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-media-repo.service" + register: matrix_media_repo_service_stat + +- when: matrix_media_repo_service_stat.stat.exists | bool + block: + - name: Ensure matrix-media-repo is stopped + ansible.builtin.systemd: + name: matrix-media-repo + state: stopped + daemon_reload: true + + - name: Ensure matrix-media-repo.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-media-repo.service" + state: absent diff --git a/roles/custom/matrix-media-repo/templates/grafana/media-repo.json b/roles/custom/matrix-media-repo/templates/grafana/media-repo.json new file mode 100644 index 00000000..1fb68e0a --- /dev/null +++ b/roles/custom/matrix-media-repo/templates/grafana/media-repo.json @@ -0,0 +1,991 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 9, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "hertz" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 2, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_http_requests_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ '{{host}}: {{method}} {{action}}' }}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_invalid_http_requests_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ 'Invalid Host: {{method}} {{action}}' }}", + "refId": "B" + } + ], + "title": "HTTP Requsts", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "hertz" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 3, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_http_responses_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ '{{host}}: {{method}} {{action}} {{statusCode}}' }}", + "refId": "A" + } + ], + "title": "HTTP Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 8, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "go_memstats_alloc_bytes", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "memory usage (alloc)", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "go_memstats_sys_bytes", + "interval": "", + "legendFormat": "memory usage (sys)", + "refId": "C" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "go_memstats_heap_alloc_bytes", + "interval": "", + "legendFormat": "heap usage (alloc)", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "go_memstats_heap_idle_bytes", + "interval": "", + "legendFormat": "heap usage (idle)", + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "go_memstats_heap_inuse_bytes", + "interval": "", + "legendFormat": "heap usage (used)", + "refId": "E" + } + ], + "title": "Memory Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 4, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "media_cache_num_bytes_used", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ 'size of cache: {{cache}}' }}", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "media_cache_num_live_bytes_used", + "interval": "", + "legendFormat": "{{ 'live size of cache: {{cache}}' }}", + "refId": "C" + } + ], + "title": "Cache Size (Bytes)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 9, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "media_cache_num_items", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ 'items in cache: {{cache}}' }}", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "media_cache_num_live_items", + "interval": "", + "legendFormat": "{{ 'live items in cache: {{cache}}' }}", + "refId": "C" + } + ], + "title": "Cache Size (# of items)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "hertz" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 5, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_cache_hits_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ 'hits in {{cache}}' }}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_cache_misses_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ 'misses in {{cache}}' }}", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_cache_evictions_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ 'evictions due to {{reason}} in {{cache}}' }}", + "refId": "C" + } + ], + "title": "Cache Operations", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "hertz" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 27 + }, + "id": 6, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_thumbnails_generated_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ '{{origin}} {{width}}x{{height}} {{method}} animated={{animated}}' }}", + "refId": "A" + } + ], + "title": "Thumbnail Generation", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "hertz" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 27 + }, + "id": 7, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_downloaded_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ 'downloads from {{origin}}' }}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(media_url_previews_generated_total[2m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ 'preview with engine: {{type}}' }}", + "refId": "B" + } + ], + "title": "Resource Handling", + "type": "timeseries" + } + ], + "refresh": "1m", + "schemaVersion": 38, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Media Repo Dashboard", + "uid": "xJUZ3xfmk", + "version": 2, + "weekStart": "" +} \ No newline at end of file diff --git a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 new file mode 100644 index 00000000..0595f576 --- /dev/null +++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 @@ -0,0 +1,359 @@ +# General repo configuration +repo: + bindAddress: {{ matrix_media_repo_bind_address }} + port: {{ matrix_media_repo_port }} + + # Where to store the logs, relative to where the repo is started from. Logs will be automatically + # rotated every day and held for 14 days. To disable the repo logging to files, set this to + # "-" (including quotation marks). + # + # Note: to change the log directory you'll have to restart the repository. This setting cannot be + # live reloaded. + logDirectory: {{ matrix_media_repo_log_directory }} + + # Set to true to enable color coding in your logs. Note that this may cause escape sequences to + # appear in logs which render them unreadable, which is why colors are disabled by default. + logColors: {{ matrix_media_repo_log_colors }} + + # Set to true to enable JSON logging for consumption by things like logstash. Note that this is + # incompatible with the log color option and will always render without colors. + jsonLogs: {{ matrix_media_repo_json_logs }} + + # The log level to log at. Note that this will need to be at least "info" to receive support. + # + # Values (in increasing spam): panic | fatal | error | warn | info | debug | trace + logLevel: {{ matrix_media_repo_log_level }} + + # If true, the media repo will accept any X-Forwarded-For header without validation. In most cases + # this option should be left as "false". Note that the media repo already expects an X-Forwarded-For + # header, but validates it to ensure the IP being given makes sense. + trustAnyForwardedAddress: {{ matrix_media_repo_trust_any_forwarded_address }} + + # If false, the media repo will not use the X-Forwarded-Host header commonly added by reverse proxies. + # Typically this should remain as true, though in some circumstances it may need to be disabled. + # See https://github.com/turt2live/matrix-media-repo/issues/202 for more information. + useForwardedHost: {{ matrix_media_repo_use_forwarded_host }} + +# Options for dealing with federation +federation: + # On a per-host basis, the number of consecutive failures in calling the host before the + # media repo will back off. This defaults to 20 if not given. Note that 404 errors from + # the remote server do not count towards this. + backoffAt: {{ matrix_media_repo_federation_backoff_at }} + +# The database configuration for the media repository +# Do NOT put your homeserver's existing database credentials here. Create a new database and +# user instead. Using the same server is fine, just not the same username and database. +database: + # Currently only "postgres" is supported. + postgres: {{ matrix_media_repo_database_postgres }} + + # The database pooling options + pool: + # The maximum number of connects to hold open. More of these allow for more concurrent + # processes to happen. + maxConnections: {{ matrix_media_repo_database_max_connections }} + + # The maximum number of connects to leave idle. More of these reduces the time it takes + # to serve requests in low-traffic scenarios. + maxIdleConnections: {{ matrix_media_repo_database_max_idle_connections }} + +# The configuration for the homeservers this media repository is known to control. Servers +# not listed here will not be able to upload media. +{# +homeservers: + - name: example.org # This should match the server_name of your homeserver, and the Host header + # provided to the media repo. + csApi: "https://example.org/" # The base URL to where the homeserver can actually be reached + backoffAt: 10 # The number of consecutive failures in calling this homeserver before the + # media repository will start backing off. This defaults to 10 if not given. + adminApiKind: "matrix" # The kind of admin API the homeserver supports. If set to "matrix", + # the media repo will use the Synapse-defined endpoints under the + # unstable client-server API. When this is "synapse", the new /_synapse + # endpoints will be used instead. Unknown values are treated as the + # default, "matrix". +#} +{{ matrix_media_repo_homeservers | to_nice_yaml(indent=2, sort_keys=false) }} + +# Options for controlling how access tokens work with the media repo. It is recommended that if +# you are going to use these options that the `/logout` and `/logout/all` client-server endpoints +# be proxied through this process. They will also be called on the homeserver, and the response +# sent straight through the client - they are simply used to invalidate the cache faster for +# a particular user. Without these, the access tokens might still work for a short period of time +# after the user has already invalidated them. +# +# This will also cache errors from the homeserver. +# +# Note that when this config block is used outside of a per-domain config, all hosts will be +# subject to the same cache. This also means that application services on limited homeservers +# could be authorized on the wrong domain. +# +# *************************************************************************** +# * IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE. * +# *************************************************************************** +{{ matrix_media_repo_access_tokens | to_nice_yaml(indent=2, sort_keys=false) }} + +# These users have full access to the administrative functions of the media repository. +# See docs/admin.md for information on what these people can do. They must belong to one of the +# configured homeservers above. +{{ matrix_media_repo_admins | to_nice_yaml(indent=2, sort_keys=false) }} + +# Shared secret auth is useful for applications building on top of the media repository, such +# as a management interface. The `token` provided here is treated as a repository administrator +# when shared secret auth is enabled: if the `token` is used in place of an access token, the' +# request will be authorized. This is not limited to any particular domain, giving applications +# the ability to use it on any configured hostname. +sharedSecretAuth: + # Set this to true to enable shared secret auth. + enabled: {{ matrix_media_repo_shared_secret_auth_enabled }} + + # Use a secure value here to prevent unauthorized access to the media repository. + token: {{ matrix_media_repo_shared_secret_auth_token }} + +# Datastores are places where media should be persisted. This isn't dedicated for just uploads: +# thumbnails and other misc data is also stored in these places. The media repo, when looking +# for a datastore to use, will always use the smallest datastore first. +{# +datastores: + - type: file + enabled: false # Enable this to set up data storage. + # Datastores can be split into many areas when handling uploads. Media is still de-duplicated + # across all datastores (local content which duplicates remote content will re-use the remote + # content's location). This option is useful if your datastore is becoming very large, or if + # you want faster storage for a particular kind of media. + # + # The kinds available are: + # thumbnails - Used to store thumbnails of media (local and remote). + # remote_media - Original copies of remote media (servers not configured by this repo). + # local_media - Original uploads for local media. + # archives - Archives of content (GDPR and similar requests). + forKinds: ["thumbnails"] + opts: + path: /var/matrix/media + + - type: s3 + enabled: false # Enable this to set up s3 uploads + forKinds: ["thumbnails", "remote_media", "local_media", "archives"] + opts: + # The s3 uploader needs a temporary location to buffer files to reduce memory usage on + # small file uploads. If the file size is unknown, the file is written to this location + # before being uploaded to s3 (then the file is deleted). If you aren't concerned about + # memory usage, set this to an empty string. + tempPath: "/tmp/mediarepo_s3_upload" + endpoint: sfo2.digitaloceanspaces.com + accessKeyId: "" + accessSecret: "" + ssl: true + bucketName: "your-media-bucket" + # An optional region for where this S3 endpoint is located. Typically not needed, though + # some providers will need this (like Scaleway). Uncomment to use. + #region: "sfo2" + + # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If + # the feature is not enabled, this will not work. Note that IPFS support is experimental at + # the moment and not recommended for general use. + # + # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo + # puts authentication on the download endpoints. Only use this option for cases where you + # expect your media to be publicly accessible. + - type: ipfs + enabled: false # Enable this to use IPFS support + forKinds: ["local_media"] + # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured + # in the IPFS section of your main config. + opts: {} +#} +{{ matrix_media_repo_datastores | to_nice_yaml(indent=2, sort_keys=false) }} + +# Options for controlling archives. Archives are exports of a particular user's content for +# the purpose of GDPR or moving media to a different server. +archiving: + # Whether archiving is enabled or not. Default enabled. + enabled: {{ matrix_media_repo_archiving_enabled }} + # If true, users can request a copy of their own data. By default, only repository administrators + # can request a copy. + # This includes the ability for homeserver admins to request a copy of their own server's + # data, as known to the repo. + selfService: {{ matrix_media_repo_archiving_self_service }} + # The number of bytes to target per archive before breaking up the files. This is independent + # of any file upload limits and will require a similar amount of memory when performing an export. + # The file size is also a target, not a guarantee - it is possible to have files that are smaller + # or larger than the target. This is recommended to be approximately double the size of your + # file upload limit, provided there is enough memory available for the demand of exporting. + targetBytesPerPart: {{ matrix_media_repo_archiving_target_bytes_per_part }} # 200mb default + +# The file upload settings for the media repository +{{ matrix_media_repo_uploads | to_nice_yaml(indent=2, sort_keys=false) }} + +# Settings related to downloading files from the media repository +downloads: + # The maximum number of bytes to download from other servers + maxBytes: {{ matrix_media_repo_downloads_max_bytes }} # 100MB default, 0 to disable + + # The number of workers to use when downloading remote media. Raise this number if remote + # media is downloading slowly or timing out. + # + # Maximum memory usage = numWorkers multiplied by the maximum download size + # Average memory usage is dependent on how many concurrent downloads your users are doing. + numWorkers: {{ matrix_media_repo_downloads_num_workers }} + + # How long, in minutes, to cache errors related to downloading remote media. Once this time + # has passed, the media is able to be re-requested. + failureCacheMinutes: {{ matrix_media_repo_downloads_failure_cache_minutes }} + + # The cache control settings for downloads. This can help speed up downloads for users by + # keeping popular media in the cache. This cache is also used for thumbnails. + cache: + enabled: {{ matrix_media_repo_downloads_cache_enabled }} + + # The maximum size of cache to have. Higher numbers are better. + maxSizeBytes: {{ matrix_media_repo_downloads_cache_max_size_bytes }} # 1GB default + + # The maximum file size to cache. This should normally be the same size as your maximum + # upload size. + maxFileSizeBytes: {{ matrix_media_repo_downloads_cache_max_file_size_bytes }} # 100MB default + + # The number of minutes to track how many downloads a file gets + trackedMinutes: {{ matrix_media_repo_downloads_cache_tracked_minutes }} + + # The number of downloads a file must receive in the window above (trackedMinutes) in + # order to be cached. + minDownloads: {{ matrix_media_repo_downloads_cache_min_downloads }} + + # The minimum amount of time an item should remain in the cache. This prevents the cache + # from cycling out the file if it needs more room during this time. Note that the media + # repo regularly cleans out media which is past this point from the cache, so this number + # may need increasing depending on your use case. If the maxSizeBytes is reached for the + # media repo, and some cached items are still under this timer, new items will not be able + # to enter the cache. When this happens, consider raising maxSizeBytes or lowering this + # timer. + minCacheTimeSeconds: {{ matrix_media_repo_downloads_cache_min_cache_time_seconds }} + + # The minimum amount of time an item should remain outside the cache once it is removed. + minEvictedTimeSeconds: {{ matrix_media_repo_downloads_cache_min_evicted_time_seconds }} + + # How many days after a piece of remote content is downloaded before it expires. It can be + # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or + # negative to disable. Defaults to disabled. + expireAfterDays: {{ matrix_media_repo_downloads_expire_after_days }} + +# URL Preview settings +{{ matrix_media_repo_url_previews | to_nice_yaml(indent=2) }} + +# The thumbnail configuration for the media repository. +{{ matrix_media_repo_thumbnails | to_nice_yaml(indent=2) }} + +# Controls for the rate limit functionality +rateLimit: + # Set this to false if rate limiting is handled at a higher level or you don't want it enabled. + enabled: {{ matrix_media_repo_rate_limit_enabled }} + + # The number of requests per second before an IP will be rate limited. Must be a whole number. + requestsPerSecond: {{ matrix_media_repo_rate_limit_requests_per_second }} + + # The number of requests an IP can send at once before the rate limit is actually considered. + burst: {{ matrix_media_repo_rate_limit_burst }} + +# Identicons are generated avatars for a given username. Some clients use these to give users a +# default avatar after signing up. Identicons are not part of the official matrix spec, therefore +# this feature is completely optional. +identicons: + enabled: {{ matrix_media_repo_identicons_enabled }} + +# The quarantine media settings. +quarantine: + # If true, when a thumbnail of quarantined media is requested an image will be returned. If no + # image is given in the thumbnailPath below then a generated image will be provided. This does + # not affect regular downloads of files. + replaceThumbnails: {{ matrix_media_repo_quarantine_replace_thumbnails }} + + # If true, when media which has been quarantined is requested an image will be returned. If + # no image is given in the thumbnailPath below then a generated image will be provided. This + # will replace media which is not an image (ie: quarantining a PDF will replace the PDF with + # an image). + replaceDownloads: {{ matrix_media_repo_quarantine_replace_downloads }} + + # If provided, the given image will be returned as a thumbnail for media that is quarantined. + #thumbnailPath: "/path/to/thumbnail.png" + thumbnailPath: {{ "" if matrix_media_repo_quarantine_thumbnail_path == "" else matrix_media_repo_quarantine_thumbnail_path }} + + # If true, administrators of the configured homeservers may quarantine media for their server + # only. Global administrators can quarantine any media (local or remote) regardless of this + # flag. + allowLocalAdmins: {{ matrix_media_repo_quarantine_allow_local_admins }} + +# The various timeouts that the media repo will use. +timeouts: + # The maximum amount of time the media repo should spend trying to fetch a resource that is + # being previewed. + urlPreviewTimeoutSeconds: {{ matrix_media_repo_timeouts_url_preview_timeout_seconds }} + + # The maximum amount of time the media repo will spend making remote requests to other repos + # or homeservers. This is primarily used to download media. + federationTimeoutSeconds: {{ matrix_media_repo_timeouts_federation_timeout_seconds }} + + # The maximum amount of time the media repo will spend talking to your configured homeservers. + # This is usually used to verify a user's identity. + clientServerTimeoutSeconds: {{ matrix_media_repo_timeouts_client_server_timeout_seconds }} + +# Prometheus metrics configuration +# For an example Grafana dashboard, import the following JSON: +# https://github.com/turt2live/matrix-media-repo/blob/master/docs/grafana.json +metrics: + # If true, the bindAddress and port below will serve GET /metrics for Prometheus to scrape. + enabled: {{ matrix_media_repo_metrics_enabled }} + + # The address to listen on. Typically "127.0.0.1" or "0.0.0.0" for all interfaces. + bindAddress: {{ matrix_media_repo_metrics_bind_address }} + + # The port to listen on. Cannot be the same as the general web server port. + port: {{ matrix_media_repo_metrics_port }} + +# Plugins are optional pieces of the media repo used to extend the functionality offered. +# Currently there are only antispam plugins, but in future there should be more options. +# Plugins are not supported on per-domain paths and are instead repo-wide. For more +# information on writing plugins, please visit #matrix-media-repo:t2bot.io on Matrix. +{{ matrix_media_repo_plugins | to_nice_yaml(indent=2) }} + + # An example OCR plugin to block images with certain text. Note that the Docker image + # for the media repo automatically ships this at /plugins/plugin_antispam_ocr +# - exec: /plugins/plugin_antispam_ocr +# config: +# # The URL to your OCR server (https://github.com/otiai10/ocrserver) +# ocrServer: "http://localhost:8080" +# # The keywords to scan for. The image must contain at least one of the keywords +# # from each list to qualify for spam. +# keywordGroups: +# - - elon +# - musk +# - elonmusk +# - - bitcoin +# # The minimum (and maximum) sizes of images to process. +# minSizeBytes: 20000 +# maxSizeBytes: 200000 +# # The types of files to process +# types: ["image/png", "image/jpeg", "image/jpg"] +# # The user ID regex to check against +# userIds: "@telegram_.*" +# # How much of the image's height, starting from the top, to consider before +# # discarding the rest. Set to 1.0 to consider the whole image. +# percentageOfHeight: 0.35 + +# Options for controlling various MSCs/unstable features of the media repo +# Sections of this config might disappear or be added over time. By default all +# features are disabled in here and must be explicitly enabled to be used. +{{ matrix_media_repo_feature_support | to_nice_yaml(indent=2) }} + +# Optional sentry (https://sentry.io/) configuration for the media repo +sentry: + # Whether or not to set up error reporting. Defaults to off. + enabled: {{ matrix_media_repo_sentry_enabled }} + + # Get this value from the setup instructions in Sentry + dsn: {{ matrix_media_repo_sentry_dsn }} + + # Optional environment flag. Defaults to an empty string. + environment: {{ "" if matrix_media_repo_sentry_environment == "" else matrix_media_repo_sentry_environment }} + + # Whether or not to turn on sentry's built in debugging. This will increase log output. + debug: {{ matrix_media_repo_sentry_debug }} \ No newline at end of file diff --git a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 new file mode 100644 index 00000000..ac33e3fe --- /dev/null +++ b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 @@ -0,0 +1,52 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix media-repo +{% for service in matrix_media_repo_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_media_repo_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-media-repo 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-media-repo 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-media-repo \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -p {{ matrix_media_repo_port }}:{{ matrix_media_repo_port }} \ + {% if matrix_media_repo_metrics_enabled %} + -p {{ matrix_media_repo_metrics_port }}:{{ matrix_media_repo_metrics_port }} \ + {% endif %} + -v {{ matrix_media_repo_base_path }}:/data:z \ + --workdir='/data' \ + --entrypoint='media_repo' \ + {% for arg in matrix_media_repo_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_media_repo_docker_image }} + +{% for network in matrix_media_repo_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-media-repo +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-media-repo + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-media-repo 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-media-repo 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-media-repo /bin/sh -c 'kill -HUP 1' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-media-repo + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 8ad11b37..d8d73a86 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -333,6 +333,11 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether proxying for the media repo (`/_matrix/media`) should be done (on the matrix domain) +matrix_nginx_proxy_proxy_media_repo_enabled: false +matrix_nginx_proxy_proxy_media_repo_addr_with_container: "matrix-media-repo:{{ matrix_media_repo_port }}" +matrix_nginx_proxy_proxy_media_repo_addr_sans_container: "127.0.0.1:{{ matrix_media_repo_port }}" + # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-proxy:12080" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 63d45bc6..8ecaf64e 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -94,6 +94,96 @@ } {% endif %} + {% if matrix_nginx_proxy_proxy_media_repo_enabled %} + # Redirect all media endpoints to the media-repo + location ^~ /_matrix/media { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_media_repo_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_media_repo_addr_sans_container }}; + {% endif %} + + # Make sure this matches your homeserver in media-repo.yaml + # You may have to manually specify it if using delegation or the + # incoming Host doesn't match. + proxy_set_header Host $host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + } + + # Redirect other endpoints registered by the media-repo to its container + # /_matrix/client/r0/logout + # /_matrix/client/r0/logout/all + location ^~ /_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_media_repo_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_media_repo_addr_sans_container }}; + {% endif %} + + # Make sure this matches your homeserver in media-repo.yaml + # You may have to manually specify it if using delegation or the + # incoming Host doesn't match. + proxy_set_header Host $host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + } + + # Redirect other endpoints registered by the media-repo to its container + # /_matrix/client/r0/admin/purge_media_cache + # /_matrix/client/r0/admin/quarantine_media/{roomId:[^/]+} + location ^~ /_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_media_repo_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_media_repo_addr_sans_container }}; + {% endif %} + + # Make sure this matches your homeserver in media-repo.yaml + # You may have to manually specify it if using delegation or the + # incoming Host doesn't match. + proxy_set_header Host $host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + } + + # Redirect other endpoints registered by the media-repo to its container + location ^~ /_matrix/client/unstable/io.t2bot.media { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_media_repo_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_media_repo_addr_sans_container }}; + {% endif %} + + # Make sure this matches your homeserver in media-repo.yaml + # You may have to manually specify it if using delegation or the + # incoming Host doesn't match. + proxy_set_header Host $host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ^~ /_matrix/client/r0/user_directory/search { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/custom/matrix-prometheus-services-connect/defaults/main.yml b/roles/custom/matrix-prometheus-services-connect/defaults/main.yml index 748f88c5..f06d8da4 100644 --- a/roles/custom/matrix-prometheus-services-connect/defaults/main.yml +++ b/roles/custom/matrix-prometheus-services-connect/defaults/main.yml @@ -142,3 +142,23 @@ matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs: | 'static_configs': matrix_prometheus_services_connect_scraper_nginxlog_static_configs, }] }} + +# Controls whether media-repo shall be scraped +matrix_prometheus_services_connect_scraper_media_repo_enabled: false +matrix_prometheus_services_connect_scraper_media_repo_job_name: media-repo +matrix_prometheus_services_connect_scraper_media_repo_metrics_path: /metrics +matrix_prometheus_services_connect_scraper_media_repo_scrape_interval: 15s +matrix_prometheus_services_connect_scraper_media_repo_scrape_timeout: 15s +matrix_prometheus_services_connect_scraper_media_repo_static_configs: "{{ [{'targets': [matrix_prometheus_services_connect_scraper_media_repo_static_configs_target]}] }}" +matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: '' +# The final scrape config for the media-repo scraper +matrix_prometheus_services_connect_scraper_media_repo_scrape_configs: | + {{ + [{ + 'job_name': matrix_prometheus_services_connect_scraper_media_repo_job_name, + 'metrics_path': matrix_prometheus_services_connect_scraper_media_repo_metrics_path, + 'scrape_interval': matrix_prometheus_services_connect_scraper_media_repo_scrape_interval, + 'scrape_timeout': matrix_prometheus_services_connect_scraper_media_repo_scrape_timeout, + 'static_configs': matrix_prometheus_services_connect_scraper_media_repo_static_configs, + }] + }} diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 964fde11..96bb4256 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -633,14 +633,14 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 # Adjusting this value manually is generally not necessary. matrix_synapse_federation_sender_instances: [] -matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}" +matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] if not matrix_synapse_ext_media_repo_enabled else 0 }}" matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # matrix_synapse_enable_media_repo controls if the main Synapse process should serve media repository endpoints or if it should be left to media_repository workers (see `matrix_synapse_workers_media_repository_workers_count`). # This is enabled if workers are disabled, or if they are enabled, but there are no media repository workers. # Adjusting this value manually is generally not necessary. -matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0) }}" +matrix_synapse_enable_media_repo: "{{ not matrix_synapse_ext_media_repo_enabled and (not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0)) }}" # matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). # `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository. @@ -901,6 +901,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 # This is a systemd timer OnCalendar definition. Learn more here: https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS matrix_synapse_ext_synapse_s3_storage_provider_periodic_migration_schedule: '*-*-* 05:00:00' +matrix_synapse_ext_media_repo_enabled: false + matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false matrix_s3_goofys_docker_image: "{{ matrix_s3_goofys_docker_image_name_prefix }}ewoutp/goofys:latest" diff --git a/setup.yml b/setup.yml index 266f3b9e..c7a6a363 100644 --- a/setup.yml +++ b/setup.yml @@ -113,6 +113,7 @@ - galaxy/ntfy - custom/matrix-nginx-proxy - custom/matrix-coturn + - custom/matrix-media-repo - role: galaxy/auxiliary From 036c823a061eb120994a33cef71aa35eecbe8223 Mon Sep 17 00:00:00 2001 From: QEDeD Date: Wed, 12 Jul 2023 18:10:47 +0200 Subject: [PATCH 010/340] Explain the option of manually defining your public IP in the documentation for Coturn I was very surprised by the fact that a rather important configuration for coturn was "hidden" in the Hosts file, but not mentioned here. Therefore my suggestion is to explicitly mention it here, as I believe that is that natural for people to look. --- docs/configuring-playbook-turn.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/configuring-playbook-turn.md b/docs/configuring-playbook-turn.md index df5419bd..7b2c58bd 100644 --- a/docs/configuring-playbook-turn.md +++ b/docs/configuring-playbook-turn.md @@ -15,6 +15,13 @@ matrix_coturn_enabled: false In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail. +## Manually defining your public IP +In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring Coturn. +If you'd rather use a local IP for `ansible_host`, make sure to set up `matrix_coturn_turn_external_ip_address` replacing `YOUR_PUBLIC_IP` with the pubic IP used by the server. + +```yaml +matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP" +``` ## Using your own external Coturn server From b7c0690542094fb2f57b499b5f7561e47cdb5431 Mon Sep 17 00:00:00 2001 From: QEDeD Date: Wed, 12 Jul 2023 18:25:20 +0200 Subject: [PATCH 011/340] Explicitly refer users to the relevant roles file Explicitly refer users to the relevant roles file so people know where to find the additional configuration options. --- docs/configuring-playbook-turn.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/configuring-playbook-turn.md b/docs/configuring-playbook-turn.md index 7b2c58bd..365fea4b 100644 --- a/docs/configuring-playbook-turn.md +++ b/docs/configuring-playbook-turn.md @@ -47,3 +47,6 @@ jitsi_web_stun_servers: - stun:HOSTNAME_OR_IP:PORT ``` You can put multiple host/port combinations if you like. + +## Further variables and configuration options +To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml From 4ee26fab2f8a80f2d9062b9e36d639e6e1d8100c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 13 Jul 2023 12:29:08 +0300 Subject: [PATCH 012/340] Upgrade postgres_backup --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index a8c39821..b1c4751f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v15.3-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: 8e9ec48a09284c84704d7a2dce17da35f181574d + version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git From 3f2b14f63060fcb5c3f465e565e0dd39079e3e50 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 13 Jul 2023 12:32:51 +0300 Subject: [PATCH 013/340] Upgrade backup-borg (v1.2.4-1.7.15-0 -> v1.2.4-1.7.15-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index b1c4751f..bac5fea3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-0 + version: v1.2.4-1.7.15-1 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From facaeb5abe33017ebe114000b1c638d4bd0f9c87 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 11:03:36 -0500 Subject: [PATCH 014/340] Document purpose of media_repo variable Co-authored-by: Slavi Pantaleev --- roles/custom/matrix-synapse/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 96bb4256..2cd11962 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -901,6 +901,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 # This is a systemd timer OnCalendar definition. Learn more here: https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS matrix_synapse_ext_synapse_s3_storage_provider_periodic_migration_schedule: '*-*-* 05:00:00' +# Specifies whether an external media repository is enabled. +# If it is, the Synapse media repo and media-repo workers will be disabled automatically. matrix_synapse_ext_media_repo_enabled: false matrix_s3_media_store_enabled: false From d565c1607b989d241b2eef09e520046a34497830 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 11:06:59 -0500 Subject: [PATCH 015/340] Replaced hard coded string with identifier variable Co-authored-by: Slavi Pantaleev --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index cc60b975..d5184e23 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2671,7 +2671,7 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd: matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_media_repo_enabled: "{{ matrix_media_repo_enabled }}" -matrix_nginx_proxy_proxy_media_repo_addr_with_container: "matrix-media-repo:{{ matrix_media_repo_port }}" +matrix_nginx_proxy_proxy_media_repo_addr_with_container: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_port }}" matrix_nginx_proxy_proxy_media_repo_addr_sans_container: "127.0.0.1:{{ matrix_media_repo_port }}" # By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy. From 6365118067c69a136300cfe763a9aec87fc99ff4 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 12:23:48 -0500 Subject: [PATCH 016/340] Removed additional logging to filesystem by default --- roles/custom/matrix-media-repo/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 87ffcbe8..707a9e9a 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -55,7 +55,7 @@ matrix_media_repo_port: 8000 # # Note: to change the log directory you'll have to restart the repository. This setting cannot be # live reloaded. -matrix_media_repo_log_directory: logs +matrix_media_repo_log_directory: "{{ '\"-\"' }}" # Set to true to enable color coding in your logs. Note that this may cause escape sequences to # appear in logs which render them unreadable, which is why colors are disabled by default. From b9f5aa034428d600cacd1b936d9ddbbdfcb1b3a3 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 13:23:34 -0500 Subject: [PATCH 017/340] Removed exposing ports by default --- roles/custom/matrix-media-repo/defaults/main.yml | 10 ++++++++++ .../media-repo/systemd/matrix-media-repo.service.j2 | 8 +++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 707a9e9a..d1790a8b 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -33,6 +33,16 @@ matrix_media_repo_container_network: "{{ matrix_docker_network }}" # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_media_repo_container_additional_networks: [] +# Controls whether the matrix-media-repo container exposes its HTTP port (tcp/8000 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8000"), or empty string to not expose. +matrix_media_repo_container_http_host_bind_port: "" + +# Controls whether the matrix-media-repo container exposes its metrics port (tcp/9000 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:9000"), or empty string to not expose. +matrix_media_repo_container_metrics_host_bind_port: "" + # Extra arguments for the Docker container matrix_media_repo_container_extra_arguments: [] diff --git a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 index ac33e3fe..09133796 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 @@ -23,9 +23,11 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ - -p {{ matrix_media_repo_port }}:{{ matrix_media_repo_port }} \ - {% if matrix_media_repo_metrics_enabled %} - -p {{ matrix_media_repo_metrics_port }}:{{ matrix_media_repo_metrics_port }} \ + {% if matrix_media_repo_container_http_host_bind_port %} + -p {{ matrix_media_repo_container_http_host_bind_port }}:{{ matrix_media_repo_port }} \ + {% endif %} + {% if matrix_media_repo_metrics_enabled and matrix_media_repo_container_metrics_host_bind_port %} + -p {{ matrix_media_repo_container_metrics_host_bind_port }}:{{ matrix_media_repo_metrics_port }} \ {% endif %} -v {{ matrix_media_repo_base_path }}:/data:z \ --workdir='/data' \ From ecb24dcaabafcf4ceccd175bb4b437475c154740 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 15:02:21 -0500 Subject: [PATCH 018/340] Changed volume mounting and directory structure --- roles/custom/matrix-media-repo/defaults/main.yml | 2 ++ .../matrix-media-repo/tasks/setup_install.yml | 16 +++++++++++++++- .../templates/media-repo/env.j2 | 1 + .../systemd/matrix-media-repo.service.j2 | 4 +++- 4 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 roles/custom/matrix-media-repo/templates/media-repo/env.j2 diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index d1790a8b..5be31c4b 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -17,6 +17,8 @@ matrix_media_repo_docker_image_tag: "v1.2.13" matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}" matrix_media_repo_base_path: "{{ matrix_base_data_path }}/media-repo" +matrix_media_repo_config_path: "{{ matrix_media_repo_base_path }}/config" +matrix_media_repo_data_path: "{{ matrix_media_repo_base_path }}/data" matrix_media_repo_docker_src_files_path: "{{ matrix_media_repo_base_path }}/docker-src" # List of systemd services that matrix-conduit.service depends on diff --git a/roles/custom/matrix-media-repo/tasks/setup_install.yml b/roles/custom/matrix-media-repo/tasks/setup_install.yml index af02d4b0..5e739905 100644 --- a/roles/custom/matrix-media-repo/tasks/setup_install.yml +++ b/roles/custom/matrix-media-repo/tasks/setup_install.yml @@ -10,14 +10,28 @@ with_items: - path: "{{ matrix_media_repo_base_path }}" when: true + - path: "{{ matrix_media_repo_config_path }}" + when: true + - path: "{{ matrix_media_repo_data_path }}" + when: true - path: "{{ matrix_media_repo_docker_src_files_path }}" when: "{{ matrix_media_repo_container_image_self_build }}" when: "item.when | bool" +- name: Ensure media-repo support files installed + ansible.builtin.template: + src: "{{ role_path }}/templates/media-repo/{{ item }}.j2" + dest: "{{ matrix_media_repo_base_path }}/{{ item }}" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - env + - name: Ensure media-repo configuration installed ansible.builtin.template: src: "{{ role_path }}/templates/media-repo/media-repo.yaml.j2" - dest: "{{ matrix_media_repo_base_path }}/media-repo.yaml" + dest: "{{ matrix_media_repo_config_path }}/media-repo.yaml" mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" diff --git a/roles/custom/matrix-media-repo/templates/media-repo/env.j2 b/roles/custom/matrix-media-repo/templates/media-repo/env.j2 new file mode 100644 index 00000000..8b26f77d --- /dev/null +++ b/roles/custom/matrix-media-repo/templates/media-repo/env.j2 @@ -0,0 +1 @@ +REPO_CONFIG=/config/media-repo.yaml diff --git a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 index 09133796..33b5199a 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 @@ -23,13 +23,15 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + --env-file={{ matrix_media_repo_base_path }}/env \ {% if matrix_media_repo_container_http_host_bind_port %} -p {{ matrix_media_repo_container_http_host_bind_port }}:{{ matrix_media_repo_port }} \ {% endif %} {% if matrix_media_repo_metrics_enabled and matrix_media_repo_container_metrics_host_bind_port %} -p {{ matrix_media_repo_container_metrics_host_bind_port }}:{{ matrix_media_repo_metrics_port }} \ {% endif %} - -v {{ matrix_media_repo_base_path }}:/data:z \ + --mount type=bind,src={{ matrix_media_repo_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_media_repo_data_path }},dst=/data \ --workdir='/data' \ --entrypoint='media_repo' \ {% for arg in matrix_media_repo_container_extra_arguments %} From c043463ee18fac2a080c6af0c8f41eef88936856 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 15:19:12 -0500 Subject: [PATCH 019/340] Fixed conflicting default values for enabling media-repo --- roles/custom/matrix-media-repo/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 5be31c4b..a89ea8a5 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -5,7 +5,7 @@ # with the specification. # See: https://github.com/turt2live/matrix-media-repo -matrix_media_repo_enabled: true +matrix_media_repo_enabled: false matrix_media_repo_container_image_self_build: false matrix_media_repo_container_image_self_build_repo: "https://github.com/turt2live/matrix-media-repo.git" From d120b0c153e3313171017baf89d1c97a5e5b51e1 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 21:16:07 -0500 Subject: [PATCH 020/340] Updated code to use identifier variable --- .../custom/matrix-media-repo/defaults/main.yml | 9 +++++++-- .../matrix-media-repo/tasks/setup_install.yml | 4 ++-- .../tasks/setup_uninstall.yml | 12 ++++++------ .../systemd/matrix-media-repo.service.j2 | 18 +++++++++--------- 4 files changed, 24 insertions(+), 19 deletions(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index a89ea8a5..a08ad041 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -7,6 +7,11 @@ matrix_media_repo_enabled: false +# matrix_media_repo_identifier controls the identifier of this media-repo instance, which influences: +# - the default storage path +# - the names of systemd services +matrix_media_repo_identifier: matrix-media-repo + matrix_media_repo_container_image_self_build: false matrix_media_repo_container_image_self_build_repo: "https://github.com/turt2live/matrix-media-repo.git" @@ -16,7 +21,7 @@ matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_rep matrix_media_repo_docker_image_tag: "v1.2.13" matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}" -matrix_media_repo_base_path: "{{ matrix_base_data_path }}/media-repo" +matrix_media_repo_base_path: "{{ matrix_base_data_path }}/{{ matrix_media_repo_identifier }}" matrix_media_repo_config_path: "{{ matrix_media_repo_base_path }}/config" matrix_media_repo_data_path: "{{ matrix_media_repo_base_path }}/data" matrix_media_repo_docker_src_files_path: "{{ matrix_media_repo_base_path }}/docker-src" @@ -104,7 +109,7 @@ matrix_media_repo_federation_backoff_at: 20 # user instead. Using the same server is fine, just not the same username and database. matrix_media_repo_database_username: "matrix_media_repo" matrix_media_repo_database_password: "your_password" -matrix_media_repo_database_hostname: "matrix-postgres" +matrix_media_repo_database_hostname: "{{ devture_postgres_identifier }}" matrix_media_repo_database_port: 5432 matrix_media_repo_database_name: "matrix_media_repo" diff --git a/roles/custom/matrix-media-repo/tasks/setup_install.yml b/roles/custom/matrix-media-repo/tasks/setup_install.yml index 5e739905..3bcbed96 100644 --- a/roles/custom/matrix-media-repo/tasks/setup_install.yml +++ b/roles/custom/matrix-media-repo/tasks/setup_install.yml @@ -81,8 +81,8 @@ name: "{{ matrix_media_repo_container_network }}" driver: bridge -- name: Ensure matrix-media-repo.service installed +- name: Ensure media-repo service installed ansible.builtin.template: src: "{{ role_path }}/templates/media-repo/systemd/matrix-media-repo.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-media-repo.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_media_repo_identifier }}.service" mode: 0640 diff --git a/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml b/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml index d5f08994..449cd48b 100644 --- a/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-media-repo/tasks/setup_uninstall.yml @@ -1,19 +1,19 @@ --- -- name: Check existence of matrix-media-repo service +- name: Check existence of media-repo service ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-media-repo.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_media_repo_identifier }}.service" register: matrix_media_repo_service_stat - when: matrix_media_repo_service_stat.stat.exists | bool block: - - name: Ensure matrix-media-repo is stopped + - name: Ensure media-repo is stopped ansible.builtin.systemd: - name: matrix-media-repo + name: "{{ matrix_media_repo_identifier }}" state: stopped daemon_reload: true - - name: Ensure matrix-media-repo.service doesn't exist + - name: Ensure media-repo service doesn't exist ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-media-repo.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_media_repo_identifier }}.service" state: absent diff --git a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 index 33b5199a..0e73cb6c 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 @@ -13,12 +13,12 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-media-repo 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-media-repo 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_media_repo_identifier }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_media_repo_identifier }} 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ - --name=matrix-media-repo \ + --name={{ matrix_media_repo_identifier }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -40,17 +40,17 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ {{ matrix_media_repo_docker_image }} {% for network in matrix_media_repo_container_additional_networks %} -ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-media-repo +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_media_repo_identifier }} {% endfor %} -ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-media-repo +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_media_repo_identifier }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-media-repo 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-media-repo 2>/dev/null || true' -ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-media-repo /bin/sh -c 'kill -HUP 1' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_media_repo_identifier }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_media_repo_identifier }} 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_media_repo_identifier }} /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 -SyslogIdentifier=matrix-media-repo +SyslogIdentifier={{ matrix_media_repo_identifier }} [Install] WantedBy=multi-user.target From 28fa644c30d29b05deb82812027a985ad077cff0 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 21:19:07 -0500 Subject: [PATCH 021/340] Removed redeclration of matrix_media_repo_identifier --- group_vars/matrix_servers | 1 - 1 file changed, 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d5184e23..aa709f86 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2564,7 +2564,6 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr ###################################################################### matrix_media_repo_enabled: false -matrix_media_repo_identifier: matrix-media-repo matrix_media_repo_container_network: "{{ matrix_docker_network }}" matrix_media_repo_container_labels_traefik_enabled: false From 73edde39920eba64abbd58891def7f3253e45128 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 13 Jul 2023 23:12:24 -0500 Subject: [PATCH 022/340] Replaced additional hardcoded service names with identifer variable --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index aa709f86..b008d694 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -326,7 +326,7 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else []) + - ([{'name': 'matrix-media-repo.service', 'priority': 4000, 'groups': ['matrix', 'media_store']}] if matrix_media_repo_enabled else []) + ([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'media_store']}] if matrix_media_repo_enabled else []) + ([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else []) + @@ -2731,7 +2731,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) + - (['matrix-media-repo.service'] if matrix_media_repo_enabled else []) + ([(matrix_media_repo_identifier + '.service')] if matrix_media_repo_enabled else []) + (['matrix-client-cinny.service'] if matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) + From c8b6b6e0347a92f7e92c0ceb673611d4cf290897 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Fri, 14 Jul 2023 00:20:07 -0500 Subject: [PATCH 023/340] Added additioanl documentation to rendered config and added to_json filters --- .../matrix-media-repo/defaults/main.yml | 4 +- .../templates/media-repo/media-repo.yaml.j2 | 500 +++++++++++++----- 2 files changed, 382 insertions(+), 122 deletions(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index a08ad041..e2304d42 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -72,7 +72,7 @@ matrix_media_repo_port: 8000 # # Note: to change the log directory you'll have to restart the repository. This setting cannot be # live reloaded. -matrix_media_repo_log_directory: "{{ '\"-\"' }}" +matrix_media_repo_log_directory: "-" # Set to true to enable color coding in your logs. Note that this may cause escape sequences to # appear in logs which render them unreadable, which is why colors are disabled by default. @@ -146,7 +146,7 @@ matrix_media_repo_homeservers: # unstable client-server API. When this is "synapse", the new /_synapse # endpoints will be used instead. Unknown values are treated as the # default, "matrix". - adminApiKind: "matrix" + adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'matrix' }}" # Options for controlling how access tokens work with the media repo. It is recommended that if # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints diff --git a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 index 0595f576..c304c1c2 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 @@ -1,7 +1,7 @@ # General repo configuration repo: - bindAddress: {{ matrix_media_repo_bind_address }} - port: {{ matrix_media_repo_port }} + bindAddress: {{ matrix_media_repo_bind_address | to_json }} + port: {{ matrix_media_repo_port | to_json }} # Where to store the logs, relative to where the repo is started from. Logs will be automatically # rotated every day and held for 14 days. To disable the repo logging to files, set this to @@ -9,71 +9,69 @@ repo: # # Note: to change the log directory you'll have to restart the repository. This setting cannot be # live reloaded. - logDirectory: {{ matrix_media_repo_log_directory }} + logDirectory: {{ matrix_media_repo_log_directory | to_json }} # Set to true to enable color coding in your logs. Note that this may cause escape sequences to # appear in logs which render them unreadable, which is why colors are disabled by default. - logColors: {{ matrix_media_repo_log_colors }} + logColors: {{ matrix_media_repo_log_colors | to_json }} # Set to true to enable JSON logging for consumption by things like logstash. Note that this is # incompatible with the log color option and will always render without colors. - jsonLogs: {{ matrix_media_repo_json_logs }} + jsonLogs: {{ matrix_media_repo_json_logs | to_json }} # The log level to log at. Note that this will need to be at least "info" to receive support. # # Values (in increasing spam): panic | fatal | error | warn | info | debug | trace - logLevel: {{ matrix_media_repo_log_level }} + logLevel: {{ matrix_media_repo_log_level | to_json }} # If true, the media repo will accept any X-Forwarded-For header without validation. In most cases # this option should be left as "false". Note that the media repo already expects an X-Forwarded-For # header, but validates it to ensure the IP being given makes sense. - trustAnyForwardedAddress: {{ matrix_media_repo_trust_any_forwarded_address }} + trustAnyForwardedAddress: {{ matrix_media_repo_trust_any_forwarded_address | to_json }} # If false, the media repo will not use the X-Forwarded-Host header commonly added by reverse proxies. # Typically this should remain as true, though in some circumstances it may need to be disabled. # See https://github.com/turt2live/matrix-media-repo/issues/202 for more information. - useForwardedHost: {{ matrix_media_repo_use_forwarded_host }} + useForwardedHost: {{ matrix_media_repo_use_forwarded_host | to_json }} # Options for dealing with federation federation: # On a per-host basis, the number of consecutive failures in calling the host before the # media repo will back off. This defaults to 20 if not given. Note that 404 errors from # the remote server do not count towards this. - backoffAt: {{ matrix_media_repo_federation_backoff_at }} + backoffAt: {{ matrix_media_repo_federation_backoff_at | to_json }} # The database configuration for the media repository # Do NOT put your homeserver's existing database credentials here. Create a new database and # user instead. Using the same server is fine, just not the same username and database. database: # Currently only "postgres" is supported. - postgres: {{ matrix_media_repo_database_postgres }} + postgres: {{ matrix_media_repo_database_postgres | to_json }} # The database pooling options pool: # The maximum number of connects to hold open. More of these allow for more concurrent # processes to happen. - maxConnections: {{ matrix_media_repo_database_max_connections }} + maxConnections: {{ matrix_media_repo_database_max_connections | to_json }} # The maximum number of connects to leave idle. More of these reduces the time it takes # to serve requests in low-traffic scenarios. - maxIdleConnections: {{ matrix_media_repo_database_max_idle_connections }} + maxIdleConnections: {{ matrix_media_repo_database_max_idle_connections | to_json }} # The configuration for the homeservers this media repository is known to control. Servers # not listed here will not be able to upload media. -{# -homeservers: - - name: example.org # This should match the server_name of your homeserver, and the Host header - # provided to the media repo. - csApi: "https://example.org/" # The base URL to where the homeserver can actually be reached - backoffAt: 10 # The number of consecutive failures in calling this homeserver before the - # media repository will start backing off. This defaults to 10 if not given. - adminApiKind: "matrix" # The kind of admin API the homeserver supports. If set to "matrix", - # the media repo will use the Synapse-defined endpoints under the - # unstable client-server API. When this is "synapse", the new /_synapse - # endpoints will be used instead. Unknown values are treated as the - # default, "matrix". -#} -{{ matrix_media_repo_homeservers | to_nice_yaml(indent=2, sort_keys=false) }} +#homeservers: +# - name: example.org # This should match the server_name of your homeserver, and the Host header +# # provided to the media repo. +# csApi: "https://example.org/" # The base URL to where the homeserver can actually be reached +# backoffAt: 10 # The number of consecutive failures in calling this homeserver before the +# # media repository will start backing off. This defaults to 10 if not given. +# adminApiKind: "matrix" # The kind of admin API the homeserver supports. If set to "matrix", +# # the media repo will use the Synapse-defined endpoints under the +# # unstable client-server API. When this is "synapse", the new /_synapse +# # endpoints will be used instead. Unknown values are treated as the +# # default, "matrix". +{{ matrix_media_repo_homeservers | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Options for controlling how access tokens work with the media repo. It is recommended that if # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints @@ -91,12 +89,42 @@ homeservers: # *************************************************************************** # * IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE. * # *************************************************************************** -{{ matrix_media_repo_access_tokens | to_nice_yaml(indent=2, sort_keys=false) }} +# accessTokens: +# # The maximum time a cached access token will be considered valid. Set to zero (the default) +# # to disable the cache and constantly hit the homeserver. This is recommended to be set to +# # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and +# # zero for servers who do not proxy the endpoints through. +# maxCacheTimeSeconds: 0 +# +# # Whether or not to use the `appservices` config option below. If disabled (the default), +# # the regular access token cache will be used for each user, potentially leading to high +# # memory usage. +# useLocalAppserviceConfig: false +# +# # The application services (and their namespaces) registered on the homeserver. Only used +# # if `useLocalAppserviceConfig` is enabled (recommended). +# # +# # Usually the appservice will provide you with these config details - they'll just need +# # translating from the appservice registration to here. Note that this does not require +# # all options from the registration, and only requires the bare minimum required to run +# # the media repo. +# appservices: +# - id: Name_of_appservice_for_your_reference +# asToken: Secret_token_for_appservices_to_use +# senderUserId: "@_example_bridge:yourdomain.com" +# userNamespaces: +# - regex: "@_example_bridge_.+:yourdomain.com" +# # A note about regexes: it is best to suffix *all* namespaces with the homeserver +# # domain users are valid for, as otherwise the appservice can use any user with +# # any domain name it feels like, even if that domain is not configured with the +# # media repo. This will lead to inaccurate reporting in the case of the media +# # repo, and potentially leading to media being considered "remote". +{{ matrix_media_repo_access_tokens | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # These users have full access to the administrative functions of the media repository. # See docs/admin.md for information on what these people can do. They must belong to one of the # configured homeservers above. -{{ matrix_media_repo_admins | to_nice_yaml(indent=2, sort_keys=false) }} +{{ matrix_media_repo_admins | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Shared secret auth is useful for applications building on top of the media repository, such # as a management interface. The `token` provided here is treated as a repository administrator @@ -105,120 +133,153 @@ homeservers: # the ability to use it on any configured hostname. sharedSecretAuth: # Set this to true to enable shared secret auth. - enabled: {{ matrix_media_repo_shared_secret_auth_enabled }} + enabled: {{ matrix_media_repo_shared_secret_auth_enabled | to_json }} # Use a secure value here to prevent unauthorized access to the media repository. - token: {{ matrix_media_repo_shared_secret_auth_token }} + token: {{ matrix_media_repo_shared_secret_auth_token | to_json }} # Datastores are places where media should be persisted. This isn't dedicated for just uploads: # thumbnails and other misc data is also stored in these places. The media repo, when looking # for a datastore to use, will always use the smallest datastore first. -{# -datastores: - - type: file - enabled: false # Enable this to set up data storage. - # Datastores can be split into many areas when handling uploads. Media is still de-duplicated - # across all datastores (local content which duplicates remote content will re-use the remote - # content's location). This option is useful if your datastore is becoming very large, or if - # you want faster storage for a particular kind of media. - # - # The kinds available are: - # thumbnails - Used to store thumbnails of media (local and remote). - # remote_media - Original copies of remote media (servers not configured by this repo). - # local_media - Original uploads for local media. - # archives - Archives of content (GDPR and similar requests). - forKinds: ["thumbnails"] - opts: - path: /var/matrix/media - - - type: s3 - enabled: false # Enable this to set up s3 uploads - forKinds: ["thumbnails", "remote_media", "local_media", "archives"] - opts: - # The s3 uploader needs a temporary location to buffer files to reduce memory usage on - # small file uploads. If the file size is unknown, the file is written to this location - # before being uploaded to s3 (then the file is deleted). If you aren't concerned about - # memory usage, set this to an empty string. - tempPath: "/tmp/mediarepo_s3_upload" - endpoint: sfo2.digitaloceanspaces.com - accessKeyId: "" - accessSecret: "" - ssl: true - bucketName: "your-media-bucket" - # An optional region for where this S3 endpoint is located. Typically not needed, though - # some providers will need this (like Scaleway). Uncomment to use. - #region: "sfo2" - - # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If - # the feature is not enabled, this will not work. Note that IPFS support is experimental at - # the moment and not recommended for general use. - # - # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo - # puts authentication on the download endpoints. Only use this option for cases where you - # expect your media to be publicly accessible. - - type: ipfs - enabled: false # Enable this to use IPFS support - forKinds: ["local_media"] - # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured - # in the IPFS section of your main config. - opts: {} -#} -{{ matrix_media_repo_datastores | to_nice_yaml(indent=2, sort_keys=false) }} +# datastores: +# - type: file +# enabled: false # Enable this to set up data storage. +# # Datastores can be split into many areas when handling uploads. Media is still de-duplicated +# # across all datastores (local content which duplicates remote content will re-use the remote +# # content's location). This option is useful if your datastore is becoming very large, or if +# # you want faster storage for a particular kind of media. +# # +# # The kinds available are: +# # thumbnails - Used to store thumbnails of media (local and remote). +# # remote_media - Original copies of remote media (servers not configured by this repo). +# # local_media - Original uploads for local media. +# # archives - Archives of content (GDPR and similar requests). +# forKinds: ["thumbnails"] +# opts: +# path: /var/matrix/media +# +# - type: s3 +# enabled: false # Enable this to set up s3 uploads +# forKinds: ["thumbnails", "remote_media", "local_media", "archives"] +# opts: +# # The s3 uploader needs a temporary location to buffer files to reduce memory usage on +# # small file uploads. If the file size is unknown, the file is written to this location +# # before being uploaded to s3 (then the file is deleted). If you aren't concerned about +# # memory usage, set this to an empty string. +# tempPath: "/tmp/mediarepo_s3_upload" +# endpoint: sfo2.digitaloceanspaces.com +# accessKeyId: "" +# accessSecret: "" +# ssl: true +# bucketName: "your-media-bucket" +# # An optional region for where this S3 endpoint is located. Typically not needed, though +# # some providers will need this (like Scaleway). Uncomment to use. +# #region: "sfo2" +# +# # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If +# # the feature is not enabled, this will not work. Note that IPFS support is experimental at +# # the moment and not recommended for general use. +# # +# # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo +# # puts authentication on the download endpoints. Only use this option for cases where you +# # expect your media to be publicly accessible. +# - type: ipfs +# enabled: false # Enable this to use IPFS support +# forKinds: ["local_media"] +# # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured +# # in the IPFS section of your main config. +# opts: {} +{{ matrix_media_repo_datastores | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Options for controlling archives. Archives are exports of a particular user's content for # the purpose of GDPR or moving media to a different server. archiving: # Whether archiving is enabled or not. Default enabled. - enabled: {{ matrix_media_repo_archiving_enabled }} + enabled: {{ matrix_media_repo_archiving_enabled | to_json }} # If true, users can request a copy of their own data. By default, only repository administrators # can request a copy. # This includes the ability for homeserver admins to request a copy of their own server's # data, as known to the repo. - selfService: {{ matrix_media_repo_archiving_self_service }} + selfService: {{ matrix_media_repo_archiving_self_service | to_json }} # The number of bytes to target per archive before breaking up the files. This is independent # of any file upload limits and will require a similar amount of memory when performing an export. # The file size is also a target, not a guarantee - it is possible to have files that are smaller # or larger than the target. This is recommended to be approximately double the size of your # file upload limit, provided there is enough memory available for the demand of exporting. - targetBytesPerPart: {{ matrix_media_repo_archiving_target_bytes_per_part }} # 200mb default + targetBytesPerPart: {{ matrix_media_repo_archiving_target_bytes_per_part | to_json }} # 200mb default # The file upload settings for the media repository -{{ matrix_media_repo_uploads | to_nice_yaml(indent=2, sort_keys=false) }} +# uploads: +# # The maximum individual file size a user can upload. +# maxBytes: 104857600 # 100MB default, 0 to disable +# +# # The minimum number of bytes to let people upload. This is recommended to be non-zero to +# # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend +# # to waste more CPU and database resources than small files, thus a default of 100 bytes +# # is applied here as an approximate break-even point. +# minBytes: 100 # 100 bytes by default +# +# # The number of bytes to claim as the maximum size for uploads for the limits API. If this +# # is not provided then the maxBytes setting will be used instead. This is useful to provide +# # if the media repo's settings and the reverse proxy do not match for maximum request size. +# # This is purely for informational reasons and does not actually limit any functionality. +# # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. +# #reportedMaxBytes: 104857600 +# +# # Options for limiting how much content a user can upload. Quotas are applied to content +# # associated with a user regardless of de-duplication. Quotas which affect remote servers +# # or users will not take effect. When a user exceeds their quota they will be unable to +# # upload any more media. +# quotas: +# # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo +# # will track how much media a user has uploaded. This is disabled by default. +# enabled: false +# +# # The quota rules that affect users. The first rule to match the uploader will take effect. +# # An implied rule which matches all users and has no quota is always last in this list, +# # meaning that if no rules are supplied then users will be able to upload anything. Similarly, +# # if no rules match a user then the implied rule will match, allowing the user to have no +# # quota. The quota will let the user upload to 1 media past their quota, meaning that from +# # a statistics perspective the user might exceed their quota however only by a small amount. +# users: +# - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. +# maxBytes: 53687063712 # 50GB default, 0 to disable +{{ matrix_media_repo_uploads | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Settings related to downloading files from the media repository downloads: # The maximum number of bytes to download from other servers - maxBytes: {{ matrix_media_repo_downloads_max_bytes }} # 100MB default, 0 to disable + maxBytes: {{ matrix_media_repo_downloads_max_bytes | to_json }} # 100MB default, 0 to disable # The number of workers to use when downloading remote media. Raise this number if remote # media is downloading slowly or timing out. # # Maximum memory usage = numWorkers multiplied by the maximum download size # Average memory usage is dependent on how many concurrent downloads your users are doing. - numWorkers: {{ matrix_media_repo_downloads_num_workers }} + numWorkers: {{ matrix_media_repo_downloads_num_workers | to_json }} # How long, in minutes, to cache errors related to downloading remote media. Once this time # has passed, the media is able to be re-requested. - failureCacheMinutes: {{ matrix_media_repo_downloads_failure_cache_minutes }} + failureCacheMinutes: {{ matrix_media_repo_downloads_failure_cache_minutes | to_json }} # The cache control settings for downloads. This can help speed up downloads for users by # keeping popular media in the cache. This cache is also used for thumbnails. cache: - enabled: {{ matrix_media_repo_downloads_cache_enabled }} + enabled: {{ matrix_media_repo_downloads_cache_enabled | to_json }} # The maximum size of cache to have. Higher numbers are better. - maxSizeBytes: {{ matrix_media_repo_downloads_cache_max_size_bytes }} # 1GB default + maxSizeBytes: {{ matrix_media_repo_downloads_cache_max_size_bytes | to_json }} # 1GB default # The maximum file size to cache. This should normally be the same size as your maximum # upload size. - maxFileSizeBytes: {{ matrix_media_repo_downloads_cache_max_file_size_bytes }} # 100MB default + maxFileSizeBytes: {{ matrix_media_repo_downloads_cache_max_file_size_bytes | to_json }} # 100MB default # The number of minutes to track how many downloads a file gets - trackedMinutes: {{ matrix_media_repo_downloads_cache_tracked_minutes }} + trackedMinutes: {{ matrix_media_repo_downloads_cache_tracked_minutes | to_json }} # The number of downloads a file must receive in the window above (trackedMinutes) in # order to be cached. - minDownloads: {{ matrix_media_repo_downloads_cache_min_downloads }} + minDownloads: {{ matrix_media_repo_downloads_cache_min_downloads | to_json }} # The minimum amount of time an item should remain in the cache. This prevents the cache # from cycling out the file if it needs more room during this time. Note that the media @@ -227,96 +288,234 @@ downloads: # media repo, and some cached items are still under this timer, new items will not be able # to enter the cache. When this happens, consider raising maxSizeBytes or lowering this # timer. - minCacheTimeSeconds: {{ matrix_media_repo_downloads_cache_min_cache_time_seconds }} + minCacheTimeSeconds: {{ matrix_media_repo_downloads_cache_min_cache_time_seconds | to_json }} # The minimum amount of time an item should remain outside the cache once it is removed. - minEvictedTimeSeconds: {{ matrix_media_repo_downloads_cache_min_evicted_time_seconds }} + minEvictedTimeSeconds: {{ matrix_media_repo_downloads_cache_min_evicted_time_seconds | to_json }} # How many days after a piece of remote content is downloaded before it expires. It can be # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or # negative to disable. Defaults to disabled. - expireAfterDays: {{ matrix_media_repo_downloads_expire_after_days }} + expireAfterDays: {{ matrix_media_repo_downloads_expire_after_days | to_json }} # URL Preview settings -{{ matrix_media_repo_url_previews | to_nice_yaml(indent=2) }} +# urlPreviews: +# enabled: true # If enabled, the preview_url routes will be accessible +# maxPageSizeBytes: 10485760 # 10MB default, 0 to disable +# +# # If true, the media repository will try to provide previews for URLs with invalid or unsafe +# # certificates. If false (the default), the media repo will fail requests to said URLs. +# previewUnsafeCertificates: false +# +# # Note: URL previews are limited to a given number of words, which are then limited to a number +# # of characters, taking off the last word if it needs to. This also applies for the title. +# +# numWords: 50 # The number of words to include in a preview (maximum) +# maxLength: 200 # The maximum number of characters for a description +# +# numTitleWords: 30 # The maximum number of words to include in a preview's title +# maxTitleLength: 150 # The maximum number of characters for a title +# +# # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are +# # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be +# # an image and the image's type must be allowed by the thumbnailer. +# filePreviewTypes: +# - "image/*" +# +# # The number of workers to use when generating url previews. Raise this number if url +# # previews are slow or timing out. +# # +# # Maximum memory usage = numWorkers multiplied by the maximum page size +# # Average memory usage is dependent on how many concurrent urls your users are previewing. +# numWorkers: 10 +# +# # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they +# # will be merged. URL previews will be disabled if neither is supplied. Each entry must be +# # a CIDR range. +# disallowedNetworks: +# - "127.0.0.1/8" +# - "10.0.0.0/8" +# - "172.16.0.0/12" +# - "192.168.0.0/16" +# - "100.64.0.0/10" +# - "169.254.0.0/16" +# - '::1/128' +# - 'fe80::/64' +# - 'fc00::/7' +# allowedNetworks: +# - "0.0.0.0/0" # "Everything". The blacklist will help limit this. +# # This is the default value for this field. +# +# # How many days after a preview is generated before it expires and is deleted. The preview +# # can be regenerated safely - this just helps free up some space in your database. Set to +# # zero or negative to disable. Defaults to disabled. +# expireAfterDays: 0 +# +# # The default Accept-Language header to supply when generating URL previews when one isn't +# # supplied by the client. +# # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language +# defaultLanguage: "en-US,en" +# +# # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for +# # sites that do not support OpenGraph or page scraping, such as Twitter. For information on +# # specifying providers for oEmbed, including your own, see the following documentation: +# # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html +# # Defaults to disabled. +# oEmbed: false +{{ matrix_media_repo_url_previews | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false)}} # The thumbnail configuration for the media repository. -{{ matrix_media_repo_thumbnails | to_nice_yaml(indent=2) }} +# thumbnails: +# # The maximum number of bytes an image can be before the thumbnailer refuses. +# maxSourceBytes: 10485760 # 10MB default, 0 to disable +# +# # The maximum number of pixels an image can have before the thumbnailer refuses. Note that +# # this only applies to image types: file types like audio and video are affected solely by +# # the maxSourceBytes. +# maxPixels: 32000000 # 32M default +# +# # The number of workers to use when generating thumbnails. Raise this number if thumbnails +# # are slow to generate or timing out. +# # +# # Maximum memory usage = numWorkers multiplied by the maximum image source size +# # Average memory usage is dependent on how many thumbnails are being generated by your users +# numWorkers: 100 +# +# # All thumbnails are generated into one of the sizes listed here. The first size is used as +# # the default for when no width or height is requested. The media repository will return +# # either an exact match or the next largest size of thumbnail. +# sizes: +# - width: 32 +# height: 32 +# - width: 96 +# height: 96 +# - width: 320 +# height: 240 +# - width: 640 +# height: 480 +# - width: 768 # This size is primarily used for audio thumbnailing. +# height: 240 +# - width: 800 +# height: 600 +# +# # To allow for thumbnails to be any size, not just in the sizes specified above, set this to +# # true (default false). When enabled, whatever size requested by the client will be generated +# # up to a maximum of the largest possible dimensions in the `sizes` list. For best results, +# # specify only one size in the `sizes` list when this option is enabled. +# dynamicSizing: false +# +# # The content types to thumbnail when requested. Types that are not supported by the media repo +# # will not be thumbnailed (adding application/json here won't work). Clients may still not request +# # thumbnails for these types - this won't make clients automatically thumbnail these file types. +# types: +# - "image/jpeg" +# - "image/jpg" +# - "image/png" +# - "image/apng" +# - "image/gif" +# - "image/heif" +# - "image/webp" +# #- "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files +# - "audio/mpeg" +# - "audio/ogg" +# - "audio/wav" +# - "audio/flac" +# #- "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files +# +# # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated +# # thumbnails, set this to false. If disabled, regular thumbnails will be returned. +# allowAnimated: true +# +# # Default to animated thumbnails, if available +# defaultAnimated: false +# +# # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image +# # is larger than this, the thumbnail will be generated as a static image. +# maxAnimateSizeBytes: 10485760 # 10MB default, 0 to disable +# +# # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try +# # and thumbnail animated content? Defaults to 0.5 (middle of animation). +# stillFrame: 0.5 +# +# # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail +# # can be regenerated safely - this just helps free up some space in your datastores. Set to +# # zero or negative to disable. Defaults to disabled. +# expireAfterDays: 0 +{{ matrix_media_repo_thumbnails | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Controls for the rate limit functionality rateLimit: # Set this to false if rate limiting is handled at a higher level or you don't want it enabled. - enabled: {{ matrix_media_repo_rate_limit_enabled }} + enabled: {{ matrix_media_repo_rate_limit_enabled | to_json }} # The number of requests per second before an IP will be rate limited. Must be a whole number. - requestsPerSecond: {{ matrix_media_repo_rate_limit_requests_per_second }} + requestsPerSecond: {{ matrix_media_repo_rate_limit_requests_per_second | to_json }} # The number of requests an IP can send at once before the rate limit is actually considered. - burst: {{ matrix_media_repo_rate_limit_burst }} + burst: {{ matrix_media_repo_rate_limit_burst | to_json }} # Identicons are generated avatars for a given username. Some clients use these to give users a # default avatar after signing up. Identicons are not part of the official matrix spec, therefore # this feature is completely optional. identicons: - enabled: {{ matrix_media_repo_identicons_enabled }} + enabled: {{ matrix_media_repo_identicons_enabled | to_json }} # The quarantine media settings. quarantine: # If true, when a thumbnail of quarantined media is requested an image will be returned. If no # image is given in the thumbnailPath below then a generated image will be provided. This does # not affect regular downloads of files. - replaceThumbnails: {{ matrix_media_repo_quarantine_replace_thumbnails }} + replaceThumbnails: {{ matrix_media_repo_quarantine_replace_thumbnails | to_json }} # If true, when media which has been quarantined is requested an image will be returned. If # no image is given in the thumbnailPath below then a generated image will be provided. This # will replace media which is not an image (ie: quarantining a PDF will replace the PDF with # an image). - replaceDownloads: {{ matrix_media_repo_quarantine_replace_downloads }} + replaceDownloads: {{ matrix_media_repo_quarantine_replace_downloads | to_json }} # If provided, the given image will be returned as a thumbnail for media that is quarantined. #thumbnailPath: "/path/to/thumbnail.png" - thumbnailPath: {{ "" if matrix_media_repo_quarantine_thumbnail_path == "" else matrix_media_repo_quarantine_thumbnail_path }} + thumbnailPath: {{ "" if matrix_media_repo_quarantine_thumbnail_path == "" else matrix_media_repo_quarantine_thumbnail_path | to_json }} # If true, administrators of the configured homeservers may quarantine media for their server # only. Global administrators can quarantine any media (local or remote) regardless of this # flag. - allowLocalAdmins: {{ matrix_media_repo_quarantine_allow_local_admins }} + allowLocalAdmins: {{ matrix_media_repo_quarantine_allow_local_admins | to_json }} # The various timeouts that the media repo will use. timeouts: # The maximum amount of time the media repo should spend trying to fetch a resource that is # being previewed. - urlPreviewTimeoutSeconds: {{ matrix_media_repo_timeouts_url_preview_timeout_seconds }} + urlPreviewTimeoutSeconds: {{ matrix_media_repo_timeouts_url_preview_timeout_seconds | to_json }} # The maximum amount of time the media repo will spend making remote requests to other repos # or homeservers. This is primarily used to download media. - federationTimeoutSeconds: {{ matrix_media_repo_timeouts_federation_timeout_seconds }} + federationTimeoutSeconds: {{ matrix_media_repo_timeouts_federation_timeout_seconds | to_json }} # The maximum amount of time the media repo will spend talking to your configured homeservers. # This is usually used to verify a user's identity. - clientServerTimeoutSeconds: {{ matrix_media_repo_timeouts_client_server_timeout_seconds }} + clientServerTimeoutSeconds: {{ matrix_media_repo_timeouts_client_server_timeout_seconds | to_json }} # Prometheus metrics configuration # For an example Grafana dashboard, import the following JSON: # https://github.com/turt2live/matrix-media-repo/blob/master/docs/grafana.json metrics: # If true, the bindAddress and port below will serve GET /metrics for Prometheus to scrape. - enabled: {{ matrix_media_repo_metrics_enabled }} + enabled: {{ matrix_media_repo_metrics_enabled | to_json }} # The address to listen on. Typically "127.0.0.1" or "0.0.0.0" for all interfaces. - bindAddress: {{ matrix_media_repo_metrics_bind_address }} + bindAddress: {{ matrix_media_repo_metrics_bind_address | to_json }} # The port to listen on. Cannot be the same as the general web server port. - port: {{ matrix_media_repo_metrics_port }} + port: {{ matrix_media_repo_metrics_port | to_json }} # Plugins are optional pieces of the media repo used to extend the functionality offered. # Currently there are only antispam plugins, but in future there should be more options. # Plugins are not supported on per-domain paths and are instead repo-wide. For more # information on writing plugins, please visit #matrix-media-repo:t2bot.io on Matrix. -{{ matrix_media_repo_plugins | to_nice_yaml(indent=2) }} - # An example OCR plugin to block images with certain text. Note that the Docker image - # for the media repo automatically ships this at /plugins/plugin_antispam_ocr +# An example OCR plugin to block images with certain text. Note that the Docker image +# for the media repo automatically ships this at /plugins/plugin_antispam_ocr # - exec: /plugins/plugin_antispam_ocr # config: # # The URL to your OCR server (https://github.com/otiai10/ocrserver) @@ -338,22 +537,83 @@ metrics: # # How much of the image's height, starting from the top, to consider before # # discarding the rest. Set to 1.0 to consider the whole image. # percentageOfHeight: 0.35 +{{ matrix_media_repo_plugins | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Options for controlling various MSCs/unstable features of the media repo # Sections of this config might disappear or be added over time. By default all # features are disabled in here and must be explicitly enabled to be used. -{{ matrix_media_repo_feature_support | to_nice_yaml(indent=2) }} +# featureSupport: +# # MSC2248 - Blurhash +# MSC2448: +# # Whether or not this MSC is enabled for use in the media repo +# enabled: false +# +# # Maximum dimensions for converting a blurhash to an image. When no width and +# # height options are supplied, the default will be half these values. +# maxWidth: 1024 +# maxHeight: 1024 +# +# # Thumbnail size in pixels to use to generate the blurhash string +# thumbWidth: 64 +# thumbHeight: 64 +# +# # The X and Y components to use. Higher numbers blur less, lower numbers blur more. +# xComponents: 4 +# yComponents: 3 +# +# # The amount of contrast to apply when converting a blurhash to an image. Lower values +# # make the effect more subtle, larger values make it stronger. +# punch: 1 +# +# # IPFS Support +# # This is currently experimental and might not work at all. +# IPFS: +# # Whether or not IPFS support is enabled for use in the media repo. +# enabled: false +# +# # Options for the built in IPFS daemon +# builtInDaemon: +# # Enable this to spawn an in-process IPFS node to use instead of a localhost +# # HTTP agent. If this is disabled, the media repo will assume you have an HTTP +# # IPFS agent running and accessible. Defaults to using a daemon (true). +# enabled: true +# +# # If the Daemon is enabled, set this to the location where the IPFS files should +# # be stored. If you're using Docker, this should be something like "/data/ipfs" +# # so it can be mapped to a volume. +# repoPath: "./ipfs" +# +# # Support for redis as a cache mechanism +# # +# # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing. +# # It can be safely disabled once Redis support is enabled. +# # +# # See docs/redis.md for more information on how this works and how to set it up. +# redis: +# # Whether or not use Redis instead of in-process caching. +# enabled: false +# +# # The Redis shards that should be used by the media repo in the ring. The names of the +# # shards are for your reference and have no bearing on the connection, but must be unique. +# shards: +# - name: "server1" +# addr: ":7000" +# - name: "server2" +# addr: ":7001" +# - name: "server3" +# addr: ":7002" +{{ matrix_media_repo_feature_support | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} # Optional sentry (https://sentry.io/) configuration for the media repo sentry: # Whether or not to set up error reporting. Defaults to off. - enabled: {{ matrix_media_repo_sentry_enabled }} + enabled: {{ matrix_media_repo_sentry_enabled | to_json }} # Get this value from the setup instructions in Sentry - dsn: {{ matrix_media_repo_sentry_dsn }} + dsn: {{ matrix_media_repo_sentry_dsn | to_json }} # Optional environment flag. Defaults to an empty string. - environment: {{ "" if matrix_media_repo_sentry_environment == "" else matrix_media_repo_sentry_environment }} + environment: {{ "" if matrix_media_repo_sentry_environment == "" else matrix_media_repo_sentry_environment | to_json }} # Whether or not to turn on sentry's built in debugging. This will increase log output. - debug: {{ matrix_media_repo_sentry_debug }} \ No newline at end of file + debug: {{ matrix_media_repo_sentry_debug | to_json }} \ No newline at end of file From 63ee8e5bb9ac624f6041098cc9f3d9f42090d090 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Fri, 14 Jul 2023 01:31:35 -0500 Subject: [PATCH 024/340] Replaced csApi config with proxy container url --- roles/custom/matrix-media-repo/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index e2304d42..312e0258 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -135,7 +135,7 @@ matrix_media_repo_homeservers: - name: "{{ matrix_server_fqn_matrix }}" # The base URL to where the homeserver can actually be reached - csApi: "https://{{ matrix_server_fqn_matrix }}/" + csApi: "http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}" # The number of consecutive failures in calling this homeserver before the # media repository will start backing off. This defaults to 10 if not given. From 3e93613a3f280e1ca9253bab7f496aa4fbef0f49 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 14 Jul 2023 09:49:30 +0300 Subject: [PATCH 025/340] Upgrade Heisenbridge (1.14.2 -> 1.14.3) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index ba5471cc..5dfe3810 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.2 +matrix_heisenbridge_version: 1.14.3 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 4e4f107daaa165541c384407fb47ed90246dc09d Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 16 Jul 2023 09:21:30 +0200 Subject: [PATCH 026/340] Upgrade sliding-sync (v0.99.3 -> v0.99.4) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 1f28d305..cfc55ecd 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.3 +matrix_sliding_sync_version: v0.99.4 matrix_sliding_sync_scheme: https From ccc99d6c73a2693c0f9c889da7c251d7e0a25eb7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 16 Jul 2023 14:12:11 +0300 Subject: [PATCH 027/340] Update mautrix-discord 0.5.0 -> 0.6.0 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index dbb73aa4..f9b853bc 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.5.0 +matrix_mautrix_discord_version: v0.6.0 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From bc0b73dd70128fbc11162e8c705038a5f11ed515 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 17 Jul 2023 08:07:49 +0300 Subject: [PATCH 028/340] Improve if condition for including Postgres in matrix_media_repo_systemd_required_services_list --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b008d694..0a7c9543 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2580,7 +2580,7 @@ matrix_media_repo_systemd_required_services_list: | {{ (['docker.service']) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname else []) }} ###################################################################### From 5fb1020adaeedea57f232ef48187109b3cac1475 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 17 Jul 2023 08:09:31 +0300 Subject: [PATCH 029/340] Use full name of matrix-media-repo for Ansible tags (*-media-repo -> *-matrix-media-repo) --- roles/custom/matrix-media-repo/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-media-repo/tasks/main.yml b/roles/custom/matrix-media-repo/tasks/main.yml index 59f962a2..03c26ec5 100644 --- a/roles/custom/matrix-media-repo/tasks/main.yml +++ b/roles/custom/matrix-media-repo/tasks/main.yml @@ -2,16 +2,16 @@ - tags: - setup-all - - setup-media-repo + - setup-matrix-media-repo - install-all - - install-media-repo + - install-matrix-media-repo block: - when: matrix_media_repo_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" - tags: - setup-all - - setup-media-repo + - setup-matrix-media-repo block: - when: not matrix_media_repo_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" From 95bfa4e87e25c8c53687bd3bc055bb2fa27c6138 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 17 Jul 2023 08:11:23 +0300 Subject: [PATCH 030/340] Put matrix-media-repo.service in the matrix-media-repo group Making the group match the Ansible task tags allows people to do `just install-service matrix-media-repo` and have that trigger both `--tags=matrix-media-repo` and also restart just that single group (`matrix-media-repo`). --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0a7c9543..f932dcc3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -326,7 +326,7 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else []) + - ([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'media_store']}] if matrix_media_repo_enabled else []) + ([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else []) + ([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else []) + From 1df533d351213792252d83c8759ef5cf4f8ebbe9 Mon Sep 17 00:00:00 2001 From: Shreyas Ajjarapu Date: Mon, 17 Jul 2023 11:20:11 -0500 Subject: [PATCH 031/340] Update main.yml --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9ee461b5..ab2921e3 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.8.6 +matrix_mautrix_whatsapp_version: v0.9.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 68556400ba74030a78ad09ee3d6411fb5861b1f4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 17 Jul 2023 22:37:53 +0300 Subject: [PATCH 032/340] Announce matrix-media-repo Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2783 --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-matrix-media-repo.md | 8 ++++---- docs/configuring-playbook-s3.md | 2 ++ docs/configuring-playbook.md | 2 ++ 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70b17b00..c1870a27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-07-17 + +## matrix-media-repo support + +Thanks to [Michael Hollister](https://github.com/Michael-Hollister) from [FUTO](https://www.futo.org/), the creators of the [Circles app](https://circu.li/), the playbook can now set up [matrix-media-repo](https://github.com/turt2live/matrix-media-repo) - an alternative way to store homeserver media files, powered by a homeserver-independent implementation which supports S3 storage, IPFS, deduplication and other advanced features. + +To learn more see our [Storing Matrix media files using matrix-media-repo](docs/configuring-playbook-matrix-media-repo.md) documentation page. + + # 2023-05-25 ## Enabling `forget_rooms_on_leave` by default for Synapse diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md index e011e1e6..d5d6eda3 100644 --- a/docs/configuring-playbook-matrix-media-repo.md +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -1,10 +1,10 @@ # Setting up matrix-media-repo (optional) -matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification. +[matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/) is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification. -Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption - please do your research before deploying this as this project may not be useful for your environment. +Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption. Please do your research before deploying this as this project may not be useful for your environment. -More documentation about the project can be found at: https://docs.t2bot.io/matrix-media-repo/ +For a simpler alternative (which allows you to offload your media repository storage to S3, etc.), you can [configure S3 storage](configuring-playbook-s3.md) instead of setting up matrix-media-repo. ## Quickstart @@ -17,7 +17,7 @@ matrix_media_repo_enabled: true # matrix_media_repo_metrics_enabled: true ``` -The repo is pre-configured for integrating with the postgres database, NGINX proxy and prometheus/grafana (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles). +The repo is pre-configured for integrating with the Postgres database, NGINX proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles). By default, the media-repo will use the local filesystem for data storage. Additional options include `s3` and `IPFS` (experimental). Access token caching is also enabled by default since the logout endpoints are proxied through the media repo. diff --git a/docs/configuring-playbook-s3.md b/docs/configuring-playbook-s3.md index 941ae0db..f5a18284 100644 --- a/docs/configuring-playbook-s3.md +++ b/docs/configuring-playbook-s3.md @@ -5,6 +5,8 @@ If that's alright, you can skip this. As an alternative to storing media files on the local filesystem, you can store them on [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store. +You can do this either by sticking to Synapse's media repository and making that use S3 (read below for this method), or by switching to an external media storage implementation like [matrix-media-repo](configuring-playbook-matrix-media-repo.md). + First, [choose an Object Storage provider](#choosing-an-object-storage-provider). Then, [create the S3 bucket](#bucket-creation-and-security-configuration). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 31eea895..8f598f6b 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -51,6 +51,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Configuring Element](configuring-playbook-client-element.md) (optional) +- [Storing Matrix media files using matrix-media-repo](configuring-playbook-matrix-media-repo.md) (optional) + - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional) - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional) From 60c34d701af574926971d2c965c12590e955da6d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 18 Jul 2023 18:12:47 +0300 Subject: [PATCH 033/340] Use prebuilt container images for matrix-sliding-sync on ARM64 As mentioned in https://github.com/matrix-org/sliding-sync/issues/31#issuecomment-1640321110 images are available for arm64 already. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f932dcc3..8d7197f1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3927,7 +3927,7 @@ matrix_sliding_sync_hostname: "{{ matrix_server_fqn_matrix }}" matrix_sliding_sync_path_prefix: /sliding-sync -matrix_sliding_sync_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" +matrix_sliding_sync_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_sliding_sync_container_additional_networks: | {{ From 2fad66a3719ad09347e70e012ea4ca3e2175e40d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 18 Jul 2023 20:04:51 +0300 Subject: [PATCH 034/340] Upgrade Synapse (v1.87.0 -> v1.88.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 6548f356..9cc5fffc 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.87.0 +matrix_synapse_version: v1.88.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 64396419ba8c70fdde5679324a7f7c2fbdb1eaa5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 18 Jul 2023 20:40:44 +0300 Subject: [PATCH 035/340] Upgrade synapse-s3-storage-provider (1.2.0 -> 1.2.1) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 9cc5fffc..48d8e8d9 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -870,7 +870,7 @@ matrix_synapse_ext_encryption_config_yaml: | # Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). # Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider. matrix_synapse_ext_synapse_s3_storage_provider_enabled: false -matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.0 +matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.1 # Controls whether media from this (local) server is stored in s3-storage-provider matrix_synapse_ext_synapse_s3_storage_provider_store_local: true # Controls whether media from remote servers is stored in s3-storage-provider From 330dfd4eaf804bcefdb44ab9efe635d49c663df0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 18 Jul 2023 22:38:37 +0300 Subject: [PATCH 036/340] Update element 1.11.35 -> 1.11.36 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 368639cb..9199a1d5 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.35 +matrix_client_element_version: v1.11.36 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From a5cb6272d8891532735aee79238059f1d9ea5ef6 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 21 Jul 2023 13:22:05 +0300 Subject: [PATCH 037/340] add global bridges relay mode switch --- docs/configuring-playbook-mautrix-bridges.md | 22 +++++++++++++++++++ roles/custom/matrix-base/defaults/main.yml | 3 +++ .../defaults/main.yml | 2 ++ .../templates/config.yaml.j2 | 2 +- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 2 +- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 17 ++++++++++++++ .../defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- 10 files changed, 54 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index 392be47d..c6e78d02 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -32,14 +32,18 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: | '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` +## encryption + Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: **for all bridges with encryption support**: + ```yaml matrix_bridges_encryption_enabled: true ``` **Alternatively**, for a specific bridge: + ```yaml matrix_mautrix_SERVICENAME_configuration_extension_yaml: | bridge: @@ -48,6 +52,24 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: | default: true ``` +## relay mode + +Relay mode is off by default. If you would like to enable relay mode, add the following to your `vars.yml` file: + +**for all bridges with relay mode support**: + +```yaml +matrix_bridges_relay_enabled: true +``` + +**Alternatively**, for a specific bridge: + +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + relay: + enabled: true +``` You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this: diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 35974bba..637ce3bb 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -16,6 +16,9 @@ matrix_admin: '' # Global var to enable/disable encryption across all bridges with encryption support matrix_bridges_encryption_enabled: false +# Global var to enable/disable relay mode across all bridges with relay mode support +matrix_bridges_relay_enabled: false + # matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc. # # Unless you're wrapping this playbook in another one diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index 86c3366c..9f86be5f 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -110,6 +110,8 @@ matrix_appservice_kakaotalk_login_shared_secret: '' matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}" +matrix_appservice_kakaotalk_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" + matrix_appservice_kakaotalk_bridge_permissions: | {{ {matrix_appservice_kakaotalk_homeserver_domain: 'user'} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 803d443f..cf3644a9 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -220,7 +220,7 @@ bridge: relay: # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any # authenticated user into a relaybot for that chat. - enabled: false + enabled: {{ matrix_appservice_kakaotalk_bridge_relay_enabled }} # The formats to use when sending messages to KakaoTalk via a relay user. # # Available variables: diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index dcd9fdfa..0b48aaad 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -103,6 +103,9 @@ matrix_mautrix_facebook_login_shared_secret: '' matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}" +# Enable bridge relay bot functionality +matrix_mautrix_facebook_relay_enabled: "{{ matrix_bridges_relay_enabled }}" + matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 636b442b..7ec9342a 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -206,7 +206,7 @@ bridge: relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any # authenticated user into a relaybot for that chat. - enabled: false + enabled: {{ matrix_mautrix_facebook_relay_enabled }} # The formats to use when sending messages to Messenger via a relay user. # # Available variables: diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 2288fb77..cef49288 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -83,6 +83,9 @@ matrix_mautrix_instagram_login_shared_secret: '' matrix_mautrix_instagram_bridge_login_shared_secret_map: "{{ {matrix_mautrix_instagram_homeserver_domain: matrix_mautrix_instagram_login_shared_secret} if matrix_mautrix_instagram_login_shared_secret else {} }}" +# Enable bridge relay bot functionality +matrix_mautrix_instagram_relay_enabled: "{{ matrix_bridges_relay_enabled }}" + matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 1949a253..e3d4be52 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -196,6 +196,23 @@ bridge: # The shared secret to authorize users of the API. # Set to "generate" to generate and save a new token. shared_secret: generate + relay: + # Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: {{ matrix_mautrix_instagram_relay_enabled }} + # The formats to use when sending messages to Instagram via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + # + # Note that Instagram doesn't support captions for images, so images won't include any indication of being relayed. + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' # Python logging configuration. # diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index ca9bab54..7675e7b1 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -104,7 +104,7 @@ matrix_mautrix_signal_appservice_database: "{{ matrix_mautrix_signal_login_shared_secret: '' # Enable bridge relay bot functionality -matrix_mautrix_signal_relaybot_enabled: false +matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index ab2921e3..a308811a 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -113,7 +113,7 @@ matrix_mautrix_whatsapp_bridge_permissions: | }} # Enable bridge relay functionality -matrix_mautrix_whatsapp_bridge_relay_enabled: false +matrix_mautrix_whatsapp_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" # Only allow admins on this home server to set themselves as a relay user matrix_mautrix_whatsapp_bridge_relay_admin_only: true From 5ea6aa3e50d20a4a2e50e84810c20411a1f58448 Mon Sep 17 00:00:00 2001 From: Shreyas Ajjarapu Date: Fri, 21 Jul 2023 06:33:52 -0500 Subject: [PATCH 038/340] Added Google Messager Bridge (#2794) * intial commit * changed * Reorderd * merge old changes * added changes to matrix_servers * Remove duplicate discord * Update main.yml * added google message to configuring-playbook.md * Changed docs to add new changes * Changed bug? * Removed problem j2 values * Rename a service files * change how password hash string * Changed port number * Change how the local part works * Revert "Merge pull request #8 from shreyasajj/wsproxy" This reverts commit bb1b8fc67ca39f63ca77e70077be99cb2b32c4de, reversing changes made to cce6ba5f9d74f89172488afc8b1ef124031de8c1. --------- Co-authored-by: Shreyas Ajjarapu --- README.md | 1 + ...uring-playbook-bridge-mautrix-gmessages.md | 38 +++ docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + docs/self-building.md | 1 + group_vars/matrix_servers | 63 +++- .../defaults/main.yml | 151 +++++++++ .../tasks/inject_into_nginx_proxy.yml | 35 ++ .../tasks/main.yml | 29 ++ .../tasks/setup_install.yml | 140 ++++++++ .../tasks/setup_uninstall.yml | 20 ++ .../tasks/validate_config.yml | 20 ++ .../templates/config.yaml.j2 | 298 ++++++++++++++++++ .../matrix-mautrix-gmessages.service.j2 | 43 +++ setup.yml | 1 + 15 files changed, 841 insertions(+), 3 deletions(-) create mode 100644 docs/configuring-playbook-bridge-mautrix-gmessages.md create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 diff --git a/README.md b/README.md index 912febc0..71d46f82 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,7 @@ Bridges can be used to connect your matrix installation with third-party communi | [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | | [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) | | [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) | +| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge for bridging your Matrix server to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) | | [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | | [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) | | [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) | diff --git a/docs/configuring-playbook-bridge-mautrix-gmessages.md b/docs/configuring-playbook-bridge-mautrix-gmessages.md new file mode 100644 index 00000000..6b2b18e6 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-gmessages.md @@ -0,0 +1,38 @@ +# Setting up Mautrix gmessages (optional) + +The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you. + +See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you. + +Use the following playbook configuration: + +```yaml +matrix_mautrix_gmessages_enabled: true +``` + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-gmessages` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +You then need to start a chat with `@gmessagesbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 8f598f6b..a4746a62 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -114,6 +114,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md) (optional) +- [Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md) (optional) + - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional) - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index 737a4457..e89161f7 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -46,6 +46,8 @@ These services are not part of our default installation, but can be enabled by [ - [mautrix/telegram](https://mau.dev/mautrix/telegram/container_registry) - the [mautrix-telegram](https://github.com/mautrix/telegram) bridge to [Telegram](https://telegram.org/) (optional) +- [mautrix/gmessages](https://mau.dev/mautrix/gmessages/container_registry) - the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge to [Google Messages](https://messages.google.com/) (optional) + - [mautrix/whatsapp](https://mau.dev/mautrix/whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional) - [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional) diff --git a/docs/self-building.md b/docs/self-building.md index ad29fc2d..3fe826da 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -32,6 +32,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl - `matrix-bridge-mautrix-googlechat` - `matrix-bridge-mautrix-telegram` - `matrix-bridge-mautrix-signal` +- `matrix-bridge-mautrix-gmessages` - `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d7197f1..5fc5c25d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -101,6 +101,8 @@ matrix_homeserver_container_extra_arguments_auto: | + (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else []) + (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else []) @@ -158,6 +160,8 @@ matrix_homeserver_app_service_config_files_auto: | + (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else []) + + (['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else []) + + (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else []) + (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else []) @@ -270,6 +274,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else []) + + ([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else []) + + ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else []) + ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else []) @@ -1153,6 +1159,51 @@ matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_ge # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-gmessages +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_gmessages_enabled: false + +matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_gmessages_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.as.token', rounds=655555) | to_uuid }}" + +matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.hs.token', rounds=655555) | to_uuid }}" + +matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_mautrix_gmessages_metrics_enabled` +# - `matrix_mautrix_gmessages_proxying_metrics_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled }}" + +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-gmessages +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-whatsapp @@ -1182,10 +1233,10 @@ matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" # People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: -# - `matrix_mautrix_twitter_metrics_enabled` -# - `matrix_mautrix_twitter_proxying_metrics_enabled` +# - `matrix_mautrix_whatsapp_metrics_enabled` +# - `matrix_mautrix_whatsapp_proxying_metrics_enabled` # - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` -matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled }}" +matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled }}" # Postgres is the default, except if not using internal Postgres server matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" @@ -3016,6 +3067,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_mautrix_twitter_database_password, }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_mautrix_gmessages_database_name, + 'username': matrix_mautrix_gmessages_database_username, + 'password': matrix_mautrix_gmessages_database_password, + }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ 'name': matrix_mautrix_whatsapp_database_name, 'username': matrix_mautrix_whatsapp_database_username, diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml new file mode 100644 index 00000000..6a6c14b0 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -0,0 +1,151 @@ +--- +# mautrix-gmessages is a Matrix <-> gmessages bridge +# Project source code URL: https://github.com/mautrix/gmessages + +matrix_mautrix_gmessages_enabled: true + +matrix_mautrix_gmessages_container_image_self_build: false +matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" +matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" + +matrix_mautrix_gmessages_version: latest +# See: https://mau.dev/mautrix/gmessages/container_registry +matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" +matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" +matrix_mautrix_gmessages_docker_image_force_pull: "{{ matrix_mautrix_gmessages_docker_image.endswith(':latest') }}" + +matrix_mautrix_gmessages_base_path: "{{ matrix_base_data_path }}/mautrix-gmessages" +matrix_mautrix_gmessages_config_path: "{{ matrix_mautrix_gmessages_base_path }}/config" +matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/data" +matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src" + +matrix_mautrix_gmessages_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" + +matrix_mautrix_gmessages_command_prefix: "!gm" + +# A list of extra arguments to pass to the container +matrix_mautrix_gmessages_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-gmessages.service depends on. +matrix_mautrix_gmessages_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-gmessages.service wants +matrix_mautrix_gmessages_systemd_wanted_services_list: [] + +matrix_mautrix_gmessages_appservice_token: '' +matrix_mautrix_gmessages_homeserver_token: '' + +matrix_mautrix_gmessages_appservice_bot_username: gmessagesbot + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_gmessages_logging_level: 'warn' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_gmessages_federate_rooms: true + +# Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_gmessages_metrics_proxying_enabled`. +matrix_mautrix_gmessages_metrics_enabled: false + +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-gmessages`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_gmessages_metrics_proxying_enabled: false + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_mautrix_gmessages_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_mautrix_gmessages_database_*` variables +matrix_mautrix_gmessages_database_engine: 'sqlite' + +matrix_mautrix_gmessages_sqlite_database_path_local: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db" +matrix_mautrix_gmessages_sqlite_database_path_in_container: "/data/mautrix-gmessages.db" + +matrix_mautrix_gmessages_database_username: 'matrix_mautrix_gmessages' +matrix_mautrix_gmessages_database_password: 'some-password' +matrix_mautrix_gmessages_database_hostname: '' +matrix_mautrix_gmessages_database_port: 5432 +matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages' + +matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode=disable' + +matrix_mautrix_gmessages_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_mautrix_gmessages_database_engine] +}}" + +matrix_mautrix_gmessages_appservice_database_uri: "{{ + { + 'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container, + 'postgres': matrix_mautrix_gmessages_database_connection_string, + }[matrix_mautrix_gmessages_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_gmessages_login_shared_secret: '' +matrix_mautrix_gmessages_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}" + +# Enable End-to-bridge encryption +matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" +matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" +matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" + +matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true +matrix_mautrix_gmessages_bridge_mute_bridging: true + +matrix_mautrix_gmessages_bridge_permissions: | + {{ + {matrix_mautrix_gmessages_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +# Default mautrix-gmessages configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_gmessages_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_gmessages_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_gmessages_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_gmessages_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_gmessages_configuration_yaml`. + +matrix_mautrix_gmessages_configuration_extension: "{{ matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml if matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_gmessages_configuration_yaml`. +matrix_mautrix_gmessages_configuration: "{{ matrix_mautrix_gmessages_configuration_yaml | from_yaml | combine(matrix_mautrix_gmessages_configuration_extension, recursive=True) }}" + +matrix_mautrix_gmessages_registration_yaml: | + id: gmessages + url: {{ matrix_mautrix_gmessages_appservice_address }} + as_token: "{{ matrix_mautrix_gmessages_appservice_token }}" + hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_mautrix_gmessages_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@gmessages_.+:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..c5cb1ba8 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,35 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append mautrix-gmessages-metrics's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-gmessages role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- when: matrix_mautrix_gmessages_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-gmessages metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages) + ansible.builtin.set_fact: + matrix_mautrix_gmessages_nginx_metrics_configuration_block: | + location /metrics/mautrix-gmessages { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-gmessages:8001"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + + - name: Register mautrix-gmessages metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_gmessages_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml new file mode 100644 index 00000000..45da31da --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + block: + - when: matrix_mautrix_gmessages_enabled | bool and matrix_mautrix_gmessages_metrics_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + +- tags: + - setup-all + - setup-mautrix-gmessages + - install-all + - install-mautrix-gmessages + block: + - when: matrix_mautrix_gmessages_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_gmessages_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-mautrix-gmessages + block: + - when: not matrix_mautrix_gmessages_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml new file mode 100644 index 00000000..73038c4c --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml @@ -0,0 +1,140 @@ +--- + +- ansible.builtin.set_fact: + matrix_mautrix_gmessages_requires_restart: false + +- when: "matrix_mautrix_gmessages_database_engine == 'postgres'" + block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}" + register: matrix_mautrix_gmessages_sqlite_database_path_local_stat_result + + - when: "matrix_mautrix_gmessages_sqlite_database_path_local_stat_result.stat.exists | bool" + block: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: + src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}" + dst: "{{ matrix_mautrix_gmessages_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_mautrix_gmessages_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-mautrix-gmessages.service'] + pgloader_options: ['--with "quote identifiers"'] + + - ansible.builtin.set_fact: + matrix_mautrix_gmessages_requires_restart: true + +- name: Ensure Mautrix gmessages paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_mautrix_gmessages_base_path }}", when: true} + - {path: "{{ matrix_mautrix_gmessages_config_path }}", when: true} + - {path: "{{ matrix_mautrix_gmessages_data_path }}", when: true} + - {path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}", when: "{{ matrix_mautrix_gmessages_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure Mautrix gmessages image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_gmessages_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_gmessages_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_docker_image_force_pull }}" + when: not matrix_mautrix_gmessages_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure Mautrix gmessages repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_mautrix_gmessages_container_image_self_build_repo }}" + dest: "{{ matrix_mautrix_gmessages_docker_src_files_path }}" + version: "{{ matrix_mautrix_gmessages_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_mautrix_gmessages_git_pull_results + when: "matrix_mautrix_gmessages_container_image_self_build | bool" + +- name: Ensure Mautrix gmessages Docker image is built + community.docker.docker_image: + name: "{{ matrix_mautrix_gmessages_docker_image }}" + source: build + force_source: "{{ matrix_mautrix_gmessages_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}" + pull: true + when: "matrix_mautrix_gmessages_container_image_self_build | bool" + +- name: Check if an old database file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db" + register: matrix_mautrix_gmessages_stat_database + +- name: Check if an old matrix state file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json" + register: matrix_mautrix_gmessages_stat_mx_state + +- name: (Data relocation) Ensure matrix-mautrix-gmessages.service is stopped + ansible.builtin.service: + name: matrix-mautrix-gmessages + state: stopped + enabled: false + daemon_reload: true + failed_when: false + when: "matrix_mautrix_gmessages_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-gmessages database file to ./data directory + ansible.builtin.command: + cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db {{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db" + creates: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db" + removes: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db" + when: "matrix_mautrix_gmessages_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-gmessages mx-state file to ./data directory + ansible.builtin.command: + cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mx-state.json {{ matrix_mautrix_gmessages_data_path }}/mx-state.json" + creates: "{{ matrix_mautrix_gmessages_data_path }}/mx-state.json" + removes: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json" + when: "matrix_mautrix_gmessages_stat_mx_state.stat.exists" + +- name: Ensure mautrix-gmessages config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_gmessages_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_gmessages_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-gmessages registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_gmessages_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_gmessages_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mautrix-gmessages.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-gmessages.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service" + mode: 0644 + +- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-gmessages.service" + state: restarted + daemon_reload: true + when: "matrix_mautrix_gmessages_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml new file mode 100644 index 00000000..e324a523 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-mautrix-gmessages service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service" + register: matrix_mautrix_gmessages_service_stat + +- when: matrix_mautrix_gmessages_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-gmessages is stopped + ansible.builtin.service: + name: matrix-mautrix-gmessages + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-mautrix-gmessages.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml new file mode 100644 index 00000000..acfffa75 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml @@ -0,0 +1,20 @@ +--- + +- name: Fail if required mautrix-gmessages settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_mautrix_gmessages_appservice_token', when: true} + - {'name': 'matrix_mautrix_gmessages_homeserver_token', when: true} + - {'name': 'matrix_mautrix_gmessages_database_hostname', when: "{{ matrix_mautrix_gmessages_database_engine == 'postgres' }}"} + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 new file mode 100644 index 00000000..a17f6cd1 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -0,0 +1,298 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_gmessages_homeserver_address }} + # The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: {{ matrix_mautrix_gmessages_homeserver_domain }} + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_gmessages_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: gmessages + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_mautrix_gmessages_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Google Messages bridge bot + avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_mautrix_gmessages_appservice_token }}" + hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}" + +# Segment API key to track some events, like provisioning API login and encryption errors. +segment_key: null +# Optional user_id to use when sending Segment events. If null, defaults to using mxID. +segment_user_id: null + +# Prometheus config. +metrics: + # Enable prometheus metrics? + enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }} + # IP and port where the metrics listener should be. The path is always /metrics + listen: 127.0.0.1:8001 + +google_messages: + # OS name to tell the phone. This is the name that shows up in the paired devices list. + os: mautrix-gmessages + # Browser type to tell the phone. This decides which icon is shown. + # Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE + browser: OTHER + + # Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser? + # If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge. + aggressive_reconnect: false + +# Bridge config +bridge: + # Localpart template of MXIDs for SMS users. + # {{ '{{.}}' }} is replaced with an identifier of the recipient. + username_template: "{{ 'gmessages_{{.}}' }}" + # Displayname template for SMS users. + # {{ '{{.FullName}}' }} - Full name provided by the phone + # {{ '{{.FirstName}}' }} - First name provided by the phone + # {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone + displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}" + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }} + # Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + + portal_message_buffer: 128 + + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Number of chats to sync when connecting to Google Messages. + initial_chat_sync_count: 25 + # Backfill settings + backfill: + # Number of messages to backfill in new chats. + initial_limit: 50 + # Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message. + missed_limit: 100 + + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }} + + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # Should Matrix m.notice-type messages be bridged? + bridge_notices: true + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }} + # When using double puppeting, should archived chats be moved to a specific tag in Matrix? + # This can be set to a tag (e.g. m.lowpriority), or null to disable. + archive_tag: null + # Same as above, but for pinned chats. The favorite tag is called m.favourite + pinned_tag: null + # Should mute status and tags only be bridged when the portal room is created? + tag_only_on_create: true + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }} + # Should the bridge never send alerts to the bridge management room? + # These are mostly things like the user being logged out. + disable_bridge_alerts: false + # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. + # This is currently not supported in most clients. + caption_in_message: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!gm" + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Google Messages bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }} + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to link their own Google Messages on android. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }} + +# Logging config. See https://github.com/tulir/zeroconfig for details. +logging: + min_level: debug + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: ./logs/mautrix-gmessages.log + max_size: 100 + max_backups: 10 + compress: true diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 new file mode 100644 index 00000000..fb34e95b --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix gmessages bridge +{% for service in matrix_mautrix_gmessages_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_gmessages_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-gmessages \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_gmessages_config_path }}:/config:z \ + -v {{ matrix_mautrix_gmessages_data_path }}:/data:z \ + --workdir=/data \ + {% for arg in matrix_mautrix_gmessages_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_gmessages_docker_image }} \ + /usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-gmessages + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index c7a6a363..4da64ff4 100644 --- a/setup.yml +++ b/setup.yml @@ -59,6 +59,7 @@ - custom/matrix-bridge-mautrix-instagram - custom/matrix-bridge-mautrix-signal - custom/matrix-bridge-mautrix-telegram + - custom/matrix-bridge-mautrix-gmessages - custom/matrix-bridge-mautrix-whatsapp - custom/matrix-bridge-mautrix-discord - custom/matrix-bridge-mautrix-slack From 0a81083e7dc5932146cc7c75a51e01d6eb49c13b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 21 Jul 2023 14:37:05 +0300 Subject: [PATCH 039/340] Announce mautrix-gmessages support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2794 --- CHANGELOG.md | 6 ++++++ docs/configuring-playbook-bridge-mautrix-gmessages.md | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1870a27..950e38e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 2023-07-21 + +## mautrix-gmessages support + +Thanks to [Shreyas Ajjarapu](https://github.com/shreyasajj)'s efforts, the playbook now supports bridging to [Google Messages](https://messages.google.com/) via the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge. See our [Setting up Mautrix Google Messages bridging](docs/configuring-playbook-bridge-mautrix-gmessages.md) documentation page for getting started. + # 2023-07-17 ## matrix-media-repo support diff --git a/docs/configuring-playbook-bridge-mautrix-gmessages.md b/docs/configuring-playbook-bridge-mautrix-gmessages.md index 6b2b18e6..10981bf1 100644 --- a/docs/configuring-playbook-bridge-mautrix-gmessages.md +++ b/docs/configuring-playbook-bridge-mautrix-gmessages.md @@ -1,6 +1,6 @@ # Setting up Mautrix gmessages (optional) -The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you. +The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you, for bridging to [Google Messages](https://messages.google.com/). See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you. @@ -8,7 +8,7 @@ Use the following playbook configuration: ```yaml matrix_mautrix_gmessages_enabled: true -``` +``` ## Set up Double Puppeting From eea143e6eb8c87cfbd9e785081baad815969f40b Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 21 Jul 2023 05:47:51 -0800 Subject: [PATCH 040/340] Shortened gmessages salt The salts need to be shorter than 16 chars --- group_vars/matrix_servers | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5fc5c25d..f1fbb6c3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1176,14 +1176,14 @@ matrix_mautrix_gmessages_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])gmessage.as.token + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.as.token', rounds=655555) | to_uuid }}" +matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" From 2153c310f76eedc9d715cd2c2fdec3a175ea7fa6 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 21 Jul 2023 05:49:52 -0800 Subject: [PATCH 041/340] Update matrix_servers --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f1fbb6c3..0a30f217 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1176,7 +1176,7 @@ matrix_mautrix_gmessages_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])gmessage.as.token + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} From 856a328e96c679bc7d51760d00708d921a08cb17 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 24 Jul 2023 08:44:33 +0300 Subject: [PATCH 042/340] Upgrade prometheus-postgres-exporter (v0.13.1-0 -> v0.13.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index bac5fea3..91912c90 100644 --- a/requirements.yml +++ b/requirements.yml @@ -47,7 +47,7 @@ - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.13.1-0 + version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.0.10-0 From 14f7eed9324b58f4acb264f0cab3b15bfd10ac07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 24 Jul 2023 12:57:06 +0200 Subject: [PATCH 043/340] Update matrix-registration-bot, improve authentication config (#2723) * Adjust to new mrb docker versioning * Stabilze authentication * fix lint * Move & document mrb password usage * Add clean cache role * Document clean cache * Fix lint * Update CHANGELOG.md * Automate access tokens * Improve changelog * Make use of mrb's function to fetch API tokens * Adjust changelog * Use ansible.builtin.file to clear directory * Fix typo --------- Co-authored-by: Slavi Pantaleev --- CHANGELOG.md | 11 +++++ ...ng-playbook-bot-matrix-registration-bot.md | 47 +++++++++---------- group_vars/matrix_servers | 6 +++ .../defaults/main.yml | 22 +++++---- .../tasks/clean_cache.yml | 12 +++++ .../tasks/main.yml | 6 +++ .../tasks/setup_install.yml | 2 +- .../tasks/validate_config.yml | 9 +++- .../templates/config/config.yml.j2 | 6 ++- 9 files changed, 83 insertions(+), 38 deletions(-) create mode 100644 roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 950e38e4..3db319af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2023-07-24 + +## matrix-registration-bot usage changed + +[matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and now supports password-only-based login. Therefore the bot now doesn't need any manual configuration except setting a password in your `vars.yml`. The bot will be registered as admin and access tokens will be obtained automatically by the bot. + +**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings + +* `matrix_bot_matrix_registration_bot_bot_access_token` +* `matrix_bot_matrix_registration_bot_api_token` + # 2023-07-21 ## mautrix-gmessages support diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index b1e3fdc6..f0bffc85 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -2,40 +2,30 @@ The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you. -The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server, -where you invite someone by sending them a registration token. They can register as normal but have to provide a valid -registration token in a final step of the registration. +The bot allows you to easily **create and manage registration tokens** aka. invitation codes. +It can be used for an invitation-based server, +where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration. See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it does and why it might be useful to you. -## Registering the bot user +## Configuration -By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`. +To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: -(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable). - -For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - -## Obtaining an admin access token - -In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). - -## Adjusting the playbook configuration - -Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: +For `matrix_bot_matrix_registration_bot_api_token`you need an access token with the permission to access the admin api. Access to the API is needed for all restricted actions of the bot (list, create etc..). Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ```yaml matrix_bot_matrix_registration_bot_enabled: true -# Token obtained via logging into the bot account (see above) -matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE" + +#By default, the playbook will set use the bot with a username like +## this: `@bot.matrix-registration-bot:DOMAIN`. +# To use a different username, uncomment & adjust the variable. +# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_matrix_registration_bot_password: PASSWORD_FOR_THE_BOT # Enables registration matrix_synapse_enable_registration: true @@ -44,6 +34,7 @@ matrix_synapse_enable_registration: true matrix_synapse_registration_requires_token: true ``` +The bot account will be automatically created. ## Installing @@ -56,10 +47,16 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, message `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). + +To clean the cache (session&encryption data) after you changed the bot's username, changed the login methon form access_token to password etc.. you can use + +```bash +just run-tags bot-matrix-registration-bot-clean-cache +``` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0a30f217..bf9928d0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4123,6 +4123,12 @@ matrix_conduit_systemd_required_services_list: | matrix_user_creator_users_auto: | {{ + ([{ + 'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart, + 'initial_password': matrix_bot_matrix_registration_bot_bot_password, + 'initial_type': 'admin', + }] if matrix_bot_matrix_registration_bot_enabled else []) + + ([{ 'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart, 'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password, diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index d8e52b71..41143566 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: latest -matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" +matrix_bot_matrix_registration_bot_version: 1.3.0 +matrix_bot_matrix_registration_bot_docker_iteration: 0 +matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}" +matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot" @@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" -# The access token that the bot uses to communicate in Matrix chats -# This does not necessarily need to be a privileged (admin) access token. -matrix_bot_matrix_registration_bot_bot_access_token: '' -# The access token that the bot uses to call the Matrix API for creating registration tokens. -# This needs to be a privileged (admin) access token. -# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is. -# If necessary, you can define your own other access token here, which might even be for a different Matrix user. -matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}" +# The bot's password (can also be used to login via a client like element) +matrix_bot_matrix_registration_bot_bot_password: '' + +# Optional variable that only needs to be set if the bot account is not admin +# Needs to be a valid access token of an admin account +matrix_bot_matrix_registration_bot_api_token: '' + +matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy" matrix_bot_matrix_registration_bot_logging_level: info matrix_bot_matrix_registration_environment_variables_extension: '' diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml new file mode 100644 index 00000000..ae4433b8 --- /dev/null +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml @@ -0,0 +1,12 @@ +--- + +- name: Delete cache files + ansible.builtin.file: + state: "{{ item }}" + path: "{{ matrix_bot_matrix_registration_bot_data_path }}" + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - absent + - directory diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml index 83291fb6..cd11c1d5 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -18,3 +18,9 @@ block: - when: not matrix_bot_matrix_registration_bot_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + +- tags: + - bot-matrix-registration-bot-clean-cache + block: + - when: matrix_bot_matrix_registration_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 515cd997..655f3d27 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -9,7 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} - - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} when: "item.when | bool" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml index 39e97cde..b7a47563 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -5,6 +5,13 @@ msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" + with_items: + - "matrix_bot_matrix_registration_bot_bot_password" + +- name: (Deprecation) Catch and report old settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot. + when: "item in vars" with_items: - "matrix_bot_matrix_registration_bot_bot_access_token" - - "matrix_bot_matrix_registration_bot_api_token" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 index 756efb01..4a2242aa 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 @@ -1,12 +1,16 @@ bot: server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} - access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }} + password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }} + api: # API endpoint of the registration tokens base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }} # Access token of an administrator on the server +{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %} token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }} +{% endif %} + logging: level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }} From 6666d230795fa1efb1cda13c7f868f282a1ed7fc Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 25 Jul 2023 00:04:02 -0800 Subject: [PATCH 044/340] Remove file logging, and add existing log level variable to config --- .../templates/config.yaml.j2 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 index a17f6cd1..6dc136bb 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -286,13 +286,7 @@ bridge: # Logging config. See https://github.com/tulir/zeroconfig for details. logging: - min_level: debug + min_level: {{ matrix_mautrix_gmessages_logging_level }} writers: - - type: stdout - format: pretty-colored - - type: file - format: json - filename: ./logs/mautrix-gmessages.log - max_size: 100 - max_backups: 10 - compress: true + - type: stdout + format: pretty-colored From 02de889656eee73bd457a2c39d9894d99001a2ac Mon Sep 17 00:00:00 2001 From: wuast94 Date: Tue, 25 Jul 2023 12:35:51 +0200 Subject: [PATCH 045/340] Fix Variable Registration bot variable need to be named: matrix_bot_matrix_registration_bot_bot_password and not: matrix_bot_matrix_registration_bot_password Dont know if it need fixed in every rule or just change the docs --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index f0bffc85..babfd268 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -25,7 +25,7 @@ matrix_bot_matrix_registration_bot_enabled: true # matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot # Generate a strong password here. Consider generating it with `pwgen -s 64 1` -matrix_bot_matrix_registration_bot_password: PASSWORD_FOR_THE_BOT +matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT # Enables registration matrix_synapse_enable_registration: true From 9703d1d1e5866e781168fd3255f26103b6de9020 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Jul 2023 17:28:30 +0300 Subject: [PATCH 046/340] Upgrade Traefik (v2.10.3-0 -> v2.10.4-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 91912c90..4f2fd7f8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.3-0 + version: v2.10.4-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 52ed1f7a0bb4adf39842965892bc78b1a5e88602 Mon Sep 17 00:00:00 2001 From: greentore <117551249+greentore@users.noreply.github.com> Date: Tue, 25 Jul 2023 19:26:20 +0200 Subject: [PATCH 047/340] Update Element logo location --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 9199a1d5..123cbd32 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -159,7 +159,7 @@ matrix_client_element_welcome_user_id: ~ matrix_client_element_brand: "Element" # URL to Logo on welcome page -matrix_client_element_welcome_logo: "welcome/images/logo.svg" +matrix_client_element_welcome_logo: "themes/element/img/logos/element-logo.svg" # URL of link on welcome image matrix_client_element_welcome_logo_link: "https://element.io" From ae2f67e15f5dd5a5fe88b64a837348d7fdd3cc7f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jul 2023 15:27:38 +0300 Subject: [PATCH 048/340] Make maubot communicate with the homeserver via the container network Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2791 --- roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 index 49bbcb87..7750ec9a 100644 --- a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -60,7 +60,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: "https://{{ matrix_server_fqn_matrix }}" + url: {{ matrix_homeserver_container_url | to_json }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. From 08b433a8f7b02b5f3fc88dfc3b2f85f2feb1730c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jul 2023 19:50:18 +0300 Subject: [PATCH 049/340] Upgrade Grafana (v10.0.2-1 -> v10.0.3-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 4f2fd7f8..1ef1f4da 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.2-1 + version: v10.0.3-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-2 name: jitsi From ba1d665bd993cc07f2b3a2a5077804cc3b5719ea Mon Sep 17 00:00:00 2001 From: Alexis Yushin Date: Thu, 27 Jul 2023 11:26:15 +0200 Subject: [PATCH 050/340] make smtp tls configurable / optional --- .gitignore | 1 + .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- roles/custom/matrix-synapse/vars/main.yml | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 42187739..6b56900a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /roles/**/files/scratchpad .DS_Store .python-version +.idea/ flake.lock # ignore roles pulled by ansible-galaxy diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index f42f6e30..e12bdb19 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2351,7 +2351,7 @@ email: # must present a certificate that is valid for 'smtp_host'. If this option # is set to false, TLS will not be used. # - #enable_tls: false + enable_tls: {{ matrix_synapse_email_smtp_enable_tls|to_json }} # notif_from defines the "From" address to use when sending emails. # It must be set if email sending is enabled. diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 9ac7afeb..a12b4401 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -5,6 +5,9 @@ matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" +# Optionally: `false` to fully disable tls on outbound smtp +matrix_synapse_email_smtp_enable_tls: true + # A Synapse generic worker can handle both federation and client-server API endpoints. # We wish to split these, as we normally serve federation separately and don't want them mixed up. # From 92ea0480805a11c17fc9535332f0a9d2a27d8ac7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 08:40:43 +0300 Subject: [PATCH 051/340] Add some missing install-all/install-synapse tags to Synapse role --- .../matrix-synapse/tasks/ext/setup_install.yml | 14 ++++++++++++++ .../custom/matrix-synapse/tasks/setup_install.yml | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml index 0d887939..4adb6566 100644 --- a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml @@ -4,6 +4,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_encryption_disabler_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" @@ -12,6 +14,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" @@ -20,6 +24,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" @@ -28,6 +34,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_ldap_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml" @@ -36,6 +44,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" @@ -44,6 +54,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" @@ -52,6 +64,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml index 378a0dee..a2185da5 100644 --- a/roles/custom/matrix-synapse/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/setup_install.yml @@ -26,6 +26,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml" @@ -34,6 +36,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_workers_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" @@ -41,12 +45,16 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_s3_media_store_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" From 621578399fe1e400b67140a8e5e18e226dfc3da4 Mon Sep 17 00:00:00 2001 From: "System user; root" Date: Thu, 27 Jul 2023 23:00:59 -0800 Subject: [PATCH 052/340] Adding variable for messing with the prompt and setting the default to the example --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 ++ roles/custom/matrix-bot-chatgpt/templates/env.j2 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 00eae167..298437ca 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -88,3 +88,5 @@ matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true # matrix_bot_chatgpt_environment_variables_extension: | # chatgpt_TEXT_DONE=Done matrix_bot_chatgpt_environment_variables_extension: '' + +matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index bc8c3866..d9ca2d50 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -25,6 +25,8 @@ MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }} MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }} MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }} +CHATGPT_PROMPT_PREFIX={{ matrix_bot_chatgpt_matrix_bot_prompt_prefix }} + DATA_PATH=/data/ {{ matrix_bot_chatgpt_environment_variables_extension }} From 0a6b934a44a4f2a6a7d0f146b026d4aeb66024f7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 17:17:48 +0300 Subject: [PATCH 053/340] Rename Element configuration key (preferredDomain -> preferred_domain) Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1655758296 --- .../templates/static-files/well-known/matrix-client.j2 | 4 ++-- roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 45c3ea2a..e3a3172e 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -20,10 +20,10 @@ {% endif %} {% if matrix_client_element_jitsi_preferredDomain %}, "io.element.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} {% if matrix_sliding_sync_enabled %}, diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 6f2498fd..c0d11abd 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -35,7 +35,7 @@ }, {% if matrix_client_element_jitsi_preferredDomain %} "jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} }, {% endif %} {% if matrix_client_element_location_sharing_enabled %} From f3445c124c088b0122ee0bb8dd7ae327c96a7fb4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 17:26:05 +0300 Subject: [PATCH 054/340] Fix Traefik support for matrix-user-verification-service Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1655758296 --- group_vars/matrix_servers | 21 ++++++++++++------- .../defaults/main.yml | 8 +++++++ .../tasks/setup_install.yml | 5 +++++ ...atrix-user-verification-service.service.j2 | 10 +++++++-- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bf9928d0..74f382fa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4172,13 +4172,20 @@ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_serv matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | - {{ - ['docker.service'] - + - (['matrix-synapse.service'] if matrix_synapse_enabled else []) - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) - }} + {{ + ['docker.service'] + + + (['matrix-' + matrix_homeserver_implementation + '.service']) + }} + +matrix_user_verification_service_container_additional_networks: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + + + ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else []) + ) | unique + }} # If Jitsi is managed by this playbook we can use the docker network - no need to expose a port. # If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 5b3611b8..b553ad12 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -18,6 +18,14 @@ matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service:{{ matrix_user_verification_service_version }}" matrix_user_verification_service_docker_image_force_pull: "{{ matrix_user_verification_service_docker_image.endswith(':latest') }}" +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_user_verification_service_container_network: "{{ matrix_docker_network }}" + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_user_verification_service_container_additional_networks: [] + matrix_user_verification_service_container_name: "matrix-user-verification-service" # This will be set in group vars matrix_user_verification_service_container_http_host_bind_port: '' diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 185b4b64..54d5d979 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -30,6 +30,11 @@ group: "{{ matrix_user_groupname }}" mode: 0644 +- name: Ensure matrix-user-verification-service container network is created + community.general.docker_network: + name: "{{ matrix_user_verification_service_container_network }}" + driver: bridge + - name: Ensure matrix-user-verification-service.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-user-verification-service.service.j2" diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index eb24b128..d42dc2d9 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -17,12 +17,14 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_user_verification_service_container_name }}\ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ + --rm \ + --name={{ matrix_user_verification_service_container_name }}\ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_user_verification_service_container_network }} \ {% if matrix_user_verification_service_container_http_host_bind_port %} -p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \ {% endif %} @@ -32,6 +34,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_user_verification_service_docker_image }} +{% for network in matrix_user_verification_service_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_user_verification_service_container_name }} +{% endfor %} + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' Restart=always From 06e2ab94fdebba0ad2be29307986f66828436548 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 20:53:44 +0300 Subject: [PATCH 055/340] Add missing space Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1656064975 --- .../systemd/matrix-user-verification-service.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index d42dc2d9..68398263 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -19,7 +19,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ --rm \ - --name={{ matrix_user_verification_service_container_name }}\ + --name={{ matrix_user_verification_service_container_name }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ From 4a1ed92671d860f3c41cfeee56da6a11c47147b0 Mon Sep 17 00:00:00 2001 From: wuast94 Date: Sun, 30 Jul 2023 04:50:05 +0200 Subject: [PATCH 056/340] Add system promt variable to docs Added the system promt variable and added a bit information for beginners --- docs/configuring-playbook-bot-chatgpt.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index fa7972ca..72171f28 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -43,6 +43,11 @@ matrix_bot_chatgpt_openai_api_key: '' # Matrix access token (from bot user above) # see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix matrix_bot_chatgpt_matrix_access_token: '' + +# Configuring the system promt used, needed if the bot is used for special tasks. +# More information: https://github.com/mustvlad/ChatGPT-System-Prompts +matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' + ``` You will need to get tokens for ChatGPT. From 8eac642a2d9bfce0ba436f4c29f33746ec65af19 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 30 Jul 2023 22:41:45 +0300 Subject: [PATCH 057/340] Upgrade Heisenbridge (1.14.3 -> 1.14.4) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 5dfe3810..cba4d631 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.3 +matrix_heisenbridge_version: 1.14.4 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From e7bc6b3729340040dccb7afbe0a5687781fb5467 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jul 2023 18:40:29 +0300 Subject: [PATCH 058/340] Upgrade appservice-slack (2.0.2 -> 2.1.2) Related to https://matrix.org/blog/2023/07/bridges-security-updates/ --- roles/custom/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index 6fb6d7e7..a3ea586b 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_slack_version: 2.0.2 +matrix_appservice_slack_version: 2.1.2 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" From bfe89df323c55ee3a2de2590d99b48f14a6e3d4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jul 2023 18:41:02 +0300 Subject: [PATCH 059/340] Upgrade appservice-irc (0.38.0 -> 1.0.1) Related to: https://matrix.org/blog/2023/07/bridges-security-updates/ --- roles/custom/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index b6e6f119..2611da8a 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.38.0 +matrix_appservice_irc_version: 1.0.1 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 2a56fe09c336bdffd938580266ffb1b6c9961524 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jul 2023 18:41:25 +0300 Subject: [PATCH 060/340] Upgrade Hookshot (4.4.0 -> 4.4.1) Related to: https://matrix.org/blog/2023/07/bridges-security-updates/ --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 3c1ba519..491bf318 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.4.0 +matrix_hookshot_version: 4.4.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From df406dbfd85039e0687847e41fcf803204a4bd23 Mon Sep 17 00:00:00 2001 From: adam-kress Date: Tue, 1 Aug 2023 08:12:35 -0400 Subject: [PATCH 061/340] Update synapse 1.88.0 -> 1.89.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 48d8e8d9..0e37be32 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.88.0 +matrix_synapse_version: v1.89.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 2bd9d2a142c27de163442bed9c80afd260c91e02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 1 Aug 2023 14:48:56 +0200 Subject: [PATCH 062/340] docs: Remove mention of access token --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index babfd268..66b3e576 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -14,8 +14,6 @@ does and why it might be useful to you. To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: -For `matrix_bot_matrix_registration_bot_api_token`you need an access token with the permission to access the admin api. Access to the API is needed for all restricted actions of the bot (list, create etc..). Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). - ```yaml matrix_bot_matrix_registration_bot_enabled: true From 1b9a20bc2e2a6423ef336825376828efa4b8e724 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 1 Aug 2023 20:11:51 +0300 Subject: [PATCH 063/340] Update element 1.11.36 -> 1.11.37 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 123cbd32..f62ee35a 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.36 +matrix_client_element_version: v1.11.37 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 9d08d8e32ef5204736cf5b34b033481311c26413 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 2 Aug 2023 21:53:00 +0300 Subject: [PATCH 064/340] Update honoroit 0.9.17 -> 0.9.18 --- roles/custom/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 90ffa0c6..b190c3b7 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -20,7 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.17 +matrix_bot_honoroit_version: v0.9.18 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From 90e39875258c53ec4542be6da4bb32ba09597623 Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Fri, 4 Aug 2023 16:10:23 +0200 Subject: [PATCH 065/340] Upgrade Element 1.11.37 -> 1.11.38 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f62ee35a..39750ab0 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.37 +matrix_client_element_version: v1.11.38 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 6d9a990657f3adbe9d89776a6ccc0078ecad14c7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 4 Aug 2023 17:51:12 +0300 Subject: [PATCH 066/340] Partially revert (preferredDomain -> preferred_domain) renaming Partially reverts 0a6b934a44a4f. `preferred_domain` is only used by Element and does not apply to the `/.well-known/matrix/client` file. --- .../templates/static-files/well-known/matrix-client.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index e3a3172e..45c3ea2a 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -20,10 +20,10 @@ {% endif %} {% if matrix_client_element_jitsi_preferredDomain %}, "io.element.jitsi": { - "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} }, "im.vector.riot.jitsi": { - "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} {% if matrix_sliding_sync_enabled %}, From 4dfaeed4a1b8c90ca42bb0d1b49041cbe2c13493 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 5 Aug 2023 00:23:10 +0300 Subject: [PATCH 067/340] Update borg role v1.2.4-1.7.15-1 -> v1.2.4-1.7.15-2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1ef1f4da..cc3f912c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-1 + version: v1.2.4-1.7.15-2 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 4b61aca11e14e42672b83e08b63d3cb2f9a8e9b0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 5 Aug 2023 09:01:33 +0300 Subject: [PATCH 068/340] Upgrade Prometheus (v2.45.0-0 -> v2.45.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1ef1f4da..42a14670 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,7 +42,7 @@ - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.6.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.45.0-0 + version: v2.45.0-1 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.0-0 From b9b68c7110d256c72c06e6d6bd87285d81e8f52a Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 5 Aug 2023 12:48:11 +0200 Subject: [PATCH 069/340] Upgrade sliding-sync (v0.99.4 -> v0.99.5) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index cfc55ecd..97301597 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.4 +matrix_sliding_sync_version: v0.99.5 matrix_sliding_sync_scheme: https From 1dfe7a3da83ed4570c1ea4564430a997fd6bb4dd Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 5 Aug 2023 14:09:35 +0300 Subject: [PATCH 070/340] Update backup-borg role --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cc3f912c..23f45962 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-2 + version: v1.2.4-1.7.15-3 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From ccebbc07ca2ab931adde9e8fb12306949d0b6d2d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 6 Aug 2023 12:13:56 +0300 Subject: [PATCH 071/340] Upgrade Traefik (v2.10.4-0 -> v2.10.4-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 26d4f0c8..0ba980c3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.4-0 + version: v2.10.4-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 809316b16eb4a9b229c3b10c2fb1d239ed3c028b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:47:29 +0300 Subject: [PATCH 072/340] element-web camelCase renaming (showLabsSettings -> show_labs_settings) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- .../matrix-client-element/tasks/validate_config.yml | 9 +++++++++ .../matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 39750ab0..f64f302d 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -151,7 +151,7 @@ matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api" matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" -matrix_client_element_showLabsSettings: true # noqa var-naming +matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) matrix_client_element_roomdir_servers: ['matrix.org'] matrix_client_element_welcome_user_id: ~ diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index fdf42df7..50455cae 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -27,6 +27,15 @@ with_items: - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'} +- name: (Deprecation) Catch and report renamed element-web settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} + - when: matrix_client_element_container_labels_traefik_enabled | bool block: - name: Fail if required matrix-client-element Traefik settings not defined diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index c0d11abd..5d510403 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -22,7 +22,7 @@ "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls | to_json }}, "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string | to_json }}, "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url | to_json }}, - "showLabsSettings": {{ matrix_client_element_showLabsSettings | to_json }}, + "show_labs_settings": {{ matrix_client_element_show_lab_settings | to_json }}, "roomDirectory": { "servers": {{ matrix_client_element_roomdir_servers | to_json }} }, From c800af1bb62c6527c380fca1c9891c1c392cc57c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:48:22 +0300 Subject: [PATCH 073/340] element-web camelCase renaming (permalinkPrefix -> permalink_prefix) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f64f302d..3b1899cf 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -149,7 +149,7 @@ matrix_client_element_integrations_ui_url: "https://scalar.vector.im/" matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" -matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming +matrix_client_element_permalink_prefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 50455cae..425683b8 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -35,6 +35,7 @@ when: "item.old in vars" with_items: - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} + - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 5d510403..798faa1d 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -13,7 +13,7 @@ }, "default_theme": {{ matrix_client_element_default_theme | string | to_json }}, "default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, - "permalinkPrefix": {{ matrix_client_element_permalinkPrefix | string | to_json }}, + "permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }}, "disable_custom_urls": {{ matrix_client_element_disable_custom_urls | to_json }}, "disable_guests": {{ matrix_client_element_disable_guests | to_json }}, "brand": {{ matrix_client_element_brand | to_json }}, From bb90a59bbb1ab7889b88fd43d4625308306e7479 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:49:48 +0300 Subject: [PATCH 074/340] element-web camelCase renaming (roomDirectory -> room_directory) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3b1899cf..f238636b 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -153,7 +153,7 @@ matrix_client_element_permalink_prefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) -matrix_client_element_roomdir_servers: ['matrix.org'] +matrix_client_element_room_directory_servers: ['matrix.org'] matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 425683b8..4f5fd0ee 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -36,6 +36,7 @@ with_items: - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} + - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 798faa1d..498b2580 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -23,8 +23,8 @@ "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string | to_json }}, "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url | to_json }}, "show_labs_settings": {{ matrix_client_element_show_lab_settings | to_json }}, - "roomDirectory": { - "servers": {{ matrix_client_element_roomdir_servers | to_json }} + "room_directory": { + "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, "welcomeUserId": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} From d4e48a3a67c78be4e1ae6f5b0146aa176956d231 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:50:09 +0300 Subject: [PATCH 075/340] element-web camelCase renaming (welcomeUserId -> welcome_user_id) --- roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 498b2580..77cf5b26 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -26,7 +26,7 @@ "room_directory": { "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, - "welcomeUserId": {{ matrix_client_element_welcome_user_id | to_json }}, + "welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} From c4f716624b0187912b47c171b9d609e8fb3c30dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:50:27 +0300 Subject: [PATCH 076/340] element-web camelCase renaming (embeddedPages -> embedded_pages) --- roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 77cf5b26..5465395d 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -30,7 +30,7 @@ {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} - "embeddedPages": { + "embedded_pages": { "homeUrl": {{ matrix_client_element_embedded_pages_home_url | string | to_json }} }, {% if matrix_client_element_jitsi_preferredDomain %} From 38c9aa9369b21aa08e6b1aba0adde9793a3e7432 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:53:02 +0300 Subject: [PATCH 077/340] element-web camelCase renaming (settingDefault -> setting_defaults) --- docs/configuring-playbook-client-element.md | 2 +- roles/custom/matrix-client-element/defaults/main.yml | 4 ++-- roles/custom/matrix-client-element/tasks/prepare_themes.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 4 ++-- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-client-element.md b/docs/configuring-playbook-client-element.md index 1f90aca6..ec855601 100644 --- a/docs/configuring-playbook-client-element.md +++ b/docs/configuring-playbook-client-element.md @@ -32,7 +32,7 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo ## Themes -To change the look of Element, you can define your own themes manually by using the `matrix_client_element_settingDefaults_custom_themes` setting. +To change the look of Element, you can define your own themes manually by using the `matrix_client_element_setting_defaults_custom_themes` setting. Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`). diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f238636b..133f9d94 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -207,14 +207,14 @@ matrix_client_element_themes_repository_version: master # Controls the default theme matrix_client_element_default_theme: 'light' -# Controls the `settingsDefault.custom_themes` setting of the Element configuration. +# Controls the `setting_defaults.custom_themes` setting of the Element configuration. # You can use this setting to define custom themes. # # Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically. # If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well. # # Note that for a custom theme to work well, all Element instances that you use must have the same theme installed. -matrix_client_element_settingDefaults_custom_themes: [] # noqa var-naming +matrix_client_element_setting_defaults_custom_themes: [] # noqa var-naming # Default Element configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-client-element/tasks/prepare_themes.yml b/roles/custom/matrix-client-element/tasks/prepare_themes.yml index 70646c94..194335b2 100644 --- a/roles/custom/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml @@ -30,7 +30,7 @@ - name: Load Element theme ansible.builtin.set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming + matrix_client_element_setting_defaults_custom_themes: "{{ matrix_client_element_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming with_items: "{{ matrix_client_element_theme_file_contents.results }}" # diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 4f5fd0ee..e78bd4a7 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -37,6 +37,7 @@ - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} + - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 5465395d..9b5ff153 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -8,8 +8,8 @@ "base_url": {{ matrix_client_element_default_is_url | string | to_json }} } }, - "settingDefaults": { - "custom_themes": {{ matrix_client_element_settingDefaults_custom_themes | to_json }} + "setting_defaults": { + "custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }} }, "default_theme": {{ matrix_client_element_default_theme | string | to_json }}, "default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, From e7c5eff924ffa97b7a9983740f874ecfc89c7390 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:54:48 +0300 Subject: [PATCH 078/340] element-web camelCase renaming (branding.authFooterLinks -> branding.auth_footer_links) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 133f9d94..3152dd72 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -169,7 +169,7 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & col # Links, shown in footer of welcome page: # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}] -matrix_client_element_branding_authFooterLinks: ~ # noqa var-naming +matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming # URL to image, shown during Login matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index e78bd4a7..52aba395 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -38,6 +38,7 @@ - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} + - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 9b5ff153..66b236a9 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -42,7 +42,7 @@ "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json", {% endif %} "branding": { - "authFooterLinks": {{ matrix_client_element_branding_authFooterLinks | to_json }}, + "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, "authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl | to_json }}, "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} } From 1918519e07abf4ac98d083291d0406de084daa22 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:55:44 +0300 Subject: [PATCH 079/340] element-web camelCase renaming (branding.authHeaderLogoUrl -> branding.auth_header_logo_url) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3152dd72..1873dda5 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -172,7 +172,7 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & col matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming # URL to image, shown during Login -matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming +matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming # URL to Wallpaper, shown in background of welcome page matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 52aba395..216143c3 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -39,6 +39,7 @@ - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} + - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 66b236a9..d41523a7 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -43,7 +43,7 @@ {% endif %} "branding": { "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, - "authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl | to_json }}, + "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} } } From e9c0e90147e9502408d9fdcfe0620bd7cfced088 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:56:38 +0300 Subject: [PATCH 080/340] element-web camelCase renaming (branding.welcomeBackgroundUrl -> branding.welcome_background_url) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 1873dda5..ac163001 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -175,7 +175,7 @@ matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming # URL to Wallpaper, shown in background of welcome page -matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming +matrix_client_element_branding_welcome_background_url: ~ # noqa var-naming matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 216143c3..e2241b74 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -40,6 +40,7 @@ - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} + - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index d41523a7..883c89bf 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -44,6 +44,6 @@ "branding": { "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, - "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} + "welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} } } From ae12ab5c24a85ac8defaf7d20a75d9b9258f6b50 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:57:29 +0300 Subject: [PATCH 081/340] Rename variable (matrix_client_element_jitsi_preferredDomain -> matrix_client_element_jitsi_preferredDomain) --- group_vars/matrix_servers | 2 +- roles/custom/matrix-base/defaults/main.yml | 2 +- .../templates/static-files/well-known/matrix-client.j2 | 6 +++--- roles/custom/matrix-client-element/defaults/main.yml | 2 +- .../custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 4 ++-- 6 files changed, 9 insertions(+), 8 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 74f382fa..114fc09f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3341,7 +3341,7 @@ matrix_client_element_enable_presence_by_hs_url: | matrix_client_element_welcome_user_id: ~ -matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" +matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### # diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 637ce3bb..8642ace2 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -158,7 +158,7 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server -matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming +matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 45c3ea2a..4de91a37 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -18,12 +18,12 @@ ] } {% endif %} - {% if matrix_client_element_jitsi_preferredDomain %}, + {% if matrix_client_element_jitsi_preferred_domain %}, "io.element.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} } {% endif %} {% if matrix_sliding_sync_enabled %}, diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index ac163001..917738ae 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -183,7 +183,7 @@ matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/wel # point this to a `home.html` template file on your local filesystem. matrix_client_element_embedded_pages_home_path: ~ -matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming +matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming # Controls whether the self-check feature should validate SSL certificates. matrix_client_element_self_check_validate_certificates: true diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index e2241b74..dc6c9f5a 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -41,6 +41,7 @@ - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} + - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 883c89bf..180a8f81 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -33,9 +33,9 @@ "embedded_pages": { "homeUrl": {{ matrix_client_element_embedded_pages_home_url | string | to_json }} }, - {% if matrix_client_element_jitsi_preferredDomain %} + {% if matrix_client_element_jitsi_preferred_domain %} "jitsi": { - "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferred_domain | to_json }} }, {% endif %} {% if matrix_client_element_location_sharing_enabled %} From 62a086d3e2fc7fcb3a8e47cdccac7fadd8efad85 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Thu, 10 Aug 2023 20:30:11 +0200 Subject: [PATCH 082/340] Update conduit 0.5.0 -> 0.6.0 --- roles/custom/matrix-conduit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 7673a7d2..862e55c2 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -6,7 +6,7 @@ matrix_conduit_enabled: true matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" matrix_conduit_docker_image_name_prefix: "docker.io/" -matrix_conduit_docker_image_tag: "v0.5.0" +matrix_conduit_docker_image_tag: "v0.6.0" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" From 9faa65f05914baa75a5eab06aa429d116c5eefe7 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Thu, 10 Aug 2023 22:07:33 +0200 Subject: [PATCH 083/340] Advertise sliding-sync support when using conduit Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. https://gitlab.com/famedly/conduit/-/releases/v0.6.0 https://gitlab.com/famedly/conduit/-/merge_requests/501 --- .../templates/static-files/well-known/matrix-client.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 4de91a37..549bfc8a 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -30,6 +30,10 @@ "org.matrix.msc3575.proxy": { "url": "{{ matrix_sliding_sync_base_url }}" } + {% elif matrix_homeserver_implementation == 'conduit' %}, + "org.matrix.msc3575.proxy": { + "url": "{{ matrix_homeserver_url }}" + } {% endif %} {% if matrix_client_element_location_sharing_enabled %}, "m.tile_server": { From 837cca4ee16d989f4b336232b13665fcb319af31 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 11 Aug 2023 08:13:49 +0000 Subject: [PATCH 084/340] Move sliding sync url logic out of matrix-client.j2 --- group_vars/matrix_servers | 4 ++++ roles/custom/matrix-base/defaults/main.yml | 6 ++++++ .../templates/static-files/well-known/matrix-client.j2 | 8 ++------ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 114fc09f..1273280e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4018,6 +4018,8 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" +matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" + ###################################################################### # # /matrix-sliding-sync @@ -4107,6 +4109,8 @@ matrix_conduit_systemd_required_services_list: | (['docker.service']) }} +# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. +matrix_homeserver_sliding_sync_url: "{{ matrix_homeserver_url if matrix_conduit_enabled and not matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" ###################################################################### # diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 8642ace2..bb0d579f 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -150,6 +150,12 @@ matrix_homeserver_container_url: "" # This likely gets overriden elsewhere. matrix_homeserver_container_federation_url: "" +# Specifies the public url of the Sync v3 (sliding-sync) API. +# This will be used to set the `org.matrix.msc3575.proxy` property in `/.well-known/matrix/client`. +# Once the API is stabilized, this will no longer be required. +# See MSC3575: https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md +matrix_homeserver_sliding_sync_url: "" + matrix_identity_server_url: ~ matrix_integration_manager_rest_url: ~ diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 549bfc8a..96c301a8 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -26,13 +26,9 @@ "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} } {% endif %} - {% if matrix_sliding_sync_enabled %}, + {% if matrix_homeserver_sliding_sync_url %}, "org.matrix.msc3575.proxy": { - "url": "{{ matrix_sliding_sync_base_url }}" - } - {% elif matrix_homeserver_implementation == 'conduit' %}, - "org.matrix.msc3575.proxy": { - "url": "{{ matrix_homeserver_url }}" + "url": "{{ matrix_homeserver_sliding_sync_url }}" } {% endif %} {% if matrix_client_element_location_sharing_enabled %}, From 28b736fc9d6b39c28165477dc9d73d769edd7818 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 11 Aug 2023 08:30:22 +0000 Subject: [PATCH 085/340] docs: conduit sliding sync support --- docs/configuring-playbook-sliding-sync-proxy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index a0eb36ba..a7aab981 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -12,6 +12,7 @@ Element X Android requires manual compilation to get it working with a non-`matr **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. +**NOTE**: The sliding-sync proxy is **not required** when using the **Conduit homeserver**. Starting from version `0.6.0` Conduit has native support for some sliding sync features. If there are issues with the native implementation, you might have a better experience when enabling the sliding-sync proxy anyway. ## Decide on a domain and path From e01a6f29720577675242c36ff6b7efe6f7c26e44 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 11 Aug 2023 08:46:03 +0000 Subject: [PATCH 086/340] fix: `recursive loop detected in template string` error --- group_vars/matrix_servers | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1273280e..5accdd85 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4018,7 +4018,8 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" -matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" +# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. +matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_url if matrix_conduit_enabled else '' }}" ###################################################################### # @@ -4109,9 +4110,6 @@ matrix_conduit_systemd_required_services_list: | (['docker.service']) }} -# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. -matrix_homeserver_sliding_sync_url: "{{ matrix_homeserver_url if matrix_conduit_enabled and not matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" - ###################################################################### # # /matrix-conduit From 75d4b534844fbcb0df03ad34a2496115786d1529 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 15 Aug 2023 11:17:41 +0300 Subject: [PATCH 087/340] Upgrade ddclient (v3.10.0-ls126 -> v3.10.0-ls131) --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 6369f109..727dfd5b 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls126 +matrix_dynamic_dns_version: v3.10.0-ls131 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 68562173e71ee9a9a4e341151b157ac5821f3a21 Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Tue, 15 Aug 2023 22:37:35 +0800 Subject: [PATCH 088/340] bump synapse to v1.90.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 0e37be32..c48ff09c 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.89.0 +matrix_synapse_version: v1.90.0 matrix_synapse_username: '' matrix_synapse_uid: '' From f55d5be6c3746dfae6411f779c38ab667fd04a79 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 15 Aug 2023 20:59:54 +0300 Subject: [PATCH 089/340] Update Element 1.11.38 -> 1.11.39 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 917738ae..b9a1aaba 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.38 +matrix_client_element_version: v1.11.39 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 8903b1e341b30c928950983c30fef9ac43cb85df Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Aug 2023 07:10:07 +0300 Subject: [PATCH 090/340] Upgrade Heisenbridge (1.14.4 -> 1.14.5) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index cba4d631..c81c4fe6 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.4 +matrix_heisenbridge_version: 1.14.5 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 4574ebbd31888c26dc72a9449e8b6c7427e8bc3f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Aug 2023 09:17:32 +0300 Subject: [PATCH 091/340] Add notes about Dimension being unmaintained Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806 --- docs/configuring-playbook-dimension.md | 2 ++ docs/configuring-playbook.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 4472e103..cafe6f4d 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -3,6 +3,8 @@ **[Dimension](https://dimension.t2bot.io) can only be installed after Matrix services are installed and running.** If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later. +**Note**: Dimension is **[officially unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299)**. We recommend not bothering with installing it. + **Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index a4746a62..85ae79d7 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -30,7 +30,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Additional useful services -- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md)) +- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional; [unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md)) - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) From e7e81f7828911d19924c15c57b00e52655ed4861 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 16 Aug 2023 10:09:22 +0300 Subject: [PATCH 092/340] update nginx 1.25.1 -> 1.25.2 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 2 +- .../matrix-synapse-reverse-proxy-companion/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index d8d73a86..8767fee1 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.25.1-alpine +matrix_nginx_proxy_version: 1.25.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 048ded6b..3a29791c 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -25,7 +25,7 @@ matrix_synapse_reverse_proxy_companion_enabled: true -matrix_synapse_reverse_proxy_companion_version: 1.25.1-alpine +matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" From 4fb0a0222e78ad7adf95dc607e95c4253773fd33 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 16 Aug 2023 10:10:39 +0300 Subject: [PATCH 093/340] Update redis 7.0.10 -> 7.0.12 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0ba980c3..0c85d199 100644 --- a/requirements.yml +++ b/requirements.yml @@ -50,4 +50,4 @@ version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.0.10-0 + version: v7.0.12-0 From 5da7b911f7e422fd91323711370d4d8407ff6238 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 16 Aug 2023 10:23:07 +0300 Subject: [PATCH 094/340] update docker role; update prometheus node exporter (1.6.0 -> 1.6.1) --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index 0c85d199..a44152a3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,7 +32,7 @@ - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.0-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 6.1.0 + version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.0.3-0 @@ -45,7 +45,7 @@ version: v2.45.0-1 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git - version: v1.6.0-0 + version: v1.6.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.13.2-0 name: prometheus_postgres_exporter From afd3e1bd9d4c12f819e0fa09a6755a0b4a2e7170 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Aug 2023 10:38:06 +0300 Subject: [PATCH 095/340] Pin mautrix-gmessages to v0.1.0 Related to https://github.com/mautrix/gmessages/releases/tag/v0.1.0 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 6a6c14b0..9448dfde 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: latest +matrix_mautrix_gmessages_version: v0.1.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" From 33e56f44ca0b167a0c1d36d6ec8623aba4f9d517 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Aug 2023 10:38:49 +0300 Subject: [PATCH 096/340] Upgrade mautrix-whatsapp (0.9.0 -> 0.10.0) --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index a308811a..fb11bc69 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.9.0 +matrix_mautrix_whatsapp_version: v0.10.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From c9a549b1f5359263302c2e97a6e5fdba4cfde191 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Aug 2023 10:39:25 +0300 Subject: [PATCH 097/340] Upgrade mautrix-discord (0.6.0 -> 0.6.1) --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index f9b853bc..1f1e007a 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.0 +matrix_mautrix_discord_version: v0.6.1 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From 221dd613f073d696c571dea6f78317f74370d4f5 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 18 Aug 2023 01:41:30 +0300 Subject: [PATCH 098/340] update etherpad (1.9.0 -> 1.9.2); update ntfy (2.6.2 -> 2.7.0) --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index a44152a3..7490bb6e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -30,7 +30,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.0-0 + version: v1.9.2-0 - src: git+https://github.com/geerlingguy/ansible-role-docker version: 6.2.0 name: geerlingguy.docker @@ -40,7 +40,7 @@ version: v8615-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.6.2-0 + version: v2.7.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.45.0-1 name: prometheus From b7076719c72742f24c32522efc07452d80cb4d94 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 18 Aug 2023 08:50:06 +0300 Subject: [PATCH 099/340] Update redis 7.0.12 -> 7.2.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7490bb6e..af22b877 100644 --- a/requirements.yml +++ b/requirements.yml @@ -50,4 +50,4 @@ version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.0.12-0 + version: v7.2.0-0 From e127e6f464f11c3eabd0692db1f5b400dbbc0b40 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Mon, 21 Aug 2023 14:46:25 +0200 Subject: [PATCH 100/340] Update Draupnir from 1.83.0 to 1.84.0 --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index bd0e2def..b7e56c34 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_version: "v1.83.0" +matrix_bot_draupnir_version: "v1.84.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git" From a9518e721a186e2f23e3a8b67822746211641745 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Mon, 21 Aug 2023 15:10:57 +0200 Subject: [PATCH 101/340] Add Arm64 as valid prebuilt container architecture for Draupnir --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5accdd85..598a5cc1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2000,7 +2000,7 @@ matrix_bot_mjolnir_systemd_required_services_list: | # We don't enable bots by default. matrix_bot_draupnir_enabled: false -matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_bot_draupnir_systemd_required_services_list: | {{ From 454cd836702679968305d64ff6b602eb8030b31a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 22 Aug 2023 09:59:25 +0300 Subject: [PATCH 102/340] Update borgmatic 1.7.15 -> 1.8.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index af22b877..28382d05 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-3 + version: v1.2.4-1.8.2-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 6427397486c647f65fef7853c3db0e7b4267f948 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Aug 2023 19:38:11 +0300 Subject: [PATCH 103/340] Do not hardcode sslmode=disable to Postgres connection strings - make it configurable This is backward-compatible with what we had before. We're not changing the SSL mode - just making it configurable. Most components are defaulting to `sslmode=disable`, while some (`matrix-bot-matrix-reminder-bot` and others) do not specify an `sslmode` at all. We're making sslmode configurable, because certain external Postgres servers may be configured to require SSL encryption. In such cases `sslmode=disable` does not work and needs to be changed to `sslmode=require` or something else (`verify-ca`, `verify-full`, etc). --- .../matrix-bot-buscarron/defaults/main.yml | 3 ++- .../matrix-bot-honoroit/defaults/main.yml | 3 ++- .../custom/matrix-bot-maubot/defaults/main.yml | 3 ++- .../matrix-bot-postmoogle/defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- roles/custom/matrix-dendrite/defaults/main.yml | 1 + .../templates/dendrite/dendrite.yaml.j2 | 18 +++++++++--------- .../custom/matrix-media-repo/defaults/main.yml | 3 ++- .../matrix-sliding-sync/defaults/main.yml | 3 ++- 22 files changed, 50 insertions(+), 29 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 7a31514b..85cea3f5 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -108,8 +108,9 @@ matrix_bot_buscarron_database_password: 'some-password' matrix_bot_buscarron_database_hostname: '' matrix_bot_buscarron_database_port: 5432 matrix_bot_buscarron_database_name: 'buscarron' +matrix_bot_buscarron_database_sslmode: disable -matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable' +matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode={{ matrix_bot_buscarron_database_sslmode }}' matrix_bot_buscarron_storage_database: "{{ { diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index b190c3b7..788b8066 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -105,8 +105,9 @@ matrix_bot_honoroit_database_password: 'some-password' matrix_bot_honoroit_database_hostname: '' matrix_bot_honoroit_database_port: 5432 matrix_bot_honoroit_database_name: 'honoroit' +matrix_bot_honoroit_database_sslmode: disable -matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode=disable' +matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode={{ matrix_bot_honoroit_database_sslmode }}' matrix_bot_honoroit_storage_database: "{{ { diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index a31d8191..5b35b9d9 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -31,8 +31,9 @@ matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_hostname: '' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot +matrix_bot_maubot_database_sslmode: disable -matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable +matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode={{ matrix_bot_maubot_database_sslmode }} matrix_bot_maubot_database_uri: "{{ { diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 0c9db2d7..56882bf1 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -45,8 +45,9 @@ matrix_bot_postmoogle_database_password: 'some-password' matrix_bot_postmoogle_database_hostname: '' matrix_bot_postmoogle_database_port: 5432 matrix_bot_postmoogle_database_name: 'postmoogle' +matrix_bot_postmoogle_database_sslmode: disable -matrix_bot_postmoogle_database_connection_string: 'postgres://{{ matrix_bot_postmoogle_database_username }}:{{ matrix_bot_postmoogle_database_password }}@{{ matrix_bot_postmoogle_database_hostname }}:{{ matrix_bot_postmoogle_database_port }}/{{ matrix_bot_postmoogle_database_name }}?sslmode=disable' +matrix_bot_postmoogle_database_connection_string: 'postgres://{{ matrix_bot_postmoogle_database_username }}:{{ matrix_bot_postmoogle_database_password }}@{{ matrix_bot_postmoogle_database_hostname }}:{{ matrix_bot_postmoogle_database_port }}/{{ matrix_bot_postmoogle_database_name }}?sslmode={{ matrix_bot_postmoogle_database_sslmode }}' matrix_bot_postmoogle_storage_database: "{{ { diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 2611da8a..b0cf5bc4 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -33,10 +33,11 @@ matrix_appservice_irc_database_password: 'some-password' matrix_appservice_irc_database_hostname: '' matrix_appservice_irc_database_port: 5432 matrix_appservice_irc_database_name: matrix_appservice_irc +matrix_appservice_irc_database_sslmode: disable # This is just the Postgres connection string, if Postgres is used. # Naming clashes with `matrix_appservice_irc_database_connectionString` somewhat. -matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode=disable' +matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode={{ matrix_appservice_irc_database_sslmode }}' # This is what actually goes into `database.connectionString` for the bridge. matrix_appservice_irc_database_connectionString: |- # noqa var-naming diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index a3ea586b..d8b10757 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -61,10 +61,11 @@ matrix_appservice_slack_database_password: 'some-passsword' matrix_appservice_slack_database_hostname: '' matrix_appservice_slack_database_port: 5432 matrix_appservice_slack_database_name: matrix_appservice_slack +matrix_appservice_slack_database_sslmode: disable # This is just the Postgres connection string, if Postgres is used. # Naming clashes with `matrix_appservice_slack_database_connectionString` somewhat. -matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode=disable' +matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode={{ matrix_appservice_slack_database_sslmode }}' # This is what actually goes into `database.connectionString` for the bridge. matrix_appservice_slack_database_connectionString: |- # noqa var-naming diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 75e9de55..a18740ad 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -61,8 +61,9 @@ matrix_beeper_linkedin_database_password: 'some-password' matrix_beeper_linkedin_database_hostname: '' matrix_beeper_linkedin_database_port: 5432 matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' +matrix_beeper_linkedin_database_sslmode: disable -matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable' +matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode={{ matrix_beeper_linkedin_database_sslmode }}' matrix_beeper_linkedin_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 477f2127..02ec422e 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -59,8 +59,9 @@ matrix_go_skype_bridge_database_password: 'some-password' matrix_go_skype_bridge_database_hostname: '' matrix_go_skype_bridge_database_port: 5432 matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' +matrix_go_skype_bridge_database_sslmode: disable -matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable' +matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode={{ matrix_go_skype_bridge_database_sslmode }}' matrix_go_skype_bridge_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 1f1e007a..36fd5fef 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -70,8 +70,9 @@ matrix_mautrix_discord_database_password: 'some-password' matrix_mautrix_discord_database_hostname: '' matrix_mautrix_discord_database_port: 5432 matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' +matrix_mautrix_discord_database_sslmode: disable -matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode=disable' +matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode={{ matrix_mautrix_discord_database_sslmode }}' matrix_mautrix_discord_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 9448dfde..8d5ce244 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -74,8 +74,9 @@ matrix_mautrix_gmessages_database_password: 'some-password' matrix_mautrix_gmessages_database_hostname: '' matrix_mautrix_gmessages_database_port: 5432 matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages' +matrix_mautrix_gmessages_database_sslmode: disable -matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode=disable' +matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode={{ matrix_mautrix_gmessages_database_sslmode }}' matrix_mautrix_gmessages_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 2b6c7752..5266e25c 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -66,8 +66,9 @@ matrix_mautrix_slack_database_password: 'some-password' matrix_mautrix_slack_database_hostname: '' matrix_mautrix_slack_database_port: 5432 matrix_mautrix_slack_database_name: 'matrix_mautrix_slack' +matrix_mautrix_slack_database_sslmode: disable -matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode=disable' +matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode={{ matrix_mautrix_slack_database_sslmode }}' matrix_mautrix_slack_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index fb11bc69..9f630f51 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -74,8 +74,9 @@ matrix_mautrix_whatsapp_database_password: 'some-password' matrix_mautrix_whatsapp_database_hostname: '' matrix_mautrix_whatsapp_database_port: 5432 matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' +matrix_mautrix_whatsapp_database_sslmode: disable -matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode=disable' +matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode={{ matrix_mautrix_whatsapp_database_sslmode }}' matrix_mautrix_whatsapp_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index be691157..90ad2f0f 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -69,8 +69,9 @@ matrix_mx_puppet_discord_database_password: ~ matrix_mx_puppet_discord_database_hostname: '' matrix_mx_puppet_discord_database_port: 5432 matrix_mx_puppet_discord_database_name: matrix_mx_puppet_discord +matrix_mx_puppet_discord_database_sslmode: disable -matrix_mx_puppet_discord_database_connection_string: 'postgresql://{{ matrix_mx_puppet_discord_database_username }}:{{ matrix_mx_puppet_discord_database_password }}@{{ matrix_mx_puppet_discord_database_hostname }}:{{ matrix_mx_puppet_discord_database_port }}/{{ matrix_mx_puppet_discord_database_name }}?sslmode=disable' +matrix_mx_puppet_discord_database_connection_string: 'postgresql://{{ matrix_mx_puppet_discord_database_username }}:{{ matrix_mx_puppet_discord_database_password }}@{{ matrix_mx_puppet_discord_database_hostname }}:{{ matrix_mx_puppet_discord_database_port }}/{{ matrix_mx_puppet_discord_database_name }}?sslmode={{ matrix_mx_puppet_discord_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml index ca9d7668..c176c6eb 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -65,8 +65,9 @@ matrix_mx_puppet_groupme_database_password: ~ matrix_mx_puppet_groupme_database_hostname: '' matrix_mx_puppet_groupme_database_port: 5432 matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme +matrix_mx_puppet_groupme_database_sslmode: disable -matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode=disable' +matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode={{ matrix_mx_puppet_groupme_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 0f6dd443..638d1558 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -59,8 +59,9 @@ matrix_mx_puppet_instagram_database_password: ~ matrix_mx_puppet_instagram_database_hostname: '' matrix_mx_puppet_instagram_database_port: 5432 matrix_mx_puppet_instagram_database_name: matrix_mx_puppet_instagram +matrix_mx_puppet_instagram_database_sslmode: disable -matrix_mx_puppet_instagram_database_connection_string: 'postgresql://{{ matrix_mx_puppet_instagram_database_username }}:{{ matrix_mx_puppet_instagram_database_password }}@{{ matrix_mx_puppet_instagram_database_hostname }}:{{ matrix_mx_puppet_instagram_database_port }}/{{ matrix_mx_puppet_instagram_database_name }}?sslmode=disable' +matrix_mx_puppet_instagram_database_connection_string: 'postgresql://{{ matrix_mx_puppet_instagram_database_username }}:{{ matrix_mx_puppet_instagram_database_password }}@{{ matrix_mx_puppet_instagram_database_hostname }}:{{ matrix_mx_puppet_instagram_database_port }}/{{ matrix_mx_puppet_instagram_database_name }}?sslmode={{ matrix_mx_puppet_instagram_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml index b428c40b..9e79465d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -73,8 +73,9 @@ matrix_mx_puppet_slack_database_password: ~ matrix_mx_puppet_slack_database_hostname: '' matrix_mx_puppet_slack_database_port: 5432 matrix_mx_puppet_slack_database_name: matrix_mx_puppet_slack +matrix_mx_puppet_slack_database_sslmode: disable -matrix_mx_puppet_slack_database_connection_string: 'postgresql://{{ matrix_mx_puppet_slack_database_username }}:{{ matrix_mx_puppet_slack_database_password }}@{{ matrix_mx_puppet_slack_database_hostname }}:{{ matrix_mx_puppet_slack_database_port }}/{{ matrix_mx_puppet_slack_database_name }}?sslmode=disable' +matrix_mx_puppet_slack_database_connection_string: 'postgresql://{{ matrix_mx_puppet_slack_database_username }}:{{ matrix_mx_puppet_slack_database_password }}@{{ matrix_mx_puppet_slack_database_hostname }}:{{ matrix_mx_puppet_slack_database_port }}/{{ matrix_mx_puppet_slack_database_name }}?sslmode={{ matrix_mx_puppet_slack_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml index 9efedb13..e9a03c89 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -65,8 +65,9 @@ matrix_mx_puppet_steam_database_password: ~ matrix_mx_puppet_steam_database_hostname: '' matrix_mx_puppet_steam_database_port: 5432 matrix_mx_puppet_steam_database_name: matrix_mx_puppet_steam +matrix_mx_puppet_steam_database_sslmode: disable -matrix_mx_puppet_steam_database_connection_string: 'postgresql://{{ matrix_mx_puppet_steam_database_username }}:{{ matrix_mx_puppet_steam_database_password }}@{{ matrix_mx_puppet_steam_database_hostname }}:{{ matrix_mx_puppet_steam_database_port }}/{{ matrix_mx_puppet_steam_database_name }}?sslmode=disable' +matrix_mx_puppet_steam_database_connection_string: 'postgresql://{{ matrix_mx_puppet_steam_database_username }}:{{ matrix_mx_puppet_steam_database_password }}@{{ matrix_mx_puppet_steam_database_hostname }}:{{ matrix_mx_puppet_steam_database_port }}/{{ matrix_mx_puppet_steam_database_name }}?sslmode={{ matrix_mx_puppet_steam_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 8e5e82f0..932c3462 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -74,8 +74,9 @@ matrix_mx_puppet_twitter_database_password: ~ matrix_mx_puppet_twitter_database_hostname: '' matrix_mx_puppet_twitter_database_port: 5432 matrix_mx_puppet_twitter_database_name: matrix_mx_puppet_twitter +matrix_mx_puppet_twitter_database_sslmode: disable -matrix_mx_puppet_twitter_database_connection_string: 'postgresql://{{ matrix_mx_puppet_twitter_database_username }}:{{ matrix_mx_puppet_twitter_database_password }}@{{ matrix_mx_puppet_twitter_database_hostname }}:{{ matrix_mx_puppet_twitter_database_port }}/{{ matrix_mx_puppet_twitter_database_name }}?sslmode=disable' +matrix_mx_puppet_twitter_database_connection_string: 'postgresql://{{ matrix_mx_puppet_twitter_database_username }}:{{ matrix_mx_puppet_twitter_database_password }}@{{ matrix_mx_puppet_twitter_database_hostname }}:{{ matrix_mx_puppet_twitter_database_port }}/{{ matrix_mx_puppet_twitter_database_name }}?sslmode={{ matrix_mx_puppet_twitter_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 5cfbfe15..b18f396d 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -156,6 +156,7 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" +matrix_dendrite_database_sslmode: disable matrix_dendrite_federation_api_database: "dendrite_federationapi" matrix_dendrite_key_server_database: "dendrite_keyserver" matrix_dendrite_media_api_database: "dendrite_mediaapi" diff --git a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 3c1e56e5..2ca9b062 100644 --- a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -223,7 +223,7 @@ federation_api: external_api: listen: http://0.0.0.0:8072 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federation_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federation_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -266,7 +266,7 @@ key_server: listen: http://0.0.0.0:7779 connect: http://key_server:7779 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_key_server_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_key_server_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -279,7 +279,7 @@ media_api: external_api: listen: http://0.0.0.0:8074 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_media_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_media_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -318,7 +318,7 @@ mscs: # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) mscs: [] database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_mscs_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_mscs_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 5 max_idle_conns: 2 conn_max_lifetime: -1 @@ -329,7 +329,7 @@ room_server: listen: http://0.0.0.0:7770 connect: http://room_server:7770 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_room_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_room_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -342,7 +342,7 @@ sync_api: external_api: listen: http://0.0.0.0:8073 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_sync_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_sync_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -376,7 +376,7 @@ user_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 account_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_user_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_user_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -394,7 +394,7 @@ push_server: listen: http://localhost:7782 connect: http://localhost:7782 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_push_server_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_push_server_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -403,7 +403,7 @@ push_server: # relay_api: database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_relay_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_relay_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 312e0258..488289d1 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -112,9 +112,10 @@ matrix_media_repo_database_password: "your_password" matrix_media_repo_database_hostname: "{{ devture_postgres_identifier }}" matrix_media_repo_database_port: 5432 matrix_media_repo_database_name: "matrix_media_repo" +matrix_media_repo_database_sslmode: disable # Currently only "postgres" is supported. -matrix_media_repo_database_postgres: "postgres://{{ matrix_media_repo_database_username }}:{{ matrix_media_repo_database_password }}@{{ matrix_media_repo_database_hostname }}:{{ matrix_media_repo_database_port }}/{{ matrix_media_repo_database_name }}?sslmode=disable" +matrix_media_repo_database_postgres: "postgres://{{ matrix_media_repo_database_username }}:{{ matrix_media_repo_database_password }}@{{ matrix_media_repo_database_hostname }}:{{ matrix_media_repo_database_port }}/{{ matrix_media_repo_database_name }}?sslmode={{ matrix_media_repo_database_sslmode }}" # The database pooling options diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 97301597..c0347d2f 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -82,10 +82,11 @@ matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_ur matrix_sliding_sync_environment_variable_syncv3_secret: '' # Controls the SYNCV3_DB environment variable -matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode=disable' +matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}' matrix_sliding_sync_database_username: 'matrix_sliding_sync' matrix_sliding_sync_database_password: '' matrix_sliding_sync_database_hostname: '' matrix_sliding_sync_database_port: 5432 matrix_sliding_sync_database_name: 'matrix_sliding_sync' +matrix_sliding_sync_database_sslmode: disable From 4299d4ebd59ba2643ddb7e893fb3ba9afd7e559b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Swetz=C3=A9n?= Date: Wed, 23 Aug 2023 14:05:32 +0200 Subject: [PATCH 104/340] wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor Co-authored-by: Miguel Alatzar Co-authored-by: Shreyas Ajjarapu Co-authored-by: Slavi Pantaleev --- docs/configuring-dns.md | 3 + ...iguring-playbook-bridge-mautrix-wsproxy.md | 22 +++ group_vars/matrix_servers | 68 ++++++++ roles/custom/matrix-base/defaults/main.yml | 3 + .../defaults/main.yml | 155 ++++++++++++++++++ .../tasks/inject_into_nginx_proxy.yml | 48 ++++++ .../tasks/main.yml | 29 ++++ .../tasks/setup_install.yml | 121 ++++++++++++++ .../tasks/setup_uninstall.yml | 47 ++++++ .../tasks/validate_config.yml | 13 ++ .../templates/config.yaml.j2 | 14 ++ .../templates/syncproxy-env.j2 | 3 + ...atrix-mautrix-wsproxy-syncproxy.service.j2 | 40 +++++ .../systemd/matrix-mautrix-wsproxy.service.j2 | 51 ++++++ .../templates/wsproxy-labels.j2 | 34 ++++ .../matrix-nginx-proxy/defaults/main.yml | 7 + .../tasks/setup_nginx_proxy.yml | 13 ++ .../conf.d/matrix-mautrix-wsproxy.conf.j2 | 110 +++++++++++++ setup.yml | 1 + 19 files changed, 782 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mautrix-wsproxy.md create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 create mode 100644 roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index d7ccf17e..86253458 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -42,6 +42,7 @@ When you're done configuring DNS, proceed to [Configuring the playbook](configur | [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.` | | [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | | [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | +| [wsproxy](configuring-playbook-bridge-mautrix-wsproxy.md) sms bridge | CNAME | `wsproxy` | - | - | - | `matrix.` | | [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | | [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | @@ -75,6 +76,8 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. +The `wsproxy.` subdomain may be necessary, because this playbook could install the [wsproxy](https://github.com/mautrix/wsproxy) web client. The installation of wsproxy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring wsproxy guide](configuring-playbook-bridge-mautrix-wsproxy.md). If you do not wish to set up wsproxy, feel free to skip the `wsproxy.` DNS record. + The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://gitlab.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-bridge-mautrix-wsproxy.md b/docs/configuring-playbook-bridge-mautrix-wsproxy.md new file mode 100644 index 00000000..462f1027 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md @@ -0,0 +1,22 @@ +# Setting up Mautrix wsproxy (optional) + +The playbook can install and configure [mautrix-wsproxy](https://github.com/mautrix/wsproxy) for you. + +See the project's [documentation](https://github.com/mautrix/wsproxy#readme) to learn what it does and why it might be useful to you. + +Use the following playbook configuration: + +```yaml +matrix_mautrix_wsproxy_enabled: true +matrix_mautrix_androidsms_appservice_token: 'secret token from bridge' +matrix_mautrix_androidsms_homeserver_token: 'secret token from bridge' +matrix_mautrix_imessage_appservice_token: 'secret token from bridge' +matrix_mautrix_imessage_homeserver_token: 'secret token from bridge' +matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge' +``` + +Note that the tokens must match what is compiled into the `mautrix-imessage` bridge running on Mac and Android. + +## Usage + +Follow the [matrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 598a5cc1..816fb2b1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -105,6 +105,10 @@ matrix_homeserver_container_extra_arguments_auto: | + (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/androidsms-registration.yaml,dst=/matrix-mautrix-androidsms-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/imessage-registration.yaml,dst=/matrix-mautrix-imessage-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else []) + + (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else []) + (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else []) @@ -164,6 +168,10 @@ matrix_homeserver_app_service_config_files_auto: | + (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else []) + + (['/matrix-mautrix-androidsms-registration.yaml'] if matrix_mautrix_wsproxy_enabled else []) + + + (['/matrix-mautrix-imessage-registration.yaml'] if matrix_mautrix_wsproxy_enabled else []) + + (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else []) + (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else []) @@ -278,6 +286,10 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else []) + + ([{'name': 'matrix-mautrix-wsproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy']}] if matrix_mautrix_wsproxy_enabled else []) + + + ([{'name': 'matrix-mautrix-wsproxy-syncproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy-syncproxy']}] if matrix_mautrix_wsproxy_enabled else []) + + ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else []) + ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else []) @@ -1204,6 +1216,53 @@ matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_ # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-wsproxy +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_wsproxy_enabled: false + +matrix_mautrix_wsproxy_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}" + +matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}" + +matrix_mautrix_wsproxy_container_additional_networks: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + + + ([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_nginx_proxy_container_network != matrix_mautrix_wsproxy_container_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network else []) + ) | unique + }} + +matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +###################################################################### +# +# /matrix-bridge-mautrix-wsproxy +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-whatsapp @@ -2698,6 +2757,7 @@ matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and mat matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" +matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled: "{{ matrix_mautrix_wsproxy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" @@ -2837,6 +2897,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + + ([matrix_server_fqn_mautrix_wsproxy] if matrix_mautrix_wsproxy_enabled else []) + + ([ntfy_hostname] if ntfy_enabled else []) + ([matrix_server_fqn_rageshake] if matrix_rageshake_enabled else []) @@ -3055,6 +3117,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_mautrix_signal_database_password, }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_mautrix_wsproxy_syncproxy_database_name, + 'username': matrix_mautrix_wsproxy_syncproxy_database_username, + 'password': matrix_mautrix_wsproxy_syncproxy_database_password, + }] if (matrix_mautrix_wsproxy_enabled and matrix_mautrix_wsproxy_syncproxy_database_engine == 'postgres' and matrix_mautrix_wsproxy_syncproxy_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_telegram_database_name, 'username': matrix_mautrix_telegram_database_username, diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index bb0d579f..cd85b0ab 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -93,6 +93,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}" # This is where you access the Sygnal push gateway. matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" +# This is where you access the mautrix wsproxy push gateway. +matrix_server_fqn_mautrix_wsproxy: "wsproxy.{{ matrix_domain }}" + # This is where you access the ntfy push notification service. matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml new file mode 100644 index 00000000..b7cd06d6 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml @@ -0,0 +1,155 @@ +--- +# mautrix-wsproxy is a Matrix <-> websocket bridge +# See: https://github.com/mautrix/wsproxy + +matrix_mautrix_wsproxy_enabled: true + +matrix_mautrix_wsproxy_version: latest +# See: https://mau.dev/mautrix/wsproxy/container_registry +matrix_mautrix_wsproxy_docker_image: "dock.mau.dev/mautrix/wsproxy:{{ matrix_mautrix_wsproxy_version }}" +matrix_mautrix_wsproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_docker_image.endswith(':latest') }}" + +matrix_mautrix_wsproxy_base_path: "{{ matrix_base_data_path }}/wsproxy" +matrix_mautrix_wsproxy_config_path: "{{ matrix_mautrix_wsproxy_base_path }}/config" + +matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}" + +matrix_mautrix_wsproxy_bind_port: false +matrix_mautrix_wsproxy_port: 29331 + +matrix_mautrix_wsproxy_appservice_address: "http://matrix-mautrix-wsproxy:{{ matrix_mautrix_wsproxy_port }}" + +matrix_mautrix_wsproxy_hostname: "" + +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_mautrix_wsproxy_container_network: matrix-mautrix-wsproxy + +# matrix_mautrix_wsproxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. +# See `../templates/labels.j2` for details. +# +# To inject your own other container labels, see `matrix_mautrix_wsproxy_container_labels_additional_labels`. +matrix_mautrix_wsproxy_container_labels_traefik_enabled: true +matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_mautrix_wsproxy_container_network }}" +matrix_mautrix_wsproxy_container_labels_traefik_hostname: "{{ matrix_mautrix_wsproxy_hostname }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/wsproxy`). +matrix_mautrix_wsproxy_container_labels_traefik_rule: "Host(`{{ matrix_mautrix_wsproxy_container_labels_traefik_hostname }}`)" +matrix_mautrix_wsproxy_container_labels_traefik_priority: 0 +matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: web-secure +matrix_mautrix_wsproxy_container_labels_traefik_tls: "{{ matrix_mautrix_wsproxy_container_labels_traefik_entrypoints != 'web' }}" +matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom` +matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_auto: {} +matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom: {} +matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers: "{{ matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_auto | combine(matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom) }}" + +# matrix_mautrix_wsproxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_mautrix_wsproxy_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_mautrix_wsproxy_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_mautrix_wsproxy_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-wsproxy.service depends on. +matrix_mautrix_wsproxy_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-wsproxy.service wants +matrix_mautrix_wsproxy_systemd_wanted_services_list: [] + +matrix_mautrix_androidsms_appservice_token: '' +matrix_mautrix_androidsms_homeserver_token: '' + +matrix_mautrix_imessage_appservice_token: '' +matrix_mautrix_imessage_homeserver_token: '' + +matrix_mautrix_androidsms_appservice_bot_username: androidsmsbot +matrix_mautrix_imessage_appservice_bot_username: imessagebot + +# Default mautrix-wsproxy configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_wsproxy_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_wsproxy_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_wsproxy_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_wsproxy_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_wsproxy_configuration_yaml`. + +matrix_mautrix_wsproxy_configuration_extension: "{{ matrix_mautrix_wsproxy_configuration_extension_yaml|from_yaml if matrix_mautrix_wsproxy_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_wsproxy_configuration_yaml`. +matrix_mautrix_wsproxy_configuration: "{{ matrix_mautrix_wsproxy_configuration_yaml|from_yaml|combine(matrix_mautrix_wsproxy_configuration_extension, recursive=True) }}" + +matrix_mautrix_androidsms_registration_yaml: | + id: androidsms + url: {{ matrix_mautrix_wsproxy_appservice_address }} + as_token: "{{ matrix_mautrix_androidsms_appservice_token }}" + hs_token: "{{ matrix_mautrix_androidsms_homeserver_token }}" + sender_localpart: _bot_{{ matrix_mautrix_androidsms_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '@androidsms_.+:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_androidsms_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + +matrix_mautrix_androidsms_registration: "{{ matrix_mautrix_androidsms_registration_yaml|from_yaml }}" + +matrix_mautrix_imessage_registration_yaml: | + id: imessage + url: {{ matrix_mautrix_wsproxy_appservice_address }} + as_token: "{{ matrix_mautrix_imessage_appservice_token }}" + hs_token: "{{ matrix_mautrix_imessage_homeserver_token }}" + sender_localpart: _bot_{{ matrix_mautrix_imessage_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '@imessage_.+:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_imessage_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + +matrix_mautrix_imessage_registration: "{{ matrix_mautrix_imessage_registration_yaml|from_yaml }}" + +# Syncproxy-related configuration fields +matrix_mautrix_wsproxy_syncproxy_version: latest +# See: https://mau.dev/mautrix/wsproxy/container_registry +matrix_mautrix_wsproxy_syncproxy_docker_image: "dock.mau.dev/mautrix/syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_version }}" +matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image.endswith(':latest') }}" +matrix_mautrix_wsproxy_syncproxy_container_extra_arguments: [] + +matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list: ['docker.service', 'matrix-mautrix-wsproxy.service'] +matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list: [] + +matrix_mautrix_wsproxy_syncproxy_shared_secret: '' +matrix_mautrix_wsproxy_syncproxy_port: 29332 +matrix_mautrix_wsproxy_syncproxy_appservice_address: "http://matrix-mautrix-wsproxy-syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_port }}" + +# Database-related configuration fields +# +# This bridge supports Postgres and SQLite. +# +matrix_mautrix_wsproxy_syncproxy_database_engine: 'postgres' + +matrix_mautrix_wsproxy_syncproxy_database_username: 'matrix_mautrix_wsproxy_syncproxy' +matrix_mautrix_wsproxy_syncproxy_database_password: 'some-password' +matrix_mautrix_wsproxy_syncproxy_database_hostname: 'matrix-postgres' +matrix_mautrix_wsproxy_syncproxy_database_port: 5432 +matrix_mautrix_wsproxy_syncproxy_database_name: 'matrix_mautrix_wsproxy_syncproxy' + +matrix_mautrix_signal_wsproxy_syncproxy_connection_string: 'postgres://{{ matrix_mautrix_wsproxy_syncproxy_database_username }}:{{ matrix_mautrix_wsproxy_syncproxy_database_password }}@{{ matrix_mautrix_wsproxy_syncproxy_database_hostname }}:{{ matrix_mautrix_wsproxy_syncproxy_database_port }}/{{ matrix_mautrix_wsproxy_syncproxy_database_name }}' diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..9e30d707 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,48 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Wsproxy reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-wsproxy role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- tags: + - always + when: matrix_mautrix_wsproxy_enabled|bool + block: + - name: Generate Mautrix Wsproxy proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_wsproxy_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/wsproxy/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-wsproxy:29331"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:29331; + {% endif %} + } + + - name: Register Mautrix Wsproxy proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_wsproxy_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix wsproxy bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_wsproxy_public_endpoint }}` + URL endpoint to the matrix-mautrix-wsproxy container. + You can expose the container's port using the `matrix_mautrix_wsproxy_container_http_host_bind_port` variable. + when: "matrix_mautrix_wsproxy_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml new file mode 100644 index 00000000..e41d555a --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + block: + - when: matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + +- tags: + - setup-all + - setup-mautrix-wsproxy + - install-all + - install-mautrix-wsproxy + block: + - when: matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-mautrix-wsproxy + block: + - when: not matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml new file mode 100644 index 00000000..6ea93639 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -0,0 +1,121 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-mautrix-wsproxy role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- ansible.builtin.set_fact: + matrix_mautrix_wsproxy_requires_restart: false + +- ansible.builtin.set_fact: + matrix_mautrix_wsproxy_syncproxy_requires_restart: false + +- name: Ensure Mautrix wsproxy support files installed + ansible.builtin.template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_mautrix_wsproxy_base_path }}/{{ item }}" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - syncproxy-env + - wsproxy-labels + +- name: Ensure Mautrix wsproxy image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_wsproxy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_wsproxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_wsproxy_docker_image_force_pull }}" + +- name: Ensure Mautrix syncproxy image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull }}" + +- name: Ensure Mautrix wsproxy paths exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_mautrix_wsproxy_base_path }}" + - "{{ matrix_mautrix_wsproxy_config_path }}" + +- name: Check if an old matrix state file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_wsproxy_base_path }}/mx-state.json" + register: matrix_mautrix_wsproxy_stat_mx_state + +- name: Ensure mautrix-wsproxy config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_wsproxy_configuration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_wsproxy_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-androidsms registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_androidsms_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_wsproxy_config_path }}/androidsms-registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-imessage registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_imessage_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_wsproxy_config_path }}/imessage-registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-wsproxy container network is created + community.general.docker_network: + name: "{{ matrix_mautrix_wsproxy_container_network }}" + driver: bridge + +- name: Ensure matrix-mautrix-wsproxy.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-wsproxy.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy.service" + mode: 0644 + register: matrix_mautrix_wsproxy_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-wsproxy.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-wsproxy.service" + state: restarted + when: "matrix_mautrix_wsproxy_requires_restart|bool" + +- name: Ensure matrix-mautrix-wsproxy-syncproxy.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy-syncproxy.service" + mode: 0644 + register: matrix_mautrix_wsproxy_syncproxy_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy-syncproxy.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_syncproxy_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-wsproxy-syncproxy.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-wsproxy-syncproxy.service" + state: restarted + when: "matrix_mautrix_wsproxy_syncproxy_requires_restart|bool" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml new file mode 100644 index 00000000..c39fd29f --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml @@ -0,0 +1,47 @@ +--- + +- name: Check existence of matrix-mautrix-wsproxy service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy.service" + register: matrix_mautrix_wsproxy_service_stat + +- name: Ensure matrix-mautrix-wsproxy is stopped + ansible.builtin.service: + name: matrix-mautrix-wsproxy + state: stopped + daemon_reload: true + when: "matrix_mautrix_wsproxy_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-wsproxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy.service" + state: absent + when: "matrix_mautrix_wsproxy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_service_stat.stat.exists" + +- name: Check existence of matrix-mautrix-wsproxy-syncproxy service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy-syncproxy.service" + register: matrix_mautrix_wsproxy_syncproxy_service_stat + +- name: Ensure matrix-mautrix-wsproxy-syncproxy is stopped + ansible.builtin.service: + name: matrix-mautrix-wsproxy-syncproxy + state: stopped + daemon_reload: true + when: "matrix_mautrix_wsproxy_syncproxy_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-wsproxy-syncproxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy-syncproxy.service" + state: absent + when: "matrix_mautrix_wsproxy_syncproxy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy-syncproxy.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_syncproxy_service_stat.stat.exists" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml new file mode 100644 index 00000000..0db36f95 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml @@ -0,0 +1,13 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_androidsms_appservice_token" + - "matrix_mautrix_androidsms_homeserver_token" + - "matrix_mautrix_imessage_appservice_token" + - "matrix_mautrix_imessage_homeserver_token" + - "matrix_mautrix_wsproxy_syncproxy_shared_secret" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 new file mode 100644 index 00000000..2c793261 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 @@ -0,0 +1,14 @@ +listen_address: 0.0.0.0:29331 +appservices: + - id: androidsms + as: {{ matrix_mautrix_androidsms_appservice_token | to_json }} + hs: {{ matrix_mautrix_androidsms_homeserver_token | to_json }} + - id: imessage + as: {{ matrix_mautrix_imessage_appservice_token | to_json }} + hs: {{ matrix_mautrix_imessage_homeserver_token | to_json }} +sync_proxy: + # The URL that mautrix-wsproxy can use to reach mautrix-syncproxy + url: {{ matrix_mautrix_wsproxy_syncproxy_appservice_address | to_json }} + # The URL that mautrix-syncproxy can use to reach mautrix-wsproxy + wsproxy_url: {{ matrix_mautrix_wsproxy_appservice_address | to_json }} + shared_secret: {{ matrix_mautrix_wsproxy_syncproxy_shared_secret | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 new file mode 100644 index 00000000..bc23e54b --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 @@ -0,0 +1,3 @@ +DATABASE_URL={{ matrix_mautrix_signal_wsproxy_syncproxy_connection_string }} +HOMESERVER_URL={{ matrix_homeserver_container_url }} +SHARED_SECRET={{ matrix_mautrix_wsproxy_syncproxy_shared_secret }} \ No newline at end of file diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 new file mode 100644 index 00000000..4531e12e --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 @@ -0,0 +1,40 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix wsproxy syncproxy +{% for service in matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-wsproxy-syncproxy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_mautrix_wsproxy_base_path }}/syncproxy-env \ + {% for arg in matrix_mautrix_wsproxy_syncproxy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_wsproxy_syncproxy_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-wsproxy-syncproxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 new file mode 100644 index 00000000..0965efa3 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 @@ -0,0 +1,51 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix wsproxy bridge +{% for service in matrix_mautrix_wsproxy_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_wsproxy_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create --rm --name matrix-mautrix-wsproxy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_mautrix_wsproxy_bind_port %} + -p {{ matrix_mautrix_wsproxy_port }}:29331 \ + {% endif %} + --mount type=bind,src={{ matrix_mautrix_wsproxy_config_path }},dst=/data \ + --label-file={{ matrix_mautrix_wsproxy_base_path }}/wsproxy-labels \ + {% for arg in matrix_mautrix_wsproxy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_wsproxy_docker_image }} \ + /usr/bin/mautrix-wsproxy -config /data/config.yaml + +{% for network in matrix_mautrix_wsproxy_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-wsproxy +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-mautrix-wsproxy + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-wsproxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 new file mode 100644 index 00000000..f16a631e --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 @@ -0,0 +1,34 @@ +{% if matrix_mautrix_wsproxy_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_mautrix_wsproxy_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_mautrix_wsproxy_container_labels_traefik_docker_network }} +{% endif %} + +{% set middlewares = [] %} + +{% if matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-mautrix-wsproxy-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-mautrix-wsproxy-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-mautrix-wsproxy.rule={{ matrix_mautrix_wsproxy_container_labels_traefik_rule }} +{% if matrix_mautrix_wsproxy_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-mautrix-wsproxy.priority={{ matrix_mautrix_wsproxy_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-mautrix-wsproxy.service=matrix-mautrix-wsproxy +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-mautrix-wsproxy.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-mautrix-wsproxy.entrypoints={{ matrix_mautrix_wsproxy_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-mautrix-wsproxy.tls={{ matrix_mautrix_wsproxy_container_labels_traefik_tls | to_json }} +{% if matrix_mautrix_wsproxy_container_labels_traefik_tls %} +traefik.http.routers.matrix-mautrix-wsproxy.tls.certResolver={{ matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver }} +{% endif %} + +traefik.http.services.matrix-mautrix-wsproxy.loadbalancer.server.port={{ matrix_mautrix_wsproxy_port }} +{% endif %} + +{{ matrix_mautrix_wsproxy_container_labels_additional_labels }} diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 8767fee1..a817b225 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -253,6 +253,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying the mautrix wsproxy should be done. +matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled: false +matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname: "{{ matrix_server_fqn_mautrix_wsproxy }}" + # Controls whether proxying the ntfy domain should be done. matrix_nginx_proxy_proxy_ntfy_enabled: false matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" @@ -441,6 +445,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf). matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to mautrix wsproxy server configuration (matrix-mautrix-wsproxy.conf). +matrix_nginx_proxy_proxy_mautrix_wsproxy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf). matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: [] diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 1a55e28f..2c54d675 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -178,6 +178,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_ntfy_enabled | bool +- name: Ensure Matrix nginx-proxy configuration for mautrix wsproxy exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-mautrix-wsproxy.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" @@ -334,6 +341,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_ntfy_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for mautrix wsproxy deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-mautrix-wsproxy.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for etherpad domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 new file mode 100644 index 00000000..47e4c432 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 @@ -0,0 +1,110 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Frame-Options SAMEORIGIN; + + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + + {% for configuration_block in matrix_nginx_proxy_proxy_mautrix_wsproxy_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "wsproxy:29331"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:29331; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_send_timeout 1d; + proxy_read_timeout 1d; + + tcp_nodelay on; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/setup.yml b/setup.yml index 4da64ff4..0c324700 100644 --- a/setup.yml +++ b/setup.yml @@ -61,6 +61,7 @@ - custom/matrix-bridge-mautrix-telegram - custom/matrix-bridge-mautrix-gmessages - custom/matrix-bridge-mautrix-whatsapp + - custom/matrix-bridge-mautrix-wsproxy - custom/matrix-bridge-mautrix-discord - custom/matrix-bridge-mautrix-slack - custom/matrix-bridge-mx-puppet-discord From 9f90510d53b62997e64e4fee63d058f4880352dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 23 Aug 2023 15:11:08 +0300 Subject: [PATCH 105/340] Announce mautrix-wsproxy support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2261 --- CHANGELOG.md | 11 +++++++++++ docs/configuring-playbook-bridge-mautrix-wsproxy.md | 2 +- docs/configuring-playbook.md | 2 ++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db319af..587e4761 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-08-23 + +## mautrix-wsproxy support + +Thanks to [Johan Swetzén](https://github.com/jswetzen)'s efforts (who finished what was started by [James Reilly](https://github.com/hanthor) and [Shreyas Ajjarapu](https://github.com/shreyasajj)), the playbook now supports bridging to Android SMS and Apple iMessage via the [mautrix-wsproxy](https://github.com/mautrix/wsproxy) service (in combination with a [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android phone). + +See our [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](docs/configuring-playbook-bridge-mautrix-wsproxy.md) documentation page for getting started. + + # 2023-07-24 ## matrix-registration-bot usage changed @@ -9,12 +18,14 @@ * `matrix_bot_matrix_registration_bot_bot_access_token` * `matrix_bot_matrix_registration_bot_api_token` + # 2023-07-21 ## mautrix-gmessages support Thanks to [Shreyas Ajjarapu](https://github.com/shreyasajj)'s efforts, the playbook now supports bridging to [Google Messages](https://messages.google.com/) via the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge. See our [Setting up Mautrix Google Messages bridging](docs/configuring-playbook-bridge-mautrix-gmessages.md) documentation page for getting started. + # 2023-07-17 ## matrix-media-repo support diff --git a/docs/configuring-playbook-bridge-mautrix-wsproxy.md b/docs/configuring-playbook-bridge-mautrix-wsproxy.md index 462f1027..db474e73 100644 --- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md +++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md @@ -15,7 +15,7 @@ matrix_mautrix_imessage_homeserver_token: 'secret token from bridge' matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge' ``` -Note that the tokens must match what is compiled into the `mautrix-imessage` bridge running on Mac and Android. +Note that the tokens must match what is compiled into the [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android device. ## Usage diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 85ae79d7..4da62545 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -130,6 +130,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional) +- [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md) (optional) + - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) From ef6f7f1ab9e4e93fd48a48f4f5a9d51f29cfb197 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 23 Aug 2023 15:17:02 +0300 Subject: [PATCH 106/340] Add DNS section to wsproxy docs Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2261 --- docs/configuring-playbook-bridge-mautrix-wsproxy.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-wsproxy.md b/docs/configuring-playbook-bridge-mautrix-wsproxy.md index db474e73..8e3bc2c4 100644 --- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md +++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md @@ -4,10 +4,20 @@ The playbook can install and configure [mautrix-wsproxy](https://github.com/maut See the project's [documentation](https://github.com/mautrix/wsproxy#readme) to learn what it does and why it might be useful to you. + +## DNS + +You need to create a `wsproxy.DOMAIN` DNS record pointing to your Matrix server (a `CNAME` pointing to `matrix.DOMAIN`) to use wsproxy. +The hostname is configurable via a `matrix_mautrix_wsproxy_hostname` variable. + + +## Configuration + Use the following playbook configuration: ```yaml matrix_mautrix_wsproxy_enabled: true + matrix_mautrix_androidsms_appservice_token: 'secret token from bridge' matrix_mautrix_androidsms_homeserver_token: 'secret token from bridge' matrix_mautrix_imessage_appservice_token: 'secret token from bridge' @@ -17,6 +27,7 @@ matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge' Note that the tokens must match what is compiled into the [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android device. + ## Usage Follow the [matrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s). From 5fc254ef118c239c0f6a8ef8f1f4a21e4410a27b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 23 Aug 2023 19:54:37 +0300 Subject: [PATCH 107/340] Upgrade Dendrite (v0.13.1 -> v0.13.2) --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index b18f396d..f66f3403 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_dendrite_docker_image_tag: "v0.13.1" +matrix_dendrite_docker_image_tag: "v0.13.2" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 0d8b66abd77a64dd9192f0e80b3cf954fe3c38d1 Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Mon, 21 Aug 2023 20:19:52 +0300 Subject: [PATCH 108/340] Simplify additional JVB configuration The variable matrix_nginx_proxy_proxy_jitsi_additional_jvbs isn't needed, as this information is already in the inventory. This contribution is provided by GRNET S.A. (grnet.gr). --- docs/configuring-playbook-jitsi.md | 12 ------------ roles/custom/matrix-nginx-proxy/defaults/main.yml | 9 --------- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 6 +++--- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 1213f46a..87184f9b 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -218,18 +218,6 @@ jitsi_prosody_container_jvb_host_bind_port: 5222 (The default is empty; if it's set then docker forwards the port.) -The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable -`matrix_nginx_proxy_proxy_jitsi_additional_jvbs`, which contains a dictionary of server ids to ip addresses. - -For example, - -``` yaml -matrix_nginx_proxy_proxy_jitsi_additional_jvbs: - jvb-2: 192.168.0.2 - jvb-3: 192.168.0.3 -``` - - Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo to route conferences too. diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index a817b225..eae9e61b 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -701,12 +701,3 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_def # http://nginx.org/en/docs/ngx_core_module.html#worker_connections matrix_nginx_proxy_worker_processes: auto matrix_nginx_proxy_worker_connections: 1024 - -# A mapping of JVB server ids to hostname/ipa addresses used to add additional jvb blocks -# to the Jitsi's server configuration (matrix-jitsi.conf) -# Note: avoid using the JVB server id "jvb-1" as this is reserved for the main host. -# Example: -# matrix_nginx_proxy_proxy_jitsi_additional_jvbs: -# jvb-2: 192.168.0.1 -# jvb-3: 192.168.0.2 -matrix_nginx_proxy_proxy_jitsi_additional_jvbs: {} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 5493c2b0..4a9983f4 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -53,10 +53,10 @@ tcp_nodelay on; } - {% for id, ip_address in matrix_nginx_proxy_proxy_jitsi_additional_jvbs.items() %} + {% for host in groups['jitsi_jvb_servers'] %} # colibri (JVB) websockets for additional JVBs - location ~ ^/colibri-ws/{{ id | regex_escape }}/(.*) { - proxy_pass http://{{ ip_address }}:9090/colibri-ws/{{ id }}/$1$is_args$args; + location ~ ^/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] | regex_escape }}/(.*) { + proxy_pass http://{{ host }}:9090/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/$1$is_args$args; proxy_set_header Host $host; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; From 242e0ee829834e28f72eca509218a83c4d37d88d Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Wed, 23 Aug 2023 20:03:53 +0300 Subject: [PATCH 109/340] Proxy additional JVBs through traefik (fixes #2721) Traefik wasn't proxying /colibri-ws/jvb-X/ to additional jvbs. This fixes it. This contribution is provided by GRNET S.A. (grnet.gr). --- group_vars/matrix_servers | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 816fb2b1..7b7ed58e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2555,6 +2555,38 @@ jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method # when embedding Jitsi in Matrix rooms. jitsi_disable_gravatar: true +# Traefik proxying for additional JVBs. These can't be configured using Docker +# labels, like the first JVB is, because they run on different hosts, so we add +# the necessary configuration to the file provider. +devture_traefik_provider_configuration_extension_yaml: | + http: + routers: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: + entryPoints: + - "{{ devture_traefik_entrypoint_primary }}" + rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" + service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service + {% if devture_traefik_entrypoint_primary != 'web' %} + + tls: + certResolver: "{{ devture_traefik_certResolver_primary }}" + + {% endif %} + + {% endfor %} + + services: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service: + loadBalancer: + servers: + - url: "http://{{ host }}:9090/" + + {% endfor %} + ###################################################################### # # /jitsi From a4e642e3f4a5950c827e3e76caae609b0e5f2500 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 10:22:25 +0300 Subject: [PATCH 110/340] Mark matrix_nginx_proxy_proxy_jitsi_additional_jvbs as deprecated Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842 --- roles/custom/matrix-nginx-proxy/tasks/validate_config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml index 8d63876a..6f96ec78 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml @@ -16,6 +16,7 @@ - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': ''} - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule', 'new': ''} - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_jitsi_additional_jvbs', 'new': ''} - name: Fail on unknown matrix_ssl_retrieval_method ansible.builtin.fail: From b7a0db2d7ca864a53a2a4f466d13affb1190817f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 11:57:52 +0300 Subject: [PATCH 111/340] Upgrade Grafana (v10.0.3-0 -> v10.1.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 28382d05..b96b8e66 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.3-0 + version: v10.1.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-2 name: jitsi From a036987ba45d723f38ab8415868d65f276ee7336 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 15:43:16 +0300 Subject: [PATCH 112/340] Do not define devture_traefik_provider_configuration_extension_yaml in group_vars/matrix_servers `devture_traefik_provider_configuration_extension_yaml` should not be set automatically by the playbook. It's a variable to be used by users. Moreover, setting for for everyone (not just people who have additional JVBs) means that for most people the following error will be produced: > 'dict object' has no attribute 'jitsi_jvb_servers' .. as detailed in https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2844 Fixes a regression introduced in: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842 --- docs/configuring-playbook-jitsi.md | 36 ++++++++++++++++++++++++++++++ group_vars/matrix_servers | 32 -------------------------- 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 87184f9b..53eb35de 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -221,6 +221,42 @@ jitsi_prosody_container_jvb_host_bind_port: 5222 Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo to route conferences too. +To make Traefik reverse-proxy to these additional JVBs (living on other hosts), **you would need to add the following Traefik configuration extension**: + +```yaml +# Traefik proxying for additional JVBs. These can't be configured using Docker +# labels, like the first JVB is, because they run on different hosts, so we add +# the necessary configuration to the file provider. +devture_traefik_provider_configuration_extension_yaml: | + http: + routers: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: + entryPoints: + - "{{ devture_traefik_entrypoint_primary }}" + rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" + service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service + {% if devture_traefik_entrypoint_primary != 'web' %} + + tls: + certResolver: "{{ devture_traefik_certResolver_primary }}" + + {% endif %} + + {% endfor %} + + services: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service: + loadBalancer: + servers: + - url: "http://{{ host }}:9090/" + + {% endfor %} +``` + ## (Optional) Enable Gravatar In the default Jisti Meet configuration, gravatar.com is enabled as an avatar service. This results in third party request leaking data to gravatar. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7b7ed58e..816fb2b1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2555,38 +2555,6 @@ jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method # when embedding Jitsi in Matrix rooms. jitsi_disable_gravatar: true -# Traefik proxying for additional JVBs. These can't be configured using Docker -# labels, like the first JVB is, because they run on different hosts, so we add -# the necessary configuration to the file provider. -devture_traefik_provider_configuration_extension_yaml: | - http: - routers: - {% for host in groups['jitsi_jvb_servers'] %} - - additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: - entryPoints: - - "{{ devture_traefik_entrypoint_primary }}" - rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" - service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service - {% if devture_traefik_entrypoint_primary != 'web' %} - - tls: - certResolver: "{{ devture_traefik_certResolver_primary }}" - - {% endif %} - - {% endfor %} - - services: - {% for host in groups['jitsi_jvb_servers'] %} - - additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service: - loadBalancer: - servers: - - url: "http://{{ host }}:9090/" - - {% endfor %} - ###################################################################### # # /jitsi From 4873b1800086fc766f579a2cd80d6372832eb316 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 15:50:10 +0300 Subject: [PATCH 113/340] Do not assume the jitsi_jvb_servers group is defined in everyone's inventory Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842 --- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 4a9983f4..f745f866 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -53,7 +53,7 @@ tcp_nodelay on; } - {% for host in groups['jitsi_jvb_servers'] %} + {% for host in groups['jitsi_jvb_servers'] | default([]) %} # colibri (JVB) websockets for additional JVBs location ~ ^/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] | regex_escape }}/(.*) { proxy_pass http://{{ host }}:9090/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/$1$is_args$args; From 0c88408bb75da2db9e5fe19dadd555b5c3c7db27 Mon Sep 17 00:00:00 2001 From: blotree <82391368+blotree@users.noreply.github.com> Date: Fri, 25 Aug 2023 08:53:28 -0400 Subject: [PATCH 114/340] Update docs for older appservice bridges to enable legacy authorization (#2841) * Update docs for older appservice bridges to enable legacy authorization * Update docs/configuring-playbook-bridge-appservice-discord.md Co-authored-by: Slavi Pantaleev * Update docs/configuring-playbook-bridge-appservice-webhooks.md Co-authored-by: Slavi Pantaleev * further fix formatting --------- Co-authored-by: blotree Co-authored-by: Slavi Pantaleev --- ...guring-playbook-bridge-appservice-discord.md | 12 +++++++++--- ...uring-playbook-bridge-appservice-webhooks.md | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index d37724c0..bd30d5aa 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,7 +1,7 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. - For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. @@ -23,8 +23,14 @@ matrix_appservice_discord_enabled: true matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID" matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" ``` +5. As of Synapse 1.90.0, you will need to add the following to `matrix_synapse_configuration_extension_yaml` to enable the [backwards compatibility](https://matrix-org.github.io/synapse/latest/upgrade#upgrading-to-v1900) that this bridge needs: +```yaml +matrix_synapse_configuration_extension_yaml: | + use_appservice_legacy_authorization: true +``` +*Note*: This deprecated method is considered insecure. -5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. +6. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. diff --git a/docs/configuring-playbook-bridge-appservice-webhooks.md b/docs/configuring-playbook-bridge-appservice-webhooks.md index f4fbfbc0..3a4c7ea5 100644 --- a/docs/configuring-playbook-bridge-appservice-webhooks.md +++ b/docs/configuring-playbook-bridge-appservice-webhooks.md @@ -26,22 +26,29 @@ you can adjust this in `inventory/host_vars/matrix./vars.yml` as we matrix_appservice_webhooks_log_level: '' ``` -3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. +3. As of Synapse 1.90.0, you will need to add the following to `matrix_synapse_configuration_extension_yaml` to enable the [backwards compatibility](https://matrix-org.github.io/synapse/latest/upgrade#upgrading-to-v1900) that this bridge needs: +```yaml +matrix_synapse_configuration_extension_yaml: | + use_appservice_legacy_authorization: true +``` +*Note*: This deprecated method is considered insecure. + +4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -4. If you're using the [Dimension Integration Manager](configuring-playbook-dimension.md), you can configure the Webhooks bridge by opening the Dimension integration manager -> Settings -> Bridges and selecting edit action for "Webhook Bridge". Press "Add self-hosted Bridge" button and populate "Provisioning URL" & "Shared Secret" values from `/matrix/appservice-webhooks/config/config.yaml` file's homeserver URL value and provisioning secret value, respectively. +5. If you're using the [Dimension Integration Manager](configuring-playbook-dimension.md), you can configure the Webhooks bridge by opening the Dimension integration manager -> Settings -> Bridges and selecting edit action for "Webhook Bridge". Press "Add self-hosted Bridge" button and populate "Provisioning URL" & "Shared Secret" values from `/matrix/appservice-webhooks/config/config.yaml` file's homeserver URL value and provisioning secret value, respectively. -5. Invite the bridge bot user to your room: +6. Invite the bridge bot user to your room: - either with `/invite @_webhook:` (*Note*: Make sure you have administration permissions in your room) - or simply add the bridge bot to a private channel (personal channels imply you being an administrator) -6. Send a message to the bridge bot in order to receive a private message including the webhook link. +7. Send a message to the bridge bot in order to receive a private message including the webhook link. ``` !webhook ``` -7. The JSON body for posting messages will have to look like this: +8. The JSON body for posting messages will have to look like this: ```json { "text": "Hello world!", From 04d91839048e830d837b88d6a67abecd5c86a600 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Fri, 25 Aug 2023 18:43:57 +0200 Subject: [PATCH 115/340] Upgrade sliding-sync (v0.99.5 -> v0.99.7) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index c0347d2f..7b17b9b1 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.5 +matrix_sliding_sync_version: v0.99.7 matrix_sliding_sync_scheme: https From af636a1bb06f33fde709440ed2198dae262e8645 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 08:20:56 +0300 Subject: [PATCH 116/340] Upgrade ntfy (v2.7.0-0 -> v2.7.0-2) and switch it to a non-privileged port Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2846 --- requirements.yml | 2 +- .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index b96b8e66..cfbead11 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ version: v8615-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.7.0-0 + version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.45.0-1 name: prometheus diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 7d5c8a0e..fbae47e1 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -21,7 +21,7 @@ {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; - set $backend "matrix-ntfy:80"; + set $backend "matrix-ntfy:8080"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} From 4e08ad98b6c4b26c2e706059bbc45abae799d414 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 20:04:58 +0300 Subject: [PATCH 117/340] Upgrade mjolnir-antispam (1.4.0 -> v1.6.4) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index c48ff09c..88d400b1 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -825,7 +825,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve # See: https://github.com/matrix-org/mjolnir#synapse-module matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir" -matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58" +matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "v1.6.4" matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true # Flag messages sent by servers/users in the ban lists as spam. Currently # this means that spammy messages will appear as empty to users. Default From e03ec11fcf3e6215f73646f2671ceeaab23df210 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 20:07:40 +0300 Subject: [PATCH 118/340] Switch mjolnir-antispam from using spam_checker to modules `spam_checker` has been deprecated for quite a while. While it still probably works and while newer versions of mjolnir-antispam still use it, we should switch to the new API. --- roles/custom/matrix-synapse/defaults/main.yml | 11 ++++++++++- .../tasks/ext/mjolnir-antispam/setup_install.yml | 13 ++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 88d400b1..dffe6178 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -840,7 +840,16 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false # these rooms. # ["!roomid:example.org"] matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] - +# A dictionary with various fields controlling max length. +# See https://github.com/matrix-org/mjolnir/blob/main/docs/synapse_module.md for details. +matrix_synapse_ext_spam_checker_mjolnir_antispam_config_message_max_length: {} +# Actual configuration passed to the mjolnir-antispam Synapse module +matrix_synapse_ext_spam_checker_mjolnir_antispam_config: + block_invites: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }}" + block_messages: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }}" + block_usernames: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }}" + ban_lists: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}" + message_max_length: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_message_max_length }}" # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler diff --git a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index f3218808..0fc2a750 100644 --- a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -14,18 +14,13 @@ become_user: "{{ matrix_synapse_username }}" - ansible.builtin.set_fact: - matrix_synapse_spam_checker: > + matrix_synapse_modules: > {{ - matrix_synapse_spam_checker + matrix_synapse_modules | default([]) + [{ - "module": "mjolnir.AntiSpam", - "config": { - "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites, - "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages, - "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames, - "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists, - } + "module": "mjolnir.Module", + "config": matrix_synapse_ext_spam_checker_mjolnir_antispam_config, }] }} From d207edb304cc3c925d7b00fe94eb310b5ebe168c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 20:09:06 +0300 Subject: [PATCH 119/340] Deprecate matrix_synapse_spam_checker in favor of matrix_synapse_modules --- roles/custom/matrix-synapse/defaults/main.yml | 6 ------ .../matrix-synapse/tasks/validate_config.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 14 -------------- 3 files changed, 1 insertion(+), 21 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index dffe6178..ecf1d976 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -952,12 +952,6 @@ matrix_synapse_default_room_version: "10" # The upstream default is `false`, but we try to make Synapse less wasteful of resources, so we do things differently. matrix_synapse_forget_rooms_on_leave: true -# Controls the Synapse `spam_checker` setting. -# -# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime. -# If not, you can also control its value manually. -matrix_synapse_spam_checker: [] - # Controls the Synapse `modules` list. # You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2` # Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml index 607c75b8..64397a49 100644 --- a/roles/custom/matrix-synapse/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/validate_config.yml @@ -66,7 +66,7 @@ - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'} - {'old': 'matrix_synapse_send_federation', 'new': ''} - {'old': 'matrix_synapse_start_pushers', 'new': ''} - + - {'old': 'matrix_synapse_spam_checker', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e12bdb19..7b1c1dfd 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2570,20 +2570,6 @@ push: #group_unread_count_by_room: false -# Spam checkers are third-party modules that can block specific actions -# of local users, such as creating rooms and registering undesirable -# usernames, as well as remote users by redacting incoming events. -# -# spam_checker: - #- module: "my_custom_project.SuperSpamChecker" - # config: - # example_option: 'things' - #- module: "some_other_project.BadEventStopper" - # config: - # example_stop_events_from: ['@bad:example.com'] -spam_checker: {{ matrix_synapse_spam_checker|to_json }} - - ## Rooms ## # Controls whether locally-created rooms should be end-to-end encrypted by From ba1cce1316abeaf5902dfc0850451040b409d727 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Aug 2023 07:04:55 +0300 Subject: [PATCH 120/340] Add Project source code URL comment to matrix-sliding-sync role --- roles/custom/matrix-sliding-sync/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 7b17b9b1..c3c15da2 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -1,6 +1,7 @@ --- # Sliding Sync Proxy is an implementation of MSC3575 for the new sliding sync +# Project source code URL: https://github.com/matrix-org/sliding-sync matrix_sliding_sync_enabled: true From cc7244c14d56a64f6ea79eed393bdc55f5c93378 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Aug 2023 14:53:28 +0300 Subject: [PATCH 121/340] Fix Synapse sub-component (worker, S3, ..) uninstallation matrix-synapse/tasks/setup_uninstall.yml would previously not run unless Synapse was completely disabled. --- roles/custom/matrix-synapse/tasks/main.yml | 4 ++-- roles/custom/matrix-synapse/tasks/setup_uninstall.yml | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml index 743dab5f..2a8a0094 100644 --- a/roles/custom/matrix-synapse/tasks/main.yml +++ b/roles/custom/matrix-synapse/tasks/main.yml @@ -36,8 +36,8 @@ - setup-all - setup-synapse block: - - when: not matrix_synapse_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + # This always runs because it handles uninstallation for sub-components too. + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - tags: - import-synapse-media-store diff --git a/roles/custom/matrix-synapse/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml index 7ce5e13d..66cda3e7 100644 --- a/roles/custom/matrix-synapse/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml @@ -4,7 +4,8 @@ - setup-all - setup-synapse block: - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml" + - when: not matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml" - tags: - setup-all @@ -17,7 +18,8 @@ - setup-all - setup-synapse block: - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" + - when: not matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" - tags: - setup-all From 17124a0548008c35058837a5407cb7f8e2edadb9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Aug 2023 15:12:10 +0300 Subject: [PATCH 122/340] Upgrade Element (v1.11.39 -> v1.11.40) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index b9a1aaba..695a6edc 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.39 +matrix_client_element_version: v1.11.40 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 8ba1e771b9710b60afc7349ecce6518ad352d6ee Mon Sep 17 00:00:00 2001 From: chagai95 <31655082+chagai95@users.noreply.github.com> Date: Wed, 30 Aug 2023 10:00:32 +0200 Subject: [PATCH 123/340] Add a small tip to maintenance-migrating.md --- docs/maintenance-migrating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-migrating.md b/docs/maintenance-migrating.md index fd593691..4c1f7119 100644 --- a/docs/maintenance-migrating.md +++ b/docs/maintenance-migrating.md @@ -5,7 +5,7 @@ # Migrating to new server 1. Prepare by lowering DNS TTL for your domains (`matrix.DOMAIN`, etc.), so that DNS record changes (step 4 below) would happen faster, leading to less downtime -2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` +2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` (you might have to cd to /etc/systemd/system/ first) 3. Copy directory `/matrix` from the old server to the new server. Make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)! 4. Make sure your DNS records are adjusted to point to the new server's IP address 5. Remove old server from the `inventory/hosts` file and add new server. From abdb4375db263aee140918e6b0b838a310d698dd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Aug 2023 12:50:47 +0300 Subject: [PATCH 124/340] Add matrix_synapse_additional_loggers_auto and matrix_synapse_additional_loggers_custom --- roles/custom/matrix-synapse/defaults/main.yml | 4 +++- .../tasks/ext/encryption-disabler/setup_install.yml | 4 ++-- .../matrix-synapse/tasks/ext/ldap-auth/setup_install.yml | 4 ++-- .../matrix-synapse/tasks/ext/rest-auth/setup_install.yml | 4 ++-- .../tasks/ext/shared-secret-auth/setup_install.yml | 4 ++-- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index ecf1d976..f2a96f78 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -438,7 +438,9 @@ matrix_synapse_container_additional_volumes: [] # A list of additional loggers to register in synapse.log.config. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"name": "..", "level": "DEBUG"} -matrix_synapse_additional_loggers: [] +matrix_synapse_additional_loggers: "{{ matrix_synapse_additional_loggers_auto + matrix_synapse_additional_loggers_custom }}" +matrix_synapse_additional_loggers_auto: [] +matrix_synapse_additional_loggers_custom: [] # A list of appservice config files (in-container filesystem paths). # This list gets populated dynamically based on Synapse extensions that have been enabled. diff --git a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 3725545f..b8046033 100644 --- a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -33,9 +33,9 @@ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] }} - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} diff --git a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml index c13a0404..6d484377 100644 --- a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml @@ -3,9 +3,9 @@ - ansible.builtin.set_fact: matrix_synapse_password_providers_enabled: true - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} diff --git a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index ad58830a..4c59a4b1 100644 --- a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -28,9 +28,9 @@ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }} - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} diff --git a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index c974bd2c..ecec3e80 100644 --- a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -43,9 +43,9 @@ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }} - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} From b0fb3814a57b019f449743ac463d296935c73bee Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Aug 2023 12:52:44 +0300 Subject: [PATCH 125/340] Make Synapse quieter by default Hopefully fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2849 Related to: - https://github.com/matrix-org/synapse/issues/16101 - https://github.com/matrix-org/synapse/issues/16208 --- roles/custom/matrix-synapse/defaults/main.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index f2a96f78..89ce3e9b 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -439,7 +439,19 @@ matrix_synapse_container_additional_volumes: [] # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"name": "..", "level": "DEBUG"} matrix_synapse_additional_loggers: "{{ matrix_synapse_additional_loggers_auto + matrix_synapse_additional_loggers_custom }}" -matrix_synapse_additional_loggers_auto: [] + +matrix_synapse_additional_loggers_auto: + # By default, we're disabling some useless (and even toxic) spammy WARNING-level logs. + # Related to: + # - https://github.com/matrix-org/synapse/issues/16208 + # - https://github.com/matrix-org/synapse/issues/16101 + - name: synapse.http.matrixfederationclient + level: CRITICAL + - name: synapse.federation.sender.per_destination_queue + level: CRITICAL + - name: synapse.handlers.device + level: CRITICAL + matrix_synapse_additional_loggers_custom: [] # A list of appservice config files (in-container filesystem paths). From 4acaeac7aa7a412765cff9db6cb504525d37f275 Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Wed, 30 Aug 2023 22:31:15 +0800 Subject: [PATCH 126/340] Update synapse 1.90.0 -> 1.91.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 89ce3e9b..67f99244 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.90.0 +matrix_synapse_version: v1.91.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 86655db9957acc15c6123f23385d7d3e8a24090b Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 30 Aug 2023 19:23:52 +0300 Subject: [PATCH 127/340] add SchildiChat client --- README.md | 3 +- ...configuring-playbook-client-schildichat.md | 40 +++ group_vars/matrix_servers | 63 ++++ roles/custom/matrix-base/defaults/main.yml | 3 + .../defaults/main.yml | 312 ++++++++++++++++++ .../matrix-client-schildichat/tasks/main.yml | 29 ++ .../tasks/prepare_themes.yml | 47 +++ .../tasks/self_check.yml | 24 ++ .../tasks/setup_install.yml | 109 ++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 64 ++++ .../templates/config.json.j2 | 49 +++ .../templates/labels.j2 | 45 +++ .../templates/map_style.json.j2 | 18 + .../matrix-client-schildichat.service.j2 | 57 ++++ .../templates/welcome.html.j2 | 205 ++++++++++++ .../matrix-client-schildichat/vars/main.yml | 3 + .../matrix-nginx-proxy/defaults/main.yml | 7 + .../tasks/setup_nginx_proxy.yml | 7 + .../conf.d/matrix-client-schildichat.conf.j2 | 106 ++++++ 20 files changed, 1215 insertions(+), 1 deletion(-) create mode 100644 docs/configuring-playbook-client-schildichat.md create mode 100644 roles/custom/matrix-client-schildichat/defaults/main.yml create mode 100644 roles/custom/matrix-client-schildichat/tasks/main.yml create mode 100644 roles/custom/matrix-client-schildichat/tasks/prepare_themes.yml create mode 100644 roles/custom/matrix-client-schildichat/tasks/self_check.yml create mode 100644 roles/custom/matrix-client-schildichat/tasks/setup_install.yml create mode 100644 roles/custom/matrix-client-schildichat/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-client-schildichat/tasks/validate_config.yml create mode 100644 roles/custom/matrix-client-schildichat/templates/config.json.j2 create mode 100644 roles/custom/matrix-client-schildichat/templates/labels.j2 create mode 100644 roles/custom/matrix-client-schildichat/templates/map_style.json.j2 create mode 100644 roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 create mode 100644 roles/custom/matrix-client-schildichat/templates/welcome.html.j2 create mode 100644 roles/custom/matrix-client-schildichat/vars/main.yml create mode 100644 roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-schildichat.conf.j2 diff --git a/README.md b/README.md index 71d46f82..003be474 100644 --- a/README.md +++ b/README.md @@ -47,9 +47,10 @@ Web clients for matrix that you can host on your own domains. | Name | Default? | Description | Documentation | | ---- | -------- | ----------- | ------------- | -[Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) | +| [Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) | | [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) | | [Cinny](https://github.com/ajbura/cinny) | x | Web client | [Link](docs/configuring-playbook-client-cinny.md) | +| [SchildiChat](https://schildichat.io/) | x | Web client | [Link](docs/configuring-playbook-client-schildichat.md) | diff --git a/docs/configuring-playbook-client-schildichat.md b/docs/configuring-playbook-client-schildichat.md new file mode 100644 index 00000000..9b9e5ca6 --- /dev/null +++ b/docs/configuring-playbook-client-schildichat.md @@ -0,0 +1,40 @@ +# Configuring schildichat (optional) + +By default, this playbook does not install the [schildichat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application. + + +## Enabling schildichat + +If you'd like for the playbook to install schildichat, you can enable it in your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_client_schildichat_enabled: true +``` + + +## Configuring schildichat settings + +The playbook provides some customization variables you could use to change schildichat's settings. + +Their defaults are defined in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml) and they ultimately end up in the generated `/matrix/schildichat/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-schildichat/templates/config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2) template. + +**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix./vars.yml`) and [re-run the playbook](installing.md) to apply the changes. + +Alternatively, **if there is no pre-defined variable** for an schildichat setting you wish to change: + +- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of schildichat's various settings that rarely get used. + +- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2)) by making use of the `matrix_client_schildichat_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml). + +- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_schildichat_configuration_default` (or `matrix_client_schildichat_configuration`). You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml). + + +## Themes + +To change the look of schildichat, you can define your own themes manually by using the `matrix_client_schildichat_setting_defaults_custom_themes` setting. + +Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_schildichat_themes_enabled: true`). + +If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it. + +Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 816fb2b1..1e30a8f8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -312,6 +312,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else []) + + ([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else []) + + ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else []) + ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else []) @@ -2752,6 +2754,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" +matrix_nginx_proxy_proxy_schildichat_enabled: "{{ matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" @@ -2852,6 +2855,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) + + (['matrix-client-schildichat.service'] if matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) + + ([(grafana_identifier + '.service')] if grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) + (['matrix-dimension.service'] if matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else []) @@ -2883,6 +2888,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else []) + + ([matrix_server_fqn_schildichat] if matrix_client_schildichat_enabled else []) + + ([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else []) + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) @@ -3485,6 +3492,62 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbo # ###################################################################### +###################################################################### +# +# matrix-client-schildichat +# +###################################################################### + +# By default, this playbook installs the schildichat web UI on the `matrix_server_fqn_schildichat` domain. +# If you wish to connect to your Matrix server by other means, you may wish to disable this. +matrix_client_schildichat_enabled: true + +matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +# Normally, matrix-nginx-proxy is enabled and nginx can reach schildichat over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# the schildichat HTTP port to the local host. +matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}" + +matrix_client_schildichat_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-client-schildichat' }}" + +matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}" + +matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}" +matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}" + +# Use Dimension if enabled, otherwise fall back to Scalar +matrix_client_schildichat_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}" +matrix_client_schildichat_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}" +matrix_client_schildichat_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}" +matrix_client_schildichat_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}" + +matrix_client_schildichat_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}" + +matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}" + +matrix_client_schildichat_enable_presence_by_hs_url: | + {{ + none + if matrix_synapse_presence_enabled + else {matrix_client_schildichat_default_hs_url: false} + }} + +matrix_client_schildichat_welcome_user_id: ~ + +matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" + +###################################################################### +# +# /matrix-client-schildichat +# +###################################################################### + ###################################################################### # # matrix-synapse diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index cd85b0ab..6ea4e230 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -72,6 +72,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}" # This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default). matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}" +# This is where you access the schildichat web client from (if enabled via matrix_client_schildichat_enabled; disabled by default). +matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}" + # This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default). matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml new file mode 100644 index 00000000..a61d2cd6 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -0,0 +1,312 @@ +--- +# Project source code URL: https://github.com/SchildiChat/schildichat-desktop + +matrix_client_schildichat_enabled: true + +matrix_client_schildichat_container_image_self_build: false + +matrix_client_schildichat_version: v1.11.30-sc.2 +matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}" +matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}" +matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}" + +matrix_client_schildichat_data_path: "{{ matrix_base_data_path }}/client-schildichat" +matrix_client_schildichat_docker_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src" + +# The base container network +matrix_client_schildichat_container_network: matrix-client-schildichat + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to a reverse proxy, which runs in a different container network. +matrix_client_schildichat_container_additional_networks: [] + +# Controls whether the matrix-client-schildichat container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8765"), or empty string to not expose. +matrix_client_schildichat_container_http_host_bind_port: '' + +# matrix_client_schildichat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. +# See `../templates/labels.j2` for details. +# +# To inject your own other container labels, see `matrix_client_schildichat_container_labels_additional_labels`. +matrix_client_schildichat_container_labels_traefik_enabled: true +matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_client_schildichat_container_network }}" +matrix_client_schildichat_container_labels_traefik_hostname: "{{ matrix_client_schildichat_hostname }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/schildichat`). +matrix_client_schildichat_container_labels_traefik_path_prefix: "{{ matrix_client_schildichat_path_prefix }}" +matrix_client_schildichat_container_labels_traefik_rule: "Host(`{{ matrix_client_schildichat_container_labels_traefik_hostname }}`){% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_client_schildichat_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_client_schildichat_container_labels_traefik_priority: 0 +matrix_client_schildichat_container_labels_traefik_entrypoints: web-secure +matrix_client_schildichat_container_labels_traefik_tls: "{{ matrix_client_schildichat_container_labels_traefik_entrypoints != 'web' }}" +matrix_client_schildichat_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom` +matrix_client_schildichat_container_labels_traefik_additional_response_headers: "{{ matrix_client_schildichat_container_labels_traefik_additional_response_headers_auto | combine(matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom) }}" +matrix_client_schildichat_container_labels_traefik_additional_response_headers_auto: | + {{ + {} + | combine ({'X-XSS-Protection': matrix_client_schildichat_http_header_xss_protection} if matrix_client_schildichat_http_header_xss_protection else {}) + | combine ({'X-Frame-Options': matrix_client_schildichat_http_header_frame_options} if matrix_client_schildichat_http_header_frame_options else {}) + | combine ({'X-Content-Type-Options': matrix_client_schildichat_http_header_content_type_options} if matrix_client_schildichat_http_header_content_type_options else {}) + | combine ({'Content-Security-Policy': matrix_client_schildichat_http_header_content_security_policy} if matrix_client_schildichat_http_header_content_security_policy else {}) + | combine ({'Permission-Policy': matrix_client_schildichat_http_header_content_permission_policy} if matrix_client_schildichat_http_header_content_permission_policy else {}) + | combine ({'Strict-Transport-Security': matrix_client_schildichat_http_header_strict_transport_security} if matrix_client_schildichat_http_header_strict_transport_security and matrix_client_schildichat_container_labels_traefik_tls else {}) + }} +matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom: {} + +# matrix_client_schildichat_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_client_schildichat_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_client_schildichat_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_client_schildichat_container_extra_arguments: [] + +# List of systemd services that matrix-client-schildichat.service depends on +matrix_client_schildichat_systemd_required_services_list: ['docker.service'] + +# Specifies the value of the `X-XSS-Protection` header +# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. +# +# Learn more about it is here: +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection +# - https://portswigger.net/web-security/cross-site-scripting/reflected +matrix_client_schildichat_http_header_xss_protection: "1; mode=block" + +# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +matrix_client_schildichat_http_header_frame_options: SAMEORIGIN + +# Specifies the value of the `X-Content-Type-Options` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options +matrix_client_schildichat_http_header_content_type_options: nosniff + +# Specifies the value of the `Content-Security-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +matrix_client_schildichat_http_header_content_security_policy: frame-ancestors 'self' + +# Specifies the value of the `Permission-Policy` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy +matrix_client_schildichat_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_schildichat_floc_optout_enabled else '' }}" + +# Specifies the value of the `Strict-Transport-Security` header. +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +matrix_client_schildichat_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_schildichat_hsts_preload_enabled else '' }}" + +# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses +# +# Learn more about what it is here: +# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea +# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network +# - https://amifloced.org/ +# +# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. +# See: `matrix_client_schildichat_content_permission_policy` +matrix_client_schildichat_floc_optout_enabled: true + +# Controls if HSTS preloading is enabled +# +# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and +# indicates a willingness to be "preloaded" into browsers: +# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` +# For more information visit: +# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +# - https://hstspreload.org/#opt-in +# See: `matrix_client_schildichat_http_header_strict_transport_security` +matrix_client_schildichat_hsts_preload_enabled: false + +# The hostname at which schildichat is served. +# Only works with with Traefik reverse-proxying. +# For matrix-nginx-proxy, `matrix_server_fqn_schildichat` is used and this variable has no effect. +matrix_client_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}" + +# The path at which schildichat is exposed. +# When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble. +# +# If Traefik is used, the hostname is also configurable - see `matrix_client_schildichat_container_labels_traefik_hostname`. +# This value must either be `/` or not end with a slash (e.g. `/schildichat`). +matrix_client_schildichat_path_prefix: / + +# schildichat config.json customizations +matrix_client_schildichat_default_server_name: "{{ matrix_domain }}" +matrix_client_schildichat_default_hs_url: "" +matrix_client_schildichat_default_is_url: ~ +matrix_client_schildichat_disable_custom_urls: true +matrix_client_schildichat_disable_guests: true +matrix_client_schildichat_integrations_ui_url: "https://scalar.vector.im/" +matrix_client_schildichat_integrations_rest_url: "https://scalar.vector.im/api" +matrix_client_schildichat_integrations_widgets_urls: ["https://scalar.vector.im/api"] +matrix_client_schildichat_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" +matrix_client_schildichat_permalink_prefix: "https://matrix.to" # noqa var-naming +matrix_client_schildichat_bug_report_endpoint_url: "https://element.io/bugreports/submit" +matrix_client_schildichat_show_lab_settings: true # noqa var-naming +# schildichat public room directory server(s) +matrix_client_schildichat_room_directory_servers: ['matrix.org'] +matrix_client_schildichat_welcome_user_id: ~ +# Branding of schildichat +matrix_client_schildichat_brand: "schildichat" + +# URL to Logo on welcome page +matrix_client_schildichat_welcome_logo: "themes/schildichat/img/logos/schildichat-logo.svg" + +# URL of link on welcome image +matrix_client_schildichat_welcome_logo_link: "https://schildi.chat" + +matrix_client_schildichat_welcome_headline: "_t('Welcome to SchildiChat')" +matrix_client_schildichat_welcome_text: "_t('Decentralised, encrypted chat & collaboration powered by [matrix]')" + +# Links, shown in footer of welcome page: +# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}] +matrix_client_schildichat_branding_auth_footer_links: ~ # noqa var-naming + +# URL to image, shown during Login +matrix_client_schildichat_branding_auth_header_logo_url: "{{ matrix_client_schildichat_welcome_logo }}" # noqa var-naming + +# URL to Wallpaper, shown in background of welcome page +matrix_client_schildichat_branding_welcome_background_url: ~ # noqa var-naming + +matrix_client_schildichat_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" + +# By default, there's no schildichat homepage (when logged in). If you wish to have one, +# point this to a `home.html` template file on your local filesystem. +matrix_client_schildichat_embedded_pages_home_path: ~ + +matrix_client_schildichat_jitsi_preferred_domain: '' # noqa var-naming + +# Controls whether the self-check feature should validate SSL certificates. +matrix_client_schildichat_self_check_validate_certificates: true + +# don't show the registration button on welcome page +matrix_client_schildichat_registration_enabled: false + +# Default country code on welcome page when login by phone number +matrix_client_schildichat_default_country_code: "GB" + +# Controls whether presence will be enabled +matrix_client_schildichat_enable_presence_by_hs_url: ~ + +# Controls whether custom schildichat themes will be installed. +# When enabled, all themes found in the `matrix_client_schildichat_themes_repository_url` repository +# will be installed and enabled automatically. +matrix_client_schildichat_themes_enabled: false +matrix_client_schildichat_themes_repository_url: https://github.com/aaronraimist/element-themes +matrix_client_schildichat_themes_repository_version: master + +# Controls the default theme +matrix_client_schildichat_default_theme: 'light' + +# Controls the `setting_defaults.custom_themes` setting of the schildichat configuration. +# You can use this setting to define custom themes. +# +# Also, look at `matrix_client_schildichat_themes_enabled` for a way to pull in a bunch of custom themes automatically. +# If you define your own themes here and set `matrix_client_schildichat_themes_enabled: true`, your themes will be preserved as well. +# +# Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed. +matrix_client_schildichat_setting_defaults_custom_themes: [] # noqa var-naming + +# Default schildichat configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_client_schildichat_configuration_extension_json`) +# or completely replace this variable with your own template. +# +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_client_schildichat_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}" + +# Your custom JSON configuration for schildichat should go to `matrix_client_schildichat_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_client_schildichat_configuration_default`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_client_schildichat_configuration_default`. +# +# Example configuration extension follows: +# +# matrix_client_schildichat_configuration_extension_json: | +# { +# "disable_3pid_login": true, +# "disable_login_language_selector": true +# } +matrix_client_schildichat_configuration_extension_json: '{}' + +matrix_client_schildichat_configuration_extension: "{{ matrix_client_schildichat_configuration_extension_json | from_json if matrix_client_schildichat_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final schildichat configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_client_schildichat_configuration_default`. +matrix_client_schildichat_configuration: "{{ matrix_client_schildichat_configuration_default | combine(matrix_client_schildichat_configuration_extension, recursive=True) }}" + +# schildichat Location sharing functionality +# More info: https://element.io/blog/element-launches-e2ee-location-sharing/ +# How to host your own map tile server: https://matrix.org/docs/guides/map-tile-server +matrix_client_schildichat_location_sharing_enabled: false + +# Default schildichat location sharing map style configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_client_schildichat_location_sharing_map_style_extension_json`) +# or completely replace this variable with your own template. +# +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_client_schildichat_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}" + +# Your custom JSON configuration for schildichat location sharing map style should go to `matrix_client_schildichat_location_sharing_map_style_extension_json`. +# This configuration extends the default starting configuration (`matrix_client_schildichat_location_sharing_map_style_default`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_client_schildichat_location_sharing_map_style_default`. +# +# Example configuration override follows: +# +# matrix_client_schildichat_location_sharing_map_style_extension_json: | +# { +# "sources": { +# "localsource": { +# "tileSize": 512 +# } +# } +# } +# +# Example configuration extension follows: +# +# matrix_client_schildichat_location_sharing_map_style_extension_json: | +# { +# "sources": { +# "anothersource": { +# "attribution": "", +# "tileSize": 256, +# "tiles": ["https://anothertile.example.com/{z}/{x}/{y}.png"], +# "type": "raster" +# } +# } +# } +matrix_client_schildichat_location_sharing_map_style_extension_json: '{}' + +matrix_client_schildichat_location_sharing_map_style_extension: "{{ matrix_client_schildichat_location_sharing_map_style_extension_json | from_json if matrix_client_schildichat_location_sharing_map_style_extension_json | from_json is mapping else {} }}" + +# Holds the final schildichat location sharing map style configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_client_schildichat_location_sharing_map_style_default`. +matrix_client_schildichat_location_sharing_map_style: "{{ matrix_client_schildichat_location_sharing_map_style_default | combine(matrix_client_schildichat_location_sharing_map_style_extension, recursive=True) }}" + +# Example tile servers configuration +# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: ["https://tile.example.com/{z}/{x}/{y}.png"] +# or +# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: ["https://s1.example.com/{z}/{x}/{y}.png", "https://s2.example.com/{z}/{x}/{y}.png", "https://s3.example.com/{z}/{x}/{y}.png"] +matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: [] + +# Map attribution (optional): +# Attribution for OpenStreetMap would be like this: +# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution: "© OpenStreetMap contributors" +# Leave blank, if map does not require attribution. +matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution: "" diff --git a/roles/custom/matrix-client-schildichat/tasks/main.yml b/roles/custom/matrix-client-schildichat/tasks/main.yml new file mode 100644 index 00000000..240dee1c --- /dev/null +++ b/roles/custom/matrix-client-schildichat/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- tags: + - setup-all + - setup-client-schildichat + - install-all + - install-client-schildichat + block: + - when: matrix_client_schildichat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_client_schildichat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prepare_themes.yml" + + - when: matrix_client_schildichat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-client-schildichat + block: + - when: not matrix_client_schildichat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + +- tags: + - self-check + block: + - when: matrix_client_schildichat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" diff --git a/roles/custom/matrix-client-schildichat/tasks/prepare_themes.yml b/roles/custom/matrix-client-schildichat/tasks/prepare_themes.yml new file mode 100644 index 00000000..9e29ef90 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/tasks/prepare_themes.yml @@ -0,0 +1,47 @@ +--- + +# +# Tasks related to setting up schildichat themes +# + +- when: matrix_client_schildichat_themes_enabled | bool + run_once: true + delegate_to: 127.0.0.1 + become: false + block: + - name: Ensure schildichat themes repository is pulled + ansible.builtin.git: + repo: "{{ matrix_client_schildichat_themes_repository_url }}" + version: "{{ matrix_client_schildichat_themes_repository_version }}" + dest: "{{ role_path }}/files/scratchpad/themes" + + - name: Find all schildichat theme files + ansible.builtin.find: + paths: "{{ role_path }}/files/scratchpad/themes" + patterns: "*.json" + recurse: true + register: matrix_client_schildichat_theme_file_list + + - name: Read schildichat theme + ansible.builtin.slurp: + path: "{{ item.path }}" + register: "matrix_client_schildichat_theme_file_contents" + with_items: "{{ matrix_client_schildichat_theme_file_list.files }}" + + - name: Load schildichat theme + ansible.builtin.set_fact: + matrix_client_schildichat_setting_defaults_custom_themes: "{{ matrix_client_schildichat_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming + with_items: "{{ matrix_client_schildichat_theme_file_contents.results }}" + +# +# Tasks related to getting rid of schildichat themes (if it was previously enabled) +# + +- name: Ensure schildichat themes repository is removed + ansible.builtin.file: + path: "{{ role_path }}/files/scratchpad/themes" + state: absent + run_once: true + delegate_to: 127.0.0.1 + become: false + when: "not matrix_client_schildichat_themes_enabled | bool" diff --git a/roles/custom/matrix-client-schildichat/tasks/self_check.yml b/roles/custom/matrix-client-schildichat/tasks/self_check.yml new file mode 100644 index 00000000..2963e2ba --- /dev/null +++ b/roles/custom/matrix-client-schildichat/tasks/self_check.yml @@ -0,0 +1,24 @@ +--- + +- ansible.builtin.set_fact: + matrix_client_schildichat_url_endpoint_public: "https://{{ matrix_server_fqn_schildichat }}/config.json" + +- name: Check schildichat + ansible.builtin.uri: + url: "{{ matrix_client_schildichat_url_endpoint_public }}" + follow_redirects: none + validate_certs: "{{ matrix_client_schildichat_self_check_validate_certificates }}" + register: matrix_client_schildichat_self_check_result + check_mode: false + ignore_errors: true + delegate_to: 127.0.0.1 + become: false + +- name: Fail if schildichat not working + ansible.builtin.fail: + msg: "Failed checking schildichat is up at `{{ matrix_server_fqn_schildichat }}` (checked endpoint: `{{ matrix_client_schildichat_url_endpoint_public }}`). Is schildichat running? Is port 443 open in your firewall? Full error: {{ matrix_client_schildichat_self_check_result }}" + when: "matrix_client_schildichat_self_check_result.failed or 'json' not in matrix_client_schildichat_self_check_result" + +- name: Report working schildichat + ansible.builtin.debug: + msg: "schildichat at `{{ matrix_server_fqn_schildichat }}` is working (checked endpoint: `{{ matrix_client_schildichat_url_endpoint_public }}`)" diff --git a/roles/custom/matrix-client-schildichat/tasks/setup_install.yml b/roles/custom/matrix-client-schildichat/tasks/setup_install.yml new file mode 100644 index 00000000..c2c7b748 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/tasks/setup_install.yml @@ -0,0 +1,109 @@ +--- + +- name: Ensure schildichat paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_client_schildichat_data_path }}", when: true} + - {path: "{{ matrix_client_schildichat_docker_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"} + when: "item.when | bool" + +- name: Ensure schildichat Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_client_schildichat_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_schildichat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_schildichat_docker_image_force_pull }}" + when: "not matrix_client_schildichat_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure schildichat repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}" + dest: "{{ matrix_client_schildichat_docker_src_files_path }}" + version: "{{ matrix_client_schildichat_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_client_schildichat_git_pull_results + when: "matrix_client_schildichat_container_image_self_build | bool" + +# See: +# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357 +# - https://github.com/vector-im/schildichat-web/issues/19544 +- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices + ansible.builtin.lineinfile: + path: "{{ matrix_client_schildichat_docker_src_files_path }}/webpack.config.js" + regexp: '(\s+)splitChunks: \{' + line: '\1splitChunks: { maxSize: 100000,' + backrefs: true + owner: root + group: root + mode: '0644' + when: "matrix_client_schildichat_container_image_self_build | bool and matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool" + +- name: Ensure schildichat Docker image is built + ansible.builtin.command: + cmd: |- + {{ devture_systemd_docker_base_host_command_docker }} buildx build + --tag={{ matrix_client_schildichat_docker_image }} + --file={{ matrix_client_schildichat_docker_src_files_path }}/Dockerfile + {{ matrix_client_schildichat_docker_src_files_path }} + changed_when: true + when: matrix_client_schildichat_container_image_self_build | bool + +- name: Ensure schildichat configuration installed + ansible.builtin.copy: + content: "{{ matrix_client_schildichat_configuration | to_nice_json }}" + dest: "{{ matrix_client_schildichat_data_path }}/config.json" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure schildichat location sharing map style installed + when: matrix_client_schildichat_location_sharing_enabled | bool + ansible.builtin.copy: + content: "{{ matrix_client_schildichat_location_sharing_map_style | to_nice_json }}" + dest: "{{ matrix_client_schildichat_data_path }}/map_style.json" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure schildichat config files installed + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ matrix_client_schildichat_data_path }}/{{ item.name }}" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {src: "{{ role_path }}/templates/labels.j2", name: "labels"} + - {src: "{{ matrix_client_schildichat_page_template_welcome_path }}", name: "welcome.html"} + - {src: "{{ matrix_client_schildichat_embedded_pages_home_path }}", name: "home.html"} + when: "item.src is not none" + +- name: Ensure schildichat config files removed + ansible.builtin.file: + path: "{{ matrix_client_schildichat_data_path }}/{{ item.name }}" + state: absent + with_items: + - {src: "{{ matrix_client_schildichat_embedded_pages_home_path }}", name: "home.html"} + when: "item.src is none" + +- name: Ensure schildichat container network is created + community.general.docker_network: + name: "{{ matrix_client_schildichat_container_network }}" + driver: bridge + +- name: Ensure matrix-client-schildichat.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-client-schildichat.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service" + mode: 0644 diff --git a/roles/custom/matrix-client-schildichat/tasks/setup_uninstall.yml b/roles/custom/matrix-client-schildichat/tasks/setup_uninstall.yml new file mode 100644 index 00000000..f752ba30 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-client-schildichat.service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service" + register: matrix_client_schildichat_service_stat + +- when: matrix_client_schildichat_service_stat.stat.exists | bool + block: + - name: Ensure matrix-client-schildichat is stopped + ansible.builtin.service: + name: matrix-client-schildichat + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-client-schildichat.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service" + state: absent + + - name: Ensure schildichat path doesn't exist + ansible.builtin.file: + path: "{{ matrix_client_schildichat_data_path }}" + state: absent diff --git a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml new file mode 100644 index 00000000..b3b57f23 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml @@ -0,0 +1,64 @@ +--- + +- name: Fail if required schildichat settings not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item }}`) for using schildichat. + when: "vars[item] == ''" + with_items: + - "matrix_client_schildichat_default_hs_url" + +- name: Fail if schildichat location sharing enabled, but no tile server defined + ansible.builtin.fail: + msg: >- + You need to define at least one map tile server in matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles list + when: + - matrix_client_schildichat_location_sharing_enabled | bool + - matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles | length == 0 + +- name: (Deprecation) Catch and report riot-web variables + ansible.builtin.fail: + msg: >- + Riot has been renamed to schildichat (https://schildichat.io/blog/welcome-to-schildichat/). + The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names. + Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`). + Also note that DNS configuration changes may be necessary. + when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict" + with_items: + - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_schildichat_.*'} + +- name: (Deprecation) Catch and report renamed schildichat-web settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_client_schildichat_showLabsSettings', 'new': 'matrix_client_schildichat_show_lab_settings'} + - {'old': 'matrix_client_schildichat_permalinkPrefix', 'new': 'matrix_client_schildichat_permalink_prefix'} + - {'old': 'matrix_client_schildichat_roomdir_servers', 'new': 'matrix_client_schildichat_room_directory_servers'} + - {'old': 'matrix_client_schildichat_settingDefaults_custom_themes', 'new': 'matrix_client_schildichat_setting_defaults_custom_themes'} + - {'old': 'matrix_client_schildichat_branding_authFooterLinks', 'new': 'matrix_client_schildichat_branding_auth_footer_links'} + - {'old': 'matrix_client_schildichat_branding_authHeaderLogoUrl', 'new': 'matrix_client_schildichat_branding_auth_header_logo_url'} + - {'old': 'matrix_client_schildichat_branding_welcomeBackgroundUrl', 'new': 'matrix_client_schildichat_branding_welcome_background_url'} + - {'old': 'matrix_client_schildichat_jitsi_preferredDomain', 'new': 'matrix_client_schildichat_jitsi_preferred_domain'} + +- when: matrix_client_schildichat_container_labels_traefik_enabled | bool + block: + - name: Fail if required matrix-client-schildichat Traefik settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_client_schildichat_container_labels_traefik_hostname + - matrix_client_schildichat_container_labels_traefik_path_prefix + + # We ensure it doesn't end with a slash, because we handle both (slash and no-slash). + # Knowing that `matrix_client_schildichat_container_labels_traefik_path_prefix` does not end with a slash + # ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere. + - name: Fail if matrix_client_schildichat_container_labels_traefik_path_prefix ends with a slash + ansible.builtin.fail: + msg: >- + matrix_client_schildichat_container_labels_traefik_path_prefix (`{{ matrix_client_schildichat_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/schildichat`). + when: "matrix_client_schildichat_container_labels_traefik_path_prefix != '/' and matrix_client_schildichat_container_labels_traefik_path_prefix[-1] == '/'" diff --git a/roles/custom/matrix-client-schildichat/templates/config.json.j2 b/roles/custom/matrix-client-schildichat/templates/config.json.j2 new file mode 100644 index 00000000..fcf60f5d --- /dev/null +++ b/roles/custom/matrix-client-schildichat/templates/config.json.j2 @@ -0,0 +1,49 @@ +{ + "default_server_config": { + "m.homeserver": { + "base_url": {{ matrix_client_schildichat_default_hs_url | string | to_json }}, + "server_name": {{ matrix_client_schildichat_default_server_name | string | to_json }} + }, + "m.identity_server": { + "base_url": {{ matrix_client_schildichat_default_is_url | string | to_json }} + } + }, + "setting_defaults": { + "custom_themes": {{ matrix_client_schildichat_setting_defaults_custom_themes | to_json }} + }, + "default_theme": {{ matrix_client_schildichat_default_theme | string | to_json }}, + "default_country_code": {{ matrix_client_schildichat_default_country_code | string | to_json }}, + "permalink_prefix": {{ matrix_client_schildichat_permalink_prefix | string | to_json }}, + "disable_custom_urls": {{ matrix_client_schildichat_disable_custom_urls | to_json }}, + "disable_guests": {{ matrix_client_schildichat_disable_guests | to_json }}, + "brand": {{ matrix_client_schildichat_brand | to_json }}, + "integrations_ui_url": {{ matrix_client_schildichat_integrations_ui_url | string | to_json }}, + "integrations_rest_url": {{ matrix_client_schildichat_integrations_rest_url | string | to_json }}, + "integrations_widgets_urls": {{ matrix_client_schildichat_integrations_widgets_urls | to_json }}, + "integrations_jitsi_widget_url": {{ matrix_client_schildichat_integrations_jitsi_widget_url | string | to_json }}, + "bug_report_endpoint_url": {{ matrix_client_schildichat_bug_report_endpoint_url | to_json }}, + "show_labs_settings": {{ matrix_client_schildichat_show_lab_settings | to_json }}, + "room_directory": { + "servers": {{ matrix_client_schildichat_room_directory_servers | to_json }} + }, + "welcome_user_id": {{ matrix_client_schildichat_welcome_user_id | to_json }}, + {% if matrix_client_schildichat_enable_presence_by_hs_url is not none %} + "enable_presence_by_hs_url": {{ matrix_client_schildichat_enable_presence_by_hs_url | to_json }}, + {% endif %} + "embedded_pages": { + "homeUrl": {{ matrix_client_schildichat_embedded_pages_home_url | string | to_json }} + }, + {% if matrix_client_schildichat_jitsi_preferred_domain %} + "jitsi": { + "preferred_domain": {{ matrix_client_schildichat_jitsi_preferred_domain | to_json }} + }, + {% endif %} + {% if matrix_client_schildichat_location_sharing_enabled %} + "map_style_url": "https://{{ matrix_server_fqn_schildichat }}/map_style.json", + {% endif %} + "branding": { + "auth_footer_links": {{ matrix_client_schildichat_branding_auth_footer_links | to_json }}, + "auth_header_logo_url": {{ matrix_client_schildichat_branding_auth_header_logo_url | to_json }}, + "welcome_background_url": {{ matrix_client_schildichat_branding_welcome_background_url | to_json }} + } +} diff --git a/roles/custom/matrix-client-schildichat/templates/labels.j2 b/roles/custom/matrix-client-schildichat/templates/labels.j2 new file mode 100644 index 00000000..85e27982 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/templates/labels.j2 @@ -0,0 +1,45 @@ +{% if matrix_client_schildichat_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_client_schildichat_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_client_schildichat_container_labels_traefik_docker_network }} +{% endif %} + +{% set middlewares = [] %} + +{% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-client-schildichat-slashless-redirect.redirectregex.regex=({{ matrix_client_schildichat_container_labels_traefik_path_prefix | quote }})$ +traefik.http.middlewares.matrix-client-schildichat-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-client-schildichat-slashless-redirect'] %} +{% endif %} + +{% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-client-schildichat-strip-prefix.stripprefix.prefixes={{ matrix_client_schildichat_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-client-schildichat-strip-prefix'] %} +{% endif %} + +{% if matrix_client_schildichat_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_client_schildichat_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-client-schildichat-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-client-schildichat-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-client-schildichat.rule={{ matrix_client_schildichat_container_labels_traefik_rule }} +{% if matrix_client_schildichat_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-client-schildichat.priority={{ matrix_client_schildichat_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-client-schildichat.service=matrix-client-schildichat +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-client-schildichat.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-client-schildichat.entrypoints={{ matrix_client_schildichat_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-client-schildichat.tls={{ matrix_client_schildichat_container_labels_traefik_tls | to_json }} +{% if matrix_client_schildichat_container_labels_traefik_tls %} +traefik.http.routers.matrix-client-schildichat.tls.certResolver={{ matrix_client_schildichat_container_labels_traefik_tls_certResolver }} +{% endif %} + +traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080 +{% endif %} + +{{ matrix_client_schildichat_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-schildichat/templates/map_style.json.j2 b/roles/custom/matrix-client-schildichat/templates/map_style.json.j2 new file mode 100644 index 00000000..5889e0eb --- /dev/null +++ b/roles/custom/matrix-client-schildichat/templates/map_style.json.j2 @@ -0,0 +1,18 @@ +{ + "layers": [ + { + "id": "locallayer", + "source": "localsource", + "type": "raster" + } + ], + "sources": { + "localsource": { + "attribution": {{ matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution|to_json }}, + "tileSize": 256, + "tiles": {{ matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles|to_json }}, + "type": "raster" + } + }, + "version": 8 +} diff --git a/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 new file mode 100644 index 00000000..b222d886 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 @@ -0,0 +1,57 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix schildichat server +{% for service in matrix_client_schildichat_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-client-schildichat \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_client_schildichat_container_network }} \ + {% if matrix_client_schildichat_container_http_host_bind_port %} + -p {{ matrix_client_schildichat_container_http_host_bind_port }}:8080 \ + {% endif %} + --label-file={{ matrix_client_schildichat_data_path }}/labels \ + --tmpfs=/tmp:rw,noexec,nosuid,size=10m \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/app/config.json,ro \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_schildichat }}.json,ro \ + {% if matrix_client_schildichat_location_sharing_enabled %} + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/map_style.json,dst=/app/map_style.json,ro \ + {% endif %} + {% if matrix_client_schildichat_embedded_pages_home_path is not none %} + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/home.html,dst=/app/home.html,ro \ + {% endif %} + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/welcome.html,dst=/app/welcome.html,ro \ + {% for arg in matrix_client_schildichat_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_client_schildichat_docker_image }} + +{% for network in matrix_client_schildichat_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-client-schildichat +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-schildichat + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true' + +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-client-schildichat + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-client-schildichat/templates/welcome.html.j2 b/roles/custom/matrix-client-schildichat/templates/welcome.html.j2 new file mode 100644 index 00000000..f5b22b64 --- /dev/null +++ b/roles/custom/matrix-client-schildichat/templates/welcome.html.j2 @@ -0,0 +1,205 @@ +#jinja2: lstrip_blocks: "True" + + +
+ + + +

{{ matrix_client_schildichat_welcome_headline }}

+

{{ matrix_client_schildichat_welcome_text }}

+
+
+ +
_t("Sign In")
+ +{% if matrix_client_schildichat_registration_enabled %} + +
_t("Create Account")
+ +{% endif %} +
+{% if matrix_client_schildichat_disable_guests != true %} + + +
+ +
+ +{% endif %} +
+
diff --git a/roles/custom/matrix-client-schildichat/vars/main.yml b/roles/custom/matrix-client-schildichat/vars/main.yml new file mode 100644 index 00000000..bbd0d3dd --- /dev/null +++ b/roles/custom/matrix-client-schildichat/vars/main.yml @@ -0,0 +1,3 @@ +--- + +matrix_client_schildichat_embedded_pages_home_url: "{{ ('' if matrix_client_schildichat_embedded_pages_home_path is none else 'home.html') }}" diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index eae9e61b..b67140ba 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -212,6 +212,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}" matrix_nginx_proxy_proxy_cinny_enabled: false matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}" +# Controls whether proxying the schildichat domain should be done. +matrix_nginx_proxy_proxy_schildichat_enabled: false +matrix_nginx_proxy_proxy_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}" + # Controls whether proxying the buscarron domain should be done. matrix_nginx_proxy_proxy_buscarron_enabled: false matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}" @@ -421,6 +425,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf). matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to schildichat's server configuration (matrix-client-schildichat.conf). +matrix_nginx_proxy_proxy_schildichat_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf). matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 2c54d675..600a3f08 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -115,6 +115,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_cinny_enabled | bool +- name: Ensure Matrix nginx-proxy configuration for schildichat domain exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-schildichat.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-schildichat.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_schildichat_enabled | bool + - name: Ensure Matrix nginx-proxy configuration for buscarron domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-schildichat.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-schildichat.conf.j2 new file mode 100644 index 00000000..4919eb9e --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-schildichat.conf.j2 @@ -0,0 +1,106 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Frame-Options SAMEORIGIN; + add_header Content-Security-Policy "frame-ancestors 'self'"; + + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + + {% for configuration_block in matrix_nginx_proxy_proxy_schildichat_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-client-schildichat:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8765; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + + server_name {{ matrix_nginx_proxy_proxy_schildichat_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_schildichat_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} From b657117beb5772fa96cb9e73940c495fddafa725 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 30 Aug 2023 23:03:33 +0300 Subject: [PATCH 128/340] schildichat fixes --- .../custom/matrix-client-schildichat/defaults/main.yml | 2 +- .../systemd/matrix-client-schildichat.service.j2 | 10 +++++----- setup.yml | 1 + 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index a61d2cd6..e446e755 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -154,7 +154,7 @@ matrix_client_schildichat_welcome_user_id: ~ matrix_client_schildichat_brand: "schildichat" # URL to Logo on welcome page -matrix_client_schildichat_welcome_logo: "themes/schildichat/img/logos/schildichat-logo.svg" +matrix_client_schildichat_welcome_logo: "themes/element/img/logos/element-logo.svg" # URL of link on welcome image matrix_client_schildichat_welcome_logo_link: "https://schildi.chat" diff --git a/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 index b222d886..8905f1ed 100644 --- a/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 +++ b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 @@ -26,15 +26,15 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ {% endif %} --label-file={{ matrix_client_schildichat_data_path }}/labels \ --tmpfs=/tmp:rw,noexec,nosuid,size=10m \ - --mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/app/config.json,ro \ - --mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_schildichat }}.json,ro \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/usr/share/nginx/html/config.json,ro \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/usr/share/nginx/html/config.{{ matrix_server_fqn_schildichat }}.json,ro \ {% if matrix_client_schildichat_location_sharing_enabled %} - --mount type=bind,src={{ matrix_client_schildichat_data_path }}/map_style.json,dst=/app/map_style.json,ro \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/map_style.json,dst=/usr/share/nginx/html/map_style.json,ro \ {% endif %} {% if matrix_client_schildichat_embedded_pages_home_path is not none %} - --mount type=bind,src={{ matrix_client_schildichat_data_path }}/home.html,dst=/app/home.html,ro \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/home.html,dst=/usr/share/nginx/html/home.html,ro \ {% endif %} - --mount type=bind,src={{ matrix_client_schildichat_data_path }}/welcome.html,dst=/app/welcome.html,ro \ + --mount type=bind,src={{ matrix_client_schildichat_data_path }}/welcome.html,dst=/usr/share/nginx/html/welcome.html,ro \ {% for arg in matrix_client_schildichat_container_extra_arguments %} {{ arg }} \ {% endfor %} diff --git a/setup.yml b/setup.yml index 0c324700..8c58b74e 100644 --- a/setup.yml +++ b/setup.yml @@ -102,6 +102,7 @@ - custom/matrix-client-element - custom/matrix-client-hydrogen - custom/matrix-client-cinny + - custom/matrix-client-schildichat - galaxy/jitsi - custom/matrix-user-verification-service - custom/matrix-ldap-registration-proxy From f37010734413ddff35f17209d672df3dae9cb44e Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 31 Aug 2023 11:22:09 +0300 Subject: [PATCH 129/340] cleanup schildichat a bit --- ...configuring-playbook-client-schildichat.md | 10 +++---- .../tasks/validate_config.yml | 27 ------------------- 2 files changed, 5 insertions(+), 32 deletions(-) diff --git a/docs/configuring-playbook-client-schildichat.md b/docs/configuring-playbook-client-schildichat.md index 9b9e5ca6..53d7c9c1 100644 --- a/docs/configuring-playbook-client-schildichat.md +++ b/docs/configuring-playbook-client-schildichat.md @@ -1,18 +1,18 @@ -# Configuring schildichat (optional) +# Configuring SchildiChat (optional) -By default, this playbook does not install the [schildichat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application. +By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application. -## Enabling schildichat +## Enabling SchildiChat -If you'd like for the playbook to install schildichat, you can enable it in your configuration file (`inventory/host_vars/matrix./vars.yml`): +If you'd like for the playbook to install SchildiChat, you can enable it in your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml matrix_client_schildichat_enabled: true ``` -## Configuring schildichat settings +## Configuring SchildiChat settings The playbook provides some customization variables you could use to change schildichat's settings. diff --git a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml index b3b57f23..f0162645 100644 --- a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml +++ b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml @@ -16,33 +16,6 @@ - matrix_client_schildichat_location_sharing_enabled | bool - matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles | length == 0 -- name: (Deprecation) Catch and report riot-web variables - ansible.builtin.fail: - msg: >- - Riot has been renamed to schildichat (https://schildichat.io/blog/welcome-to-schildichat/). - The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names. - Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`). - Also note that DNS configuration changes may be necessary. - when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict" - with_items: - - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_schildichat_.*'} - -- name: (Deprecation) Catch and report renamed schildichat-web settings - ansible.builtin.fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_client_schildichat_showLabsSettings', 'new': 'matrix_client_schildichat_show_lab_settings'} - - {'old': 'matrix_client_schildichat_permalinkPrefix', 'new': 'matrix_client_schildichat_permalink_prefix'} - - {'old': 'matrix_client_schildichat_roomdir_servers', 'new': 'matrix_client_schildichat_room_directory_servers'} - - {'old': 'matrix_client_schildichat_settingDefaults_custom_themes', 'new': 'matrix_client_schildichat_setting_defaults_custom_themes'} - - {'old': 'matrix_client_schildichat_branding_authFooterLinks', 'new': 'matrix_client_schildichat_branding_auth_footer_links'} - - {'old': 'matrix_client_schildichat_branding_authHeaderLogoUrl', 'new': 'matrix_client_schildichat_branding_auth_header_logo_url'} - - {'old': 'matrix_client_schildichat_branding_welcomeBackgroundUrl', 'new': 'matrix_client_schildichat_branding_welcome_background_url'} - - {'old': 'matrix_client_schildichat_jitsi_preferredDomain', 'new': 'matrix_client_schildichat_jitsi_preferred_domain'} - - when: matrix_client_schildichat_container_labels_traefik_enabled | bool block: - name: Fail if required matrix-client-schildichat Traefik settings not defined From b70081b4e911bd3615f998242c788ec38a5a920b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 31 Aug 2023 13:34:42 +0300 Subject: [PATCH 130/340] fix schildichat link in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 003be474..fdec1c5f 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ Web clients for matrix that you can host on your own domains. | [Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) | | [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) | | [Cinny](https://github.com/ajbura/cinny) | x | Web client | [Link](docs/configuring-playbook-client-cinny.md) | -| [SchildiChat](https://schildichat.io/) | x | Web client | [Link](docs/configuring-playbook-client-schildichat.md) | +| [SchildiChat](https://schildi.chat/) | x | Web client | [Link](docs/configuring-playbook-client-schildichat.md) | From 99822c77faa48494f6f389ec3e3d6bd901c8163c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 31 Aug 2023 13:42:34 +0300 Subject: [PATCH 131/340] Announce SchildiChat Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2851 --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-client-schildichat.md | 2 ++ docs/configuring-playbook.md | 2 ++ 3 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 587e4761..5a63b6d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-08-31 + +## SchildiChat support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) client. + +See our [Configuring SchildiChat](docs/configuring-playbook-client-schildichat.md) documentation to get started. + + # 2023-08-23 ## mautrix-wsproxy support diff --git a/docs/configuring-playbook-client-schildichat.md b/docs/configuring-playbook-client-schildichat.md index 53d7c9c1..eeab99a7 100644 --- a/docs/configuring-playbook-client-schildichat.md +++ b/docs/configuring-playbook-client-schildichat.md @@ -2,6 +2,8 @@ By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application. +**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2023-08-31), SchildiChat is 10 releases behind (it being based on element-web `v1.11.30`, while element-web is now on `v1.11.40`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk! + ## Enabling SchildiChat diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 4da62545..d4195c58 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -82,6 +82,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional) +- [Setting up SchildiChat](configuring-playbook-client-schildichat.md) - a web client based on [Element](https://element.io/) with some extras and tweaks (optional) + ### Authentication and user-related From 12f316405b98595798e779f895c643fa4643ef4d Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 31 Aug 2023 19:32:57 +0300 Subject: [PATCH 132/340] make synapse even more quiet --- roles/custom/matrix-synapse/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 67f99244..9541569c 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -445,12 +445,15 @@ matrix_synapse_additional_loggers_auto: # Related to: # - https://github.com/matrix-org/synapse/issues/16208 # - https://github.com/matrix-org/synapse/issues/16101 + # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2853 - name: synapse.http.matrixfederationclient level: CRITICAL - name: synapse.federation.sender.per_destination_queue level: CRITICAL - name: synapse.handlers.device level: CRITICAL + - name: synapse.replication.tcp.handler + level: CRITICAL matrix_synapse_additional_loggers_custom: [] From e943a691f9495215a35bab601e14a8f4baf640d4 Mon Sep 17 00:00:00 2001 From: Array in a Matrix Date: Thu, 31 Aug 2023 13:59:24 -0400 Subject: [PATCH 133/340] Added SchildiChat DNS record --- docs/configuring-dns.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 86253458..5b9464fe 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -42,6 +42,7 @@ When you're done configuring DNS, proceed to [Configuring the playbook](configur | [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.` | | [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | | [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | +| [SchildiChat](configuring-playbook-client-schildichat.md) web client | CNAME | `schildichat` | - | - | - | `matrix.` | | [wsproxy](configuring-playbook-bridge-mautrix-wsproxy.md) sms bridge | CNAME | `wsproxy` | - | - | - | `matrix.` | | [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | From 8b9143a1e512e44242a5b6f225b5ec129b756dda Mon Sep 17 00:00:00 2001 From: Array in a Matrix Date: Thu, 31 Aug 2023 14:49:06 -0400 Subject: [PATCH 134/340] Add more descriptive description --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fdec1c5f..30102d70 100644 --- a/README.md +++ b/README.md @@ -48,9 +48,9 @@ Web clients for matrix that you can host on your own domains. | Name | Default? | Description | Documentation | | ---- | -------- | ----------- | ------------- | | [Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) | -| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) | -| [Cinny](https://github.com/ajbura/cinny) | x | Web client | [Link](docs/configuring-playbook-client-cinny.md) | -| [SchildiChat](https://schildi.chat/) | x | Web client | [Link](docs/configuring-playbook-client-schildichat.md) | +| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Lightweight matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) | +| [Cinny](https://github.com/ajbura/cinny) | x | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) | +| [SchildiChat](https://schildi.chat/) | x | Based on Element, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat.md) | From 7322e3bfb5d86fc1daa4d7c3fe13959c81f4e0c7 Mon Sep 17 00:00:00 2001 From: Array in a Matrix Date: Thu, 31 Aug 2023 14:59:38 -0400 Subject: [PATCH 135/340] Improve bridge descriptions --- README.md | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 30102d70..2a8b54ca 100644 --- a/README.md +++ b/README.md @@ -101,33 +101,33 @@ Bridges can be used to connect your matrix installation with third-party communi | Name | Default? | Description | Documentation | | ---- | -------- | ----------- | ------------- | -| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | -| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) | -| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) | -| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge for bridging your Matrix server to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) | -| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | -| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) | -| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) | -| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) | -| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) | -| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge for bridging your Matrix server to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) | -| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge for bridging your Matrix server to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) | -| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) | -| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) | -| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge for bridging your Matrix server to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) | -| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) | +| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | +| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) | +| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) | +| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) | +| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | +| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) | +| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) | +| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) | +| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) | +| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) | +| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) | +| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) | +| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) | +| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) | +| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) | | [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) | x | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) | [Link](docs/configuring-playbook-bridge-appservice-webhooks.md) | -| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) | -| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge for bridging your Matrix server to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) | -| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bridge for bridging your Matrix server to IRC bouncer-style | [Link](docs/configuring-playbook-bridge-heisenbridge.md) | -| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge for bridging your Matrix server to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) | -| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) | +| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) | +| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) | +| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-heisenbridge.md) | +| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) | +| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) | | [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | x | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) | | [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | x | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) | -| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge for [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) | -| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge for [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) | -| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge for [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) | -| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying email messages to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) | +| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) | +| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) | +| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) | +| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying emails to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) | ### Bots From efd7f4b3b8c6abc50ad8f9e69eff66b9ebd3719f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 31 Aug 2023 23:20:13 +0300 Subject: [PATCH 136/340] Update borg v1.2.4 -> v1.2.5 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cfbead11..52d358ab 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.8.2-0 + version: v1.2.5-1.8.2-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 35294046b49a290c6cf83c77fa96b18c88b51c0c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Sep 2023 12:02:57 +0300 Subject: [PATCH 137/340] Do not enable SchildiChat by default Related to #2851 Fixes #2861 --- group_vars/matrix_servers | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1e30a8f8..af405115 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3498,9 +3498,7 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbo # ###################################################################### -# By default, this playbook installs the schildichat web UI on the `matrix_server_fqn_schildichat` domain. -# If you wish to connect to your Matrix server by other means, you may wish to disable this. -matrix_client_schildichat_enabled: true +matrix_client_schildichat_enabled: false matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" From b8b166f5947618908c0846ab8816cfb58dcd2bc8 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 1 Sep 2023 13:46:18 +0300 Subject: [PATCH 138/340] Update grafana 10.1.0 -> 10.1.1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 52d358ab..4dcce5ad 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.0-0 + version: v10.1.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-2 name: jitsi From 5d61a73facd5f9b61f8096182b08170eaef852ca Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 1 Sep 2023 13:47:18 +0300 Subject: [PATCH 139/340] Update sliding-sync 0.99.7 -> 0.99.8 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index c3c15da2..a46c1716 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.7 +matrix_sliding_sync_version: v0.99.8 matrix_sliding_sync_scheme: https From ccaae4d5b7719228c7e8fc22f573c773ce7123da Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 1 Sep 2023 18:38:42 +0300 Subject: [PATCH 140/340] Update honoroit 0.9.18 -> 0.9.19 --- roles/custom/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 788b8066..fa852fb8 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -20,7 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.18 +matrix_bot_honoroit_version: v0.9.19 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From f4829d69887c6332bfb1c2ba8dd153f611ef09ef Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 4 Sep 2023 15:23:21 +0300 Subject: [PATCH 141/340] Upgrade Hydrogen (v0.4.0 -> v0.4.1) --- roles/custom/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index de16c8b6..46421f8d 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: false matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.4.0 +matrix_client_hydrogen_version: v0.4.1 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From ea7a55b7ddfcfd66dc328e9e0269ae78e83079cf Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 4 Sep 2023 18:07:17 +0300 Subject: [PATCH 142/340] Update synapse 1.91.0 -> 1.91.1 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 9541569c..d1069191 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.91.0 +matrix_synapse_version: v1.91.1 matrix_synapse_username: '' matrix_synapse_uid: '' From 34937061a2660198c601400edb7382c8f2fd4db4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 4 Sep 2023 18:11:22 +0300 Subject: [PATCH 143/340] Update jitsi v8615 -> v8922 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 4dcce5ad..116f1c82 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8615-2 + version: v8922-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From f5b6d3337b25db2fcefb8f145624a3764887f894 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 16:05:31 +0000 Subject: [PATCH 144/340] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index f38ae352..d10ebec5 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run yamllint uses: frenck/action-yamllint@v1.4.1 ansible-lint: @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run ansible-lint uses: ansible-community/ansible-lint-action@v6.17.0 with: From c260309625964828eef4e990071c64ca55e8847d Mon Sep 17 00:00:00 2001 From: saces Date: Tue, 5 Sep 2023 20:29:28 +0200 Subject: [PATCH 145/340] update defaults for new tools container Signed-off-by: saces --- roles/custom/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index d1069191..5bc7aa38 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -1008,9 +1008,9 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-compress-state:latest" +matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-tools:stable" matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/" -matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" +matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':stable') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" From 2c2564805176509fb1a7d1eb2fca54b0c2d3fd65 Mon Sep 17 00:00:00 2001 From: saces Date: Tue, 5 Sep 2023 22:35:01 +0200 Subject: [PATCH 146/340] change image tag to version Signed-off-by: saces --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 5bc7aa38..8c6855e4 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -1008,7 +1008,7 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-tools:stable" +matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-tools:v0.0.1" matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/" matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':stable') }}" From 2000e61d316c76986db5bdb5819d2d8cba548c69 Mon Sep 17 00:00:00 2001 From: saces Date: Tue, 5 Sep 2023 23:26:30 +0200 Subject: [PATCH 147/340] force pull booth on :stable and :latest --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 8c6855e4..5b9dfdb3 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -1010,7 +1010,7 @@ matrix_synapse_user_ips_max_age: 28d matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-tools:v0.0.1" matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/" -matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':stable') }}" +matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':stable') or matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" From d72b74071d2b08545bad65fc8752fd26fc681b75 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 6 Sep 2023 13:32:49 +0300 Subject: [PATCH 148/340] Update prometheus 2.45.0 -> 2.47.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 116f1c82..040753d3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,7 +42,7 @@ - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.45.0-1 + version: v2.47.0-0 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.1-0 From b5be7672c567f85e6a3fac4ec29221063bab0b72 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 6 Sep 2023 14:21:42 +0300 Subject: [PATCH 149/340] enable etherpad framing by default - it's meant to be embedded --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 040753d3..0f611c79 100644 --- a/requirements.yml +++ b/requirements.yml @@ -30,7 +30,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.2-0 + version: v1.9.2-1 - src: git+https://github.com/geerlingguy/ansible-role-docker version: 6.2.0 name: geerlingguy.docker From d0f602b5e93ac9f2fb4ca6e5bf5dcf82426341e0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 6 Sep 2023 20:40:50 +0300 Subject: [PATCH 150/340] Update sliding-sync 0.99.8 -> 0.99.9 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index a46c1716..b07b1b90 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.8 +matrix_sliding_sync_version: v0.99.9 matrix_sliding_sync_scheme: https From 6f9dee867ce510bc56a3e5727d56a700ad041843 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 6 Sep 2023 20:41:29 +0300 Subject: [PATCH 151/340] Update synapse 1.91.1 -> 1.91.2 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 5b9dfdb3..404a9585 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.91.1 +matrix_synapse_version: v1.91.2 matrix_synapse_username: '' matrix_synapse_uid: '' From faef601f0d77d27559315c02f4896d7adfc78992 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 7 Sep 2023 16:29:07 +0300 Subject: [PATCH 152/340] Update sliding-sync 0.99.9 -> 0.99.10 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index b07b1b90..73e794c2 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.9 +matrix_sliding_sync_version: v0.99.10 matrix_sliding_sync_scheme: https From 6f7cdd2f713ed561523e56eaeefc82d423f50c5d Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 7 Sep 2023 19:08:33 +0200 Subject: [PATCH 153/340] Change Draupnir Repo to New Repo Draupnir changed home from Gnuxie/Draupnir to the-draupnir-project/Draupnir and this commit reflects this. --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index b7e56c34..5767bce3 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_draupnir_enabled: true matrix_bot_draupnir_version: "v1.84.0" matrix_bot_draupnir_container_image_self_build: false -matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git" +matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}" matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}" From 7ee720f138504caddb51b208b1a6161710e5721b Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 7 Sep 2023 19:19:11 +0200 Subject: [PATCH 154/340] Update Draupnir from 1.84.0 to 1.85.0 and update default configuration --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 12 +++++++++++- .../matrix-bot-draupnir/templates/production.yaml.j2 | 10 ++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 5767bce3..739a18c6 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_version: "v1.84.0" +matrix_bot_draupnir_version: "v1.85.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" @@ -36,6 +36,16 @@ matrix_bot_draupnir_access_token: "" # Note: draupnir is fairly verbose - expect a lot of messages from it. matrix_bot_draupnir_management_room: "" +# Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot. +# This setting is described the following way in the Configuration. +# +# Whether or not Draupnir should apply `m.room.server_acl` events. +# DO NOT change this to `true` unless you are very confident that you know what you are doing. +# +# Please follow the advice of upstream and only change this value if you know what your doing. +# Its Exposed here because its common enough to be valid to expose. +matrix_bot_draupnir_disable_server_acl: "false" + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 95acbd35..36488a11 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -51,9 +51,11 @@ recordIgnoredInvites: false # (see verboseLogging to adjust this a bit.) managementRoom: "{{ matrix_bot_draupnir_management_room }}" +# Deprecated and will be removed in a future version. +# Running with verboseLogging is unsupported. # Whether Draupnir should log a lot more messages in the room, -# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room. -verboseLogging: false +# mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room. +#verboseLogging: false # The log level of terminal (or container) output, # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. @@ -73,6 +75,10 @@ verifyPermissionsOnStartup: true # turn on to trial some untrusted configuration or lists. noop: false +# Whether or not Draupnir should apply `m.room.server_acl` events. +# DO NOT change this to `true` unless you are very confident that you know what you are doing. +disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}" + # Whether Draupnir should check member lists quicker (by using a different endpoint), # keep in mind that enabling this will miss invited (but not joined) users. # From 2f6829e6d72d0baeb335257a688847433ab3bae7 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 7 Sep 2023 19:33:25 +0200 Subject: [PATCH 155/340] Replace links to Gnuxie/Draupnir with the-draupnir-project/Draupnir Draupnir moved its repo on github from the namespace of its maintainer Gnuxie to a newly created Github Organisation the-draupnir-project and this commit reflects this. --- CHANGELOG.md | 2 +- README.md | 2 +- docs/configuring-playbook-bot-draupnir.md | 6 +++--- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a63b6d3..2430fa99 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -405,7 +405,7 @@ Additional details are available in the [Authenticate using Matrix OpenID (Auth- ## Draupnir moderation tool (bot) support -Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/Gnuxie/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer. +Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer. Additional details are available in [Setting up Draupnir](docs/configuring-playbook-bot-draupnir.md). diff --git a/README.md b/README.md index 2a8b54ca..42f540c7 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ Bots provide various additional functionality to your installation. | [Postmoogle](https://gitlab.com/etke.cc/postmoogle) | x | Email to matrix bot | [Link](docs/configuring-playbook-bot-postmoogle.md) | | [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) | | [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) | -| [Draupnir](https://github.com/Gnuxie/Draupnir) | x | A moderation tool for Matrix (Fork of Mjolnir) | [Link](docs/configuring-playbook-bot-draupnir.md) | +| [Draupnir](https://github.com/the-draupnir-project/Draupnir) | x | A moderation tool for Matrix (Fork of Mjolnir) | [Link](docs/configuring-playbook-bot-draupnir.md) | | [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) | | [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) | x | ChatGPT from matrix | [Link](docs/configuring-playbook-bot-chatgpt.md) | diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 23fa644f..f60b777c 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -1,8 +1,8 @@ # Setting up draupnir (optional) -The playbook can install and configure the [draupnir](https://github.com/Gnuxie/Draupnir) moderation bot for you. +The playbook can install and configure the [draupnir](https://github.com/the-draupnir-project/Draupnir) moderation bot for you. -See the project's [documentation](https://github.com/Gnuxie/Draupnir) to learn what it does and why it might be useful to you. +See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you. If your migrating from Mjolnir skip to step 5b. @@ -77,7 +77,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -You can refer to the upstream [documentation](https://github.com/Gnuxie/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. +You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 739a18c6..215c3c0f 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -1,6 +1,6 @@ --- # A moderation tool for Matrix -# Project source code URL: https://github.com/Gnuxie/Draupnir +# Project source code URL: https://github.com/the-draupnir-project/Draupnir matrix_bot_draupnir_enabled: true From a9ece0c55a31ca9be6553f0942987e2c7e0ce9c7 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 7 Sep 2023 19:36:49 +0200 Subject: [PATCH 156/340] Remove trailing spaces making linter unhappy --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 215c3c0f..db5da287 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -37,14 +37,14 @@ matrix_bot_draupnir_access_token: "" matrix_bot_draupnir_management_room: "" # Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot. -# This setting is described the following way in the Configuration. +# This setting is described the following way in the Configuration. # # Whether or not Draupnir should apply `m.room.server_acl` events. # DO NOT change this to `true` unless you are very confident that you know what you are doing. # # Please follow the advice of upstream and only change this value if you know what your doing. # Its Exposed here because its common enough to be valid to expose. -matrix_bot_draupnir_disable_server_acl: "false" +matrix_bot_draupnir_disable_server_acl: "false" # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. From d210b3b48fdf9913ef967e901c630a3fd9505d94 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Sat, 9 Sep 2023 19:07:34 -0400 Subject: [PATCH 157/340] Fix mautrix-gmessages branch --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 8d5ce244..4050544c 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -6,7 +6,7 @@ matrix_mautrix_gmessages_enabled: true matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" -matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" +matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_version: v0.1.0 # See: https://mau.dev/mautrix/gmessages/container_registry From 636aed09164ebd186aad3236a968a4208b4f01bc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 12 Sep 2023 12:18:58 +0300 Subject: [PATCH 158/340] Upgrade Postgres (minor versions upgrade) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0f611c79..a4af2534 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v15.3-0 + version: v15.4-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 1c847c514425b89344a3bb1ede26d4f088261a9b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 12 Sep 2023 12:35:42 +0300 Subject: [PATCH 159/340] Upgrade Postgres (v15.4-0 -> v15.4-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index a4af2534..fa940d9d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v15.4-0 + version: v15.4-1 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From c7c1acc3f38785bc443a7493f97f5330389d7029 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Tue, 12 Sep 2023 15:42:31 +0200 Subject: [PATCH 160/340] Update Draupnir from 1.85.0 to 1.85.1 --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index db5da287..ae65b4ff 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_version: "v1.85.0" +matrix_bot_draupnir_version: "v1.85.1" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" From 963e97214b5378fe5b5bf07336ada7f188b92fe3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 12 Sep 2023 18:31:07 +0300 Subject: [PATCH 161/340] Upgrade Synapse (v1.91.2 -> v1.92.1) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 404a9585..9b62bc53 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.91.2 +matrix_synapse_version: v1.92.1 matrix_synapse_username: '' matrix_synapse_uid: '' From ef90142720d9f49bb462f6536a93255637f75992 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 12 Sep 2023 18:31:38 +0300 Subject: [PATCH 162/340] Handle /notifications endpoint via workers Related to https://github.com/matrix-org/synapse/pull/16265 --- roles/custom/matrix-synapse/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index a12b4401..47cbc2a0 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -170,6 +170,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) - ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ - ^/_matrix/client/(r0|v3|unstable)/capabilities$ + - ^/_matrix/client/(r0|v3|unstable)/notifications$ # Encryption requests # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri` From ca9ebcd5f23d9073791747a247c264d6d555e2d2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 12 Sep 2023 19:35:56 +0300 Subject: [PATCH 163/340] Upgrade Element (v1.11.40 -> v1.11.41) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 695a6edc..b60ddf41 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.40 +matrix_client_element_version: v1.11.41 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 020bfbd3a470360eb7b82a76032f933060a3fccc Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Sep 2023 19:46:54 +0300 Subject: [PATCH 164/340] Update jitsi v8922-0 -> v8922-1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index fa940d9d..2edf4db9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8922-0 + version: v8922-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 915a5009ac4d6421e8a7bc239c212926cdfa15ff Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 13 Sep 2023 15:43:07 +0300 Subject: [PATCH 165/340] Update Element 1.11.41 -> 1.11.42 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index b60ddf41..dae669d0 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.41 +matrix_client_element_version: v1.11.42 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 781166e8193e8087f77fed1e95510fb163530a87 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 15 Sep 2023 15:27:17 +0300 Subject: [PATCH 166/340] Update element 1.11.42 -> 1.11.43 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index dae669d0..d1e17b4e 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.42 +matrix_client_element_version: v1.11.43 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From f0e2e97aa499dc3b48b0f7eb4323c2e2f36eb1f8 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 15 Sep 2023 16:10:33 +0300 Subject: [PATCH 167/340] Update synapse 1.92.1 -> 1.92.2 (security fix) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 9b62bc53..249e8c8f 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.92.1 +matrix_synapse_version: v1.92.2 matrix_synapse_username: '' matrix_synapse_uid: '' From 581274dabb0c6572ddaa889ec1dfa453ee457dfd Mon Sep 17 00:00:00 2001 From: Array in a Matrix Date: Fri, 15 Sep 2023 11:08:15 -0400 Subject: [PATCH 168/340] Update matrix-appservice-discord --- roles/custom/matrix-bridge-appservice-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index ec194855..61462aa7 100644 --- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_appservice_discord_enabled: false matrix_appservice_discord_container_image_self_build: false -matrix_appservice_discord_version: v3.1.0 +matrix_appservice_discord_version: v4.0.0 matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}" matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" From d38bfe93e990e93befb81310e19062a443907d5b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 10:05:49 +0300 Subject: [PATCH 169/340] Upgrade Postgres (v15.4-1 -> v16.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2edf4db9..5cd6075a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v15.4-1 + version: v16.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 2376c920d88898d5be7e5b01a9fc01f6e7b70a80 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 10:08:33 +0300 Subject: [PATCH 170/340] Upgrade Postgres (v16.0-0 -> v16.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 5cd6075a..2d5a13cc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-0 + version: v16.0-1 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From a0f9b1b051588e9d405bf1d39295549e511fddf7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 10:27:50 +0300 Subject: [PATCH 171/340] Fix Schildichat config cleanup for matrix-nginx-proxy --- roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 600a3f08..338ada2f 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -288,6 +288,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_element_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for Schildichat domain deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-schildichat.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_schildichat_enabled | bool" + - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf" From e033520ce25cc4c83651697d0fce58ba013b8e06 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 11:27:52 +0300 Subject: [PATCH 172/340] Make Synapse worker systemd service files depend on matrix-synapse.service Many of these do depend on the Synapse master process (`matrix-synapse.service`), so it makes sense to do it. Furthermore, we're doing it so that one can stop the `matrix-synapse.service` service and have systemd cascade this into stopping all the workers as well. This is useful for easily stopping all of Synapse, so that Postgres upgrades (`--tags=upgrade-postgres`) can happen cleanly. Postgres upgrades currently stop `devture_postgres_systemd_services_to_stop_for_maintenance_list` which includes Synapse, but stopping just the master process and leaving workers running is not safe enough and sometimes leads to errors like: > ERROR: insert or update on table "event_forward_extremities" violates foreign key constraint "event_forward_extremities_event_id" With this dependency in place, stopping `matrix-synapse.service` will stop all Synapse processes. --- .../templates/synapse/systemd/matrix-synapse-worker.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 4a6a01b7..2441e4a8 100644 --- a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -3,6 +3,7 @@ Description=Synapse worker ({{ matrix_synapse_worker_container_name }}) AssertPathExists={{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }} After=matrix-synapse.service +Requires=matrix-synapse.service [Service] Type=simple From bff851c8583fdff51d71517ec39bcc92f8c1c1fc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 11:37:13 +0300 Subject: [PATCH 173/340] Properly stop all services when doing Postgres maintenance, not just the homeserver --- group_vars/matrix_servers | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index af405115..91fb92cf 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2959,10 +2959,7 @@ devture_postgres_gid: "{{ matrix_user_gid }}" devture_postgres_connection_username: matrix devture_postgres_db_name: matrix -devture_postgres_systemd_services_to_stop_for_maintenance_list: | - {{ - ['matrix-' + matrix_homeserver_implementation + '.service'] - }} +devture_postgres_systemd_services_to_stop_for_maintenance_list: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" devture_postgres_managed_databases_auto: | {{ From de2bd4f5ea2cfcfdf2b86a78bdc45a8c7181971a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 11:40:48 +0300 Subject: [PATCH 174/340] Upgrade Postgres (v16.0-1 -> v16.0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2d5a13cc..25c77881 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-1 + version: v16.0-2 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 5bc6ca2af5f3ec1e1ced81afb0066218f9af842e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 11:41:07 +0300 Subject: [PATCH 175/340] Switch from devture_postgres_systemd_services_to_stop_for_maintenance_list to devture_postgres_systemd_services_to_stop_for_maintenance_list_auto Only available since v16.0-2 of the Postgres role. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 91fb92cf..eaac3385 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2959,7 +2959,7 @@ devture_postgres_gid: "{{ matrix_user_gid }}" devture_postgres_connection_username: matrix devture_postgres_db_name: matrix -devture_postgres_systemd_services_to_stop_for_maintenance_list: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" +devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" devture_postgres_managed_databases_auto: | {{ From be945685246de1c6ebd0db786c0ded6cdf48b593 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 19:50:36 +0300 Subject: [PATCH 176/340] Upgrade mautrix-discord (0.6.1 -> 0.6.2) --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 36fd5fef..0f54689b 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.1 +matrix_mautrix_discord_version: v0.6.2 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From f7d0d4631cb4db41e058dc46a5eb3cc8d0c04edf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 19:51:00 +0300 Subject: [PATCH 177/340] Upgrade mautrix-gmessages (v0.1.0 -> v0.2.0) --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 4050544c..1075379d 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: v0.1.0 +matrix_mautrix_gmessages_version: v0.2.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" From 56c7c1a4bce1319b98b093160708a6a301cac9d7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Sep 2023 19:51:26 +0300 Subject: [PATCH 178/340] Upgrade mautrix-whatsapp (0.10.0 -> 0.10.1) --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9f630f51..9e38996c 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.10.0 +matrix_mautrix_whatsapp_version: v0.10.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From eefc12acc2286bb0998800cedfd4003591dbbaa9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:57:05 +0300 Subject: [PATCH 179/340] Make borgmatic container tmp dir size configurable --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 25c77881..c4c686ac 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-0 + version: v1.2.5-1.8.2-1 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 7586cecedffa9d0dd6762702d6018492664515dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Sep 2023 18:00:15 +0300 Subject: [PATCH 180/340] Upgrade Synapse (v1.92.2 -> v1.92.3) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 249e8c8f..1798934f 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.92.2 +matrix_synapse_version: v1.92.3 matrix_synapse_username: '' matrix_synapse_uid: '' From 8028a7c831b449b6525f7d8cc51e17b867c56d2e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Sep 2023 10:01:10 +0300 Subject: [PATCH 181/340] Upgrade Jitsi (v8922-1 -> v8960-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index c4c686ac..2a43ee5b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8922-1 + version: v8960-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From f2d9e0d33d54fea7d7a3b85e8ac90b4b9423cba9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 11:19:05 +0300 Subject: [PATCH 182/340] Update grafana 10.1.1 -> 10.1.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2a43ee5b..80e5c13a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.1-0 + version: v10.1.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-0 name: jitsi From d2630ccf98e045558a30538c2508c7aa5def2f9b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 21:58:50 +0300 Subject: [PATCH 183/340] Update telegram 0.14.1 -> 0.14.2 --- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 79f83593..1f745815 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -17,7 +17,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.14.1 +matrix_mautrix_telegram_version: v0.14.2 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}" From 98858c3ec56bb9aea86aaaa3c7b570ad74aadca7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 21:59:49 +0300 Subject: [PATCH 184/340] Update mautrix-facebook 0.5.0 -> 0.5.1 --- roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 0b48aaad..a8e4996c 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.5.0 +matrix_mautrix_facebook_version: v0.5.1 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" From 0ca8d993e19124a29ad684ff382b2aa135e3652e Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 22:00:40 +0300 Subject: [PATCH 185/340] Update mautrix-instagram 0.3.0 -> 0.3.1 --- roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index cef49288..60f13fef 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}" -matrix_mautrix_instagram_version: v0.3.0 +matrix_mautrix_instagram_version: v0.3.1 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" From d6c68f270193920cb2abed4317b3c67319ba7843 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 22:02:11 +0300 Subject: [PATCH 186/340] Update mautrix-whatsapp 0.10.1 -> 0.10.2 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9e38996c..515d648c 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.10.1 +matrix_mautrix_whatsapp_version: v0.10.2 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 1ea4d3f13d528b21acdc093897bb7170c4ae21a5 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 22:03:12 +0300 Subject: [PATCH 187/340] Update mautrix-twitter 0.1.6 -> 0.1.7 --- roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 55e8411b..bea6e47b 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" -matrix_mautrix_twitter_version: v0.1.6 +matrix_mautrix_twitter_version: v0.1.7 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}" From c611f85acbe33a90ca4dc0a8c1949cd874e71d97 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Sep 2023 22:22:27 +0300 Subject: [PATCH 188/340] Update beeper-linkedin 0.5.4 -> latest --- roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index a18740ad..86de4085 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -4,7 +4,7 @@ matrix_beeper_linkedin_enabled: true -matrix_beeper_linkedin_version: v0.5.4 +matrix_beeper_linkedin_version: latest # See: https://github.com/beeper/linkedin/pkgs/container/linkedin matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}" From 2587980e6d8e6e82e18b8a6db4abb417fae71b2f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Sep 2023 09:39:05 +0300 Subject: [PATCH 189/340] Fix beeper-linkedin self-building when version is set to latest Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2905#issuecomment-1726892215 --- roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 86de4085..5054944f 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -14,7 +14,7 @@ matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_ matrix_beeper_linkedin_container_image_self_build: false matrix_beeper_linkedin_container_image_self_build_repo: "https://github.com/beeper/linkedin" -matrix_beeper_linkedin_container_image_self_build_branch: "{{ matrix_beeper_linkedin_version }}" +matrix_beeper_linkedin_container_image_self_build_branch: "{{ 'master' if matrix_beeper_linkedin_version == 'latest' else matrix_beeper_linkedin_version }}" matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin" matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config" From 0e96d7f57a52434b191bbe42d8fcd8ffe4ebbc05 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Sep 2023 09:50:41 +0300 Subject: [PATCH 190/340] Upgrade prometheus-postgres-exporter (v0.13.2-0 -> v0.14.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 80e5c13a..9b1eddb7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -47,7 +47,7 @@ - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.13.2-0 + version: v0.14.0-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.2.0-0 From c689845f55947ca2197bd0b58fd4db75b337c454 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 20 Sep 2023 14:41:50 +0200 Subject: [PATCH 191/340] Fix Draupnir and Mjolnir Docs bugs Rate limit docs had a issue due to the wrong request type by accident. This was not noticed due to both bots can work with rate limits. Synapse Admin links where also bugged but now fixed. --- docs/configuring-playbook-bot-draupnir.md | 4 ++-- docs/configuring-playbook-bot-mjolnir.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index f60b777c..2308b547 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -32,9 +32,9 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. -If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. +If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](/docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. -The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token. +The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index e69655aa..3d12cd6a 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -31,9 +31,9 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. -If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. +If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](/docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. -The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token. +The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token. ## 4. Create a management room From 82e3b6c988f9b8e58558b2fbe7ad435271c70790 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 22 Sep 2023 13:05:11 +0300 Subject: [PATCH 192/340] Upgrade Jitsi (v8960-0 -> v8960-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 9b1eddb7..791a1943 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-0 + version: v8960-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 777d5ebd3bc67853bc289d1d8fa98c5b2e51c869 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 22 Sep 2023 20:10:51 +0300 Subject: [PATCH 193/340] update postmoogle 0.9.14 -> 0.9.15 --- .../matrix-bot-postmoogle/defaults/main.yml | 19 ++++++++++++++----- .../matrix-bot-postmoogle/templates/env.j2 | 7 ++++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 56882bf1..556da53b 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.14 +matrix_bot_postmoogle_version: v0.9.15 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" @@ -65,12 +65,15 @@ matrix_bot_postmoogle_database_dialect: "{{ # The bot's username. This user needs to be created manually beforehand. -# Also see `matrix_bot_postmoogle_password`. +# Also see `matrix_bot_postmoogle_password` or `matrix_bot_postmoogle_sharedsecret` matrix_bot_postmoogle_login: "postmoogle" # The password that the bot uses to authenticate. matrix_bot_postmoogle_password: '' +# Alternative to password - shared secret requires matrix_bot_postmoogle_login to be MXID +matrix_bot_postmoogle_sharedsecret: '' + matrix_bot_postmoogle_homeserver: "{{ matrix_homeserver_container_url }}" # Command prefix @@ -79,6 +82,12 @@ matrix_bot_postmoogle_prefix: '!pm' # Max email size in megabytes, including attachments matrix_bot_postmoogle_maxsize: '1024' +# Optional SMTP relay mode +matrix_bot_postmoogle_relay_host: '' +matrix_bot_postmoogle_relay_port: '' +matrix_bot_postmoogle_relay_username: '' +matrix_bot_postmoogle_relay_password: '' + # A list of admins # Example set of rules: # matrix_bot_postmoogle_admins: @@ -102,9 +111,6 @@ matrix_bot_postmoogle_monitoring_healthchecks_duration: 60 # Log level matrix_bot_postmoogle_loglevel: 'INFO' -# Disable encryption -matrix_bot_postmoogle_noencryption: false - # deprecated, use matrix_bot_postmoogle_domains matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" @@ -147,6 +153,9 @@ matrix_bot_postmoogle_tls_required: false # trusted proxies matrix_bot_postmoogle_proxies: [] +# known forwarders +matrix_bot_postmoogle_mailboxes_forwarded: [] + # reserved mailboxes matrix_bot_postmoogle_mailboxes_reserved: [] diff --git a/roles/custom/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2 index 072d12da..8a3eb71b 100644 --- a/roles/custom/matrix-bot-postmoogle/templates/env.j2 +++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2 @@ -1,5 +1,6 @@ POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }} POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }} +POSTMOOGLE_SHAREDSECRET={{ matrix_bot_postmoogle_sharedsecret }} POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }} POSTMOOGLE_DOMAINS={{ matrix_bot_postmoogle_domains | join(' ') }} POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }} @@ -8,7 +9,6 @@ POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }} POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }} POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }} POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} -POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }} POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }} @@ -16,10 +16,15 @@ POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }} POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }} POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }} POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies | join(' ') }} +POSTMOOGLE_RELAY_HOST={{ matrix_bot_postmoogle_relay_host }} +POSTMOOGLE_RELAY_PORT={{ matrix_bot_postmoogle_relay_port }} +POSTMOOGLE_RELAY_USERNAME={{ matrix_bot_postmoogle_relay_username }} +POSTMOOGLE_RELAY_PASSWORD={{ matrix_bot_postmoogle_relay_password }} POSTMOOGLE_MONITORING_SENTRY_DSN={{ matrix_bot_postmoogle_monitoring_sentry_dsn }} POSTMOOGLE_MONITORING_SENTRY_RATE={{ matrix_bot_postmoogle_monitoring_sentry_rate }} POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_postmoogle_monitoring_healthchecks_uuid }} POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_postmoogle_monitoring_healthchecks_duration }} +POSTMOOGLE_MAILBOXES_FORWARDED={{ matrix_bot_postmoogle_mailboxes_forwarded | join(' ') }} POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved | join(' ') }} POSTMOOGLE_MAILBOXES_ACTIVATION={{ matrix_bot_postmoogle_mailboxes_activation }} From 642924514ff09e77d1fd73cd9a0c7e667b5bc5cc Mon Sep 17 00:00:00 2001 From: mcnesium Date: Sat, 23 Sep 2023 11:18:53 +0200 Subject: [PATCH 194/340] fix link to configuring-playbook-matrix-media-repo.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 42f540c7..615b97f0 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,7 @@ Use alternative file storage to the default `media_store` folder. | ---- | -------- | ----------- | ------------- | | [Goofys](https://github.com/kahing/goofys) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3-goofys.md) | | [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3.md) | -| [matrix-media-repo](https://github.com/turt2live/matrix-media-repo) | x | matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification. | [Link](docs/configuring-playbook-media-repo.md) | +| [matrix-media-repo](https://github.com/turt2live/matrix-media-repo) | x | matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification. | [Link](docs/configuring-playbook-matrix-media-repo.md) | ### Bridges From 8f269a1c20a33fac8b5027ce1fe4a2e316439391 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 12:00:28 +0300 Subject: [PATCH 195/340] Update etherpad 1.9.2 -> 1.9.3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 791a1943..79d475d3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -30,7 +30,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.2-1 + version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker version: 6.2.0 name: geerlingguy.docker From 250a7845e940deddfbea3ce5d6eeb6e20c6be7b9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 15:35:42 +0300 Subject: [PATCH 196/340] Update hookshot 4.4.1 -> 4.5.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 491bf318..3f481f78 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.4.1 +matrix_hookshot_version: 4.5.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 421e5f7792adbc7e1c23901b0a4cd2024fed1611 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 16:49:08 +0300 Subject: [PATCH 197/340] Update element 1.11.43 -> 1.11.44 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index d1e17b4e..586b2ba9 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.43 +matrix_client_element_version: v1.11.44 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 363c0254e7c325ab0b47837a4acc1125a53397ab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Sep 2023 17:11:43 +0300 Subject: [PATCH 198/340] Upgrade Postgres (v16.0-2 -> v16.0-5) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 79d475d3..e93ce980 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-2 + version: v16.0-5 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 8c4234d52a93eaf224d6371e13b74ab93fbc8fac Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Sep 2023 17:26:10 +0300 Subject: [PATCH 199/340] Add note about ANALYZE after Postgres database importing --- docs/importing-postgres.md | 2 +- docs/maintenance-postgres.md | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index 3c693578..8b537cd3 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -32,7 +32,7 @@ just run-tags import-postgres \ - `SERVER_PATH_TO_POSTGRES_DUMP_FILE` must be a file path to a Postgres dump file on the server (not on your local machine!) - `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly - +- after importing a large database, it's a good idea to run [an `ANALYZE` operation](https://www.postgresql.org/docs/current/sql-analyze.html) to make Postgres rebuild its database statistics and optimize its query planner. You can easily do this via the playbook by running `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze` (see [Vacuuming PostgreSQL](maintenance-postgres.md#vacuuming-postgresql) for more details). ## Troubleshooting diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index cc8898a2..7c52b313 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -34,17 +34,22 @@ When in doubt, consider [making a backup](#backing-up-postgresql). ## Vacuuming PostgreSQL -Deleting lots data from Postgres does not make it release disk space, until you perform a `VACUUM` operation. +Deleting lots data from Postgres does not make it release disk space, until you perform a [`VACUUM` operation](https://www.postgresql.org/docs/current/sql-vacuum.html). -To perform a `FULL` Postgres [VACUUM](https://www.postgresql.org/docs/current/sql-vacuum.html), run the playbook with `--tags=run-postgres-vacuum`. +You can run different `VACUUM` operations via the playbook, with the default preset being `vacuum-complete`: -Example: +- (default) `vacuum-complete`: stops all services temporarily and runs `VACUUM FULL VERBOSE ANALYZE`. +- `vacuum-full`: stops all services temporarily and runs `VACUUM FULL VERBOSE` +- `vacuum`: runs `VACUUM VERBOSE` without stopping any services +- `vacuum-analyze` runs `VACUUM VERBOSE ANALYZE` without stopping any services +- `analyze` runs `ANALYZE VERBOSE` without stopping any services (this is just [ANALYZE](https://www.postgresql.org/docs/current/sql-analyze.html) without doing a vacuum, so it's faster) -```bash -just run-tags run-postgres-vacuum,start -``` +**Note**: for the `vacuum-complete` and `vacuum-full` presets, you'll need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). These presets also stop all services (e.g. Synapse, etc.) while the vacuum operation is running. + +Example playbook invocations: -**Note**: this will automatically stop Synapse temporarily and restart it later. You'll also need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). +- `just run-tags run-postgres-vacuum`: runs the default `vacuum-complete` preset and restarts all services +- `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze`: runs the `analyze` preset with all services remaining operational at all times ## Backing up PostgreSQL From 676c3804777b75b2c2578a7d1370a4fe0cebe47f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 18:45:32 +0300 Subject: [PATCH 200/340] Update hookshot 4.5.0 -> 4.5.1 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 3f481f78..d75992d4 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.5.0 +matrix_hookshot_version: 4.5.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From e53b4424f119e693bc8ca169adf5bac219e811ec Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Sep 2023 20:16:23 +0300 Subject: [PATCH 201/340] Upgrade Synapse (v1.92.3 -> v1.93.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 1798934f..1aa41999 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.92.3 +matrix_synapse_version: v1.93.0 matrix_synapse_username: '' matrix_synapse_uid: '' From fd6daf3d249fa28eb2d003048fd267cc620e5372 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Sep 2023 14:09:02 +0300 Subject: [PATCH 202/340] Upgrade backup-borg (v1.2.5-1.8.2-1 -> v1.2.5-1.8.2-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e93ce980..1450c485 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-1 + version: v1.2.5-1.8.2-2 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 860a1442836e0c5a64c62bc1b66c7f554ac302ae Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Sep 2023 14:14:50 +0300 Subject: [PATCH 203/340] Revert "Upgrade backup-borg (v1.2.5-1.8.2-1 -> v1.2.5-1.8.2-2)" This reverts commit fd6daf3d249fa28eb2d003048fd267cc620e5372. Looks like v1.2.5-1.8.2-2 supposedly offers Postgres v16 support, but does not work well with it and will need additional work. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1450c485..e93ce980 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-2 + version: v1.2.5-1.8.2-1 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From af39de915485012adebf5adab03390ce8a6ecce0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Sep 2023 16:22:24 +0300 Subject: [PATCH 204/340] Fix matrix-ldap-registration-proxy service stopping when uninstalling --- .../matrix-ldap-registration-proxy/tasks/setup_uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml index 1d99b406..20e98a6e 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ block: - name: Ensure matrix-matrix_ldap_registration_proxy is stopped ansible.builtin.service: - name: matrix-matrix_ldap_registration_proxy + name: matrix-ldap-registration-proxy state: stopped enabled: false daemon_reload: true From 217ddad2def2b6ee13a3f5288fff1ef9b902e3a2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 Sep 2023 12:54:41 +0300 Subject: [PATCH 205/340] Add support for configuring forgotten_room_retention_period Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2918 Related to https://github.com/matrix-org/synapse/pull/15488 --- roles/custom/matrix-synapse/defaults/main.yml | 5 +++++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 1aa41999..97c5d48a 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -1005,6 +1005,11 @@ matrix_synapse_trusted_key_servers: matrix_synapse_redaction_retention_period: 7d +# Controls how long to keep locally forgotten rooms before purging them from the DB. +# Defaults to `null`, meaning it's disabled. +# Example value: 28d +matrix_synapse_forgotten_room_retention_period: ~ + matrix_synapse_user_ips_max_age: 28d diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 7b1c1dfd..dd4e6325 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -509,7 +509,12 @@ limit_remote_rooms: # #redaction_retention_period: 28d -redaction_retention_period: {{ matrix_synapse_redaction_retention_period }} +redaction_retention_period: {{ matrix_synapse_redaction_retention_period | to_json }} + +# How long to keep locally forgotten rooms before purging them from the DB. +# +#forgotten_room_retention_period: 28d +forgotten_room_retention_period: {{ matrix_synapse_forgotten_room_retention_period | to_json }} # How long to track users' last seen time and IPs in the database. # @@ -517,7 +522,7 @@ redaction_retention_period: {{ matrix_synapse_redaction_retention_period }} # #user_ips_max_age: 14d -user_ips_max_age: {{ matrix_synapse_user_ips_max_age }} +user_ips_max_age: {{ matrix_synapse_user_ips_max_age | to_json }} # Inhibits the /requestToken endpoints from returning an error that might leak # information about whether an e-mail address is in use or not on this From 71deacfe55876b860e740f2ea1081d61f18b02b6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 Sep 2023 13:55:34 +0300 Subject: [PATCH 206/340] Upgrade Dendrite (v0.13.2 -> v0.13.3) --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index f66f3403..d1989540 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_dendrite_docker_image_tag: "v0.13.2" +matrix_dendrite_docker_image_tag: "v0.13.3" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 1769910c5d30efe8cd9c8b9239717a592c4271f7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 28 Sep 2023 22:40:28 +0300 Subject: [PATCH 207/340] Update postmoogle 0.9.15 -> 0.9.16 --- roles/custom/matrix-bot-postmoogle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 556da53b..2b9fa6eb 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.15 +matrix_bot_postmoogle_version: v0.9.16 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" From d51a67a01afa15cd761a8449f2286c3f4c47cafd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Sep 2023 10:11:23 +0300 Subject: [PATCH 208/340] Fix self-building for matrix-registration-bot Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2919 --- .../custom/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index 41143566..2ccef001 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" -matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" +matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" matrix_bot_matrix_registration_bot_version: 1.3.0 From 366902f30a09634869f70dd1c20aed62f9c7e2b1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Sep 2023 14:03:54 +0300 Subject: [PATCH 209/340] Upgrade Element (v1.11.44 -> v1.11.45) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 586b2ba9..f80dea84 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.44 +matrix_client_element_version: v1.11.45 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From a5d7f1bb2534438411bcbd234eb6ec828c985e6b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 30 Sep 2023 00:48:38 +0300 Subject: [PATCH 210/340] Update grafana v10.1.2 -> v10.1.4 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e93ce980..b66722ad 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.2-0 + version: v10.1.4-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi From 515e8273918e9ab1b7244fb2dc489a1242d53dd0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 30 Sep 2023 00:51:44 +0300 Subject: [PATCH 211/340] Update docker role (sic!) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e93ce980..397254de 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,7 +32,7 @@ - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 6.2.0 + version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.2-0 From f988f02e02763f81588189349cc29fc8118f5a57 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 1 Oct 2023 10:42:37 +0300 Subject: [PATCH 212/340] Upgrade maubot (v0.4.1 -> v0.4.2) --- roles/custom/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 5b35b9d9..b78dc1f1 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" -matrix_bot_maubot_version: v0.4.1 +matrix_bot_maubot_version: v0.4.2 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" From a40cb963a9254b138af7d7f796002efae884bc59 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 07:02:45 +0300 Subject: [PATCH 213/340] Do not install docker compose plugin Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2924 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2922 --- setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.yml b/setup.yml index 8c58b74e..d729c106 100644 --- a/setup.yml +++ b/setup.yml @@ -15,6 +15,7 @@ role: galaxy/geerlingguy.docker vars: docker_install_compose: false + docker_install_compose_plugin: false tags: - setup-docker - setup-all From 5d6ad42751f5b840c956f2a6797f767e906b047d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 07:37:30 +0300 Subject: [PATCH 214/340] Make sure mautrix-wsproxy paths are created Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2923 --- .../tasks/setup_install.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml index 6ea93639..725296e6 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -14,6 +14,18 @@ - ansible.builtin.set_fact: matrix_mautrix_wsproxy_syncproxy_requires_restart: false +- name: Ensure Mautrix wsproxy paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_mautrix_wsproxy_base_path }}" + when: true + when: item.when | bool + - name: Ensure Mautrix wsproxy support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" From 0a4cff56fb798af055f2e64e0b9d9737e0c415b4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 07:41:57 +0300 Subject: [PATCH 215/340] Make sliding-sync communicate with the homeserver over the container network Seems like we don't necessarily need to use a public URL for `SYNCV3_SERVER`. This possibly helps setups that were having trouble when `SYNCV3_SERVER` was a public URL (e.g. `https://matrix.DOMAIN`), as described in: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2912 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 73e794c2..73afcaf3 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -77,7 +77,7 @@ matrix_sliding_sync_systemd_required_services_list: ["docker.service"] matrix_sliding_sync_systemd_wanted_services_list: [] # Controls the SYNCV3_SERVER environment variable -matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_url }}" +matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}" # Controls the SYNCV3_SECRET environment variable matrix_sliding_sync_environment_variable_syncv3_secret: '' From 54babc5de0664622edb13e2a07ad099e68b95c80 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 2 Oct 2023 18:33:21 +0300 Subject: [PATCH 216/340] add `ensure-users-created` tag alongside with `ensure-matrix-users-created` --- roles/custom/matrix-user-creator/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml index ff93a463..2d9cc1c3 100644 --- a/roles/custom/matrix-user-creator/tasks/main.yml +++ b/roles/custom/matrix-user-creator/tasks/main.yml @@ -5,6 +5,7 @@ # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data, # which would make importing a database dump problematic. - ensure-matrix-users-created + - ensure-users-created block: - when: matrix_user_creator_users | length > 0 ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml" From 9167a7734e34d20f077376fdba99f3ed50493070 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 2 Oct 2023 18:40:15 +0300 Subject: [PATCH 217/340] add matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers vars --- roles/custom/matrix-synapse/defaults/main.yml | 5 +++++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 97c5d48a..32ae30f4 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -425,6 +425,11 @@ matrix_synapse_federation_port_openid_resource_required: false # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`. matrix_synapse_federation_domain_whitelist: ~ +# Enable/disable OpenID Connect +matrix_synapse_oidc_enabled: false +# List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs +matrix_synapse_oidc_providers: [] + # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index dd4e6325..9c2c9bd8 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2090,9 +2090,9 @@ saml2_config: # use 'oidc' for the idp_id to ensure that existing users continue to be # recognised.) # -oidc_providers: +{% if matrix_synapse_oidc_enabled %} # Generic example - # + #matrix_synapse_oidc_providers: #- idp_id: my_idp # idp_name: "My OpenID provider" # idp_icon: "mxc://example.com/mediaid" @@ -2116,6 +2116,9 @@ oidc_providers: # attribute_requirements: # - attribute: userGroup # value: "synapseUsers" +oidc_providers: + {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }} +{% endif %} # Enable Central Authentication Service (CAS) for registration and login. From e3149afe0bc274ac4dedccb23a40f6ffede13747 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 2 Oct 2023 19:31:34 +0300 Subject: [PATCH 218/340] Update borg 1.2.5 -> 1.2.6 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 29b1c9f8..14bc6624 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-1 + version: v1.2.6-1.8.2-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From c0e56ac1c46b75c6d538d1cf46da1ccc2dc52078 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 19:32:09 +0300 Subject: [PATCH 219/340] Make OIDC providers if check safer --- .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9c2c9bd8..b3a4aa79 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2090,7 +2090,7 @@ saml2_config: # use 'oidc' for the idp_id to ensure that existing users continue to be # recognised.) # -{% if matrix_synapse_oidc_enabled %} +{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %} # Generic example #matrix_synapse_oidc_providers: #- idp_id: my_idp From 3a32fe71fb42ad624f97278a5986c150f61174c7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 Oct 2023 11:06:00 +0300 Subject: [PATCH 220/340] Upgrade ddclient (v3.10.0-ls131 -> v3.10.0-ls135) --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 727dfd5b..ca50813d 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls131 +matrix_dynamic_dns_version: v3.10.0-ls135 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 593b3157b9e98829bf2c81fa76acd94d74f1ba0e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 Oct 2023 15:05:30 +0300 Subject: [PATCH 221/340] Fix systemd service Wants for mjolnir and draupnir Patch contributed by JulianF. --- .../templates/systemd/matrix-bot-draupnir.service.j2 | 2 +- .../templates/systemd/matrix-bot-mjolnir.service.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 index 6995bcc3..d36aebdd 100644 --- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Draupnir bot -{% for service in matrix_bot_draupnir_systemd_required_services_list %} +{% for service in matrix_bot_draupnir_systemd_wanted_services_list %} Requires={{ service }} After={{ service }} {% endfor %} diff --git a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 8ac872b7..23561c3c 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mjolnir bot -{% for service in matrix_bot_mjolnir_systemd_required_services_list %} +{% for service in matrix_bot_mjolnir_systemd_wanted_services_list %} Requires={{ service }} After={{ service }} {% endfor %} From 3d6fd501de4d69d973ac15f88e402e3474329323 Mon Sep 17 00:00:00 2001 From: Kim Brose <2803622+HarHarLinks@users.noreply.github.com> Date: Tue, 3 Oct 2023 15:59:01 +0200 Subject: [PATCH 222/340] Fix link in Draupnir docs --- docs/configuring-playbook-bot-draupnir.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 2308b547..59cce0af 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -77,7 +77,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. +You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/the-draupnir-project/Draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. From 21ef495c2e99f2d656f40ed4b2faadd63f1be80c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 Oct 2023 17:37:54 +0300 Subject: [PATCH 223/340] Upgrade mautrix-googlechat (v0.5.0 -> v0.5.1) --- roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index de012304..9a4c74d6 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}" -matrix_mautrix_googlechat_version: v0.5.0 +matrix_mautrix_googlechat_version: v0.5.1 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From 86422d734285504423c771941f0d5d110a8255d9 Mon Sep 17 00:00:00 2001 From: Kim Brose <2803622+HarHarLinks@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:41:35 +0200 Subject: [PATCH 224/340] Document how to enable Draupnir report polling --- docs/configuring-playbook-bot-draupnir.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 59cce0af..a02a64c4 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -20,7 +20,7 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` -If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. +If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ((see below)[#abuse-reports]), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. ## 2. Get an access token @@ -94,3 +94,17 @@ matrix_bot_draupnir_configuration_extension_yaml: | # completely redefining `matrix_bot_draupnir_configuration_yaml`. recordIgnoredInvites: true ``` + +## Abuse Reports + +Draupnir supports two methods to receive reports in the management room. + +The first method intercepts the report API endpoint of the client-server API, which requires integration with the reverse proxy in front of the homeserver. +While this playbook uses reverse proxies, it does not yet implement this. + +The other method polls an synapse admin API endpoint and is hence only available when using synapse and when the Draupnir user is an admin user (see step 1). +To enable it, set `pollReports: true` in Draupnir's config: +```yaml +matrix_bot_draupnir_configuration_extension_yaml: | + pollReports: true +``` From 69a885c5c40d5a175ece4ea0c4997e13ba63cb3d Mon Sep 17 00:00:00 2001 From: Kim Brose <2803622+HarHarLinks@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:43:39 +0200 Subject: [PATCH 225/340] Fix section link --- docs/configuring-playbook-bot-draupnir.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index a02a64c4..a2cc9c09 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -20,7 +20,7 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` -If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ((see below)[#abuse-reports]), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. +If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ([see below](#abuse-reports)), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. ## 2. Get an access token From 5ec9349810e09a9bb08def71bea5f0838b93c170 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 4 Oct 2023 16:19:09 +0300 Subject: [PATCH 226/340] Update prometheus 2.47.0 -> 2.47.1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 14bc6624..49ae0a0f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,7 +42,7 @@ - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.47.0-0 + version: v2.47.1-0 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.1-0 From c8e0f35c945394ffefd5be1115090f6b86b527f9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 5 Oct 2023 17:00:59 +0300 Subject: [PATCH 227/340] Upgrade Coturn (4.6.2-r4 -> 4.6.2-r5) --- roles/custom/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index dd25df70..1e87d808 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.6.2-r4 +matrix_coturn_version: 4.6.2-r5 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 11b032f3ad6daaa9eacd6f21ff11b923ae7ee471 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 Oct 2023 08:38:04 +0300 Subject: [PATCH 228/340] Pass media_url and displayname to Heisenbridge - do not make it guess Without explicitly passing the `media_url` configuration, Heisenbridge would try to guess it. It works most of the time, but some people are experiencing trouble with it. There's no need for wasteful work and for potential unreliability, so we now configure the `media_url` explicitly. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2932 --- .../matrix-bridge-heisenbridge/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index c81c4fe6..edab0e03 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -30,7 +30,15 @@ matrix_heisenbridge_homeserver_url: "{{ matrix_homeserver_container_url }}" matrix_heisenbridge_appservice_token: '' matrix_heisenbridge_homeserver_token: '' -# Default registration file +matrix_heisenbridge_config_media_url: "{{ matrix_homeserver_url }}" +matrix_heisenbridge_config_displayname: "Heisenbridge" + +matrix_heisenbridge_registration_yaml_heisenbridge: + media_url: "{{ matrix_heisenbridge_config_media_url }}" + displayname: "{{ matrix_heisenbridge_config_displayname }}" + +# Default registration file consumed by both the homeserver and Heisenbridge. +# Besides registration information, it contains configuration (see the heisenbridge key). matrix_heisenbridge_registration_yaml: id: heisenbridge url: http://matrix-heisenbridge:9898 @@ -44,5 +52,6 @@ matrix_heisenbridge_registration_yaml: exclusive: true aliases: [] rooms: [] + heisenbridge: "{{ matrix_heisenbridge_registration_yaml_heisenbridge }}" matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml | from_yaml }}" From e647fbd6610431fa83b7d72d13866c5a0fd3c293 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 6 Oct 2023 12:52:39 +0200 Subject: [PATCH 229/340] Configure Renovate This adds a custom regex manager so dependencies in yml files can be found. --- .github/renovate.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/renovate.json diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 00000000..914f8494 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,14 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], + "regexManagers": [ + { + "fileMatch": [".*y[a]?ml$"], + "matchStrings": [ + "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_version\\s*:\\s*[\"']?(?.+?)[\"']?\\s" + ] + } + ] +} From 3d6af4e54b6a637166b5ad66e63fe857d72b3f0d Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 6 Oct 2023 14:10:56 +0200 Subject: [PATCH 230/340] fix: also support extracting _tag variables --- .github/renovate.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index 914f8494..c822d5ce 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -7,7 +7,7 @@ { "fileMatch": [".*y[a]?ml$"], "matchStrings": [ - "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_version\\s*:\\s*[\"']?(?.+?)[\"']?\\s" + "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?.+?)[\"']?\\s" ] } ] From c846ed199bcdf434bb29204dceb2b744c899cfd8 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 6 Oct 2023 14:14:03 +0200 Subject: [PATCH 231/340] Annotate version numbers with renovate metadata --- roles/custom/matrix-bot-buscarron/defaults/main.yml | 1 + roles/custom/matrix-bot-chatgpt/defaults/main.yml | 1 + roles/custom/matrix-bot-draupnir/defaults/main.yml | 1 + roles/custom/matrix-bot-go-neb/defaults/main.yml | 1 + roles/custom/matrix-bot-honoroit/defaults/main.yml | 1 + .../custom/matrix-bot-matrix-registration-bot/defaults/main.yml | 1 + roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml | 1 + roles/custom/matrix-bot-maubot/defaults/main.yml | 1 + roles/custom/matrix-bot-mjolnir/defaults/main.yml | 1 + roles/custom/matrix-bot-postmoogle/defaults/main.yml | 1 + roles/custom/matrix-bridge-appservice-discord/defaults/main.yml | 1 + roles/custom/matrix-bridge-appservice-irc/defaults/main.yml | 1 + roles/custom/matrix-bridge-appservice-slack/defaults/main.yml | 1 + roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml | 1 + roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml | 1 + roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 1 + roles/custom/matrix-bridge-hookshot/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 2 ++ roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 1 + roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml | 1 + roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml | 1 + .../custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml | 1 + roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml | 1 + roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml | 1 + roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml | 1 + roles/custom/matrix-bridge-sms/defaults/main.yml | 1 + roles/custom/matrix-cactus-comments/defaults/main.yml | 1 + roles/custom/matrix-client-cinny/defaults/main.yml | 1 + roles/custom/matrix-client-element/defaults/main.yml | 1 + roles/custom/matrix-client-hydrogen/defaults/main.yml | 1 + roles/custom/matrix-client-schildichat/defaults/main.yml | 1 + roles/custom/matrix-conduit/defaults/main.yml | 1 + roles/custom/matrix-corporal/defaults/main.yml | 1 + roles/custom/matrix-coturn/defaults/main.yml | 1 + roles/custom/matrix-dendrite/defaults/main.yml | 1 + roles/custom/matrix-dimension/defaults/main.yml | 1 + roles/custom/matrix-dynamic-dns/defaults/main.yml | 1 + roles/custom/matrix-email2matrix/defaults/main.yml | 1 + roles/custom/matrix-ma1sd/defaults/main.yml | 1 + roles/custom/matrix-mailer/defaults/main.yml | 1 + roles/custom/matrix-media-repo/defaults/main.yml | 1 + roles/custom/matrix-nginx-proxy/defaults/main.yml | 2 ++ .../matrix-prometheus-nginxlog-exporter/defaults/main.yml | 1 + roles/custom/matrix-rageshake/defaults/main.yml | 1 + roles/custom/matrix-registration/defaults/main.yml | 1 + roles/custom/matrix-sliding-sync/defaults/main.yml | 1 + roles/custom/matrix-sygnal/defaults/main.yml | 1 + roles/custom/matrix-synapse-admin/defaults/main.yml | 1 + roles/custom/matrix-synapse-auto-compressor/defaults/main.yml | 1 + .../matrix-synapse-reverse-proxy-companion/defaults/main.yml | 1 + roles/custom/matrix-synapse/defaults/main.yml | 1 + roles/custom/matrix-user-verification-service/defaults/main.yml | 1 + 61 files changed, 63 insertions(+) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 85cea3f5..96167761 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -5,6 +5,7 @@ matrix_bot_buscarron_enabled: true +# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/buscarron matrix_bot_buscarron_version: v1.3.1 # The hostname at which Buscarron is served. diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 298437ca..efd39620 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -4,6 +4,7 @@ matrix_bot_chatgpt_enabled: true +# renovate: datasource=docker depName=ghcr.io/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_version: 3.1.2 matrix_bot_chatgpt_container_image_self_build: false diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index ae65b4ff..f63c36f2 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -4,6 +4,7 @@ matrix_bot_draupnir_enabled: true +# renovate: datasource=docker depName=gnuxie/draupnir matrix_bot_draupnir_version: "v1.85.1" matrix_bot_draupnir_container_image_self_build: false diff --git a/roles/custom/matrix-bot-go-neb/defaults/main.yml b/roles/custom/matrix-bot-go-neb/defaults/main.yml index 39b97b08..aa32eb16 100644 --- a/roles/custom/matrix-bot-go-neb/defaults/main.yml +++ b/roles/custom/matrix-bot-go-neb/defaults/main.yml @@ -5,6 +5,7 @@ matrix_bot_go_neb_enabled: true +# renovate: datasource=docker depName=matrixdotorg/go-neb matrix_bot_go_neb_version: latest matrix_bot_go_neb_scheme: https diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index fa852fb8..794cf841 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -20,6 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" +# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/honoroit matrix_bot_honoroit_version: v0.9.19 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index 2ccef001..512306e9 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -8,6 +8,7 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" +# renovate: datasource=docker depName=moanos/matrix-registration-bot matrix_bot_matrix_registration_bot_version: 1.3.0 matrix_bot_matrix_registration_bot_docker_iteration: 0 matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}" diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml index 03f11767..2f43024a 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -9,6 +9,7 @@ matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/ma matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ matrix_bot_matrix_reminder_bot_version }}" matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src" +# renovate: datasource=docker depName=anoa/matrix-reminder-bot matrix_bot_matrix_reminder_bot_version: release-v0.2.1 matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_container_global_registry_prefix }}anoa/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}" matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index b78dc1f1..3c93b8ab 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -10,6 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" +# renovate: datasource=docker depName=dock.mau.dev/maubot/maubot matrix_bot_maubot_version: v0.4.2 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index ecbbdb88..434f0a44 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -4,6 +4,7 @@ matrix_bot_mjolnir_enabled: true +# renovate: datasource=docker depName=matrixdotorg/mjolnir matrix_bot_mjolnir_version: "v1.6.4" matrix_bot_mjolnir_container_image_self_build: false diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 2b9fa6eb..580dcfed 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,6 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" +# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/postmoogle matrix_bot_postmoogle_version: v0.9.16 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index 61462aa7..a0dfc9f1 100644 --- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -5,6 +5,7 @@ matrix_appservice_discord_enabled: false matrix_appservice_discord_container_image_self_build: false +# renovate: datasource=docker depName=ghcr.io/matrix-org/matrix-appservice-discord matrix_appservice_discord_version: v4.0.0 matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}" diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index b0cf5bc4..3dda9b75 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,6 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. +# renovate: datasource=docker depName=docker.io/matrixdotorg/matrix-appservice-irc matrix_appservice_irc_version: 1.0.1 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index d8b10757..a803dbe9 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,6 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. +# renovate: datasource=docker depName=docker.io/matrixdotorg/matrix-appservice-slack matrix_appservice_slack_version: 2.1.2 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 5054944f..ea24593a 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -4,6 +4,7 @@ matrix_beeper_linkedin_enabled: true +# renovate: datasource=docker depName=ghcr.io/beeper/linkedin matrix_beeper_linkedin_version: latest # See: https://github.com/beeper/linkedin/pkgs/container/linkedin diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 02ec422e..7b77e3fb 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -8,6 +8,7 @@ matrix_go_skype_bridge_container_image_self_build: false matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" +# renovate: datasource=docker depName=nodefyme/go-skype-bridge matrix_go_skype_bridge_version: latest matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" matrix_go_skype_bridge_docker_image_name_prefix: "{{ 'localhost/' if matrix_go_skype_bridge_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index edab0e03..0bd59951 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,6 +4,7 @@ matrix_heisenbridge_enabled: true +# renovate: datasource=docker depName=hif1/heisenbridge matrix_heisenbridge_version: 1.14.5 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index d75992d4..80ebdf68 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,6 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" +# renovate: datasource=docker depName=halfshot/matrix-hookshot matrix_hookshot_version: 4.5.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 0f54689b..66b77b8f 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/discord matrix_mautrix_discord_version: v0.6.2 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index a8e4996c..e407b7a8 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -7,6 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/facebook matrix_mautrix_facebook_version: v0.5.1 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 1075379d..3ea3b8fd 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages matrix_mautrix_gmessages_version: v0.2.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index 9a4c74d6..1dc78778 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/googlechat matrix_mautrix_googlechat_version: v0.5.1 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml index 65b4a6ff..dfc6187a 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_hangouts_container_image_self_build: false matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/mautrix/hangouts.git" matrix_mautrix_hangouts_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_hangouts_version == 'latest' else matrix_mautrix_googlechat_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/hangouts matrix_mautrix_hangouts_version: latest # See: https://mau.dev/mautrix/hangouts/container_registry matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}mautrix/hangouts:{{ matrix_mautrix_hangouts_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 60f13fef..4f56724a 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/instagram matrix_mautrix_instagram_version: v0.3.1 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 7675e7b1..4b5cdc88 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,9 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal matrix_mautrix_signal_version: v0.4.3 +# renovate: datasource=docker depName=signald/signald matrix_mautrix_signal_daemon_version: 0.23.2 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 5266e25c..5045601a 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_slack_container_image_self_build: false matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/slack.git" matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack matrix_mautrix_slack_version: latest # See: https://mau.dev/mautrix/slack/container_registry matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 1f745815..b9a5f50d 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -17,6 +17,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram matrix_mautrix_telegram_version: v0.14.2 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index bea6e47b..6b2d8bc8 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter matrix_mautrix_twitter_version: v0.1.7 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 515d648c..dc5b8f9c 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" +# renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp matrix_mautrix_whatsapp_version: v0.10.2 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml index b7cd06d6..95ae71ab 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml @@ -127,6 +127,7 @@ matrix_mautrix_imessage_registration_yaml: | matrix_mautrix_imessage_registration: "{{ matrix_mautrix_imessage_registration_yaml|from_yaml }}" # Syncproxy-related configuration fields +# renovate: datasource=docker depName=dock.mau.dev/mautrix/syncproxy matrix_mautrix_wsproxy_syncproxy_version: latest # See: https://mau.dev/mautrix/wsproxy/container_registry matrix_mautrix_wsproxy_syncproxy_docker_image: "dock.mau.dev/mautrix/syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_version }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index 90ad2f0f..7b3a4e5d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -14,6 +14,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' +# renovate: datasource=docker depName=registry.gitlab.com/mx-puppet/discord/mx-puppet-discord matrix_mx_puppet_discord_version: v0.1.1 matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 638d1558..1c73e46c 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -8,6 +8,7 @@ matrix_mx_puppet_instagram_container_image_self_build: false matrix_mx_puppet_instagram_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-instagram.git" matrix_mx_puppet_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mx_puppet_instagram_version == 'latest' else matrix_mx_puppet_instagram_version }}" +# renovate: datasource=docker depName=sorunome/mx-puppet-instagram matrix_mx_puppet_instagram_version: latest matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:{{ matrix_mx_puppet_instagram_version }}" matrix_mx_puppet_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_instagram_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml index 9e79465d..40456b5e 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -17,6 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' +# renovate: datasource=docker depName=registry.gitlab.com/mx-puppet/slack/mx-puppet-slack matrix_mx_puppet_slack_version: v0.1.2 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml index e9a03c89..9503335a 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -13,6 +13,7 @@ matrix_mx_puppet_steam_container_image_self_build_repo_version: "{{ 'master' if # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_steam_container_http_host_bind_port: '' +# renovate: datasource=docker depName=icewind1991/mx-puppet-steam matrix_mx_puppet_steam_version: latest matrix_mx_puppet_steam_docker_image: "{{ matrix_mx_puppet_steam_docker_image_name_prefix }}icewind1991/mx-puppet-steam:{{ matrix_mx_puppet_steam_version }}" matrix_mx_puppet_steam_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_steam_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 932c3462..b229b683 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -13,6 +13,7 @@ matrix_mx_puppet_twitter_container_image_self_build_repo: "https://github.com/So # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_twitter_container_http_host_bind_port: '' +# renovate: datasource=docker depName=sorunome/mx-puppet-twitter matrix_mx_puppet_twitter_version: latest matrix_mx_puppet_twitter_docker_image: "{{ matrix_mx_puppet_twitter_docker_image_name_prefix }}sorunome/mx-puppet-twitter:{{ matrix_mx_puppet_twitter_version }}" matrix_mx_puppet_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_twitter_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml index b4755d71..81d8a584 100644 --- a/roles/custom/matrix-bridge-sms/defaults/main.yml +++ b/roles/custom/matrix-bridge-sms/defaults/main.yml @@ -4,6 +4,7 @@ matrix_sms_bridge_enabled: true +# renovate: datasource=docker depName=folivonet/matrix-sms-bridge matrix_sms_bridge_version: 0.5.7 matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml index 80f8c15e..d2515222 100644 --- a/roles/custom/matrix-cactus-comments/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -27,6 +27,7 @@ matrix_cactus_comments_tmp_directory_size_mb: 1 matrix_cactus_comments_container_port: 5000 +# renovate: datasource=docker depName=cactuscomments/cactus-appservice matrix_cactus_comments_version: 0.9.0 matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 6b771fdc..518c021c 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -6,6 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" +# renovate: datasource=docker depName=ajbura/cinny matrix_client_cinny_version: v2.2.6 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f80dea84..7a92769f 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,6 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" +# renovate: datasource=docker depName=vectorim/element-web matrix_client_element_version: v1.11.45 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index 46421f8d..3354ddd9 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -6,6 +6,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: false matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" +# renovate: datasource=docker depName=ghcr.io/vectorim/hydrogen-web matrix_client_hydrogen_version: v0.4.1 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}" diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index e446e755..73d6227d 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -5,6 +5,7 @@ matrix_client_schildichat_enabled: true matrix_client_schildichat_container_image_self_build: false +# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/schildichat-web matrix_client_schildichat_version: v1.11.30-sc.2 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}" matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}" diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 862e55c2..5259837e 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -6,6 +6,7 @@ matrix_conduit_enabled: true matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" matrix_conduit_docker_image_name_prefix: "docker.io/" +# renovate: datasource=docker depName=matrixconduit/matrix-conduit matrix_conduit_docker_image_tag: "v0.6.0" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml index 2b703bdd..fd10d38d 100644 --- a/roles/custom/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -23,6 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] +# renovate: datasource=docker depName=devture/matrix-corporal matrix_corporal_version: 2.5.2 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 1e87d808..79facfbf 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -8,6 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" +# renovate: datasource=docker depName=coturn/coturn matrix_coturn_version: 4.6.2-r5 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index d1989540..f63030ee 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -10,6 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" +# renovate: datasource=docker depName=matrixdotorg/dendrite-monolith matrix_dendrite_docker_image_tag: "v0.13.3" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-dimension/defaults/main.yml b/roles/custom/matrix-dimension/defaults/main.yml index e66f9009..718b5d86 100644 --- a/roles/custom/matrix-dimension/defaults/main.yml +++ b/roles/custom/matrix-dimension/defaults/main.yml @@ -29,6 +29,7 @@ matrix_dimension_container_image_self_build_branch: master matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension" matrix_dimension_docker_src_files_path: "{{ matrix_base_data_path }}/docker-src/dimension" +# renovate: datasource=docker depName=turt2live/matrix-dimension matrix_dimension_version: latest matrix_dimension_docker_image: "{{ matrix_dimension_docker_image_name_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}" matrix_dimension_docker_image_name_prefix: "{{ 'localhost/' if matrix_dimension_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index ca50813d..e65c90ac 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,6 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' +# renovate: datasource=docker depName=linuxserver/ddclient matrix_dynamic_dns_version: v3.10.0-ls135 # The docker container to use when in mode diff --git a/roles/custom/matrix-email2matrix/defaults/main.yml b/roles/custom/matrix-email2matrix/defaults/main.yml index b24cc76c..cdd287a8 100644 --- a/roles/custom/matrix-email2matrix/defaults/main.yml +++ b/roles/custom/matrix-email2matrix/defaults/main.yml @@ -11,6 +11,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" +# renovate: datasource=docker depName=devture/email2matrix matrix_email2matrix_version: 1.1.0 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" diff --git a/roles/custom/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml index 9dc32ce7..cbea37c4 100644 --- a/roles/custom/matrix-ma1sd/defaults/main.yml +++ b/roles/custom/matrix-ma1sd/defaults/main.yml @@ -8,6 +8,7 @@ matrix_ma1sd_container_image_self_build: false matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git" matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}" +# renovate: datasource=docker depName=ma1uta/ma1sd matrix_ma1sd_version: "2.5.0" matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}" diff --git a/roles/custom/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml index 71e87532..061e7b82 100644 --- a/roles/custom/matrix-mailer/defaults/main.yml +++ b/roles/custom/matrix-mailer/defaults/main.yml @@ -10,6 +10,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" +# renovate: datasource=docker depName=devture/exim-relay matrix_mailer_version: 4.96-r1-0 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 488289d1..61c6f839 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -18,6 +18,7 @@ matrix_media_repo_container_image_self_build_repo: "https://github.com/turt2live matrix_media_repo_docker_image_path: "turt2live/matrix-media-repo" matrix_media_repo_docker_image: "{{ matrix_media_repo_docker_image_name_prefix }}{{ matrix_media_repo_docker_image_path }}:{{ matrix_media_repo_docker_image_tag }}" matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_repo_container_image_self_build else matrix_container_global_registry_prefix }}" +# renovate: datasource=docker depName=turt2live/matrix-media-repo matrix_media_repo_docker_image_tag: "v1.2.13" matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index b67140ba..36eb7aa4 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,6 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true +# renovate: datasource=docker depName=nginx matrix_nginx_proxy_version: 1.25.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. @@ -307,6 +308,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_ # To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. # Learn more in: `roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" +# renovate: datasource=docker depName=httpd matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml index 806c751c..5f83a6bf 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml @@ -3,6 +3,7 @@ # See: https://github.com/martin-helmich/prometheus-nginxlog-exporter/ matrix_prometheus_nginxlog_exporter_enabled: true +# renovate: datasource=docker depName=ghcr.io/martin-helmich/prometheus-nginxlog-exporter/exporter matrix_prometheus_nginxlog_exporter_version: v1.10.0 matrix_prometheus_nginxlog_exporter_container_hostname: 'matrix-prometheus-nginxlog-exporter' diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml index 8cc2f905..34c315d0 100644 --- a/roles/custom/matrix-rageshake/defaults/main.yml +++ b/roles/custom/matrix-rageshake/defaults/main.yml @@ -16,6 +16,7 @@ matrix_rageshake_path_prefix: / # There are no stable container image tags yet. # See: https://github.com/matrix-org/rageshake/issues/69 +# renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake matrix_rageshake_version: 1.9.0 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake" diff --git a/roles/custom/matrix-registration/defaults/main.yml b/roles/custom/matrix-registration/defaults/main.yml index c7a45fad..b775cb11 100644 --- a/roles/custom/matrix-registration/defaults/main.yml +++ b/roles/custom/matrix-registration/defaults/main.yml @@ -18,6 +18,7 @@ matrix_registration_config_path: "{{ matrix_registration_base_path }}/config" matrix_registration_data_path: "{{ matrix_registration_base_path }}/data" matrix_registration_docker_src_files_path: "{{ matrix_registration_base_path }}/docker-src" +# renovate: datasource=docker depName=zeratax/matrix-registration matrix_registration_version: "v0.7.2" matrix_registration_docker_image: "{{ matrix_registration_docker_image_name_prefix }}zeratax/matrix-registration:{{ matrix_registration_version }}" diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 73afcaf3..6270573f 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,6 +5,7 @@ matrix_sliding_sync_enabled: true +# renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync matrix_sliding_sync_version: v0.99.10 matrix_sliding_sync_scheme: https diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml index f3c1df4e..03fe5d1a 100644 --- a/roles/custom/matrix-sygnal/defaults/main.yml +++ b/roles/custom/matrix-sygnal/defaults/main.yml @@ -12,6 +12,7 @@ matrix_sygnal_hostname: '' # This value must either be `/` or not end with a slash (e.g. `/sygnal`). matrix_sygnal_path_prefix: / +# renovate: datasource=docker depName=matrixdotorg/sygnal matrix_sygnal_version: v0.12.0 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index ae912f71..dd1bd817 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -14,6 +14,7 @@ matrix_synapse_admin_nginx_proxy_integration_enabled: false matrix_synapse_admin_container_image_self_build: false matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesome-Technologies/synapse-admin.git" +# renovate: datasource=docker depName=awesometechnologies/synapse-admin matrix_synapse_admin_version: 0.8.7 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml index 7b5ea54d..9b5bf093 100644 --- a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml +++ b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml @@ -5,6 +5,7 @@ matrix_synapse_auto_compressor_enabled: true +# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/rust-synapse-compress-state matrix_synapse_auto_compressor_version: v0.1.3 matrix_synapse_auto_compressor_base_path: "{{ matrix_base_data_path }}/synapse-auto-compressor" diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 3a29791c..28a2dae6 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -25,6 +25,7 @@ matrix_synapse_reverse_proxy_companion_enabled: true +# renovate: datasource=docker depName=nginx matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 32ae30f4..1540ca4b 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,6 +4,7 @@ matrix_synapse_enabled: true +# renovate: datasource=docker depName=matrixdotorg/synapse matrix_synapse_version: v1.93.0 matrix_synapse_username: '' diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index b553ad12..3d180931 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -6,6 +6,7 @@ matrix_user_verification_service_ansible_name: "Matrix User Verification Service matrix_user_verification_service_enabled: true # Fix version tag +# renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service matrix_user_verification_service_version: "v2.0.0" # Paths From cfefc364777ac43d4f2c82bab357c73078951f34 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 6 Oct 2023 14:33:37 +0200 Subject: [PATCH 232/340] fix: correct vector-im image name for renovate --- roles/custom/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index 3354ddd9..04b335e3 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: false matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -# renovate: datasource=docker depName=ghcr.io/vectorim/hydrogen-web +# renovate: datasource=docker depName=ghcr.io/vector-im/hydrogen-web matrix_client_hydrogen_version: v0.4.1 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}" From 408aec7d5bbf2aeee4f759916580c9ffb2432024 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 9 Oct 2023 11:03:26 +0100 Subject: [PATCH 233/340] client-hydrogen: fix self-build Self-build now requires the new docker buildx/buildkit, so switch from the ansible docker module to running a docker build command, like elsewhere. --- .../tasks/setup_install.yml | 56 +++++++++++-------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 0e114804..375e3c69 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -12,6 +12,40 @@ - {path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}"} when: "item.when | bool" +- when: "matrix_client_hydrogen_container_image_self_build | bool" + block: + - name: Ensure Hydrogen repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}" + dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" + version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_client_hydrogen_git_pull_results + + - name: Check if Hydrogen Docker image exists + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_client_hydrogen_docker_image }}'" + register: matrix_client_hydrogen_docker_image_check_result + changed_when: false + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Hydrogen Docker image is built + ansible.builtin.shell: + chdir: "{{ matrix_client_hydrogen_docker_src_files_path }}" + cmd: | + {{ devture_systemd_docker_base_host_command_docker }} build \ + -t "{{ matrix_client_hydrogen_docker_image }}" \ + -f Dockerfile \ + --push \ + . + environment: + DOCKER_BUILDKIT: 1 + changed_when: true + when: "matrix_client_hydrogen_git_pull_results.changed | bool or matrix_client_hydrogen_docker_image_check_result.stdout == ''" + - name: Ensure Hydrogen Docker image is pulled community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" @@ -24,17 +58,6 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- name: Ensure Hydrogen repository is present on self-build - ansible.builtin.git: - repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}" - dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" - version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_client_hydrogen_git_pull_results - when: "matrix_client_hydrogen_container_image_self_build | bool" - - name: Ensure Hydrogen configuration installed ansible.builtin.copy: content: "{{ matrix_client_hydrogen_configuration | to_nice_json }}" @@ -54,17 +77,6 @@ - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/labels.j2", name: "labels"} -- name: Ensure Hydrogen Docker image is built - community.docker.docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: build - force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: true - when: "matrix_client_hydrogen_container_image_self_build | bool" - - name: Ensure Hydrogen container network is created community.general.docker_network: name: "{{ matrix_client_hydrogen_container_network }}" From 3e43b9d1c73101183bdd348f033ba09161efba30 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 9 Oct 2023 13:28:50 +0100 Subject: [PATCH 234/340] client-hydrogen: remove unrelated change (docker push) --- roles/custom/matrix-client-hydrogen/tasks/setup_install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 375e3c69..5ca6cb73 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -39,7 +39,6 @@ {{ devture_systemd_docker_base_host_command_docker }} build \ -t "{{ matrix_client_hydrogen_docker_image }}" \ -f Dockerfile \ - --push \ . environment: DOCKER_BUILDKIT: 1 From ccbff150cd2deaa82af09af110939528b4a01576 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Oct 2023 10:19:20 +0300 Subject: [PATCH 235/340] Upgrade ddclient (v3.10.0-ls135 -> v3.10.0-ls136) --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index ca50813d..dc586545 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls135 +matrix_dynamic_dns_version: v3.10.0-ls136 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From dc9ff4e01b4ef1293af6bd5fb4b10753033a2814 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Oct 2023 11:10:21 +0300 Subject: [PATCH 236/340] Add support for external-IP-address-autodetection to Coturn --- docs/configuring-playbook-turn.md | 13 +++++++- examples/vars.yml | 16 ++++++++++ group_vars/matrix_servers | 3 ++ roles/custom/matrix-coturn/defaults/main.yml | 19 ++++++++++- .../matrix-coturn/tasks/setup_install.yml | 32 +++++++++++++++++++ .../templates/turnserver.conf.j2 | 2 +- 6 files changed, 82 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-turn.md b/docs/configuring-playbook-turn.md index 365fea4b..c7bf998f 100644 --- a/docs/configuring-playbook-turn.md +++ b/docs/configuring-playbook-turn.md @@ -16,13 +16,24 @@ matrix_coturn_enabled: false In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail. ## Manually defining your public IP + In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring Coturn. + If you'd rather use a local IP for `ansible_host`, make sure to set up `matrix_coturn_turn_external_ip_address` replacing `YOUR_PUBLIC_IP` with the pubic IP used by the server. ```yaml matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP" ``` +If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set `matrix_coturn_turn_external_ip_address` to an empty value. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable. + +If your server has multiple external IP addresses, the Coturn role offers a different variable for specifying them: + +```yaml +# Note: matrix_coturn_turn_external_ip_addresses is different than matrix_coturn_turn_external_ip_address +matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7'] +``` + ## Using your own external Coturn server If you'd like to use another TURN server (be it Coturn or some other one), you can configure the playbook like this: @@ -49,4 +60,4 @@ jitsi_web_stun_servers: You can put multiple host/port combinations if you like. ## Further variables and configuration options -To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml +To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml diff --git a/examples/vars.yml b/examples/vars.yml index 784bf061..dd9a97c4 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -41,3 +41,19 @@ devture_traefik_config_certificatesResolvers_acme_email: '' # The playbook creates additional Postgres users and databases (one for each enabled service) # using this superuser account. devture_postgres_connection_password: '' + +# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file. +# If this value is an external IP address, you can skip this section. +# +# If `ansible_host` is not the server's external IP address, you have 2 choices: +# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below) +# 2. Uncomment and adjust the line below to specify an IP address manually +# +# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API. +# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role +# (see `roles/custom/matrix-coturn/defaults/main.yml`). +# +# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses. +# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']` +# +# matrix_coturn_turn_external_ip_address: '' diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index eaac3385..ad6433c4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2245,6 +2245,9 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +# We make the assumption that `ansible_host` points to an external IP address, which may not always be the case. +# Users are free to set `matrix_coturn_turn_external_ip_address` to an empty string +# to allow auto-detection (via an EchoIP service) to happen at runtime. matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}" diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 1e87d808..c090d038 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -73,8 +73,25 @@ matrix_coturn_turn_udp_max_port: 49172 matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. +# If do not define an IP address here or in `matrix_coturn_turn_external_ip_addresses`, auto-detection via an EchoIP service will be done. +# See `matrix_coturn_turn_external_ip_address_auto_detection_enabled` matrix_coturn_turn_external_ip_address: '' -matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] +matrix_coturn_turn_external_ip_addresses: "{{ [matrix_coturn_turn_external_ip_address] if matrix_coturn_turn_external_ip_address != '' else [] }}" + +# Controls whether external IP address auto-detection should be attempted. +# We try to do this if there is no external IP address explicitly configured and if an EchoIP service URL is specified. +# See matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url +matrix_coturn_turn_external_ip_address_auto_detection_enabled: "{{ matrix_coturn_turn_external_ip_addresses | length == 0 and matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url != '' }}" + +# Specifies the address of the EchoIP service (https://github.com/mpolden/echoip) to use for detecting the external IP address. +# By default, we use the official public instance. +matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url: https://ifconfig.co/json + +# Controls whether SSL certificates will be validated when contacting the EchoIP service (matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url) +matrix_coturn_turn_external_ip_address_auto_detection_echoip_validate_certs: true + +matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_count: "{{ devture_playbook_help_geturl_retries_count }}" +matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay: "{{ devture_playbook_help_geturl_retries_delay }}" matrix_coturn_allowed_peer_ips: [] diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 503ffae1..6064b360 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -1,5 +1,37 @@ --- +- when: matrix_coturn_turn_external_ip_address_auto_detection_enabled | bool + block: + - when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == '' + name: Fail if enabled, but EchoIP service URL unset + ansible.builtin.fail: + msg: "To use the external IP address auto-detection feature, you need to set matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url" + + # NOTE: + # `ansible.builtin.uri` does not provide a way to configure whether IPv4 or IPv6 is used. + # Luckily, the default instance we use does not define AAAA records for now, so it's always IPv4. + - name: Fetch IP address information from EchoIP service + ansible.builtin.uri: + url: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}" + headers: + Content-Type: application/json + follow_redirects: none + validate_certs: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_validate_certs }}" + register: result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response + ignore_errors: true + check_mode: false + retries: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_count }}" + delay: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay }}" + until: not result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed + + - when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)" + name: Fail if EchoIP service failed + ansible.builtin.fail: + msg: "Failed contacting EchoIP service API at `{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}` (controlled by `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url`). Full error: {{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response }}" + + - ansible.builtin.set_fact: + matrix_coturn_turn_external_ip_address: "{{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.json.ip }}" + - name: Ensure Matrix Coturn path exists ansible.builtin.file: path: "{{ item.path }}" diff --git a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 index 3ed7b99f..b4688ff9 100644 --- a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -{% for ip in matrix_coturn_turn_external_ip_addresses|select('ne', '') %} +{% for ip in matrix_coturn_turn_external_ip_addresses %} external-ip={{ ip }} {% endfor %} From 15763e5418527b44432d3388e2a670f6e0a34f66 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Oct 2023 12:14:25 +0300 Subject: [PATCH 237/340] Upgrade Element (v1.11.45 -> v1.11.46) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f80dea84..e86eaed1 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.45 +matrix_client_element_version: v1.11.46 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 37195d49dc42cd32ffc567042e0de409b85c42d2 Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Tue, 10 Oct 2023 19:26:37 +0800 Subject: [PATCH 238/340] Update main.yml --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 32ae30f4..8a2e94e6 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.93.0 +matrix_synapse_version: v1.94.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 954634b580fbe802764d55a088fe23f2f1f738d5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 11:12:28 +0300 Subject: [PATCH 239/340] Make ansible-lint happy --- roles/custom/matrix-coturn/tasks/setup_install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 6064b360..fbeba92d 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -2,8 +2,8 @@ - when: matrix_coturn_turn_external_ip_address_auto_detection_enabled | bool block: - - when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == '' - name: Fail if enabled, but EchoIP service URL unset + - name: Fail if enabled, but EchoIP service URL unset + when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == '' ansible.builtin.fail: msg: "To use the external IP address auto-detection feature, you need to set matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url" @@ -24,8 +24,8 @@ delay: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay }}" until: not result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed - - when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)" - name: Fail if EchoIP service failed + - name: Fail if EchoIP service failed + when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)" ansible.builtin.fail: msg: "Failed contacting EchoIP service API at `{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}` (controlled by `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url`). Full error: {{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response }}" From 7e54417fcad034209ac90c51a43239c4be5a750a Mon Sep 17 00:00:00 2001 From: throny Date: Wed, 11 Oct 2023 11:26:42 +0200 Subject: [PATCH 240/340] Update maintenance-postgres.md no postgres 16 support with borg, 15 works. --- docs/maintenance-postgres.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 7c52b313..a6992284 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -87,7 +87,7 @@ This playbook can upgrade your existing Postgres setup with the following comman just run-tags upgrade-postgres ``` -**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.** +**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 16 support yet.** **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`. To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"` From 2441cf3ab10a7e8cecc8610f61393df93d02aaa7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 20:37:17 +0300 Subject: [PATCH 241/340] Upgrade sliding-sync (v0.99.10 -> v0.99.11) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 73afcaf3..ac1fe903 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.10 +matrix_sliding_sync_version: v0.99.11 matrix_sliding_sync_scheme: https From c301c06a538efdd75e588119f1fe9d1e48f1eb22 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 20:38:42 +0300 Subject: [PATCH 242/340] Add support for injecting additional environment-variables into sliding-sync --- roles/custom/matrix-sliding-sync/defaults/main.yml | 3 +++ roles/custom/matrix-sliding-sync/templates/env.j2 | 2 ++ 2 files changed, 5 insertions(+) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index ac1fe903..c6a3f94c 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -85,6 +85,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: '' # Controls the SYNCV3_DB environment variable matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}' +# Additional environment variables. +matrix_sliding_sync_environment_variables_additional_variables: '' + matrix_sliding_sync_database_username: 'matrix_sliding_sync' matrix_sliding_sync_database_password: '' matrix_sliding_sync_database_hostname: '' diff --git a/roles/custom/matrix-sliding-sync/templates/env.j2 b/roles/custom/matrix-sliding-sync/templates/env.j2 index 1269bd2a..5d800a1b 100644 --- a/roles/custom/matrix-sliding-sync/templates/env.j2 +++ b/roles/custom/matrix-sliding-sync/templates/env.j2 @@ -2,3 +2,5 @@ SYNCV3_SERVER={{ matrix_sliding_sync_environment_variable_syncv3_server }} SYNCV3_SECRET={{ matrix_sliding_sync_environment_variable_syncv3_secret }} SYNCV3_BINDADDR=:8008 SYNCV3_DB={{ matrix_sliding_sync_environment_variable_syncv3_db }} + +{{ matrix_sliding_sync_environment_variables_additional_variables }} From 495a890e1c77accbc9033d5e30a5b1a3a6b278d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Gonz=C3=A1lez?= Date: Wed, 11 Oct 2023 21:24:29 +0200 Subject: [PATCH 243/340] Update Admin-API link the old one is deprecated (says the page at the link target), and refers to this new one. --- docs/configuring-playbook-synapse-admin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-synapse-admin.md b/docs/configuring-playbook-synapse-admin.md index 1099553b..001d0044 100644 --- a/docs/configuring-playbook-synapse-admin.md +++ b/docs/configuring-playbook-synapse-admin.md @@ -15,7 +15,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. matrix_synapse_admin_enabled: true ``` -**Note**: Synapse Admin requires Synapse's [Admin APIs](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). +**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). ## Installing From af899a6558290a292ba1658891acb428bb931911 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Oct 2023 22:31:07 +0300 Subject: [PATCH 244/340] Update Synapse Admin APIs link --- docs/configuring-playbook-synapse-admin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-synapse-admin.md b/docs/configuring-playbook-synapse-admin.md index 001d0044..fdd11f2e 100644 --- a/docs/configuring-playbook-synapse-admin.md +++ b/docs/configuring-playbook-synapse-admin.md @@ -15,7 +15,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. matrix_synapse_admin_enabled: true ``` -**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). +**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`). ## Installing From 4e46fb3cce3aa416fa3e29001eb82790615e98bd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 12 Oct 2023 01:09:42 +0300 Subject: [PATCH 245/340] Upgrade Traefik (v2.10.4-1 -> v2.10.5-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 49ae0a0f..a35625a4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.4-1 + version: v2.10.5-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 3b2cb1cbc274fd255d592355d50ebe1ba8ce421a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 12 Oct 2023 18:54:16 +0300 Subject: [PATCH 246/340] update grafana 10.1.4 -> 10.1.5 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index a35625a4..86ee8e65 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.4-0 + version: v10.1.5-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi From 968bf38a29ebdac0c61d5f45c5e749fa36f9e1f6 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 15 Oct 2023 23:13:01 +0300 Subject: [PATCH 247/340] migrate prometheus exporter roles --- requirements.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 86ee8e65..be4febcb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -44,8 +44,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.47.1-0 name: prometheus -- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.6.1-0 + name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.14.0-0 name: prometheus_postgres_exporter From 7ba5dee782810a004b5962cb64e292d4d4870c44 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:45:15 +0300 Subject: [PATCH 248/340] Update mautrix-discord 0.6.2 -> 0.6.3 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 0f54689b..d3b047af 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.2 +matrix_mautrix_discord_version: v0.6.3 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From 153a582e989bd9b38e94b60865e19e841f343319 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:46:18 +0300 Subject: [PATCH 249/340] Update mautrix-gmessages 0.2.0 -> 0.2.1 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 1075379d..fb1d66fd 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: v0.2.0 +matrix_mautrix_gmessages_version: v0.2.1 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" From 5e91025c3b393865101a7c655137885f38fdcb9f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:48:55 +0300 Subject: [PATCH 250/340] Update borgmatic 1.8.2 -> 1.8.3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index be4febcb..e65a35ef 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.2-0 + version: v1.2.6-1.8.3-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From fca22ae9229918b98c7fd3070eb0087a21db0132 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:52:14 +0300 Subject: [PATCH 251/340] Update prometheus 2.47.1 -> 2.47.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index be4febcb..e47237c6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,7 +42,7 @@ - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.47.1-0 + version: v2.47.2-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.6.1-0 From 8ca935fca97c5b0a72dadbdf6b16f70b56a35811 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Oct 2023 15:44:43 +0300 Subject: [PATCH 252/340] Update mautrix-whatsapp 0.10.2 -> 0.10.3 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 515d648c..137ef445 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.10.2 +matrix_mautrix_whatsapp_version: v0.10.3 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From f6f536057486fb678d9209c90bb08a2cef18233b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 16 Oct 2023 18:20:09 +0300 Subject: [PATCH 253/340] Make fileMatch more specific Hopefully, this makes it run faster and prevents potential false-positives. Although.. a false-positive is unlikely anyway. --- .github/renovate.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index c822d5ce..db03f2b4 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -5,7 +5,7 @@ ], "regexManagers": [ { - "fileMatch": [".*y[a]?ml$"], + "fileMatch": ["defaults/main.yml$"], "matchStrings": [ "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?.+?)[\"']?\\s" ] From 974d66cffe76c0fde66eac32af405160ff6bc783 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 06:21:41 +0000 Subject: [PATCH 254/340] Update folivonet/matrix-sms-bridge Docker tag to v0.5.8 --- roles/custom/matrix-bridge-sms/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml index 81d8a584..376a4650 100644 --- a/roles/custom/matrix-bridge-sms/defaults/main.yml +++ b/roles/custom/matrix-bridge-sms/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sms_bridge_enabled: true # renovate: datasource=docker depName=folivonet/matrix-sms-bridge -matrix_sms_bridge_version: 0.5.7 +matrix_sms_bridge_version: 0.5.8 matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" From d985f115d293f694a097b7acefad3ae845ebdd81 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 06:21:45 +0000 Subject: [PATCH 255/340] Update ghcr.io/matrix-org/rageshake Docker tag to v1.11.0 --- roles/custom/matrix-rageshake/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml index 34c315d0..bb2e45a1 100644 --- a/roles/custom/matrix-rageshake/defaults/main.yml +++ b/roles/custom/matrix-rageshake/defaults/main.yml @@ -17,7 +17,7 @@ matrix_rageshake_path_prefix: / # There are no stable container image tags yet. # See: https://github.com/matrix-org/rageshake/issues/69 # renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake -matrix_rageshake_version: 1.9.0 +matrix_rageshake_version: 1.11.0 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake" matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config" From 4dc9a67b2ae4f37602c5f69c63477f83c90d70ea Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 06:30:16 +0000 Subject: [PATCH 256/340] Update matrixdotorg/matrix-user-verification-service Docker tag to v3 --- roles/custom/matrix-user-verification-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 3d180931..068ef2af 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -7,7 +7,7 @@ matrix_user_verification_service_enabled: true # Fix version tag # renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service -matrix_user_verification_service_version: "v2.0.0" +matrix_user_verification_service_version: "v3.0.0" # Paths matrix_user_verification_service_base_path: "{{ matrix_base_data_path }}/user-verification-service" From b2dd4bd1a435d60ceff38f5e798dc11e24b46cb3 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:09:30 +0300 Subject: [PATCH 257/340] Fix matrix_synapse_oidc_providers parsing --- .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index b3a4aa79..298b89e3 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2116,8 +2116,7 @@ saml2_config: # attribute_requirements: # - attribute: userGroup # value: "synapseUsers" -oidc_providers: - {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }} +oidc_providers: {{ matrix_synapse_oidc_providers }} {% endif %} From 29b62f77a517487c3f7e7e11c8d991fdfff9fb33 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 Oct 2023 08:24:52 +0300 Subject: [PATCH 258/340] Upgrade Postgres (v16.0-5 -> v16.0-6) - adds auto-tuning --- CHANGELOG.md | 13 ++++++ docs/configuring-playbook-synapse.md | 8 +--- docs/maintenance-postgres.md | 62 ++++------------------------ docs/maintenance-synapse.md | 4 +- group_vars/matrix_servers | 2 + requirements.yml | 2 +- 6 files changed, 27 insertions(+), 64 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2430fa99..3f621c27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2023-10-18 + +## Postgres parameters are automatically tuned now + +The playbook has provided some hints about [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) for quite a while now. + +From now on, the [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) automatically tunes your Postgres configuration with the same [calculation logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) that powers https://pgtune.leopard.in.ua/. + +Our [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) documentation page has details about how you can turn auto-tuning off or adjust the automatically-determined Postgres configuration parameters manually. + +People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `devture_postgres_process_extra_arguments`). There's a new variable (`devture_postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers. + + # 2023-08-31 ## SchildiChat support diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 4823c88d..50a048d5 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -34,13 +34,7 @@ We support a few configuration presets (`matrix_synapse_workers_preset: one-of-e If you'd like more customization power, you can start with one of the presets and tweak various `matrix_synapse_workers_*_count` variables manually. -If you increase worker counts too much, you may need to increase the maximum number of Postgres connections too (example): - -```yaml -devture_postgres_process_extra_arguments: [ - "-c 'max_connections=200'" -] -``` +When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `devture_postgres_max_connections` variable. In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`. diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index a6992284..74eed348 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -106,63 +106,15 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"` ## Tuning PostgreSQL -PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `devture_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change. +PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. -**Note**: the configuration generator at https://pgtune.leopard.in.ua/ adds spaces around the `=` sign, which is invalid. You'll need to remove it manually (`max_connections = 300` -> `max_connections=300`) +The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. +You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable. -### Here are some examples: +Most users should be fine with the automatically-done tuning. However, you may wish to: -These are not recommended values and they may not work well for you. This is just to give you an idea of some of the options that can be set. If you are an experienced PostgreSQL admin feel free to update this documentation with better examples. +- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable -Here is an example config for a small 2 core server with 4GB of RAM and SSD storage: -``` -devture_postgres_process_extra_arguments: [ - "-c shared_buffers=128MB", - "-c effective_cache_size=2304MB", - "-c effective_io_concurrency=100", - "-c random_page_cost=2.0", - "-c min_wal_size=500MB", -] -``` +- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []` -Here is an example config for a 4 core server with 8GB of RAM on a Virtual Private Server (VPS); the paramters have been configured using https://pgtune.leopard.in.ua with the following setup: PostgreSQL version 12, OS Type: Linux, DB Type: Mixed type of application, Data Storage: SSD storage: -``` -devture_postgres_process_extra_arguments: [ - "-c max_connections=100", - "-c shared_buffers=2GB", - "-c effective_cache_size=6GB", - "-c maintenance_work_mem=512MB", - "-c checkpoint_completion_target=0.9", - "-c wal_buffers=16MB", - "-c default_statistics_target=100", - "-c random_page_cost=1.1", - "-c effective_io_concurrency=200", - "-c work_mem=5242kB", - "-c min_wal_size=1GB", - "-c max_wal_size=4GB", - "-c max_worker_processes=4", - "-c max_parallel_workers_per_gather=2", - "-c max_parallel_workers=4", - "-c max_parallel_maintenance_workers=2", -] -``` - -Here is an example config for a large 6 core server with 24GB of RAM: -``` -devture_postgres_process_extra_arguments: [ - "-c max_connections=40", - "-c shared_buffers=1536MB", - "-c checkpoint_completion_target=0.7", - "-c wal_buffers=16MB", - "-c default_statistics_target=100", - "-c random_page_cost=1.1", - "-c effective_io_concurrency=100", - "-c work_mem=2621kB", - "-c min_wal_size=1GB", - "-c max_wal_size=4GB", - "-c max_worker_processes=6", - "-c max_parallel_workers_per_gather=3", - "-c max_parallel_workers=6", - "-c max_parallel_maintenance_workers=3", -] -``` +- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index 7c3ecc1b..a2ee2a9a 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -72,8 +72,10 @@ You should then be able to browse the adminer database administration GUI at htt Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_presence_enabled: false` to your `vars.yml` file. +If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers). + Tuning Synapse's cache factor can help reduce RAM usage. [See the upstream documentation](https://github.com/matrix-org/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu) for more information on what value to set the cache factor to. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor. -Tuning your PostgreSQL database will also make Synapse run significantly faster. See [maintenance-postgres.md##tuning-postgresql](maintenance-postgres.md##tuning-postgresql). +[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will aslo need to tune Postgres manually. See also [How do I optimize this setup for a low-power server?](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ad6433c4..2ca07dce 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2964,6 +2964,8 @@ devture_postgres_db_name: matrix devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" +devture_postgres_max_connections: "{{ 500 if matrix_synapse_workers_enabled else 200 }}" + devture_postgres_managed_databases_auto: | {{ ([{ diff --git a/requirements.yml b/requirements.yml index 712ea0ac..7dc79952 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-5 + version: v16.0-6 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From b8a92d777868cbcae6679d526797be53ed8db2e3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Oct 2023 09:17:36 +0300 Subject: [PATCH 259/340] Upgrade Postgres (v16.0-6 -> v16.0-7) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2953 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7dc79952..32c3ae88 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-6 + version: v16.0-7 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 4a3f132cef0363393a74f6bf4b03efe7d03e5f0e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Oct 2023 12:43:48 +0300 Subject: [PATCH 260/340] Upgrade exim-relay (4.96-r1-0 -> 4.96.2-r0-0) --- roles/custom/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml index 061e7b82..566b5325 100644 --- a/roles/custom/matrix-mailer/defaults/main.yml +++ b/roles/custom/matrix-mailer/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_ matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" # renovate: datasource=docker depName=devture/exim-relay -matrix_mailer_version: 4.96-r1-0 +matrix_mailer_version: 4.96.2-r0-0 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From a78eb99da102dc2b17a7b32bbec347901772b24f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Oct 2023 14:21:31 +0300 Subject: [PATCH 261/340] Upgrade Ansible version on docs/ansible.md (2.13.6-r0-3 -> 2.14.5-r0-0) --- docs/ansible.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 6018860e..53e36cea 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -65,7 +65,7 @@ docker run -it --rm \ -w /work \ -v `pwd`:/work \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.6-r0-3 +docker.io/devture/ansible:2.14.5-r0-0 ``` Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. @@ -86,7 +86,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.6-r0-3 +docker.io/devture/ansible:2.14.5-r0-0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). From 6192e81001de71193f9ac643c5a6f971ecaf4c38 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Oct 2023 15:30:41 +0000 Subject: [PATCH 262/340] Update devture/matrix-corporal Docker tag to v2.6.0 --- roles/custom/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml index fd10d38d..43296b5f 100644 --- a/roles/custom/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -24,7 +24,7 @@ matrix_corporal_container_extra_arguments: [] matrix_corporal_systemd_required_services_list: ['docker.service'] # renovate: datasource=docker depName=devture/matrix-corporal -matrix_corporal_version: 2.5.2 +matrix_corporal_version: 2.6.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From e87f5c11d7adf852703f0e1f8fbad10807901871 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Oct 2023 18:58:03 +0300 Subject: [PATCH 263/340] Attempt to make Renovate work for docker.io/devture/exim-relay It seems like with the default versioning detection strategy (`docker`), the version is detected up to the hyphen: > Renovate tries to follow the most common conventions that are used to tag Docker images. > In particular, Renovate treats the text after the first hyphen as a type of platform/compatibility indicator. Perhaps with `semver` would be more appropriate for this image. More details in: https://docs.renovatebot.com/modules/versioning/ --- roles/custom/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml index 566b5325..e901c4b0 100644 --- a/roles/custom/matrix-mailer/defaults/main.yml +++ b/roles/custom/matrix-mailer/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -# renovate: datasource=docker depName=devture/exim-relay +# renovate: datasource=docker depName=devture/exim-relay versioning=semver matrix_mailer_version: 4.96.2-r0-0 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" From 1eb78c97c0df39e42555e014f4ca4911aaffd652 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 19 Oct 2023 20:39:38 +0300 Subject: [PATCH 264/340] Update MSC1929 integration --- .../templates/static-files/well-known/matrix-support.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 index 97e76012..fab05fba 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" { - "admins": {{ matrix_homeserver_admin_contacts|to_json }} + "contacts": {{ matrix_homeserver_admin_contacts|to_json }} {% if matrix_homeserver_support_url %}, "support_page": {{ matrix_homeserver_support_url|to_json }} {% endif %} From 4d93ce752b1636305db7fc97f812fbfe8e5c93f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 21 Oct 2023 08:23:52 +0300 Subject: [PATCH 265/340] Upgrade Postgres (v16.0-7 -> v16.0-8) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 32c3ae88..2b0ccc8d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-7 + version: v16.0-8 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 5345125e496279fb20ccf72fcbe8a11fd6612e71 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 21 Oct 2023 13:21:26 +0000 Subject: [PATCH 266/340] Update ajbura/cinny Docker tag to v3 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 518c021c..2a50a1a6 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v2.2.6 +matrix_client_cinny_version: v3.0.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 4948f82141dbaa6f851e757b5a0489e2a6a7b84b Mon Sep 17 00:00:00 2001 From: mcnesium Date: Sat, 21 Oct 2023 15:47:59 +0200 Subject: [PATCH 267/340] Map /.well-known/matrix/support for support discovery --- examples/apache/matrix-synapse.conf | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index 2c7b3dde..17c6b6ea 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -37,6 +37,7 @@ # Keep some URIs free for different proxy/location ProxyPassMatch ^/.well-known/matrix/client ! ProxyPassMatch ^/.well-known/matrix/server ! + ProxyPassMatch ^/.well-known/matrix/support ! ProxyPassMatch ^/_matrix/identity ! ProxyPassMatch ^/_matrix/client/r0/user_directory/search ! @@ -46,11 +47,11 @@ ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client retry=0 nocanon ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client - + # Proxy Admin API (necessary for Synapse-Admin) # ProxyPass /_synapse/admin http://127.0.0.1:8008/_synapse/admin retry=0 nocanon # ProxyPassReverse /_synapse/admin http://127.0.0.1:8008/_synapse/admin - + # Proxy Synapse-Admin # ProxyPass /synapse-admin http://127.0.0.1:8766 retry=0 nocanon # ProxyPassReverse /synapse-admin http://127.0.0.1:8766 @@ -64,6 +65,7 @@ Header always set Content-Type "application/json" Header always set Access-Control-Allow-Origin "*" + # Map /.well-known/matrix/server for server discovery Alias /.well-known/matrix/server /matrix/static-files/.well-known/matrix/server @@ -72,6 +74,16 @@ Header always set Content-Type "application/json" + + # Map /.well-known/matrix/support for support discovery + Alias /.well-known/matrix/support /matrix/static-files/.well-known/matrix/support + + Require all granted + + + Header always set Content-Type "application/json" + + AllowOverride All # Apache 2.4: From 01c31dd849e7ebbe736221b7648a4b934f62f4fa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 12:11:04 +0300 Subject: [PATCH 268/340] Enable `allow_public_rooms_over_federation` by default for Synapse --- CHANGELOG.md | 32 +++++++++++++++++++ roles/custom/matrix-synapse/defaults/main.yml | 9 ++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f621c27..0c560da6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,35 @@ +# 2023-10-23 + +## Enabling `allow_public_rooms_over_federation` by default for Synapse + +**TDLR**: if your Matrix server is federating (which it mostly likely is, unless you've [disabled federation](docs/configuring-playbook-federation.md#disabling-federation)), your public rooms will not only be joinable across federation (as they've always been), but from now on will be discoverable (made available as a list across federation). We're changing this by flipping the value for Synapse's `allow_public_rooms_over_federation` setting to `true`, going against the upstream default. Servers that disable federation are not affected. + +We generally try to stick to the default configuration for Synapse (and all other components), unless these defaults seem wrong or harmful. One such previous case from a few months ago was us [Enabling `forget_rooms_on_leave` by default for Synapse](#enabling-forget_rooms_on_leave-by-default-for-synapse) - the default value was making Synapse more wasteful of resources by default. + +Today, we're going against upstream defaults again and flipping the `allow_public_rooms_over_federation` configuration option to `true`. +This way, public rooms on your server will be made discoverable by others via federation, using the [`GET /_matrix/federation/v1/publicRooms` of the Server-Server API](https://spec.matrix.org/v1.8/server-server-api/#get_matrixfederationv1publicrooms). + +The upstream Synapse default is `false` (disabled), so that public rooms are not exposed for other servers to discover (learn about their existence). Nevertheless, even if these rooms are not exposed (listed) for discovery, they are **still joinable** by anyone who knows their address or is invited to the room by an existing member. + +**We go against the upstream default** in an effort to make Matrix federation more useful - a public room should be globally public - not only joinable, but also discoverable across federation. + +The **historical reasoning** behind this change is as follows: + +- `allow_public_rooms_over_federation` seems to have been enabled by default for Synapse until v1.7.0 (~2019), just like we believe it should be for a globally-federating network - rooms should be joinable and discoverable across federation. + +- In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. + +- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. On 19th of October 2023, `matrixrooms.info` was indexing `23831` Matrix servers. Of these, only `1937` servers (8%) were making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 92% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. + +Here are **actions you may wish to take** as a result of this change: + +- (recommended) embrace the new default. If your Matrix server is federating, your public rooms have always been joinable across federation anyway. Exposing the list of public rooms does no harm and more-so does good by contributing to the usefulness of the Matrix network by facilitating room discovery. + +- (switch to a better way of doings things on your semi-private server) The problem that the Synapse team appears to have solved by flipping the `allow_public_rooms_over_federation` default in Synapse v1.7.0 seems to for "mostly private" servers, which federate and have a bunch of rooms made public in an effort to allow people on the same homeserver to easily find and join them (self-onboarding). With the introduction of Matrix Spaces, you can reorganize your flow around spaces - you can auto-join your users to a Matrix Space (via Synapse's `auto_join_rooms` setting - controlled by our `matrix_synapse_auto_join_rooms` variable), then add a bunch of rooms to the space and make them joinable by people belonging to the space. That is to say, do not make rooms public unless they are public - use other mechanisms for semi-public rooms. Alternatively, you can also stick to what you're doing (public rooms) and set `m.federate: true` when creating them (clients like Element have a nice UI checkbox for this) to explicitly disable federation for these rooms. + +- (keeping the old behavior) if you wish to keep doing what you're doing (keeping your Matrix server federating, but hiding its public rooms list), add `matrix_synapse_allow_public_rooms_over_federation: false` to your `vars.yml` configuration. This restores the old behavior. You may also consider [disabling federation](docs/configuring-playbook-federation.md#disabling-federation) completely instead of relying on security-by-obscurity measures. + + # 2023-10-18 ## Postgres parameters are automatically tuned now diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 3ad23058..7e53f585 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -312,8 +312,13 @@ matrix_synapse_presence_enabled: true matrix_synapse_allow_public_rooms_without_auth: false # Controls whether remote servers can fetch this server's public rooms directory via federation. -# For private servers, you most likely wish to forbid it. -matrix_synapse_allow_public_rooms_over_federation: false +# The upstream default is `false`, but we try to make Matrix federation more useful. +# +# For private servers, you may wish to forbid it to align yourself with upstream defaults. +# However, disabling federation completely (see `matrix_synapse_federation_enabled`) is a better way to make your server private, +# instead of relying on security-by-obscurity -- federating with others, having your public rooms joinable by anyone, +# but hiding them and thinking you've secured them. +matrix_synapse_allow_public_rooms_over_federation: true # Whether to require authentication to retrieve profile data (avatars, # display names) of other users through the client API. Defaults to From f49e3f1e021a883fc7dd56fb25f9fa91f2725d65 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 12:18:08 +0300 Subject: [PATCH 269/340] Update Matrix Room Search indexing statistics This brings the values up-to-date as of the latest indexing run done today. Due to a bug, the previous values were somewhat off. The new numbers are different and actually demonstrate that the situation is much worse than initially imagined. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c560da6..d3c977bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ The **historical reasoning** behind this change is as follows: - In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. -- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. On 19th of October 2023, `matrixrooms.info` was indexing `23831` Matrix servers. Of these, only `1937` servers (8%) were making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 92% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. +- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `781` servers (3%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 97% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. Here are **actions you may wish to take** as a result of this change: From 03f5344c3752d41226c2bc99cb0329e47c267420 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 12:34:55 +0300 Subject: [PATCH 270/340] Improve changelog entry wording to mention the room directory Hopefully, this makes it clearer that it's not just "public rooms" that will now be exposed, but rather "public rooms which are also published to the room directory". --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3c977bf..0d2d09b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Enabling `allow_public_rooms_over_federation` by default for Synapse -**TDLR**: if your Matrix server is federating (which it mostly likely is, unless you've [disabled federation](docs/configuring-playbook-federation.md#disabling-federation)), your public rooms will not only be joinable across federation (as they've always been), but from now on will be discoverable (made available as a list across federation). We're changing this by flipping the value for Synapse's `allow_public_rooms_over_federation` setting to `true`, going against the upstream default. Servers that disable federation are not affected. +**TDLR**: if your Matrix server is federating (which it mostly likely is, unless you've [disabled federation](docs/configuring-playbook-federation.md#disabling-federation)), your public rooms will not only be joinable across federation (as they've always been), but from now on will be discoverable (made available as a list across federation). We're changing this by flipping the value for Synapse's `allow_public_rooms_over_federation` setting to `true`, going against the upstream default. Servers that disable federation are not affected. Servers that have public rooms which are not published to the room directory are also not affected. We generally try to stick to the default configuration for Synapse (and all other components), unless these defaults seem wrong or harmful. One such previous case from a few months ago was us [Enabling `forget_rooms_on_leave` by default for Synapse](#enabling-forget_rooms_on_leave-by-default-for-synapse) - the default value was making Synapse more wasteful of resources by default. @@ -25,7 +25,7 @@ Here are **actions you may wish to take** as a result of this change: - (recommended) embrace the new default. If your Matrix server is federating, your public rooms have always been joinable across federation anyway. Exposing the list of public rooms does no harm and more-so does good by contributing to the usefulness of the Matrix network by facilitating room discovery. -- (switch to a better way of doings things on your semi-private server) The problem that the Synapse team appears to have solved by flipping the `allow_public_rooms_over_federation` default in Synapse v1.7.0 seems to for "mostly private" servers, which federate and have a bunch of rooms made public in an effort to allow people on the same homeserver to easily find and join them (self-onboarding). With the introduction of Matrix Spaces, you can reorganize your flow around spaces - you can auto-join your users to a Matrix Space (via Synapse's `auto_join_rooms` setting - controlled by our `matrix_synapse_auto_join_rooms` variable), then add a bunch of rooms to the space and make them joinable by people belonging to the space. That is to say, do not make rooms public unless they are public - use other mechanisms for semi-public rooms. Alternatively, you can also stick to what you're doing (public rooms) and set `m.federate: true` when creating them (clients like Element have a nice UI checkbox for this) to explicitly disable federation for these rooms. +- (switch to a better way of doings things on your semi-private server) The problem that the Synapse team appears to have solved by flipping the `allow_public_rooms_over_federation` default in Synapse v1.7.0 seems to for "mostly private" servers, which federate and have a bunch of rooms made public (and published in their room directory) in an effort to allow people on the same homeserver to easily find and join them (self-onboarding). With the introduction of Matrix Spaces, you can reorganize your flow around spaces - you can auto-join your users to a Matrix Space (via Synapse's `auto_join_rooms` setting - controlled by our `matrix_synapse_auto_join_rooms` variable), then add a bunch of rooms to the space and make them joinable by people belonging to the space. That is to say, do not make rooms public and do not publish them to the room directory unless they are really public. Instead, use other mechanisms for semi-public rooms or private rooms. One alternative is to stick to what you're doing (public rooms published to your rooms directory) but having a `m.federate: true` flag set during creation (clients like Element have a nice UI checkbox for this) to explicitly disable federation for them. - (keeping the old behavior) if you wish to keep doing what you're doing (keeping your Matrix server federating, but hiding its public rooms list), add `matrix_synapse_allow_public_rooms_over_federation: false` to your `vars.yml` configuration. This restores the old behavior. You may also consider [disabling federation](docs/configuring-playbook-federation.md#disabling-federation) completely instead of relying on security-by-obscurity measures. From c6f1dfa72494bb7191d4bb4e1d63b1658b4e10e0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 13:54:59 +0300 Subject: [PATCH 271/340] Switch Renovate versioning for matrix-dynamic-dns to semver Related to e87f5c11d7adf852 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 996597f9..816a33a2 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -# renovate: datasource=docker depName=linuxserver/ddclient +# renovate: datasource=docker depName=linuxserver/ddclient versioning=semver matrix_dynamic_dns_version: v3.10.0-ls136 # The docker container to use when in mode From 3588cf610ecd99c5e29f79115275a5b33982916e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 13:57:21 +0300 Subject: [PATCH 272/340] Upgrade ddclient (v3.10.0-ls136 -> v3.11.0-ls137) Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2961 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 816a33a2..23462583 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true matrix_dynamic_dns_daemon_interval: '300' # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver -matrix_dynamic_dns_version: v3.10.0-ls136 +matrix_dynamic_dns_version: v3.11.0-ls137 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 0393bd63562bf958205614d7f7d467aa9a48cf32 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 13:58:40 +0300 Subject: [PATCH 273/340] Update Matrix Room Search indexing statistics again Fixup for f49e3f1e021a883f. It appears that many servers are incredibly slow, so the value was misreported and more are online than previously estimated. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d2d09b3..9a787876 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ The **historical reasoning** behind this change is as follows: - In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. -- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `781` servers (3%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 97% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. +- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `1567` servers (7%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 93% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. Here are **actions you may wish to take** as a result of this change: From 6b86bed4f97bbb632234041e9c64d7950e7fb86a Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Mon, 23 Oct 2023 19:09:30 +0300 Subject: [PATCH 274/340] add .gitattributes with checking out with lf line endings --- .gitattributes | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..6313b56c --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf From d46c02cd6f6f58d763cbb4e4269277b57d33a29b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Oct 2023 18:24:54 +0300 Subject: [PATCH 275/340] Upgrade Element (v1.11.46 -> v1.11.47) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 484881f7..3bc9c152 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.46 +matrix_client_element_version: v1.11.47 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 90c3e7595ea870c8dd9a61b362034bdd52d9dca1 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 Oct 2023 18:49:20 +0300 Subject: [PATCH 276/340] Update grafana 10.1.5 -> 10.2.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2b0ccc8d..cef847f6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.5-0 + version: v10.2.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi From 9032170e8c02d9ee3af8906ec27b06fe073d8441 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Oct 2023 19:09:34 +0300 Subject: [PATCH 277/340] Upgrade Synapse (v1.94.0 -> v1.95.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 7e53f585..4cfc725d 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.94.0 +matrix_synapse_version: v1.95.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 7c12c508d7630a986fb8ca6afc326efcb071b9c4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 03:59:15 +0000 Subject: [PATCH 278/340] Update nginx Docker tag to v1.25.3 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 2 +- .../matrix-synapse-reverse-proxy-companion/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 36eb7aa4..429fc9fc 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -2,7 +2,7 @@ # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true # renovate: datasource=docker depName=nginx -matrix_nginx_proxy_version: 1.25.2-alpine +matrix_nginx_proxy_version: 1.25.3-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 28a2dae6..5cd68f2a 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -26,7 +26,7 @@ matrix_synapse_reverse_proxy_companion_enabled: true # renovate: datasource=docker depName=nginx -matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine +matrix_synapse_reverse_proxy_companion_version: 1.25.3-alpine matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" From 33d271efdd17b24159840500e33cc696876d80f2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 25 Oct 2023 15:28:52 +0300 Subject: [PATCH 279/340] Upgrade Dendrite (v0.13.3 -> v0.13.4) --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index f63030ee..9830021b 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -11,7 +11,7 @@ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith -matrix_dendrite_docker_image_tag: "v0.13.3" +matrix_dendrite_docker_image_tag: "v0.13.4" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 338af8151b7418a1ca4d56a11c4d95850224045f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 21:44:12 +0000 Subject: [PATCH 280/340] Update linuxserver/ddclient Docker tag to v3.11.1 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 23462583..5a990dbb 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true matrix_dynamic_dns_daemon_interval: '300' # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver -matrix_dynamic_dns_version: v3.11.0-ls137 +matrix_dynamic_dns_version: 3.11.1 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From ffc2aef0b259637511f1938dd4a266e6e9abfbe9 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 26 Oct 2023 22:34:08 +0300 Subject: [PATCH 281/340] fix jitsi auth (w/ auth; w/o auth), closes #2589 --- group_vars/matrix_servers | 1 + requirements.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2ca07dce..4b3abf95 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2551,6 +2551,7 @@ jitsi_etherpad_enabled: "{{ etherpad_enabled }}" jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}" # Allow verification using JWT and matrix-UVS +jitsi_prosody_auth_matrix_uvs_sync_power_levels: "{{ matrix_user_verification_service_enabled }}" jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}" jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}" diff --git a/requirements.yml b/requirements.yml index cef847f6..b110101e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-1 + version: v8960-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 09b013adfaaf1915d9d215c1ae1305a87f567bf3 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 27 Oct 2023 10:11:20 +0300 Subject: [PATCH 282/340] Update borgmatic 1.8.3 -> 1.8.4 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index b110101e..f5c80ffb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.3-0 + version: v1.2.6-1.8.4-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 65de453988f224d8a4af8b2c33e9710e305c8021 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 15:36:35 +0000 Subject: [PATCH 283/340] Update ajbura/cinny Docker tag to v3.1.0 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 2a50a1a6..94623aa0 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v3.0.0 +matrix_client_cinny_version: v3.1.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From eaa9a52eeb3eb68166b40b443e3690fb421150df Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Fri, 27 Oct 2023 19:06:59 +0100 Subject: [PATCH 284/340] Update main.yml --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index efd39620..4e8f709f 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_chatgpt_enabled: true # renovate: datasource=docker depName=ghcr.io/matrixgpt/matrix-chatgpt-bot -matrix_bot_chatgpt_version: 3.1.2 +matrix_bot_chatgpt_version: 3.1.4 matrix_bot_chatgpt_container_image_self_build: false matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot" From a53ae8a2fc7d4f72c1894c02ecd4d1a03e6e99d1 Mon Sep 17 00:00:00 2001 From: Ant Somers Date: Mon, 30 Oct 2023 19:49:58 +0300 Subject: [PATCH 285/340] Fix matrix-user-verification-service file Related to #2375, #2975, and #2847 --- .../systemd/matrix-user-verification-service.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index 68398263..6c757ae1 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -17,7 +17,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ --name={{ matrix_user_verification_service_container_name }} \ --log-driver=none \ @@ -37,6 +37,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ {% for network in matrix_user_verification_service_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_user_verification_service_container_name }} {% endfor %} +ExecStart=/usr/bin/env docker start --attach matrix-user-verification-service ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' From 670ae6f602a3004742a8a7f58b7cd6db8662b5f8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Oct 2023 08:32:08 +0200 Subject: [PATCH 286/340] Upgrade Jitsi (v8960-2 -> v8960-3) and pass jitsi_user_username explicitly It would work even without explicitly passing `jitsi_user_username` as auto-detection logic will run. Passing it explicitly spares the Jitsi role some work. Related to: - https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/pull/2 - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2974#issuecomment-1784256903 --- group_vars/matrix_servers | 2 ++ requirements.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4b3abf95..03370aef 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2491,6 +2491,8 @@ jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" jitsi_uid: "{{ matrix_user_uid }}" jitsi_gid: "{{ matrix_user_gid }}" +jitsi_user_username: "{{ matrix_user_username }}" + # Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # the Jitsi HTTP port to the local host. diff --git a/requirements.yml b/requirements.yml index f5c80ffb..ccbe300f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-2 + version: v8960-3 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 9df69e017bf781ec4609c51e020892cf6a530de0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Oct 2023 13:09:18 +0200 Subject: [PATCH 287/340] Update cinny 3.1.0 -> 3.2.0 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 94623aa0..5ab1bd38 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v3.1.0 +matrix_client_cinny_version: v3.2.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 090737773fa4fd6e9f2852feeb921b7f5c743178 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:25:34 +0200 Subject: [PATCH 288/340] Update synapse 1.95.0 -> 1.95.1 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 4cfc725d..2dda2cf3 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.95.0 +matrix_synapse_version: v1.95.1 matrix_synapse_username: '' matrix_synapse_uid: '' From 4ff9b0d6a544c818d6f709e4d9ecab1a324ab4ab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Nov 2023 09:31:42 +0200 Subject: [PATCH 289/340] Upgrade Heisenbridge (1.14.5 -> 1.14.6) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 0bd59951..c8d1bf94 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -5,7 +5,7 @@ matrix_heisenbridge_enabled: true # renovate: datasource=docker depName=hif1/heisenbridge -matrix_heisenbridge_version: 1.14.5 +matrix_heisenbridge_version: 1.14.6 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From ebcafc6518cf62bb5081bf9a742b5dc171091da2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 2 Nov 2023 18:10:50 +0200 Subject: [PATCH 290/340] Upgrade postgres-backup The new version supports v16. Related to: https://github.com/devture/com.devture.ansible.role.postgres_backup/pull/3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ccbe300f..25e49b07 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.0-8 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: a0cc7c1c696872ba8880d9c5e5a54098de825030 + version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git From ebe7e3b6e0929d527f8000e69a59bdf43c7f1982 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Nov 2023 09:31:51 +0200 Subject: [PATCH 291/340] Forward /_matrix/client/v3 to identity server (not just /_matrix/client/r0) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954 --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 8ecaf64e..dd46299e 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -185,7 +185,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} - location ^~ /_matrix/client/r0/user_directory/search { + location ^~ /_matrix/client/(r0|v3)/user_directory/search { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -202,7 +202,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} - location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ { + location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; From 7436fd435bd5d2aee99c37f0568a9f599187aedc Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 6 Nov 2023 08:51:50 +0100 Subject: [PATCH 292/340] Update configuring-playbook-bridge-beeper-linkedin.md --- docs/configuring-playbook-bridge-beeper-linkedin.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md index 6ec294fb..a51b2781 100644 --- a/docs/configuring-playbook-bridge-beeper-linkedin.md +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -32,14 +32,10 @@ You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/co ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. - -### Method 1: automatically, by enabling Shared Secret Auth +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have to enable Shared Secred Auth. The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. -This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. - ## Usage From b0a2211c1371aa094ae4565b74e2db5fb8b8edef Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 6 Nov 2023 09:13:10 +0100 Subject: [PATCH 293/340] Update configuring-playbook-sliding-sync-proxy.md --- docs/configuring-playbook-sliding-sync-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index a7aab981..982314ca 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi). -Element X Android requires manual compilation to get it working with a non-`matrix.org` homeseserver. It's also less feature-complete than the iOS version. +Element X Android is less feature-complete than the iOS version. **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. From 8d87b5c95155bb3103acbcf74ec2e71bbc125272 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Nov 2023 16:06:34 +0000 Subject: [PATCH 294/340] Update vectorim/element-web Docker tag to v1.11.48 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3bc9c152..63b95db9 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.47 +matrix_client_element_version: v1.11.48 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 7d668a488e089e8e72bf0372b6d516ff304508c1 Mon Sep 17 00:00:00 2001 From: Chikage Date: Wed, 8 Nov 2023 04:35:24 +0900 Subject: [PATCH 295/340] add self-build for matrix_user_verification Currently v3.0.0 tested with no issues. So remove matrix_user_verification_service_docker_image from groups_vars. /.npm must be writable or an error will be reported. --- group_vars/matrix_servers | 3 --- .../defaults/main.yml | 5 ++++ .../tasks/setup_install.yml | 25 +++++++++++++++++++ ...atrix-user-verification-service.service.j2 | 1 + 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 03370aef..9b27fcb4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4303,9 +4303,6 @@ matrix_user_creator_users_auto: | # ###################################################################### -## FIXME: Needs to be updated when there is a proper release by upstream. -matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service@sha256:d2aabc984dd69d258c91900c36928972d7aaef19d776caa3cd6a0fbc0e307270" - matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | {{ diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 068ef2af..46ae72db 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -5,6 +5,10 @@ matrix_user_verification_service_ansible_name: "Matrix User Verification Service # Enable by default. This is overwritten in provided group vars. matrix_user_verification_service_enabled: true +matrix_user_verification_service_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_user_verification_service_container_image_self_build_repo: "https://github.com/matrix-org/matrix-user-verification-service" +matrix_user_verification_service_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_user_verification_service_version }}" + # Fix version tag # renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service matrix_user_verification_service_version: "v3.0.0" @@ -13,6 +17,7 @@ matrix_user_verification_service_version: "v3.0.0" matrix_user_verification_service_base_path: "{{ matrix_base_data_path }}/user-verification-service" matrix_user_verification_service_config_path: "{{ matrix_user_verification_service_base_path }}/config" matrix_user_verification_service_config_env_file: "{{ matrix_user_verification_service_config_path }}/.env" +matrix_user_verification_service_docker_src_files_path: "{{ matrix_user_verification_service_base_path }}/docker-src" # Docker matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 54d5d979..700614cb 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -9,6 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_user_verification_service_config_path }}", when: true} + - {path: "{{ matrix_user_verification_service_docker_src_files_path }}", when: "{{ matrix_user_verification_service_container_image_self_build }}"} when: item.when | bool - name: Ensure Matrix User Verification Service image is pulled @@ -21,6 +22,30 @@ retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed + when: "not matrix_user_verification_service_container_image_self_build | bool" + +- name: Ensure Matrix User Verification Service repository is present when self-building + ansible.builtin.git: + repo: "{{ matrix_user_verification_service_container_image_self_build_repo }}" + dest: "{{ matrix_user_verification_service_docker_src_files_path }}" + version: "{{ matrix_user_verification_service_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_user_verification_service_git_pull_results + when: "matrix_user_verification_service_container_image_self_build | bool" + +- name: Ensure Matrix User Verification Service image is built + community.docker.docker_image: + name: "{{ matrix_user_verification_service_docker_image }}" + source: build + force_source: "{{ matrix_user_verification_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_user_verification_service_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_user_verification_service_docker_src_files_path }}" + pull: true + when: "matrix_user_verification_service_container_image_self_build | bool" - name: Ensure Matrix User Verification Service env file installed ansible.builtin.template: diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index 6c757ae1..268e4298 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -24,6 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ + --tmpfs /.npm \ --network={{ matrix_user_verification_service_container_network }} \ {% if matrix_user_verification_service_container_http_host_bind_port %} -p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \ From ad230555e9a612b3e3a775f4aaf1f98c742e0779 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Nov 2023 11:31:18 +0200 Subject: [PATCH 296/340] Try to fix /_matrix/client/v3 for ma1sd via URL rewriting to (/_matrix/client/r0) Hopefully fixes: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954 Untested. Patch inspired by: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954#issuecomment-1795029963 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 12 ++++++++++++ .../templates/nginx/conf.d/matrix-domain.conf.j2 | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 429fc9fc..36064480 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -331,6 +331,12 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/user_directory/search -> /_matrix/client/r0/user_directory/search). +# This is to assist identity servers which only handle the r0 endpoints. +# The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides. +# If this is disabled, API requests will be forwarded as-is, without any URL rewriting. +matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled: true + # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain). # This allows another service to control registrations involving 3PIDs. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md @@ -338,6 +344,12 @@ matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/register/(email|msisdn)/requestToken -> /_matrix/client/r0/register/(email|msisdn)/requestToken). +# This is to assist identity servers which only handle the r0 endpoints. +# The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides. +# If this is disabled, API requests will be forwarded as-is, without any URL rewriting. +matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled: true + # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index dd46299e..ad550103 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -186,6 +186,10 @@ {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ^~ /_matrix/client/(r0|v3)/user_directory/search { + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -203,6 +207,10 @@ {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; From a88a4c2b827b62a814586883c112fffed15a87be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Nov 2023 16:30:02 +0200 Subject: [PATCH 297/340] Use regex-enabled location blocks when matching with regex Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2986 --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index ad550103..3d6ae7df 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -119,7 +119,7 @@ # Redirect other endpoints registered by the media-repo to its container # /_matrix/client/r0/logout # /_matrix/client/r0/logout/all - location ^~ /_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { + location ~ ^/_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -142,7 +142,7 @@ # Redirect other endpoints registered by the media-repo to its container # /_matrix/client/r0/admin/purge_media_cache # /_matrix/client/r0/admin/quarantine_media/{roomId:[^/]+} - location ^~ /_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { + location ~ ^/_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -185,7 +185,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} - location ^~ /_matrix/client/(r0|v3)/user_directory/search { + location ~ ^/_matrix/client/(r0|v3)/user_directory/search { {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; {% endif %} From 81ee0749c874b9986fa8942aa96d76736b2334fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=2E=20K=C3=BCchel?= Date: Thu, 9 Nov 2023 08:00:25 +0100 Subject: [PATCH 298/340] Update matrix-domain.conf.j2 - trying to fix issue #2954 (#2985) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update matrix-domain.conf.j2 exchanged "^~" with "~" as a pattern matching in the location part. I am very sure, that it only works using "~". I am not quite sure though, if this is the right way to do it, because "~" is probably more expensive than "^~" the rewrite has to be behind the definition of the $backend. Otherwise nginx will fail to work. This is probably because "break" goes directly to the proxy_pass which uses $backend. * Update matrix-domain.conf.j2 also change the order of "set $backend" and "rewrite" here in the 3pid registration section * Update matrix-domain.conf.j2 - repeat v3_to_r0 rewrite in else-statement as you said: repeat it for the else-case, where the ma1sd might be running on sans_container. * Update matrix-domain.conf.j2 - corrected wrong variable atrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled is the right variable to check (twice) in the corresponding branch. * matrix-domain.conf.j2 - fix-2954: change all whitespaces to tabs as you do it --------- Co-authored-by: Tobias Küchel --- .../nginx/conf.d/matrix-domain.conf.j2 | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 3d6ae7df..d28cbf15 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -186,16 +186,18 @@ {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ~ ^/_matrix/client/(r0|v3)/user_directory/search { - {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} - rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; - {% endif %} - {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}"; + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} proxy_pass http://$backend; {% else %} + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} {# Generic configuration for use outside of our container setup #} proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container }}; {% endif %} @@ -207,16 +209,18 @@ {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { - {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} - rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; - {% endif %} - {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}"; + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} proxy_pass http://$backend; {% else %} + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} {# Generic configuration for use outside of our container setup #} proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }}; {% endif %} From b77a438169d7eae816d0b2764309b635d63cc978 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Nov 2023 13:39:21 +0200 Subject: [PATCH 299/340] Upgrade Traefik (v2.10.5-0 -> v2.10.5-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 25e49b07..cbda8ec8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-0 + version: v2.10.5-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From d74efc13105705f26d3c995996670666edb95862 Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Thu, 9 Nov 2023 14:08:32 +0100 Subject: [PATCH 300/340] Remove mention of Android Element X being less feature complete than the iOS version (#2982) * Remove mention of Android Element X being less feature complete than iOS version Quoting upstream: > Element X Android and Element X iOS apps are in a similar state. > > https://github.com/vector-im/element-x-android/issues/911 * Update configuring-playbook-sliding-sync-proxy.md --- docs/configuring-playbook-sliding-sync-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index 982314ca..f5bc6f76 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi). -Element X Android is less feature-complete than the iOS version. +Element X Android is [available on the Github Releases page](https://github.com/vector-im/element-x-android/releases). **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. From a0e649286d05dee3edeb5487190b60c3d81a65fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:00:27 +0000 Subject: [PATCH 301/340] Update frenck/action-yamllint action to v1.4.2 --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index d10ebec5..8e7df118 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v4 - name: Run yamllint - uses: frenck/action-yamllint@v1.4.1 + uses: frenck/action-yamllint@v1.4.2 ansible-lint: name: ansible-lint runs-on: ubuntu-latest From e6be3709f004439e1de65e61283c4a919d5d0fd6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:00:31 +0000 Subject: [PATCH 302/340] Update ghcr.io/matrix-org/sliding-sync Docker tag to v0.99.12 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index aaa257ff..f7ebdee8 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -6,7 +6,7 @@ matrix_sliding_sync_enabled: true # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync -matrix_sliding_sync_version: v0.99.11 +matrix_sliding_sync_version: v0.99.12 matrix_sliding_sync_scheme: https From 8a685aac7bd637298b4e413c45506c6a50905490 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 23:06:02 +0000 Subject: [PATCH 303/340] Update dependency geerlingguy.docker to v7.0.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cbda8ec8..d0b94ab3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,7 +32,7 @@ - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.0.1 + version: 7.0.2 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.0-0 From a390f6b247b3b90daa7992b84cf0ea210ccb2cf4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 13 Nov 2023 11:12:59 +0200 Subject: [PATCH 304/340] Update prometheus node exporter v1.7.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cbda8ec8..f2c64a6a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -45,7 +45,7 @@ version: v2.47.2-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.6.1-0 + version: v1.7.0-0 name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.14.0-0 From 706df484ccc89bfedcbcc9851f6123777e0e50e3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Nov 2023 12:53:09 +0200 Subject: [PATCH 305/340] Upgrade Element (v1.11.48 -> v1.11.49) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 63b95db9..8106c40e 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.48 +matrix_client_element_version: v1.11.49 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 4cac6f547e17dfea53cf8a287604a27ba00dc49c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Nov 2023 18:45:33 +0200 Subject: [PATCH 306/340] Upgrade Traefik (v2.10.5-1 -> v2.10.5-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3e7cc9b1..7de9de92 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-1 + version: v2.10.5-2 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From a8810315788bf2f03a4f3029f6b00ad57e3b6fbe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Nov 2023 10:15:52 +0200 Subject: [PATCH 307/340] Upgrade Postgres (v16.0-8 -> v16.1-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7de9de92..41f135b3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-8 + version: v16.1-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From be70430290bbb12da6c506c95646e97748405b00 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 00:24:51 +0000 Subject: [PATCH 308/340] Update matrixdotorg/mjolnir Docker tag to v1.6.5 --- roles/custom/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 434f0a44..1c174477 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_mjolnir_enabled: true # renovate: datasource=docker depName=matrixdotorg/mjolnir -matrix_bot_mjolnir_version: "v1.6.4" +matrix_bot_mjolnir_version: "v1.6.5" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 64eac2561090db818c5663cf02393d233990e350 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 Nov 2023 09:26:20 +0200 Subject: [PATCH 309/340] Remove tabs from YAML code snippets --- docs/configuring-playbook-ssl-certificates.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 6a215973..596f9300 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -68,21 +68,21 @@ aux_file_definitions: # uploading a file from the computer where Ansible is running. - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem" src: /path/on/your/Ansible/computer/to/privkey.pem - # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. - # Note the indentation level. - # content: | - # FILE CONTENT - # HERE + # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. + # Note the indentation level. + # content: | + # FILE CONTENT + # HERE # Create the cert.pem file on the server # uploading a file from the computer where Ansible is running. - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem" src: /path/on/your/Ansible/computer/to/cert.pem - # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. - # Note the indentation level. - # content: | - # FILE CONTENT - # HERE + # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. + # Note the indentation level. + # content: | + # FILE CONTENT + # HERE # Create the custom Traefik configuration. # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them! From c1255407de26733966ed33f81bbbd247bcdf0a0b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 16 Nov 2023 09:48:19 +0200 Subject: [PATCH 310/340] grafana v10.2.1; jitsi v9078; prometheus v2.48.0 --- requirements.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.yml b/requirements.yml index 41f135b3..64108e3f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,14 +35,14 @@ version: 7.0.2 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.2.0-0 + version: v10.2.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-3 + version: v9078-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.47.2-0 + version: v2.48.0-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-0 From 35c20d753156d27570e8546840a4e71d75d82dcd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 20:12:41 +0000 Subject: [PATCH 311/340] Update matrixdotorg/synapse Docker tag to v1.96.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 2dda2cf3..73b4fdbc 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.95.1 +matrix_synapse_version: v1.96.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 87bc05906591cf1ae077106458e74da2927a9c11 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 01:23:28 +0000 Subject: [PATCH 312/340] Update dock.mau.dev/mautrix/discord Docker tag to v0.6.4 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 8e11473e..3bd5998a 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord -matrix_mautrix_discord_version: v0.6.3 +matrix_mautrix_discord_version: v0.6.4 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" From 1ca21c6a4ff85987ba9df1654412561efca14d0c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 01:23:32 +0000 Subject: [PATCH 313/340] Update dock.mau.dev/mautrix/gmessages Docker tag to v0.2.2 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 4655119c..e386e201 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages -matrix_mautrix_gmessages_version: v0.2.1 +matrix_mautrix_gmessages_version: v0.2.2 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" From 147798a69f92db6a924e8125ed1a12c8d4027707 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 04:52:47 +0000 Subject: [PATCH 314/340] Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.4 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 8b488def..be9bc1be 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp -matrix_mautrix_whatsapp_version: v0.10.3 +matrix_mautrix_whatsapp_version: v0.10.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" From 3dc77c4f9a1277f2338f2cd3664186fd94b93292 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Nov 2023 16:11:55 +0200 Subject: [PATCH 315/340] Upgrade Synapse (v1.96.0 -> v1.96.1) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 73b4fdbc..bdd16bb9 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.96.0 +matrix_synapse_version: v1.96.1 matrix_synapse_username: '' matrix_synapse_uid: '' From 743d580daa9ab6d2e41a8634b1ba2a1a2d1d6e98 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 17 Nov 2023 19:35:28 +0200 Subject: [PATCH 316/340] Update synapse-s3-storage-provider looks like newer version is required for synapse 1.96.1 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index bdd16bb9..04a10a9b 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -907,7 +907,7 @@ matrix_synapse_ext_encryption_config_yaml: | # Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). # Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider. matrix_synapse_ext_synapse_s3_storage_provider_enabled: false -matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.1 +matrix_synapse_ext_synapse_s3_storage_provider_version: 1.3.0 # Controls whether media from this (local) server is stored in s3-storage-provider matrix_synapse_ext_synapse_s3_storage_provider_store_local: true # Controls whether media from remote servers is stored in s3-storage-provider From 9e3925a9e32a5edfce7cd918f2c5873b86b9312d Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 19 Nov 2023 13:01:17 +0200 Subject: [PATCH 317/340] fix jitsi auth, again --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 64108e3f..95b2562d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9078-0 + version: v9078-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 7f98d5cba390f2390db4e39a73bedfc59afea203 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 19 Nov 2023 13:57:32 +0200 Subject: [PATCH 318/340] Upgrade postgres-backup The new version supports a new `devture_postgres_backup_postgres_role_include_name` variable, which we'll make use of later. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 95b2562d..05c08091 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.1-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 + version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git From c0595d6e446dc4db4eaa31b60f1974e80af5d46a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 19 Nov 2023 14:08:03 +0200 Subject: [PATCH 319/340] Add explicit names for roles (affects their install paths) --- group_vars/matrix_servers | 1 + requirements.yml | 19 ++++++++++++++++++- setup.yml | 26 +++++++++++++------------- 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9b27fcb4..7b24841a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3272,6 +3272,7 @@ devture_postgres_backup_connection_username: "{{ devture_postgres_connection_use devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" +devture_postgres_backup_postgres_role_include_name: galaxy/postgres devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" diff --git a/requirements.yml b/requirements.yml index 05c08091..587202da 100644 --- a/requirements.yml +++ b/requirements.yml @@ -5,42 +5,58 @@ name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.6-1.8.4-0 + name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 + name: container_socket_proxy - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a + name: docker_sdk_for_python - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f + name: playbook_help - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 + name: playbook_runtime_messages - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 + name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.1-0 + name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 + name: postgres_backup - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 + name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-1 + name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 + name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git version: v2.10.5-2 + name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 + name: traefik_certs_dumper - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.3-0 + name: etherpad - src: git+https://github.com/geerlingguy/ansible-role-docker version: 7.0.2 - name: geerlingguy.docker + name: docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.1-0 + name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v9078-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 + name: ntfy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.48.0-0 name: prometheus @@ -52,3 +68,4 @@ name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.2.0-0 + name: redis diff --git a/setup.yml b/setup.yml index d729c106..5a4ecd38 100644 --- a/setup.yml +++ b/setup.yml @@ -5,14 +5,14 @@ roles: # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`). - - role: galaxy/com.devture.ansible.role.playbook_help + - role: galaxy/playbook_help - - role: galaxy/com.devture.ansible.role.systemd_docker_base + - role: galaxy/systemd_docker_base - role: custom/matrix_playbook_migration - when: matrix_playbook_docker_installation_enabled | bool - role: galaxy/geerlingguy.docker + role: galaxy/docker vars: docker_install_compose: false docker_install_compose_plugin: false @@ -23,7 +23,7 @@ - install-all - when: devture_docker_sdk_for_python_installation_enabled | bool - role: galaxy/com.devture.ansible.role.docker_sdk_for_python + role: galaxy/docker_sdk_for_python tags: - setup-docker - setup-all @@ -31,7 +31,7 @@ - install-all - when: devture_timesync_installation_enabled | bool - role: galaxy/com.devture.ansible.role.timesync + role: galaxy/timesync tags: - setup-timesync - setup-all @@ -42,7 +42,7 @@ - custom/matrix-dynamic-dns - custom/matrix-mailer - - role: galaxy/com.devture.ansible.role.postgres + - role: galaxy/postgres - galaxy/redis - custom/matrix-corporal @@ -121,28 +121,28 @@ - role: galaxy/auxiliary - - role: galaxy/com.devture.ansible.role.postgres_backup + - role: galaxy/postgres_backup - role: galaxy/backup_borg - custom/matrix-user-creator - custom/matrix-common-after - - role: galaxy/com.devture.ansible.role.container_socket_proxy + - role: galaxy/container_socket_proxy - - role: galaxy/com.devture.ansible.role.traefik + - role: galaxy/traefik - - role: galaxy/com.devture.ansible.role.traefik_certs_dumper + - role: galaxy/traefik_certs_dumper - when: devture_systemd_service_manager_enabled | bool - role: galaxy/com.devture.ansible.role.systemd_service_manager + role: galaxy/systemd_service_manager # This is pretty much last, because we want it to better serve as a "last known good configuration". # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 - when: devture_playbook_state_preserver_enabled | bool - role: galaxy/com.devture.ansible.role.playbook_state_preserver + role: galaxy/playbook_state_preserver tags: - setup-all - install-all - - role: galaxy/com.devture.ansible.role.playbook_runtime_messages + - role: galaxy/playbook_runtime_messages From 5bc8903422757784289af0d6b03fc840f8864a54 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:00:34 +0200 Subject: [PATCH 320/340] fix included postgres role name in matrix_servers --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7b24841a..e5ca46e0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2101,7 +2101,7 @@ backup_borg_gid: "{{ matrix_user_gid }}" backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}" -backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/com.devture.ansible.role.postgres' if devture_postgres_enabled else '' }}" +backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/postgres' if devture_postgres_enabled else '' }}" backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" From fa90be57c6b80cf96e312d37f5393b7d6ee74419 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 20 Nov 2023 10:07:04 +0200 Subject: [PATCH 321/340] Update borgmatic 1.8.4 -> 1.8.5 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 587202da..9ad705d9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.4-0 + version: v1.2.6-1.8.5-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 From ef3f3741c9e355282f975d5e2ccb5ae81c26d1fd Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 20 Nov 2023 10:08:34 +0200 Subject: [PATCH 322/340] Update ntfy 2.7.0 -> 2.8.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 587202da..cfc87776 100644 --- a/requirements.yml +++ b/requirements.yml @@ -55,7 +55,7 @@ version: v9078-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.7.0-2 + version: v2.8.0-0 name: ntfy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.48.0-0 From d6db0ef729b74bdbb42db4d4b54228d2f09a8c6d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 19:04:00 +0000 Subject: [PATCH 323/340] Update halfshot/matrix-hookshot Docker tag to v4.6.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 80ebdf68..60807aa2 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -11,7 +11,7 @@ matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" # renovate: datasource=docker depName=halfshot/matrix-hookshot -matrix_hookshot_version: 4.5.1 +matrix_hookshot_version: 4.6.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From ce23a645b4afcb0ed99ef0035f76ffdf3d8bc8fd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 12:41:08 +0000 Subject: [PATCH 324/340] Update vectorim/element-web Docker tag to v1.11.50 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 8106c40e..c9726cc9 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.49 +matrix_client_element_version: v1.11.50 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 36c94b93646ddd3bb3ef01c0f86287c47146f2f6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 Nov 2023 15:40:32 +0200 Subject: [PATCH 325/340] Fix potential Docker apt repository signed-by conflict on Debian-based systems Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2999 Related to https://github.com/geerlingguy/ansible-role-docker/pull/410 --- .../matrix_playbook_migration/defaults/main.yml | 16 ++++++++++++++++ .../tasks/debian_docker_signedby_migration.yml | 6 ++++++ .../matrix_playbook_migration/tasks/main.yml | 9 +++++++++ 3 files changed, 31 insertions(+) create mode 100644 roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index c61e7120..1ca6c011 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -26,3 +26,19 @@ matrix_playbook_migration_matrix_aux_migration_validation_enabled: true # Controls if (`matrix_jitsi` -> `jitsi`) validation will run. matrix_playbook_migration_matrix_jitsi_migration_validation_enabled: true + +# Controls if the old apt repository (likely without a `signed-by` option) on Debian-based systems will be removed. +# +# Older versions of the Docker role (5.x, 6.x) used to install a repository at a path like: `/etc/apt/sources.list.d/download_docker_com_linux_*` +# For 6.x, the repository included a `signed-by` option, but for earlier versions it did not. +# +# New versions of the Docker role (7.0+) install a new apt repository with `signed-by` option to a different path (`/etc/apt/sources.list.d/docker.list`), +# but if a non-signed-by repository exists at the old path, a conflict will arise. +# +# Our workaround is to just delete the old repository file. Later, when the Docker role runs, it will install a new one at the new path. +# +# See: +# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2999 +# - https://github.com/geerlingguy/ansible-role-docker/pull/410 +matrix_playbook_migration_debian_signedby_migration_enabled: true +matrix_playbook_migration_debian_signedby_migration_repository_path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ ansible_distribution | lower }}.list" diff --git a/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml b/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml new file mode 100644 index 00000000..ac1c5cd1 --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml @@ -0,0 +1,6 @@ +--- + +- name: Remove old Docker apt repository, potentially lacking signed-by option + ansible.builtin.file: + path: "{{ matrix_playbook_migration_debian_signedby_migration_repository_path }}" + state: absent diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index 4dbd3554..d6b24c39 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -6,6 +6,15 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" +- when: ansible_os_family == 'Debian' and matrix_playbook_migration_debian_signedby_migration_enabled | bool + tags: + - setup-all + - install-all + - setup-docker + - install-docker + block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_signedby_migration.yml" + - tags: - setup-all - install-all From ba0d86370a7a901e9d3e3fa81dd2e9a6d089da2f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 16:55:17 +0000 Subject: [PATCH 326/340] Update matrixdotorg/sygnal Docker tag to v0.13.0 --- roles/custom/matrix-sygnal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml index 03fe5d1a..7c7d8261 100644 --- a/roles/custom/matrix-sygnal/defaults/main.yml +++ b/roles/custom/matrix-sygnal/defaults/main.yml @@ -13,7 +13,7 @@ matrix_sygnal_hostname: '' matrix_sygnal_path_prefix: / # renovate: datasource=docker depName=matrixdotorg/sygnal -matrix_sygnal_version: v0.12.0 +matrix_sygnal_version: v0.13.0 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" From 90c9596ed143af3d99419b206d91a011d68eaaeb Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 21 Nov 2023 21:57:25 +0200 Subject: [PATCH 327/340] rearrange requirements.yml and update components --- requirements.yml | 54 ++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/requirements.yml b/requirements.yml index 38fd52fd..18e612a4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -9,9 +9,24 @@ - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 name: container_socket_proxy +- src: git+https://github.com/geerlingguy/ansible-role-docker + version: 7.0.2 + name: docker - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python +- src: git+https://gitlab.com/etke.cc/roles/etherpad.git + version: v1.9.3-0 + name: etherpad +- src: git+https://gitlab.com/etke.cc/roles/grafana.git + version: v10.2.2-0 + name: grafana +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git + version: v9111-0 + name: jitsi +- src: git+https://gitlab.com/etke.cc/roles/ntfy.git + version: v2.8.0-0 + name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f name: playbook_help @@ -27,6 +42,18 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 name: postgres_backup +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git + version: v2.48.0-0 + name: prometheus +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git + version: v1.7.0-0 + name: prometheus_node_exporter +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git + version: v0.14.0-0 + name: prometheus_postgres_exporter +- src: git+https://gitlab.com/etke.cc/roles/redis.git + version: v7.2.0-0 + name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 name: systemd_docker_base @@ -42,30 +69,3 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 name: traefik_certs_dumper -- src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.3-0 - name: etherpad -- src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.0.2 - name: docker -- src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.2.1-0 - name: grafana -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9078-1 - name: jitsi -- src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.8.0-0 - name: ntfy -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.48.0-0 - name: prometheus -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.7.0-0 - name: prometheus_node_exporter -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.14.0-0 - name: prometheus_postgres_exporter -- src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.0-0 - name: redis From 2149644b815a047e8e4d17e525de2db429e09db2 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Thu, 23 Nov 2023 14:03:13 +0100 Subject: [PATCH 328/340] feat: allow renovate to update ansible dependencies --- .github/renovate.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/renovate.json b/.github/renovate.json index db03f2b4..8cd189ae 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -10,5 +10,15 @@ "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?.+?)[\"']?\\s" ] } + ], + "packageRules": [ + { + "matchSourceUrlPrefixes": [ + "https://github.com/devture/com.devture.ansible.role", + "https://gitlab.com/etke.cc/roles", + "https://github.com/mother-of-all-self-hosting" + ], + "ignoreUnstable": false + } ] } From 3bcd0138d4cf53f1215fcc3a051f4697a57c8954 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 23 Nov 2023 13:22:29 +0000 Subject: [PATCH 329/340] chore(deps): update linuxserver/ddclient docker tag to v3.11.2 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 5a990dbb..bdf100eb 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true matrix_dynamic_dns_daemon_interval: '300' # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver -matrix_dynamic_dns_version: 3.11.1 +matrix_dynamic_dns_version: 3.11.2 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From e9a666b0d9fc78f743269d961ba80d4cabb69fb1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Nov 2023 11:30:25 +0200 Subject: [PATCH 330/340] Upgrade systemd_service_manager (v1.0.0-1 -> v1.0.0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 18e612a4..0c20a498 100644 --- a/requirements.yml +++ b/requirements.yml @@ -58,7 +58,7 @@ version: v1.0.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - version: v1.0.0-1 + version: v1.0.0-2 name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 From 7ebefb7e0d0f471807ba40345a59bdab5e567fd4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 24 Nov 2023 12:30:21 +0200 Subject: [PATCH 331/340] Update aux role (support commands) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0c20a498..18113a4f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,7 +1,7 @@ --- - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git - version: v1.0.0-1 + version: v1.0.0-2 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.6-1.8.5-0 From afec1f9815686f222fb9405955dce32e6469241c Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 24 Nov 2023 14:30:43 +0200 Subject: [PATCH 332/340] add packages support to the aux role --- README.md | 2 +- requirements.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 615b97f0..82899a36 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co This Ansible playbook tries to make self-hosting and maintaining a Matrix server fairly easy. Still, running any service smoothly requires knowledge, time and effort. -If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc/) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease. +If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc?utm_source=github&utm_medium=readme&utm_campaign=mdad) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease. If you like learning and experimentation, but would rather reduce future maintenance effort, you can even go for a hybrid approach - self-hosting manually using this Ansible playbook at first and then transferring server maintenance to etke.cc at a later time. diff --git a/requirements.yml b/requirements.yml index 18113a4f..ae982473 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,7 +1,7 @@ --- - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git - version: v1.0.0-2 + version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.6-1.8.5-0 From 22567043e41fbadc2e567d7a522ac8643b2fa072 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Nov 2023 21:10:12 +0000 Subject: [PATCH 333/340] chore(deps): update dock.mau.dev/mautrix/telegram docker tag to v0.15.0 --- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index b9a5f50d..8e8bd578 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -18,7 +18,7 @@ matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_tele matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram -matrix_mautrix_telegram_version: v0.14.2 +matrix_mautrix_telegram_version: v0.15.0 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}" From 910166effdd47fb1774936e2673af752b96aa23c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Nov 2023 19:15:07 +0200 Subject: [PATCH 334/340] Upgrade Synapse (v1.96.1 -> v1.97.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 04a10a9b..8c0f444b 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.96.1 +matrix_synapse_version: v1.97.0 matrix_synapse_username: '' matrix_synapse_uid: '' From e96dc43c2e430f2926cb0c54704b1e9ab2d4f6b6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Nov 2023 09:26:56 +0200 Subject: [PATCH 335/340] Upgrade Traefik (v2.10.5-2 -> v2.10.6-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ae982473..8cc14983 100644 --- a/requirements.yml +++ b/requirements.yml @@ -64,7 +64,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-2 + version: v2.10.6-0 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 From 5b6fc8d5473c41b1570e0e771b9e1a7417970429 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 29 Nov 2023 13:23:57 +0200 Subject: [PATCH 336/340] buscarron: migrate to native /metrics auth --- .../matrix-bot-buscarron/defaults/main.yml | 15 ++++++------ .../tasks/setup_install.yml | 23 ------------------- .../matrix-bot-buscarron/templates/env.j2 | 3 +++ .../matrix-bot-buscarron/templates/labels.j2 | 20 ---------------- 4 files changed, 10 insertions(+), 51 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 96167761..d4844a8e 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -41,14 +41,13 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_bot_buscarron_container_additional_networks: [] -# enable basic auth for metrics -matrix_bot_buscarron_basicauth_enabled: false -# temporary file name on the host that runs ansible -matrix_bot_buscarron_basicauth_file: "/tmp/matrix_bot_buscarron_htpasswd" -# username -matrix_bot_buscarron_basicauth_user: '' -# password -matrix_bot_buscarron_basicauth_password: '' +# /metrics login +matrix_bot_buscarron_metrics_login: '' +# /metrics password +matrix_bot_buscarron_metrics_password: '' +# /metrics allowed ips +matrix_bot_buscarron_metrics_ips: [] + # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 0559efec..1c2c62e1 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -40,21 +40,6 @@ - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} when: "item.when | bool" -- name: Determine basicauth filename - ansible.builtin.set_fact: - matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}" - when: matrix_bot_buscarron_basicauth_enabled | bool - -- name: Generate basic auth file - community.general.htpasswd: - path: "{{ matrix_bot_buscarron_basicauth_file }}" - name: "{{ matrix_bot_buscarron_basicauth_user }}" - password: "{{ matrix_bot_buscarron_basicauth_password }}" - mode: 0640 - become: false - delegate_to: 127.0.0.1 - when: matrix_bot_buscarron_basicauth_enabled | bool - - name: Ensure buscarron support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" @@ -66,14 +51,6 @@ - env - labels -- name: Ensure temporary basic auth file is removed - ansible.builtin.file: - path: "{{ matrix_bot_buscarron_basicauth_file }}" - state: absent - become: false - delegate_to: 127.0.0.1 - when: matrix_bot_buscarron_basicauth_enabled | bool - - name: Ensure buscarron image is pulled community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" diff --git a/roles/custom/matrix-bot-buscarron/templates/env.j2 b/roles/custom/matrix-bot-buscarron/templates/env.j2 index 80ddd38c..1f71802a 100644 --- a/roles/custom/matrix-bot-buscarron/templates/env.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/env.j2 @@ -17,6 +17,9 @@ BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }} BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }} BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} +BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }} +BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }} +BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} diff --git a/roles/custom/matrix-bot-buscarron/templates/labels.j2 b/roles/custom/matrix-bot-buscarron/templates/labels.j2 index 6a1ead33..9150a44b 100644 --- a/roles/custom/matrix-bot-buscarron/templates/labels.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2 @@ -19,11 +19,6 @@ traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes= {% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %} {% endif %} -{% if matrix_bot_buscarron_basicauth_enabled %} -traefik.http.middlewares.matrix-bot-buscarron-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_buscarron_basicauth_file) }} -{% set middlewares_metrics = middlewares + ['matrix-bot-buscarron-auth'] %} -{% endif %} - {% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }} @@ -46,21 +41,6 @@ traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarr {% endif %} traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 -{% if middlewares_metrics | length > 0 %} -traefik.http.routers.matrix-bot-buscarron-metrics.rule={{ matrix_bot_buscarron_container_labels_traefik_metrics_rule }} -{% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-bot-buscarron-metrics.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }} -{% endif %} -traefik.http.routers.matrix-bot-buscarron-metrics.service=matrix-bot-buscarron -traefik.http.routers.matrix-bot-buscarron-metrics.middlewares={{ middlewares_metrics | join(',') }} -traefik.http.routers.matrix-bot-buscarron-metrics.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-bot-buscarron-metrics.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }} -{% if matrix_bot_buscarron_container_labels_traefik_tls %} -traefik.http.routers.matrix-bot-buscarron-metrics.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} -{% endif %} -traefik.http.services.matrix-bot-buscarron-metrics.loadbalancer.server.port=8080 -{% endif %} - {% endif %} {{ matrix_bot_buscarron_container_labels_additional_labels }} From 95c2db3bb33b6fc4080e30fe8cd883ee4687e529 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 29 Nov 2023 13:32:14 +0200 Subject: [PATCH 337/340] mautrix: allow relay access by default, closes #3014 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +-- roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 8 files changed, 8 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 3bd5998a..af12acac 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -29,7 +29,7 @@ matrix_mautrix_discord_command_prefix: "!discord" matrix_mautrix_discord_bridge_permissions: | {{ - {matrix_mautrix_discord_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_discord_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index e407b7a8..9d9439b3 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -59,7 +59,7 @@ matrix_mautrix_facebook_metrics_proxying_enabled: false matrix_mautrix_facebook_bridge_permissions: | {{ - {matrix_mautrix_facebook_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_facebook_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index e386e201..9bf55e17 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -109,7 +109,7 @@ matrix_mautrix_gmessages_bridge_mute_bridging: true matrix_mautrix_gmessages_bridge_permissions: | {{ - {matrix_mautrix_gmessages_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_gmessages_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 4f56724a..36d7a702 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -28,7 +28,7 @@ matrix_mautrix_instagram_command_prefix: "!ig" matrix_mautrix_instagram_bridge_permissions: | {{ - {matrix_mautrix_instagram_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_instagram_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 4b5cdc88..b26c1e7c 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -121,8 +121,7 @@ matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}" # This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary. matrix_mautrix_signal_bridge_permissions: | {{ - {'*': 'relay'} - | combine({matrix_mautrix_signal_homeserver_domain: 'user'}) + {'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 5045601a..1f5e46c5 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -28,7 +28,7 @@ matrix_mautrix_slack_command_prefix: "!slack" matrix_mautrix_slack_bridge_permissions: | {{ - {matrix_mautrix_slack_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_slack_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 8e8bd578..51e19d51 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -32,7 +32,7 @@ matrix_mautrix_telegram_command_prefix: "!tg" matrix_mautrix_telegram_bridge_permissions: | {{ - {matrix_mautrix_telegram_homeserver_domain: 'full'} + {'*': 'relaybot', matrix_mautrix_telegram_homeserver_domain: 'full'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index be9bc1be..7756cb67 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -111,7 +111,7 @@ matrix_mautrix_whatsapp_bridge_allow_user_invite: true matrix_mautrix_whatsapp_bridge_permissions: | {{ - {matrix_mautrix_whatsapp_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_whatsapp_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} From 8e1ae61048e7610ba2786fa7c0896a8640f8de32 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Nov 2023 13:05:00 +0200 Subject: [PATCH 338/340] Upgrade systemd_service_manager (v1.0.0-2 -> v1.0.0-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 8cc14983..3f8c2961 100644 --- a/requirements.yml +++ b/requirements.yml @@ -58,7 +58,7 @@ version: v1.0.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - version: v1.0.0-2 + version: v1.0.0-3 name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 From 03c99fb5ec67b2604ba50a49227ae53ec623bb48 Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Thu, 30 Nov 2023 19:24:06 +0100 Subject: [PATCH 339/340] Update the whatsapp bot callsign It works with `!wa`, not with `!whatsapp` --- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index b08556fe..1794afbd 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -21,8 +21,8 @@ By default, only admins are allowed to set themselves as relay users. To allow a matrix_mautrix_whatsapp_bridge_relay_admin_only: false ``` -If you want to activate the relay bot in a room, use `!whatsapp set-relay`. -Use `!whatsapp unset-relay` to deactivate. +If you want to activate the relay bot in a room, use `!wa set-relay`. +Use `!wa unset-relay` to deactivate. ## Enable backfilling history This requires a server with MSC2716 support, which is currently an experimental feature in synapse. From 5f3e9e4d0b6ddbe4003f62ea828b53abe1fd43db Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 2 Dec 2023 23:01:42 +0000 Subject: [PATCH 340/340] chore(deps): update dependency backup_borg to v1.2.7-1.8.5-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3f8c2961..e4c8e062 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.5-0 + version: v1.2.7-1.8.5-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2