jowj/matrix-docker-ansible-deploy
1
0
Fork 0
forked from mirrors/matrix-docker-ansible-deploy
Code Issues Pull Requests Releases Wiki Activity
5,912 Commits 1 Branch 0 Tags 15 MiB
bf2b540807
Commit Graph

5912 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Slavi Pantaleev
bf2b540807 Harden Traefik security by accessing the Docker API through docker-socket-proxy 
With these changes, we:

- install https://github.com/Tecnativa/docker-socket-proxy via the
  https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role

- make Traefik access the Docker API via TCP by connecting to this
  socket proxy

- .. which allows us to run the Traefik container with less privileges
  (non-`root`, dropped capabilities)
 2023-03-06 09:11:02 +02:00
Slavi Pantaleev
449b51588e Remove usage of undefined matrix_bot_go_neb_identifier variable 
This is a mistake made in 10b5350370.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2540
 2023-03-06 08:52:32 +02:00
Slavi Pantaleev
d9ce9064f6
Merge pull request #2542 from etkecc/patch-188 
update honoroit 0.9.16 -> 0.9.17
 2023-03-05 20:16:31 +02:00
Aine
493de7316c
update honoroit 0.9.16 -> 0.9.17 
* healthchecks.io integration
* mutex on forwarding messages into thread
* fix in prefixes handling
* send error messages as thread reply when possible
 2023-03-05 14:52:53 +00:00
Slavi Pantaleev
6724b60d88
Merge pull request #2541 from etkecc/patch-187 
Update ntfy 2.1.1 -> 2.1.2
 2023-03-05 12:29:25 +02:00
Aine
6a6761cb88
Update ntfy 2.1.1 -> 2.1.2 2023-03-05 10:17:07 +00:00
Slavi Pantaleev
10b5350370 Add Traefik support to Go-NEB bot 
Completely untested.
 2023-03-03 10:40:45 +02:00
Slavi Pantaleev
6085e3a816 Add validation tasks for Etherpad migration (matrix_etherpad -> etherpad) 2023-03-03 10:38:11 +02:00
Slavi Pantaleev
2457ac0f6a
Merge pull request #2538 from etkecc/patch-186 
update grafana 9.4.2 -> 9.4.3
 2023-03-03 09:56:35 +02:00
Aine
e588f5eaec
update grafana 9.4.2 -> 9.4.3 2023-03-03 07:47:47 +00:00
Slavi Pantaleev
f8966cd8da Default etherpad_hostname to matrix_server_fqn_etherpad for backward compatibility 2023-03-03 09:47:13 +02:00
Slavi Pantaleev
8acfcf8bf1
Merge pull request #2537 from etkecc/patch-185 
update borgmatic 1.7.7 -> 1.7.8
 2023-03-03 09:35:43 +02:00
Slavi Pantaleev
70b67b12bc Upgrade com.devture.ansible.role.postgres_backup 2023-03-03 09:04:13 +02:00
Slavi Pantaleev
0dcfc74fc8 Upgrade com.devture.ansible.role.traefik_certs_dumper 2023-03-03 09:00:30 +02:00
Slavi Pantaleev
49b7d805ee Upgrade com.devture.ansible.role.traefik 2023-03-03 09:00:30 +02:00
Slavi Pantaleev
c49875e71c
Merge pull request #2536 from etkecc/patch-184 
update grafana 9.4.1 -> 9.4.2
 2023-03-03 08:27:00 +02:00
Aine
bb19de4a5f
update borgmatic 1.7.7 -> 1.7.8 2023-03-03 06:21:26 +00:00
Aine
47cfec726f
update grafana 9.4.1 -> 9.4.2 2023-03-03 06:18:52 +00:00
Slavi Pantaleev
849248b165 Upgrade Etherpad role (v1.8.18-1 -> v1.8.18-2) 2023-03-02 23:00:18 +02:00
Slavi Pantaleev
795c335395 Upgrade Etherpad role (v1.8.18-0 -> v1.8.18-1) 2023-03-02 22:58:45 +02:00
Slavi Pantaleev
124fbeda04 Switch to using an external Etherpad role 
This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.
 2023-03-02 22:50:13 +02:00
Slavi Pantaleev
ae76db4d77 Upgrade com.devture.ansible.role.traefik_certs_dumper for wait time increase (60 -> 180 sec.) 2023-03-02 16:06:11 +02:00
Slavi Pantaleev
2e2691e96b
Merge pull request #2534 from FSG-Cat/draupnir 
Resolve Draupnir regression caused in #2508
 2023-03-02 10:35:29 +02:00
Slavi Pantaleev
4f74d21ba8 Upgrade devture/ansible (2.13.6-r0-1 -> 2.13.6-r0-2) 
The new version includes the `passlib` Python module.
 2023-03-02 10:31:50 +02:00
Catalan Lover
4ccd3f79de
Fix Draupnir config 
Config was accidently changed when importing upstream changes.
 2023-03-02 03:58:03 +01:00
Slavi Pantaleev
606c1907bb
Merge pull request #2533 from etkecc/patch-183 
update ntfy 2.1.0 -> 2.1.1
 2023-03-01 23:48:12 +02:00
Slavi Pantaleev
227d9d8209 Fix variable name typo 2023-03-01 23:14:40 +02:00
Aine
4cd9e65d6d
update ntfy 2.1.0 -> 2.1.1 2023-03-01 20:09:54 +00:00
Slavi Pantaleev
adc18251a9 Upgrade com.devture.ansible.role.traefik (2.9.6 -> 2.9.8) 2023-03-01 12:47:55 +02:00
Slavi Pantaleev
a4b401c4da Upgrade com.devture.ansible.role.traefik and improve front-Traefik-with-another-proxy docs 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2532
 2023-03-01 12:32:30 +02:00
Slavi Pantaleev
8db2c0498a Upgrade Synapse (v1.77.0 -> v1.78.0) 2023-03-01 11:07:25 +02:00
Slavi Pantaleev
d6371a0781 Upgrade ddclient (v3.10.0-ls110 -> v3.10.0-ls111) 2023-03-01 10:32:49 +02:00
Slavi Pantaleev
468bed653e Upgrade Redis (v7.0.7-0 -> v7.0.9-0) 2023-03-01 10:30:09 +02:00
Slavi Pantaleev
ba2a3caaf3 Minor improvements to docs/configuring-playbook-ssl-certificates.md 2023-03-01 09:54:23 +02:00
Slavi Pantaleev
d8c2e1a98c
Merge pull request #2530 from plui29989/master 
Added doc for self-signed certificates
 2023-03-01 09:47:07 +02:00
Slavi Pantaleev
7331d314c4
Improve wording 2023-03-01 09:45:54 +02:00
Slavi Pantaleev
b0845984b3 Only enable Traefik certs dumper if the ACME certificate resolver for Traefik is enabled 
If someone disables ACME, then they're using their own certificates
somehow. There's nothing to dump from an `acme.json` file.
 2023-03-01 09:45:16 +02:00
Slavi Pantaleev
f7149103e4 Remove matrix_playbook_traefik_certs_dumper_role_enabled in favor of just devture_traefik_certs_dumper_enabled 
We don't need these 2 roughly-the-same settings related to the
traefik-certs-dumper role.

For Traefik, it makes sense, because it's a component used by the
various related playbooks and they could step onto each other's toes
if the role is enabled, but Traefik is disabled (in that case, uninstall
tasks will run).

As for Traefik certs dumper, the other related playbooks don't have it,
so there's no conflict. Even if they used it, each one would use its own
instance (different `devture_traefik_certs_dumper_identifier`), so there
wouldn't be a conflict and uninstall tasks can run without any danger.
 2023-03-01 09:31:48 +02:00
Slavi Pantaleev
f372403d22
Merge pull request #2531 from array-in-a-matrix/master 
remove devture services in remove-all script
 2023-03-01 09:00:24 +02:00
array-in-a-matrix
c3900aaf1b remove devture services 2023-02-28 18:06:46 -05:00
plui29989
4b17a1e73a formatting 2023-02-28 21:09:37 +01:00
plui29989
32e700f076 Add doc for self-signed certificates 2023-02-28 21:07:16 +01:00
Slavi Pantaleev
79685c728b
Merge pull request #2528 from etkecc/patch-182 
Update element 1.11.23 -> 1.11.24
 2023-02-28 15:27:15 +02:00
Slavi Pantaleev
2da914e1bb
Merge pull request #2527 from etkecc/patch-181 
Update grafana 9.3.6 -> 9.4.1
 2023-02-28 15:26:51 +02:00
Aine
0fe1d1f9ec
Update element 1.11.23 -> 1.11.24 2023-02-28 13:18:59 +00:00
Aine
0aede060f3
Update grafana 9.3.6 -> 9.4.1 2023-02-28 13:18:21 +00:00
Slavi Pantaleev
6fe739a2cb Remove unnecessary variable 2023-02-27 18:32:22 +02:00
Slavi Pantaleev
bb90536874 Fix variable name typos in docs/configuring-playbook-postgres-backup.md 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2524
 2023-02-27 17:57:36 +02:00
Slavi Pantaleev
73f09d4bb0 Remove fronting matrix-nginx-proxy example 
We don't need this anymore. No one should be using matrix-nginx-proxy
anymore.
 2023-02-27 17:48:35 +02:00
Slavi Pantaleev
a5e216b837
Merge pull request #2526 from jalemann/master 
Add example config + readme for fronting playbook's traefik with own nginx on same server
 2023-02-27 17:47:37 +02:00