Commit Graph

742 Commits

Author SHA1 Message Date
Slavi Pantaleev
37c8b96d06 Use stricter regex in bridges' registration.yaml
I've been thinking of doing before, but haven't.

Now that the Whatsapp bridge does it (since 4797469383),
it makes sense to do it for all other bridges as well.
(Except for the IRC bridge - that one manages most of registration.yaml by itself)
2019-06-24 07:50:51 +03:00
Slavi Pantaleev
c876a7df1d Use |regex_escape in Whatsapp registration.yaml
Doesn't matter much, but it makes it consistent with the other bridges.
2019-06-24 07:49:19 +03:00
Slavi Pantaleev
3ff57ed74d Use container network for communication between homeserver and Whatsapp bridge 2019-06-24 07:48:56 +03:00
Slavi Pantaleev
6e26d286af
Merge pull request #207 from tommes0815/whatsapp-config-playbook-managed
Whatsapp config playbook managed
2019-06-24 07:44:26 +03:00
Slavi Pantaleev
62509e4849
Fix indentation consistency 2019-06-24 07:42:39 +03:00
Slavi Pantaleev
e2d2302475
Merge pull request #206 from verb/appservice-irc-log
Disable appservice-irc log files
2019-06-24 07:40:26 +03:00
Thomas Kuehne
39b6e3ed26 Added a changelog for the new WhatsApp config style
- changelog entry for commit 4797469383
2019-06-24 00:22:02 +02:00
Thomas Kuehne
4797469383 Make WhatsApp bridge configuration playbook-managed
- following spantaleev transition of the telegram brigde
- adding a validate_config task
2019-06-24 00:16:04 +02:00
Lee Verberne
9195ef4c07 Disable appservice-irc log files
appservice-irc doesn't have permission to create files in its project
directory and the intention is to log to the console, anyway. By
commenting out the file names, appservice-irc won't attempt to open the
files.
2019-06-22 08:39:24 +02:00
Slavi Pantaleev
e585f314b8
Merge pull request #204 from spantaleev/irc-bridge-refactoring
Make IRC bridge configuration entirely managed by the playbook
2019-06-20 17:00:16 +03:00
Slavi Pantaleev
764feb4d7b
Bump changelog entry date 2019-06-20 17:00:05 +03:00
Slavi Pantaleev
c98eacdd70 Add BC Break label to old changelog entry 2019-06-20 16:59:16 +03:00
Slavi Pantaleev
174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev
668f98a2d3 Escape domain in bridge registration regex 2019-06-19 10:40:59 +03:00
Slavi Pantaleev
5002c7edaa Fix broken docs link 2019-06-19 10:30:04 +03:00
Slavi Pantaleev
380714d290 Talk to Telegram bridge over container network 2019-06-19 10:10:17 +03:00
Slavi Pantaleev
deeb5a96d5 Disable IRC bridge presence if Synapse presence is disabled 2019-06-19 09:31:09 +03:00
Slavi Pantaleev
f994e40bb7 Extend IRC bridge configuration with some additional options 2019-06-19 09:28:41 +03:00
Slavi Pantaleev
6b023d09d4 Use container network address for communication between IRC bridge and homeserver
This means we need to explicitly specify a `media_url` now,
because without it, `url` would be used for building public URLs to
files/images. That doesn't work when `url` is not a public URL.
2019-06-19 09:21:13 +03:00
Slavi Pantaleev
9b97a42ffb Add a note about DNS SRV records not being obsolete 2019-06-15 16:14:14 +03:00
Slavi Pantaleev
169b09f0ed Fix token mismatch error for the Telegram bridge
Regression since 4e8543ce21
2019-06-15 12:01:52 +03:00
Slavi Pantaleev
2a2e7a7f6c Minor changelog clarification 2019-06-15 09:53:01 +03:00
Slavi Pantaleev
4e8543ce21 Make Telegram bridge configuration playbook-managed 2019-06-15 09:43:43 +03:00
Slavi Pantaleev
2902b53267 Minor fixes for consistency 2019-06-15 09:42:40 +03:00
Slavi Pantaleev
00383a73ac Make running --tags=setup-synapse only not fail to register bridges
Until now, if `--tags=setup-synapse` was used, bridge tasks would not
run and bridges would fail to register with the `matrix-synapse` role.
This means that Synapse's configuration would be generated with an empty
list of appservices (`app_service_config_files: []`).

.. and then bridges would fail, because Synapse would not be aware of
there being any bridges.

From now on, bridges always run their init tasks and always register
with Synapse.

For the Telegram bridge, the same applies to registering with
matrix-nginx-proxy. Previously, running `--tags=setup-nginx-proxy` would
get rid of the Telegram endpoint configuration for the same reason.
Not anymore.
2019-06-14 10:19:52 +03:00
Slavi Pantaleev
d8a4007220 Upgrade exim (4.91 -> 4.92)
Note: https://www.us-cert.gov/ncas/current-activity/2019/06/13/Exim-Releases-Security-Patches

That said, I don't believe we've been affected.
Not in a bad way at least, because:
- we run exim as non-root and capabilities dropped
- we run exim in a private Docker network with known trusted relayers
(Synapse and mxisd)
2019-06-14 08:07:54 +03:00
Slavi Pantaleev
3956b300ed Disable riot-web's welcome bot
I've not found this welcome bot to work at all in my previous attempts.
It would simply not reply, even though federation works.

It seems like this is also a potential privacy issue, as per
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
2019-06-14 07:49:46 +03:00
Slavi Pantaleev
2e16257e50 Do not ask for _matrix._tcp SRV records anymore
With most people on Synapse v0.99+ and Synapse v1.0 now available,
we should no longer try to be backward compatible with Synapse 0.34,
because this just complicates the instructions for no good reason.
2019-06-12 14:51:10 +03:00
Slavi Pantaleev
e39985b04a
Merge pull request #199 from wabuMike/master
Added a basic guide on migrating to another server
2019-06-12 09:38:17 +03:00
Slavi Pantaleev
8a7b3d5bd0
Make instructions simpler and safer
Changes to the original are:
- it tells people to stop and disable services, so that:
   - services won't be running while you are copying files
   - services won't accidentally start again later
- it does the file-copying in 1 step
- it does copying before running `--tags=setup-all`, so that existing files (SSL certificates, etc.) can be reused. Otherwise, the playbook starts from a blank slate, retrieves them anew, generates new signing keys anew, etc. Only to have those replaced by your own old backup later.
- it mentions DNS changes
- combines `--tags=setup-all,start` into a single step, thanks to the files being already copied
2019-06-12 09:36:19 +03:00
Slavi Pantaleev
d8afb241ca
Merge pull request #201 from aaronraimist/default-room-version
Allow default room version to be configured
2019-06-12 09:17:45 +03:00
Slavi Pantaleev
f4574961c7
Prevent double-quotes around default room version
Using `|to_json` on a string is expected to correctly wrap it in quotes (e.g. `"4"`).
Wrapping it explicitly in double-quotes results in undesirable double-quoting (`""4""`).
2019-06-12 09:17:35 +03:00
Slavi Pantaleev
53d9f4df20
Merge pull request #200 from aaronraimist/mxisd-1.4.5
Upgrade mxisd (1.4.4 -> 1.4.5)
2019-06-12 09:02:02 +03:00
Aaron Raimist
483bdd8c01
Allow default room version to be configured 2019-06-11 21:18:06 -05:00
Aaron Raimist
d262028d82
Upgrade mxisd (1.4.4 -> 1.4.5) 2019-06-11 20:19:15 -05:00
Michael Haak
a8dc0befa9 Added a basic guide on migrating to another server 2019-06-11 22:06:25 +02:00
Slavi Pantaleev
e4068e55ee Upgrade Synapse (0.99.5.2 -> 1.0.0) 2019-06-11 20:30:18 +03:00
Slavi Pantaleev
7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
Slavi Pantaleev
62ab3cd82e
Merge pull request #198 from aaronraimist/access-database
Add config option to be able to access database outside of container
2019-06-10 08:24:49 +03:00
Slavi Pantaleev
4f87f7e43e
Explain matrix_postgres_container_postgres_bind_port a little more
Previously, it only mentioned exposing for psql-usage purposes.

Realistically, it can be used for much more. Especially given that
psql can be easily accessed via our matrix-postgres-cli script,
without exposing the container port.
2019-06-10 08:24:37 +03:00
Aaron Raimist
6fce809d10
Add config option to be able to access database outside of container 2019-06-09 20:35:35 -05:00
Slavi Pantaleev
67a54f4ab5
Merge pull request #196 from aaronraimist/sentry
Enable sentry.io integration
2019-06-08 09:30:21 +03:00
Aaron Raimist
79f4bcf5be
Enable sentry.io integration 2019-06-07 16:02:41 -05:00
Slavi Pantaleev
44156fe659 Fix Ansible 2.8 deprecation in Dimension role 2019-06-07 17:44:32 +03:00
Slavi Pantaleev
3567d9adba Fix typo 2019-06-07 16:07:01 +03:00
Slavi Pantaleev
a9953dd641 Make Facebook/Telegram bridges not log to files
We log to journald anyway. There's no need for double-logging.

It should not that matrix-synapse logs to journald and to files,
but that's likely to change in the future as well.
Because Synapse's logs are insanely verbose right now (and may get
dropped by journald), it's more reliable to have file-logging too.

As Synapse matures and gets more stable, logging should hopefully
get less, we should be able to only use journald and stop writing to
files for it as well.
2019-06-07 15:48:13 +03:00
Slavi Pantaleev
18baeabdf2 Do not create Facebook bridge directories with recurse: true
I'm not sure what I had in mind when I added this earlier,
but I think we'd better go without it.
2019-06-07 15:18:29 +03:00
Slavi Pantaleev
67c13d0a77 Update changelog 2019-06-07 15:11:25 +03:00
Slavi Pantaleev
bf446b6e15 Fix double mv command 2019-06-07 15:06:21 +03:00
Slavi Pantaleev
172b0fa88c Separate Facebook bridge configuration and data
Using a separate directory allows easier backups
(only need to back up the Ansible playbook configuration and the
bridge's `./data` directory).

The playbook takes care of migrating an existing database file
from the base directory into the `./data` directory.

In the future, we can also mount the configuration read-only,
to ensure the bridge won't touch it.
For now, mautrix-facebook is keen on rebuilding the `config.yaml`
file on startup though, so this will have to wait.
2019-06-07 14:52:38 +03:00