From ebcafc6518cf62bb5081bf9a742b5dc171091da2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 2 Nov 2023 18:10:50 +0200 Subject: [PATCH 001/100] Upgrade postgres-backup The new version supports v16. Related to: https://github.com/devture/com.devture.ansible.role.postgres_backup/pull/3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ccbe300f1..25e49b076 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.0-8 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: a0cc7c1c696872ba8880d9c5e5a54098de825030 + version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git From ebe7e3b6e0929d527f8000e69a59bdf43c7f1982 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Nov 2023 09:31:51 +0200 Subject: [PATCH 002/100] Forward /_matrix/client/v3 to identity server (not just /_matrix/client/r0) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954 --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 8ecaf64e9..dd46299e9 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -185,7 +185,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} - location ^~ /_matrix/client/r0/user_directory/search { + location ^~ /_matrix/client/(r0|v3)/user_directory/search { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -202,7 +202,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} - location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ { + location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; From 7436fd435bd5d2aee99c37f0568a9f599187aedc Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 6 Nov 2023 08:51:50 +0100 Subject: [PATCH 003/100] Update configuring-playbook-bridge-beeper-linkedin.md --- docs/configuring-playbook-bridge-beeper-linkedin.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md index 6ec294fbd..a51b2781c 100644 --- a/docs/configuring-playbook-bridge-beeper-linkedin.md +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -32,14 +32,10 @@ You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/co ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. - -### Method 1: automatically, by enabling Shared Secret Auth +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have to enable Shared Secred Auth. The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. -This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. - ## Usage From b0a2211c1371aa094ae4565b74e2db5fb8b8edef Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 6 Nov 2023 09:13:10 +0100 Subject: [PATCH 004/100] Update configuring-playbook-sliding-sync-proxy.md --- docs/configuring-playbook-sliding-sync-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index a7aab981c..982314caa 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi). -Element X Android requires manual compilation to get it working with a non-`matrix.org` homeseserver. It's also less feature-complete than the iOS version. +Element X Android is less feature-complete than the iOS version. **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. From 8d87b5c95155bb3103acbcf74ec2e71bbc125272 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Nov 2023 16:06:34 +0000 Subject: [PATCH 005/100] Update vectorim/element-web Docker tag to v1.11.48 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3bc9c152b..63b95db91 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.47 +matrix_client_element_version: v1.11.48 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 7d668a488e089e8e72bf0372b6d516ff304508c1 Mon Sep 17 00:00:00 2001 From: Chikage Date: Wed, 8 Nov 2023 04:35:24 +0900 Subject: [PATCH 006/100] add self-build for matrix_user_verification Currently v3.0.0 tested with no issues. So remove matrix_user_verification_service_docker_image from groups_vars. /.npm must be writable or an error will be reported. --- group_vars/matrix_servers | 3 --- .../defaults/main.yml | 5 ++++ .../tasks/setup_install.yml | 25 +++++++++++++++++++ ...atrix-user-verification-service.service.j2 | 1 + 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 03370aefa..9b27fcb40 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4303,9 +4303,6 @@ matrix_user_creator_users_auto: | # ###################################################################### -## FIXME: Needs to be updated when there is a proper release by upstream. -matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service@sha256:d2aabc984dd69d258c91900c36928972d7aaef19d776caa3cd6a0fbc0e307270" - matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | {{ diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 068ef2afd..46ae72dbf 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -5,6 +5,10 @@ matrix_user_verification_service_ansible_name: "Matrix User Verification Service # Enable by default. This is overwritten in provided group vars. matrix_user_verification_service_enabled: true +matrix_user_verification_service_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_user_verification_service_container_image_self_build_repo: "https://github.com/matrix-org/matrix-user-verification-service" +matrix_user_verification_service_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_user_verification_service_version }}" + # Fix version tag # renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service matrix_user_verification_service_version: "v3.0.0" @@ -13,6 +17,7 @@ matrix_user_verification_service_version: "v3.0.0" matrix_user_verification_service_base_path: "{{ matrix_base_data_path }}/user-verification-service" matrix_user_verification_service_config_path: "{{ matrix_user_verification_service_base_path }}/config" matrix_user_verification_service_config_env_file: "{{ matrix_user_verification_service_config_path }}/.env" +matrix_user_verification_service_docker_src_files_path: "{{ matrix_user_verification_service_base_path }}/docker-src" # Docker matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 54d5d979b..700614cbd 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -9,6 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_user_verification_service_config_path }}", when: true} + - {path: "{{ matrix_user_verification_service_docker_src_files_path }}", when: "{{ matrix_user_verification_service_container_image_self_build }}"} when: item.when | bool - name: Ensure Matrix User Verification Service image is pulled @@ -21,6 +22,30 @@ retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed + when: "not matrix_user_verification_service_container_image_self_build | bool" + +- name: Ensure Matrix User Verification Service repository is present when self-building + ansible.builtin.git: + repo: "{{ matrix_user_verification_service_container_image_self_build_repo }}" + dest: "{{ matrix_user_verification_service_docker_src_files_path }}" + version: "{{ matrix_user_verification_service_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_user_verification_service_git_pull_results + when: "matrix_user_verification_service_container_image_self_build | bool" + +- name: Ensure Matrix User Verification Service image is built + community.docker.docker_image: + name: "{{ matrix_user_verification_service_docker_image }}" + source: build + force_source: "{{ matrix_user_verification_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_user_verification_service_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_user_verification_service_docker_src_files_path }}" + pull: true + when: "matrix_user_verification_service_container_image_self_build | bool" - name: Ensure Matrix User Verification Service env file installed ansible.builtin.template: diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index 6c757ae1c..268e4298f 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -24,6 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ + --tmpfs /.npm \ --network={{ matrix_user_verification_service_container_network }} \ {% if matrix_user_verification_service_container_http_host_bind_port %} -p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \ From ad230555e9a612b3e3a775f4aaf1f98c742e0779 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Nov 2023 11:31:18 +0200 Subject: [PATCH 007/100] Try to fix /_matrix/client/v3 for ma1sd via URL rewriting to (/_matrix/client/r0) Hopefully fixes: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954 Untested. Patch inspired by: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954#issuecomment-1795029963 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 12 ++++++++++++ .../templates/nginx/conf.d/matrix-domain.conf.j2 | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 429fc9fc6..360644809 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -331,6 +331,12 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/user_directory/search -> /_matrix/client/r0/user_directory/search). +# This is to assist identity servers which only handle the r0 endpoints. +# The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides. +# If this is disabled, API requests will be forwarded as-is, without any URL rewriting. +matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled: true + # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain). # This allows another service to control registrations involving 3PIDs. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md @@ -338,6 +344,12 @@ matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/register/(email|msisdn)/requestToken -> /_matrix/client/r0/register/(email|msisdn)/requestToken). +# This is to assist identity servers which only handle the r0 endpoints. +# The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides. +# If this is disabled, API requests will be forwarded as-is, without any URL rewriting. +matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled: true + # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index dd46299e9..ad5501038 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -186,6 +186,10 @@ {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ^~ /_matrix/client/(r0|v3)/user_directory/search { + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -203,6 +207,10 @@ {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; From a88a4c2b827b62a814586883c112fffed15a87be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Nov 2023 16:30:02 +0200 Subject: [PATCH 008/100] Use regex-enabled location blocks when matching with regex Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2986 --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index ad5501038..3d6ae7df9 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -119,7 +119,7 @@ # Redirect other endpoints registered by the media-repo to its container # /_matrix/client/r0/logout # /_matrix/client/r0/logout/all - location ^~ /_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { + location ~ ^/_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -142,7 +142,7 @@ # Redirect other endpoints registered by the media-repo to its container # /_matrix/client/r0/admin/purge_media_cache # /_matrix/client/r0/admin/quarantine_media/{roomId:[^/]+} - location ^~ /_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { + location ~ ^/_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -185,7 +185,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} - location ^~ /_matrix/client/(r0|v3)/user_directory/search { + location ~ ^/_matrix/client/(r0|v3)/user_directory/search { {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; {% endif %} From 81ee0749c874b9986fa8942aa96d76736b2334fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=2E=20K=C3=BCchel?= Date: Thu, 9 Nov 2023 08:00:25 +0100 Subject: [PATCH 009/100] Update matrix-domain.conf.j2 - trying to fix issue #2954 (#2985) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update matrix-domain.conf.j2 exchanged "^~" with "~" as a pattern matching in the location part. I am very sure, that it only works using "~". I am not quite sure though, if this is the right way to do it, because "~" is probably more expensive than "^~" the rewrite has to be behind the definition of the $backend. Otherwise nginx will fail to work. This is probably because "break" goes directly to the proxy_pass which uses $backend. * Update matrix-domain.conf.j2 also change the order of "set $backend" and "rewrite" here in the 3pid registration section * Update matrix-domain.conf.j2 - repeat v3_to_r0 rewrite in else-statement as you said: repeat it for the else-case, where the ma1sd might be running on sans_container. * Update matrix-domain.conf.j2 - corrected wrong variable atrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled is the right variable to check (twice) in the corresponding branch. * matrix-domain.conf.j2 - fix-2954: change all whitespaces to tabs as you do it --------- Co-authored-by: Tobias Küchel --- .../nginx/conf.d/matrix-domain.conf.j2 | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 3d6ae7df9..d28cbf150 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -186,16 +186,18 @@ {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ~ ^/_matrix/client/(r0|v3)/user_directory/search { - {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} - rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; - {% endif %} - {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}"; + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} proxy_pass http://$backend; {% else %} + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} {# Generic configuration for use outside of our container setup #} proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container }}; {% endif %} @@ -207,16 +209,18 @@ {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { - {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} - rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; - {% endif %} - {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}"; + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} proxy_pass http://$backend; {% else %} + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} {# Generic configuration for use outside of our container setup #} proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }}; {% endif %} From b77a438169d7eae816d0b2764309b635d63cc978 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Nov 2023 13:39:21 +0200 Subject: [PATCH 010/100] Upgrade Traefik (v2.10.5-0 -> v2.10.5-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 25e49b076..cbda8ec88 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-0 + version: v2.10.5-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From d74efc13105705f26d3c995996670666edb95862 Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Thu, 9 Nov 2023 14:08:32 +0100 Subject: [PATCH 011/100] Remove mention of Android Element X being less feature complete than the iOS version (#2982) * Remove mention of Android Element X being less feature complete than iOS version Quoting upstream: > Element X Android and Element X iOS apps are in a similar state. > > https://github.com/vector-im/element-x-android/issues/911 * Update configuring-playbook-sliding-sync-proxy.md --- docs/configuring-playbook-sliding-sync-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index 982314caa..f5bc6f768 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi). -Element X Android is less feature-complete than the iOS version. +Element X Android is [available on the Github Releases page](https://github.com/vector-im/element-x-android/releases). **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. From a0e649286d05dee3edeb5487190b60c3d81a65fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:00:27 +0000 Subject: [PATCH 012/100] Update frenck/action-yamllint action to v1.4.2 --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index d10ebec57..8e7df1185 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v4 - name: Run yamllint - uses: frenck/action-yamllint@v1.4.1 + uses: frenck/action-yamllint@v1.4.2 ansible-lint: name: ansible-lint runs-on: ubuntu-latest From e6be3709f004439e1de65e61283c4a919d5d0fd6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:00:31 +0000 Subject: [PATCH 013/100] Update ghcr.io/matrix-org/sliding-sync Docker tag to v0.99.12 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index aaa257ff5..f7ebdee81 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -6,7 +6,7 @@ matrix_sliding_sync_enabled: true # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync -matrix_sliding_sync_version: v0.99.11 +matrix_sliding_sync_version: v0.99.12 matrix_sliding_sync_scheme: https From 8a685aac7bd637298b4e413c45506c6a50905490 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 23:06:02 +0000 Subject: [PATCH 014/100] Update dependency geerlingguy.docker to v7.0.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cbda8ec88..d0b94ab35 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,7 +32,7 @@ - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.0.1 + version: 7.0.2 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.0-0 From a390f6b247b3b90daa7992b84cf0ea210ccb2cf4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 13 Nov 2023 11:12:59 +0200 Subject: [PATCH 015/100] Update prometheus node exporter v1.7.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cbda8ec88..f2c64a6a7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -45,7 +45,7 @@ version: v2.47.2-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.6.1-0 + version: v1.7.0-0 name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.14.0-0 From 706df484ccc89bfedcbcc9851f6123777e0e50e3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Nov 2023 12:53:09 +0200 Subject: [PATCH 016/100] Upgrade Element (v1.11.48 -> v1.11.49) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 63b95db91..8106c40e3 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.48 +matrix_client_element_version: v1.11.49 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 4cac6f547e17dfea53cf8a287604a27ba00dc49c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Nov 2023 18:45:33 +0200 Subject: [PATCH 017/100] Upgrade Traefik (v2.10.5-1 -> v2.10.5-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3e7cc9b1f..7de9de929 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-1 + version: v2.10.5-2 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From a8810315788bf2f03a4f3029f6b00ad57e3b6fbe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Nov 2023 10:15:52 +0200 Subject: [PATCH 018/100] Upgrade Postgres (v16.0-8 -> v16.1-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7de9de929..41f135b38 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-8 + version: v16.1-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From be70430290bbb12da6c506c95646e97748405b00 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 00:24:51 +0000 Subject: [PATCH 019/100] Update matrixdotorg/mjolnir Docker tag to v1.6.5 --- roles/custom/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 434f0a449..1c1744774 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_mjolnir_enabled: true # renovate: datasource=docker depName=matrixdotorg/mjolnir -matrix_bot_mjolnir_version: "v1.6.4" +matrix_bot_mjolnir_version: "v1.6.5" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 64eac2561090db818c5663cf02393d233990e350 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 Nov 2023 09:26:20 +0200 Subject: [PATCH 020/100] Remove tabs from YAML code snippets --- docs/configuring-playbook-ssl-certificates.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 6a215973b..596f9300e 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -68,21 +68,21 @@ aux_file_definitions: # uploading a file from the computer where Ansible is running. - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem" src: /path/on/your/Ansible/computer/to/privkey.pem - # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. - # Note the indentation level. - # content: | - # FILE CONTENT - # HERE + # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. + # Note the indentation level. + # content: | + # FILE CONTENT + # HERE # Create the cert.pem file on the server # uploading a file from the computer where Ansible is running. - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem" src: /path/on/your/Ansible/computer/to/cert.pem - # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. - # Note the indentation level. - # content: | - # FILE CONTENT - # HERE + # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. + # Note the indentation level. + # content: | + # FILE CONTENT + # HERE # Create the custom Traefik configuration. # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them! From c1255407de26733966ed33f81bbbd247bcdf0a0b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 16 Nov 2023 09:48:19 +0200 Subject: [PATCH 021/100] grafana v10.2.1; jitsi v9078; prometheus v2.48.0 --- requirements.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.yml b/requirements.yml index 41f135b38..64108e3fb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,14 +35,14 @@ version: 7.0.2 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.2.0-0 + version: v10.2.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-3 + version: v9078-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.47.2-0 + version: v2.48.0-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-0 From 35c20d753156d27570e8546840a4e71d75d82dcd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 20:12:41 +0000 Subject: [PATCH 022/100] Update matrixdotorg/synapse Docker tag to v1.96.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 2dda2cf38..73b4fdbcc 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.95.1 +matrix_synapse_version: v1.96.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 87bc05906591cf1ae077106458e74da2927a9c11 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 01:23:28 +0000 Subject: [PATCH 023/100] Update dock.mau.dev/mautrix/discord Docker tag to v0.6.4 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 8e11473ed..3bd5998ad 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord -matrix_mautrix_discord_version: v0.6.3 +matrix_mautrix_discord_version: v0.6.4 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" From 1ca21c6a4ff85987ba9df1654412561efca14d0c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 01:23:32 +0000 Subject: [PATCH 024/100] Update dock.mau.dev/mautrix/gmessages Docker tag to v0.2.2 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 4655119cf..e386e2010 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages -matrix_mautrix_gmessages_version: v0.2.1 +matrix_mautrix_gmessages_version: v0.2.2 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" From 147798a69f92db6a924e8125ed1a12c8d4027707 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 04:52:47 +0000 Subject: [PATCH 025/100] Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.4 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 8b488deff..be9bc1bee 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp -matrix_mautrix_whatsapp_version: v0.10.3 +matrix_mautrix_whatsapp_version: v0.10.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" From 3dc77c4f9a1277f2338f2cd3664186fd94b93292 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Nov 2023 16:11:55 +0200 Subject: [PATCH 026/100] Upgrade Synapse (v1.96.0 -> v1.96.1) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 73b4fdbcc..bdd16bb99 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.96.0 +matrix_synapse_version: v1.96.1 matrix_synapse_username: '' matrix_synapse_uid: '' From 743d580daa9ab6d2e41a8634b1ba2a1a2d1d6e98 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 17 Nov 2023 19:35:28 +0200 Subject: [PATCH 027/100] Update synapse-s3-storage-provider looks like newer version is required for synapse 1.96.1 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index bdd16bb99..04a10a9b8 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -907,7 +907,7 @@ matrix_synapse_ext_encryption_config_yaml: | # Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). # Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider. matrix_synapse_ext_synapse_s3_storage_provider_enabled: false -matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.1 +matrix_synapse_ext_synapse_s3_storage_provider_version: 1.3.0 # Controls whether media from this (local) server is stored in s3-storage-provider matrix_synapse_ext_synapse_s3_storage_provider_store_local: true # Controls whether media from remote servers is stored in s3-storage-provider From 9e3925a9e32a5edfce7cd918f2c5873b86b9312d Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 19 Nov 2023 13:01:17 +0200 Subject: [PATCH 028/100] fix jitsi auth, again --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 64108e3fb..95b2562db 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9078-0 + version: v9078-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 7f98d5cba390f2390db4e39a73bedfc59afea203 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 19 Nov 2023 13:57:32 +0200 Subject: [PATCH 029/100] Upgrade postgres-backup The new version supports a new `devture_postgres_backup_postgres_role_include_name` variable, which we'll make use of later. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 95b2562db..05c080915 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.1-0 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 + version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git From c0595d6e446dc4db4eaa31b60f1974e80af5d46a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 19 Nov 2023 14:08:03 +0200 Subject: [PATCH 030/100] Add explicit names for roles (affects their install paths) --- group_vars/matrix_servers | 1 + requirements.yml | 19 ++++++++++++++++++- setup.yml | 26 +++++++++++++------------- 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9b27fcb40..7b24841ab 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3272,6 +3272,7 @@ devture_postgres_backup_connection_username: "{{ devture_postgres_connection_use devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" +devture_postgres_backup_postgres_role_include_name: galaxy/postgres devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" diff --git a/requirements.yml b/requirements.yml index 05c080915..587202da7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -5,42 +5,58 @@ name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.6-1.8.4-0 + name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 + name: container_socket_proxy - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a + name: docker_sdk_for_python - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f + name: playbook_help - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 + name: playbook_runtime_messages - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 + name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.1-0 + name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 + name: postgres_backup - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 + name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-1 + name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 + name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git version: v2.10.5-2 + name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 + name: traefik_certs_dumper - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.3-0 + name: etherpad - src: git+https://github.com/geerlingguy/ansible-role-docker version: 7.0.2 - name: geerlingguy.docker + name: docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.1-0 + name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v9078-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 + name: ntfy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.48.0-0 name: prometheus @@ -52,3 +68,4 @@ name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.2.0-0 + name: redis diff --git a/setup.yml b/setup.yml index d729c106a..5a4ecd383 100644 --- a/setup.yml +++ b/setup.yml @@ -5,14 +5,14 @@ roles: # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`). - - role: galaxy/com.devture.ansible.role.playbook_help + - role: galaxy/playbook_help - - role: galaxy/com.devture.ansible.role.systemd_docker_base + - role: galaxy/systemd_docker_base - role: custom/matrix_playbook_migration - when: matrix_playbook_docker_installation_enabled | bool - role: galaxy/geerlingguy.docker + role: galaxy/docker vars: docker_install_compose: false docker_install_compose_plugin: false @@ -23,7 +23,7 @@ - install-all - when: devture_docker_sdk_for_python_installation_enabled | bool - role: galaxy/com.devture.ansible.role.docker_sdk_for_python + role: galaxy/docker_sdk_for_python tags: - setup-docker - setup-all @@ -31,7 +31,7 @@ - install-all - when: devture_timesync_installation_enabled | bool - role: galaxy/com.devture.ansible.role.timesync + role: galaxy/timesync tags: - setup-timesync - setup-all @@ -42,7 +42,7 @@ - custom/matrix-dynamic-dns - custom/matrix-mailer - - role: galaxy/com.devture.ansible.role.postgres + - role: galaxy/postgres - galaxy/redis - custom/matrix-corporal @@ -121,28 +121,28 @@ - role: galaxy/auxiliary - - role: galaxy/com.devture.ansible.role.postgres_backup + - role: galaxy/postgres_backup - role: galaxy/backup_borg - custom/matrix-user-creator - custom/matrix-common-after - - role: galaxy/com.devture.ansible.role.container_socket_proxy + - role: galaxy/container_socket_proxy - - role: galaxy/com.devture.ansible.role.traefik + - role: galaxy/traefik - - role: galaxy/com.devture.ansible.role.traefik_certs_dumper + - role: galaxy/traefik_certs_dumper - when: devture_systemd_service_manager_enabled | bool - role: galaxy/com.devture.ansible.role.systemd_service_manager + role: galaxy/systemd_service_manager # This is pretty much last, because we want it to better serve as a "last known good configuration". # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 - when: devture_playbook_state_preserver_enabled | bool - role: galaxy/com.devture.ansible.role.playbook_state_preserver + role: galaxy/playbook_state_preserver tags: - setup-all - install-all - - role: galaxy/com.devture.ansible.role.playbook_runtime_messages + - role: galaxy/playbook_runtime_messages From 5bc8903422757784289af0d6b03fc840f8864a54 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:00:34 +0200 Subject: [PATCH 031/100] fix included postgres role name in matrix_servers --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7b24841ab..e5ca46e02 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2101,7 +2101,7 @@ backup_borg_gid: "{{ matrix_user_gid }}" backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}" -backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/com.devture.ansible.role.postgres' if devture_postgres_enabled else '' }}" +backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/postgres' if devture_postgres_enabled else '' }}" backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" From fa90be57c6b80cf96e312d37f5393b7d6ee74419 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 20 Nov 2023 10:07:04 +0200 Subject: [PATCH 032/100] Update borgmatic 1.8.4 -> 1.8.5 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 587202da7..9ad705d93 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.4-0 + version: v1.2.6-1.8.5-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 From ef3f3741c9e355282f975d5e2ccb5ae81c26d1fd Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 20 Nov 2023 10:08:34 +0200 Subject: [PATCH 033/100] Update ntfy 2.7.0 -> 2.8.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 587202da7..cfc87776b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -55,7 +55,7 @@ version: v9078-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.7.0-2 + version: v2.8.0-0 name: ntfy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.48.0-0 From d6db0ef729b74bdbb42db4d4b54228d2f09a8c6d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 19:04:00 +0000 Subject: [PATCH 034/100] Update halfshot/matrix-hookshot Docker tag to v4.6.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 80ebdf68c..60807aa20 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -11,7 +11,7 @@ matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" # renovate: datasource=docker depName=halfshot/matrix-hookshot -matrix_hookshot_version: 4.5.1 +matrix_hookshot_version: 4.6.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From ce23a645b4afcb0ed99ef0035f76ffdf3d8bc8fd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 12:41:08 +0000 Subject: [PATCH 035/100] Update vectorim/element-web Docker tag to v1.11.50 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 8106c40e3..c9726cc9c 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.49 +matrix_client_element_version: v1.11.50 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 36c94b93646ddd3bb3ef01c0f86287c47146f2f6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 Nov 2023 15:40:32 +0200 Subject: [PATCH 036/100] Fix potential Docker apt repository signed-by conflict on Debian-based systems Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2999 Related to https://github.com/geerlingguy/ansible-role-docker/pull/410 --- .../matrix_playbook_migration/defaults/main.yml | 16 ++++++++++++++++ .../tasks/debian_docker_signedby_migration.yml | 6 ++++++ .../matrix_playbook_migration/tasks/main.yml | 9 +++++++++ 3 files changed, 31 insertions(+) create mode 100644 roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index c61e71201..1ca6c011f 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -26,3 +26,19 @@ matrix_playbook_migration_matrix_aux_migration_validation_enabled: true # Controls if (`matrix_jitsi` -> `jitsi`) validation will run. matrix_playbook_migration_matrix_jitsi_migration_validation_enabled: true + +# Controls if the old apt repository (likely without a `signed-by` option) on Debian-based systems will be removed. +# +# Older versions of the Docker role (5.x, 6.x) used to install a repository at a path like: `/etc/apt/sources.list.d/download_docker_com_linux_*` +# For 6.x, the repository included a `signed-by` option, but for earlier versions it did not. +# +# New versions of the Docker role (7.0+) install a new apt repository with `signed-by` option to a different path (`/etc/apt/sources.list.d/docker.list`), +# but if a non-signed-by repository exists at the old path, a conflict will arise. +# +# Our workaround is to just delete the old repository file. Later, when the Docker role runs, it will install a new one at the new path. +# +# See: +# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2999 +# - https://github.com/geerlingguy/ansible-role-docker/pull/410 +matrix_playbook_migration_debian_signedby_migration_enabled: true +matrix_playbook_migration_debian_signedby_migration_repository_path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ ansible_distribution | lower }}.list" diff --git a/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml b/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml new file mode 100644 index 000000000..ac1c5cd13 --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml @@ -0,0 +1,6 @@ +--- + +- name: Remove old Docker apt repository, potentially lacking signed-by option + ansible.builtin.file: + path: "{{ matrix_playbook_migration_debian_signedby_migration_repository_path }}" + state: absent diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index 4dbd3554f..d6b24c395 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -6,6 +6,15 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" +- when: ansible_os_family == 'Debian' and matrix_playbook_migration_debian_signedby_migration_enabled | bool + tags: + - setup-all + - install-all + - setup-docker + - install-docker + block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_signedby_migration.yml" + - tags: - setup-all - install-all From ba0d86370a7a901e9d3e3fa81dd2e9a6d089da2f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 16:55:17 +0000 Subject: [PATCH 037/100] Update matrixdotorg/sygnal Docker tag to v0.13.0 --- roles/custom/matrix-sygnal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml index 03fe5d1a4..7c7d8261b 100644 --- a/roles/custom/matrix-sygnal/defaults/main.yml +++ b/roles/custom/matrix-sygnal/defaults/main.yml @@ -13,7 +13,7 @@ matrix_sygnal_hostname: '' matrix_sygnal_path_prefix: / # renovate: datasource=docker depName=matrixdotorg/sygnal -matrix_sygnal_version: v0.12.0 +matrix_sygnal_version: v0.13.0 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" From 90c9596ed143af3d99419b206d91a011d68eaaeb Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 21 Nov 2023 21:57:25 +0200 Subject: [PATCH 038/100] rearrange requirements.yml and update components --- requirements.yml | 54 ++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/requirements.yml b/requirements.yml index 38fd52fda..18e612a48 100644 --- a/requirements.yml +++ b/requirements.yml @@ -9,9 +9,24 @@ - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 name: container_socket_proxy +- src: git+https://github.com/geerlingguy/ansible-role-docker + version: 7.0.2 + name: docker - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python +- src: git+https://gitlab.com/etke.cc/roles/etherpad.git + version: v1.9.3-0 + name: etherpad +- src: git+https://gitlab.com/etke.cc/roles/grafana.git + version: v10.2.2-0 + name: grafana +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git + version: v9111-0 + name: jitsi +- src: git+https://gitlab.com/etke.cc/roles/ntfy.git + version: v2.8.0-0 + name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f name: playbook_help @@ -27,6 +42,18 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 name: postgres_backup +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git + version: v2.48.0-0 + name: prometheus +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git + version: v1.7.0-0 + name: prometheus_node_exporter +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git + version: v0.14.0-0 + name: prometheus_postgres_exporter +- src: git+https://gitlab.com/etke.cc/roles/redis.git + version: v7.2.0-0 + name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 name: systemd_docker_base @@ -42,30 +69,3 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 name: traefik_certs_dumper -- src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.3-0 - name: etherpad -- src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.0.2 - name: docker -- src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.2.1-0 - name: grafana -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9078-1 - name: jitsi -- src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.8.0-0 - name: ntfy -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.48.0-0 - name: prometheus -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.7.0-0 - name: prometheus_node_exporter -- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.14.0-0 - name: prometheus_postgres_exporter -- src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.0-0 - name: redis From 2149644b815a047e8e4d17e525de2db429e09db2 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Thu, 23 Nov 2023 14:03:13 +0100 Subject: [PATCH 039/100] feat: allow renovate to update ansible dependencies --- .github/renovate.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/renovate.json b/.github/renovate.json index db03f2b49..8cd189aee 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -10,5 +10,15 @@ "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?.+?)[\"']?\\s" ] } + ], + "packageRules": [ + { + "matchSourceUrlPrefixes": [ + "https://github.com/devture/com.devture.ansible.role", + "https://gitlab.com/etke.cc/roles", + "https://github.com/mother-of-all-self-hosting" + ], + "ignoreUnstable": false + } ] } From 3bcd0138d4cf53f1215fcc3a051f4697a57c8954 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 23 Nov 2023 13:22:29 +0000 Subject: [PATCH 040/100] chore(deps): update linuxserver/ddclient docker tag to v3.11.2 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 5a990dbb1..bdf100eb6 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true matrix_dynamic_dns_daemon_interval: '300' # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver -matrix_dynamic_dns_version: 3.11.1 +matrix_dynamic_dns_version: 3.11.2 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From e9a666b0d9fc78f743269d961ba80d4cabb69fb1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Nov 2023 11:30:25 +0200 Subject: [PATCH 041/100] Upgrade systemd_service_manager (v1.0.0-1 -> v1.0.0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 18e612a48..0c20a4983 100644 --- a/requirements.yml +++ b/requirements.yml @@ -58,7 +58,7 @@ version: v1.0.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - version: v1.0.0-1 + version: v1.0.0-2 name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 From 7ebefb7e0d0f471807ba40345a59bdab5e567fd4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 24 Nov 2023 12:30:21 +0200 Subject: [PATCH 042/100] Update aux role (support commands) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0c20a4983..18113a4f9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,7 +1,7 @@ --- - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git - version: v1.0.0-1 + version: v1.0.0-2 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.6-1.8.5-0 From afec1f9815686f222fb9405955dce32e6469241c Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 24 Nov 2023 14:30:43 +0200 Subject: [PATCH 043/100] add packages support to the aux role --- README.md | 2 +- requirements.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 615b97f07..82899a369 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co This Ansible playbook tries to make self-hosting and maintaining a Matrix server fairly easy. Still, running any service smoothly requires knowledge, time and effort. -If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc/) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease. +If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc?utm_source=github&utm_medium=readme&utm_campaign=mdad) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease. If you like learning and experimentation, but would rather reduce future maintenance effort, you can even go for a hybrid approach - self-hosting manually using this Ansible playbook at first and then transferring server maintenance to etke.cc at a later time. diff --git a/requirements.yml b/requirements.yml index 18113a4f9..ae9824737 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,7 +1,7 @@ --- - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git - version: v1.0.0-2 + version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.6-1.8.5-0 From 22567043e41fbadc2e567d7a522ac8643b2fa072 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Nov 2023 21:10:12 +0000 Subject: [PATCH 044/100] chore(deps): update dock.mau.dev/mautrix/telegram docker tag to v0.15.0 --- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index b9a5f50d7..8e8bd5780 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -18,7 +18,7 @@ matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_tele matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram -matrix_mautrix_telegram_version: v0.14.2 +matrix_mautrix_telegram_version: v0.15.0 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}" From 910166effdd47fb1774936e2673af752b96aa23c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Nov 2023 19:15:07 +0200 Subject: [PATCH 045/100] Upgrade Synapse (v1.96.1 -> v1.97.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 04a10a9b8..8c0f444b3 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.96.1 +matrix_synapse_version: v1.97.0 matrix_synapse_username: '' matrix_synapse_uid: '' From e96dc43c2e430f2926cb0c54704b1e9ab2d4f6b6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Nov 2023 09:26:56 +0200 Subject: [PATCH 046/100] Upgrade Traefik (v2.10.5-2 -> v2.10.6-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ae9824737..8cc149834 100644 --- a/requirements.yml +++ b/requirements.yml @@ -64,7 +64,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-2 + version: v2.10.6-0 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 From 5b6fc8d5473c41b1570e0e771b9e1a7417970429 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 29 Nov 2023 13:23:57 +0200 Subject: [PATCH 047/100] buscarron: migrate to native /metrics auth --- .../matrix-bot-buscarron/defaults/main.yml | 15 ++++++------ .../tasks/setup_install.yml | 23 ------------------- .../matrix-bot-buscarron/templates/env.j2 | 3 +++ .../matrix-bot-buscarron/templates/labels.j2 | 20 ---------------- 4 files changed, 10 insertions(+), 51 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 961677612..d4844a8e5 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -41,14 +41,13 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_bot_buscarron_container_additional_networks: [] -# enable basic auth for metrics -matrix_bot_buscarron_basicauth_enabled: false -# temporary file name on the host that runs ansible -matrix_bot_buscarron_basicauth_file: "/tmp/matrix_bot_buscarron_htpasswd" -# username -matrix_bot_buscarron_basicauth_user: '' -# password -matrix_bot_buscarron_basicauth_password: '' +# /metrics login +matrix_bot_buscarron_metrics_login: '' +# /metrics password +matrix_bot_buscarron_metrics_password: '' +# /metrics allowed ips +matrix_bot_buscarron_metrics_ips: [] + # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 0559efec1..1c2c62e14 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -40,21 +40,6 @@ - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} when: "item.when | bool" -- name: Determine basicauth filename - ansible.builtin.set_fact: - matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}" - when: matrix_bot_buscarron_basicauth_enabled | bool - -- name: Generate basic auth file - community.general.htpasswd: - path: "{{ matrix_bot_buscarron_basicauth_file }}" - name: "{{ matrix_bot_buscarron_basicauth_user }}" - password: "{{ matrix_bot_buscarron_basicauth_password }}" - mode: 0640 - become: false - delegate_to: 127.0.0.1 - when: matrix_bot_buscarron_basicauth_enabled | bool - - name: Ensure buscarron support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" @@ -66,14 +51,6 @@ - env - labels -- name: Ensure temporary basic auth file is removed - ansible.builtin.file: - path: "{{ matrix_bot_buscarron_basicauth_file }}" - state: absent - become: false - delegate_to: 127.0.0.1 - when: matrix_bot_buscarron_basicauth_enabled | bool - - name: Ensure buscarron image is pulled community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" diff --git a/roles/custom/matrix-bot-buscarron/templates/env.j2 b/roles/custom/matrix-bot-buscarron/templates/env.j2 index 80ddd38cc..1f71802a5 100644 --- a/roles/custom/matrix-bot-buscarron/templates/env.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/env.j2 @@ -17,6 +17,9 @@ BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }} BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }} BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} +BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }} +BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }} +BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} diff --git a/roles/custom/matrix-bot-buscarron/templates/labels.j2 b/roles/custom/matrix-bot-buscarron/templates/labels.j2 index 6a1ead33d..9150a44bf 100644 --- a/roles/custom/matrix-bot-buscarron/templates/labels.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2 @@ -19,11 +19,6 @@ traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes= {% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %} {% endif %} -{% if matrix_bot_buscarron_basicauth_enabled %} -traefik.http.middlewares.matrix-bot-buscarron-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_buscarron_basicauth_file) }} -{% set middlewares_metrics = middlewares + ['matrix-bot-buscarron-auth'] %} -{% endif %} - {% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }} @@ -46,21 +41,6 @@ traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarr {% endif %} traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 -{% if middlewares_metrics | length > 0 %} -traefik.http.routers.matrix-bot-buscarron-metrics.rule={{ matrix_bot_buscarron_container_labels_traefik_metrics_rule }} -{% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-bot-buscarron-metrics.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }} -{% endif %} -traefik.http.routers.matrix-bot-buscarron-metrics.service=matrix-bot-buscarron -traefik.http.routers.matrix-bot-buscarron-metrics.middlewares={{ middlewares_metrics | join(',') }} -traefik.http.routers.matrix-bot-buscarron-metrics.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-bot-buscarron-metrics.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }} -{% if matrix_bot_buscarron_container_labels_traefik_tls %} -traefik.http.routers.matrix-bot-buscarron-metrics.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} -{% endif %} -traefik.http.services.matrix-bot-buscarron-metrics.loadbalancer.server.port=8080 -{% endif %} - {% endif %} {{ matrix_bot_buscarron_container_labels_additional_labels }} From 95c2db3bb33b6fc4080e30fe8cd883ee4687e529 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 29 Nov 2023 13:32:14 +0200 Subject: [PATCH 048/100] mautrix: allow relay access by default, closes #3014 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +-- roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 8 files changed, 8 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 3bd5998ad..af12acac7 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -29,7 +29,7 @@ matrix_mautrix_discord_command_prefix: "!discord" matrix_mautrix_discord_bridge_permissions: | {{ - {matrix_mautrix_discord_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_discord_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index e407b7a8d..9d9439b38 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -59,7 +59,7 @@ matrix_mautrix_facebook_metrics_proxying_enabled: false matrix_mautrix_facebook_bridge_permissions: | {{ - {matrix_mautrix_facebook_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_facebook_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index e386e2010..9bf55e171 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -109,7 +109,7 @@ matrix_mautrix_gmessages_bridge_mute_bridging: true matrix_mautrix_gmessages_bridge_permissions: | {{ - {matrix_mautrix_gmessages_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_gmessages_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 4f56724a6..36d7a7026 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -28,7 +28,7 @@ matrix_mautrix_instagram_command_prefix: "!ig" matrix_mautrix_instagram_bridge_permissions: | {{ - {matrix_mautrix_instagram_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_instagram_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 4b5cdc880..b26c1e7c9 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -121,8 +121,7 @@ matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}" # This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary. matrix_mautrix_signal_bridge_permissions: | {{ - {'*': 'relay'} - | combine({matrix_mautrix_signal_homeserver_domain: 'user'}) + {'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 5045601a5..1f5e46c53 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -28,7 +28,7 @@ matrix_mautrix_slack_command_prefix: "!slack" matrix_mautrix_slack_bridge_permissions: | {{ - {matrix_mautrix_slack_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_slack_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 8e8bd5780..51e19d519 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -32,7 +32,7 @@ matrix_mautrix_telegram_command_prefix: "!tg" matrix_mautrix_telegram_bridge_permissions: | {{ - {matrix_mautrix_telegram_homeserver_domain: 'full'} + {'*': 'relaybot', matrix_mautrix_telegram_homeserver_domain: 'full'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index be9bc1bee..7756cb672 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -111,7 +111,7 @@ matrix_mautrix_whatsapp_bridge_allow_user_invite: true matrix_mautrix_whatsapp_bridge_permissions: | {{ - {matrix_mautrix_whatsapp_homeserver_domain: 'user'} + {'*': 'relay', matrix_mautrix_whatsapp_homeserver_domain: 'user'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} From 8e1ae61048e7610ba2786fa7c0896a8640f8de32 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Nov 2023 13:05:00 +0200 Subject: [PATCH 049/100] Upgrade systemd_service_manager (v1.0.0-2 -> v1.0.0-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 8cc149834..3f8c2961a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -58,7 +58,7 @@ version: v1.0.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - version: v1.0.0-2 + version: v1.0.0-3 name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 From 03c99fb5ec67b2604ba50a49227ae53ec623bb48 Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Thu, 30 Nov 2023 19:24:06 +0100 Subject: [PATCH 050/100] Update the whatsapp bot callsign It works with `!wa`, not with `!whatsapp` --- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index b08556fe7..1794afbd4 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -21,8 +21,8 @@ By default, only admins are allowed to set themselves as relay users. To allow a matrix_mautrix_whatsapp_bridge_relay_admin_only: false ``` -If you want to activate the relay bot in a room, use `!whatsapp set-relay`. -Use `!whatsapp unset-relay` to deactivate. +If you want to activate the relay bot in a room, use `!wa set-relay`. +Use `!wa unset-relay` to deactivate. ## Enable backfilling history This requires a server with MSC2716 support, which is currently an experimental feature in synapse. From 5f3e9e4d0b6ddbe4003f62ea828b53abe1fd43db Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 2 Dec 2023 23:01:42 +0000 Subject: [PATCH 051/100] chore(deps): update dependency backup_borg to v1.2.7-1.8.5-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3f8c2961a..e4c8e0628 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.5-0 + version: v1.2.7-1.8.5-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 From d318d8cf8a2ccc62da4d031424a5d3c4f4a726a4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:18:28 +0000 Subject: [PATCH 052/100] chore(deps): update ghcr.io/matrix-org/sliding-sync docker tag to v0.99.13 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index f7ebdee81..e27104be9 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -6,7 +6,7 @@ matrix_sliding_sync_enabled: true # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync -matrix_sliding_sync_version: v0.99.12 +matrix_sliding_sync_version: v0.99.13 matrix_sliding_sync_scheme: https From 305e3afb1b8fe0cf99a25080ac9fc90819fa55ac Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Mon, 4 Dec 2023 12:37:39 -0600 Subject: [PATCH 053/100] Updated matrix media repo to v1.3.3 --- .../matrix-media-repo/defaults/main.yml | 709 ++++++++--------- .../templates/media-repo/media-repo.yaml.j2 | 714 +++++++++--------- .../nginx/conf.d/matrix-domain.conf.j2 | 3 + 3 files changed, 728 insertions(+), 698 deletions(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 61c6f839e..6a09bdb51 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -19,7 +19,7 @@ matrix_media_repo_docker_image_path: "turt2live/matrix-media-repo" matrix_media_repo_docker_image: "{{ matrix_media_repo_docker_image_name_prefix }}{{ matrix_media_repo_docker_image_path }}:{{ matrix_media_repo_docker_image_tag }}" matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_repo_container_image_self_build else matrix_container_global_registry_prefix }}" # renovate: datasource=docker depName=turt2live/matrix-media-repo -matrix_media_repo_docker_image_tag: "v1.2.13" +matrix_media_repo_docker_image_tag: "v1.3.3" matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}" matrix_media_repo_base_path: "{{ matrix_base_data_path }}/{{ matrix_media_repo_identifier }}" @@ -105,6 +105,21 @@ matrix_media_repo_use_forwarded_host: true # the remote server do not count towards this. matrix_media_repo_federation_backoff_at: 20 +# The domains the media repo should never serve media for. Existing media already stored from +# these domains will remain, however will not be downloadable without a data export. Media +# repo administrators will bypass this check. Admin APIs will still work for media on these +# domains. +# +# This will not prevent the listed domains from accessing media on this media repo - it only +# stops users on *this* media repo from accessing media originally uploaded to the listed domains. +# +# Note: Adding domains controlled by the media repo itself to this list is not advisable. +# matrix_media_repo_federation_ignored_hosts: [ +# "example.org" +# ] + +matrix_media_repo_federation_ignored_hosts: [] + # The database configuration for the media repository # Do NOT put your homeserver's existing database credentials here. Create a new database and # user instead. Using the same server is fine, just not the same username and database. @@ -130,25 +145,31 @@ matrix_media_repo_database_max_idle_connections: 5 # The configuration for the homeservers this media repository is known to control. Servers # not listed here will not be able to upload media. -matrix_media_repo_homeservers: - homeservers: +matrix_media_repo_homeservers: "{{ matrix_media_repo_homeservers_auto + matrix_media_repo_homeservers_additional }}" + +# Auto configured server setup by the playbook +matrix_media_repo_homeservers_auto: + - # Keep the dash from this line. + # This should match the server_name of your homeserver, and the Host header # provided to the media repo. - - name: "{{ matrix_server_fqn_matrix }}" + name: "{{ matrix_server_fqn_matrix }}" - # The base URL to where the homeserver can actually be reached - csApi: "http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}" + # The base URL to where the homeserver can actually be reached by MMR. + csApi: "http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}" - # The number of consecutive failures in calling this homeserver before the - # media repository will start backing off. This defaults to 10 if not given. - backoffAt: 10 + # The number of consecutive failures in calling this homeserver before the + # media repository will start backing off. This defaults to 10 if not given. + backoffAt: 10 - # The kind of admin API the homeserver supports. If set to "matrix", - # the media repo will use the Synapse-defined endpoints under the - # unstable client-server API. When this is "synapse", the new /_synapse - # endpoints will be used instead. Unknown values are treated as the - # default, "matrix". - adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'matrix' }}" + # The admin API interface supported by the homeserver. MMR uses a subset of the admin API + # during certain operations, like attempting to purge media from a room or validating server + # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set + # to "matrix", most functionality requiring the admin API will not work. + adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'matrix' }}" + +# Additional servers to be managed by MMR +matrix_media_repo_homeservers_additional: [] # Options for controlling how access tokens work with the media repo. It is recommended that if # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints @@ -166,45 +187,51 @@ matrix_media_repo_homeservers: # *************************************************************************** # * IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE. * # *************************************************************************** -matrix_media_repo_access_tokens: - accessTokens: - # The maximum time a cached access token will be considered valid. Set to zero (the default) - # to disable the cache and constantly hit the homeserver. This is recommended to be set to - # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and - # zero for servers who do not proxy the endpoints through. - maxCacheTimeSeconds: 43200 - # Whether or not to use the `appservices` config option below. If disabled (the default), - # the regular access token cache will be used for each user, potentially leading to high - # memory usage. - useLocalAppserviceConfig: false +# The maximum time a cached access token will be considered valid. Set to zero (the default) +# to disable the cache and constantly hit the homeserver. This is recommended to be set to +# 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and +# zero for servers who do not proxy the endpoints through. +matrix_media_repo_access_tokens_max_cache_time_seconds: 43200 - # The application services (and their namespaces) registered on the homeserver. Only used - # if `useLocalAppserviceConfig` is enabled (recommended). - # - # Usually the appservice will provide you with these config details - they'll just need - # translating from the appservice registration to here. Note that this does not require - # all options from the registration, and only requires the bare minimum required to run - # the media repo. - # appservices: - # - id: Name_of_appservice_for_your_reference - # asToken: Secret_token_for_appservices_to_use - # senderUserId: "@_example_bridge:yourdomain.com" - # userNamespaces: - # - regex: "@_example_bridge_.+:yourdomain.com" - # # A note about regexes: it is best to suffix *all* namespaces with the homeserver - # # domain users are valid for, as otherwise the appservice can use any user with - # # any domain name it feels like, even if that domain is not configured with the - # # media repo. This will lead to inaccurate reporting in the case of the media - # # repo, and potentially leading to media being considered "remote". +# Whether or not to use the `appservices` config option below. If disabled (the default), +# the regular access token cache will be used for each user, potentially leading to high +# memory usage. +matrix_media_repo_access_tokens_use_local_appservice_config: false + +# The application services (and their namespaces) registered on the homeserver. Only used +# if `useLocalAppserviceConfig` is enabled (recommended). +# +# Usually the appservice will provide you with these config details - they'll just need +# translating from the appservice registration to here. Note that this does not require +# all options from the registration, and only requires the bare minimum required to run +# the media repo. +# matrix_media_repo_access_tokens_appservices: [ +# { +# id: "Name_of_appservice_for_your_reference", +# asToken: "Secret_token_for_appservices_to_use", +# senderUserId: "@_example_bridge:yourdomain.com", +# userNamespaces: [ +# regex: "@_example_bridge_.+:yourdomain.com" +# # A note about regexes: it is best to suffix *all* namespaces with the homeserver +# # domain users are valid for, as otherwise the appservice can use any user with +# # any domain name it feels like, even if that domain is not configured with the +# # media repo. This will lead to inaccurate reporting in the case of the media +# # repo, and potentially leading to media being considered "remote". +# ] +# } +# ] + +matrix_media_repo_access_tokens_appservices: [] # These users have full access to the administrative functions of the media repository. # See docs/admin.md for information on what these people can do. They must belong to one of the # configured homeservers above. -matrix_media_repo_admins: - admins: [] -# admins: -# - "@your_username:example.org" +# matrix_media_repo_admins: [ +# "@your_username:example.org" +# ] + +matrix_media_repo_admins: [] # Shared secret auth is useful for applications building on top of the media repository, such # as a management interface. The `token` provided here is treated as a repository administrator @@ -220,58 +247,62 @@ matrix_media_repo_shared_secret_auth_token: "PutSomeRandomSecureValueHere" # Datastores are places where media should be persisted. This isn't dedicated for just uploads: # thumbnails and other misc data is also stored in these places. The media repo, when looking # for a datastore to use, will always use the smallest datastore first. -matrix_media_repo_datastores: - datastores: - - type: file - enabled: true # Enable this to set up data storage. - # Datastores can be split into many areas when handling uploads. Media is still de-duplicated - # across all datastores (local content which duplicates remote content will re-use the remote - # content's location). This option is useful if your datastore is becoming very large, or if - # you want faster storage for a particular kind of media. - # - # The kinds available are: - # thumbnails - Used to store thumbnails of media (local and remote). - # remote_media - Original copies of remote media (servers not configured by this repo). - # local_media - Original uploads for local media. - # archives - Archives of content (GDPR and similar requests). - forKinds: ["thumbnails", "remote_media", "local_media", "archives"] - opts: - path: /data/media - - type: s3 - enabled: false # Enable this to set up s3 uploads - forKinds: ["thumbnails", "remote_media", "local_media", "archives"] - opts: - # The s3 uploader needs a temporary location to buffer files to reduce memory usage on - # small file uploads. If the file size is unknown, the file is written to this location - # before being uploaded to s3 (then the file is deleted). If you aren't concerned about - # memory usage, set this to an empty string. - tempPath: "/tmp/mediarepo_s3_upload" - endpoint: sfo2.digitaloceanspaces.com - accessKeyId: "" - accessSecret: "" - ssl: true - bucketName: "your-media-bucket" - # An optional region for where this S3 endpoint is located. Typically not needed, though - # some providers will need this (like Scaleway). Uncomment to use. - # region: "sfo2" - # An optional storage class for tuning how the media is stored at s3. - # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. - # storageClass: STANDARD +# ID for the file datastore (cannot change). Alphanumeric recommended. +matrix_media_repo_datastore_file_id: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'filestore.db', rounds=655555) | to_uuid }}" - # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If - # the feature is not enabled, this will not work. Note that IPFS support is experimental at - # the moment and not recommended for general use. - # - # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo - # puts authentication on the download endpoints. Only use this option for cases where you - # expect your media to be publicly accessible. - - type: ipfs - enabled: false # Enable this to use IPFS support - forKinds: ["local_media"] - # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured - # in the IPFS section of your main config. - opts: {} +# Datastores can be split into many areas when handling uploads. Media is still de-duplicated +# across all datastores (local content which duplicates remote content will re-use the remote +# content's location). This option is useful if your datastore is becoming very large, or if +# you want faster storage for a particular kind of media. +# +# To disable this datastore, making it readonly, specify `forKinds: []`. +# +# The kinds available are: +# thumbnails - Used to store thumbnails of media (local and remote). +# remote_media - Original copies of remote media (servers not configured by this repo). +# local_media - Original uploads for local media. +# archives - Archives of content (GDPR and similar requests). +matrix_media_repo_datastore_file_for_kinds: ["thumbnails", "remote_media", "local_media", "archives"] + +# Path to datastore, relative to matrix-media-repo directory root +matrix_media_repo_datastore_opts_path: "/data/media" + +# ID for the s3 datastore (cannot change). Alphanumeric recommended. +matrix_media_repo_datastore_s3_id: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 's3store.db', rounds=655555) | to_uuid }}" + +# Datastores can be split into many areas when handling uploads. Media is still de-duplicated +# across all datastores (local content which duplicates remote content will re-use the remote +# content's location). This option is useful if your datastore is becoming very large, or if +# you want faster storage for a particular kind of media. +# +# To disable this datastore, making it readonly, specify `forKinds: []`. +# +# The kinds available are: +# thumbnails - Used to store thumbnails of media (local and remote). +# remote_media - Original copies of remote media (servers not configured by this repo). +# local_media - Original uploads for local media. +# archives - Archives of content (GDPR and similar requests). +matrix_media_repo_datastore_s3_for_kinds: [] + +# The s3 uploader needs a temporary location to buffer files to reduce memory usage on +# small file uploads. If the file size is unknown, the file is written to this location +# before being uploaded to s3 (then the file is deleted). If you aren't concerned about +# memory usage, set this to an empty string. +matrix_media_repo_datastore_s3_opts_temp_path: "/tmp/mediarepo_s3_upload" +matrix_media_repo_datastore_s3_opts_endpoint: "sfo2.digitaloceanspaces.com" +matrix_media_repo_datastore_s3_opts_access_key_id: "" +matrix_media_repo_datastore_s3_opts_access_secret: "" +matrix_media_repo_datastore_s3_opts_ssl: true +matrix_media_repo_datastore_s3_opts_bucket_name: "your-media-bucket" + +# An optional region for where this S3 endpoint is located. Typically not needed, though +# some providers will need this (like Scaleway). Uncomment to use. +# matrix_media_repo_datastore_s3_opts_region: "sfo2" + +# An optional storage class for tuning how the media is stored at s3. +# See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. +# matrix_media_repo_datastore_s3_opts_storage_class: "STANDARD" # Options for controlling archives. Archives are exports of a particular user's content for # the purpose of GDPR or moving media to a different server. @@ -291,42 +322,65 @@ matrix_media_repo_archiving_self_service: false matrix_media_repo_archiving_target_bytes_per_part: 209715200 # 200mb default # The file upload settings for the media repository -matrix_media_repo_uploads: - uploads: - # The maximum individual file size a user can upload. - maxBytes: 104857600 # 100MB default, 0 to disable - # The minimum number of bytes to let people upload. This is recommended to be non-zero to - # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend - # to waste more CPU and database resources than small files, thus a default of 100 bytes - # is applied here as an approximate break-even point. - minBytes: 100 # 100 bytes by default +# The maximum individual file size a user can upload. +matrix_media_repo_max_bytes: 104857600 # 100MB default, 0 to disable - # The number of bytes to claim as the maximum size for uploads for the limits API. If this - # is not provided then the maxBytes setting will be used instead. This is useful to provide - # if the media repo's settings and the reverse proxy do not match for maximum request size. - # This is purely for informational reasons and does not actually limit any functionality. - # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. - reportedMaxBytes: 0 +# The minimum number of bytes to let people upload. This is recommended to be non-zero to +# ensure that the "cost" of running the media repo is worthwhile - small file uploads tend +# to waste more CPU and database resources than small files, thus a default of 100 bytes +# is applied here as an approximate break-even point. +matrix_media_repo_min_bytes: 100 # 100 bytes by default - # Options for limiting how much content a user can upload. Quotas are applied to content - # associated with a user regardless of de-duplication. Quotas which affect remote servers - # or users will not take effect. When a user exceeds their quota they will be unable to - # upload any more media. - quotas: - # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo - # will track how much media a user has uploaded. This is disabled by default. - enabled: false +# The number of bytes to claim as the maximum size for uploads for the limits API. If this +# is not provided then the maxBytes setting will be used instead. This is useful to provide +# if the media repo's settings and the reverse proxy do not match for maximum request size. +# This is purely for informational reasons and does not actually limit any functionality. +# Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. +matrix_media_repo_reported_max_bytes: 0 - # The quota rules that affect users. The first rule to match the uploader will take effect. - # An implied rule which matches all users and has no quota is always last in this list, - # meaning that if no rules are supplied then users will be able to upload anything. Similarly, - # if no rules match a user then the implied rule will match, allowing the user to have no - # quota. The quota will let the user upload to 1 media past their quota, meaning that from - # a statistics perspective the user might exceed their quota however only by a small amount. - users: - - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. - maxBytes: 53687063712 # 50GB default, 0 to disable +# The number of pending uploads a user is permitted to have at a given time. They must cancel, +# complete, or otherwise let pending requests expire before uploading any more media. Set to +# zero to disable. +matrix_media_repo_max_pending: 5 + +# The duration the server will wait to receive media that was asynchronously uploaded before +# expiring it entirely. This should be set sufficiently high for a client on poor connectivity +# to upload something. The Matrix specification recommends 24 hours (86400 seconds), however +# this project recommends 30 minutes (1800 seconds). +matrix_media_repo_max_age_seconds: 1800 + +# Options for limiting how much content a user can upload. Quotas are applied to content +# associated with a user regardless of de-duplication. Quotas which affect remote servers +# or users will not take effect. When a user exceeds their quota they will be unable to +# upload any more media. + +# Whether quotas are enabled/enforced. Note that even when disabled the media repo will +# track how much media a user has uploaded. Quotas are disabled by default. +matrix_media_repo_quotas_enabled: false + +# The upload quota rules which affect users. The first rule to match the user ID will take +# effect. If a user does not match a rule, the defaults implied by the above config will +# take effect instead. The user will not be permitted to upload anything above these quota +# values, but can match them exactly. +matrix_media_repo_quotas_users: "{{ matrix_media_repo_quotas_users_auto + matrix_media_repo_quotas_users_additional }}" + +matrix_media_repo_quotas_users_auto: + - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. + # The maximum number of TOTAL bytes a user can upload. Defaults to zero (no limit). + maxBytes: 53687063712 # 50gb + # The same as maxPending above - the number of uploads the user can have waiting to + # complete before starting another one. Defaults to maxPending above. Set to 0 to + # disable. + maxPending: 5 + # The maximum number of uploaded files a user can have. Defaults to zero (no limit). + # If both maxBytes and maxFiles are in use then the first condition a user triggers + # will prevent upload. Note that a user can still have uploads contributing to maxPending, + # but will not be able to complete them if they are at maxFiles. + maxFiles: 0 + +# Additional quota glob patterns +matrix_media_repo_quotas_users_additional: [] # Settings related to downloading files from the media repository @@ -344,186 +398,175 @@ matrix_media_repo_downloads_num_workers: 10 # has passed, the media is able to be re-requested. matrix_media_repo_downloads_failure_cache_minutes: 5 -# The cache control settings for downloads. This can help speed up downloads for users by -# keeping popular media in the cache. This cache is also used for thumbnails. -matrix_media_repo_downloads_cache_enabled: true - -# The maximum size of cache to have. Higher numbers are better. -matrix_media_repo_downloads_cache_max_size_bytes: 1048576000 # 1GB default - -# The maximum file size to cache. This should normally be the same size as your maximum -# upload size. -matrix_media_repo_downloads_cache_max_file_size_bytes: 104857600 # 100MB default - -# The number of minutes to track how many downloads a file gets -matrix_media_repo_downloads_cache_tracked_minutes: 30 - -# The number of downloads a file must receive in the window above (trackedMinutes) in -# order to be cached. -matrix_media_repo_downloads_cache_min_downloads: 5 - -# The minimum amount of time an item should remain in the cache. This prevents the cache -# from cycling out the file if it needs more room during this time. Note that the media -# repo regularly cleans out media which is past this point from the cache, so this number -# may need increasing depending on your use case. If the maxSizeBytes is reached for the -# media repo, and some cached items are still under this timer, new items will not be able -# to enter the cache. When this happens, consider raising maxSizeBytes or lowering this -# timer. -matrix_media_repo_downloads_cache_min_cache_time_seconds: 300 - -# The minimum amount of time an item should remain outside the cache once it is removed. -matrix_media_repo_downloads_cache_min_evicted_time_seconds: 60 - # How many days after a piece of remote content is downloaded before it expires. It can be # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or # negative to disable. Defaults to disabled. matrix_media_repo_downloads_expire_after_days: 0 +# The default size, in bytes, to return for range requests on media. Range requests are used +# by clients when they only need part of a file, such as a video or audio element. Note that +# the entire file will still be cached (if enabled), but only part of it will be returned. +# If the client requests a larger or smaller range, that will be honoured. +matrix_media_repo_downloads_default_range_chunk_size_bytes: 10485760 # 10MB default + # URL Preview settings -matrix_media_repo_url_previews: - urlPreviews: - enabled: true # If enabled, the preview_url routes will be accessible - maxPageSizeBytes: 10485760 # 10MB default, 0 to disable - # If true, the media repository will try to provide previews for URLs with invalid or unsafe - # certificates. If false (the default), the media repo will fail requests to said URLs. - previewUnsafeCertificates: false +# If enabled, the preview_url routes will be accessible +matrix_media_repo_url_previews_enabled: true - # Note: URL previews are limited to a given number of words, which are then limited to a number - # of characters, taking off the last word if it needs to. This also applies for the title. +# 10MB default, 0 to disable +matrix_media_repo_url_previews_max_page_size_bytes: 10485760 - numWords: 50 # The number of words to include in a preview (maximum) - maxLength: 200 # The maximum number of characters for a description +# If true, the media repository will try to provide previews for URLs with invalid or unsafe +# certificates. If false (the default), the media repo will fail requests to said URLs. +matrix_media_repo_url_previews_preview_unsafe_certificates: false - numTitleWords: 30 # The maximum number of words to include in a preview's title - maxTitleLength: 150 # The maximum number of characters for a title +# Note: URL previews are limited to a given number of words, which are then limited to a number +# of characters, taking off the last word if it needs to. This also applies for the title. - # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are - # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be - # an image and the image's type must be allowed by the thumbnailer. - filePreviewTypes: - - "image/*" +# The number of words to include in a preview (maximum) +matrix_media_repo_url_previews_num_words: 50 - # The number of workers to use when generating url previews. Raise this number if url - # previews are slow or timing out. - # - # Maximum memory usage = numWorkers multiplied by the maximum page size - # Average memory usage is dependent on how many concurrent urls your users are previewing. - numWorkers: 10 +# The maximum number of characters for a description +matrix_media_repo_url_previews_max_length: 200 - # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they - # will be merged. URL previews will be disabled if neither is supplied. Each entry must be - # a CIDR range. - disallowedNetworks: - - "127.0.0.1/8" - - "10.0.0.0/8" - - "172.16.0.0/12" - - "192.168.0.0/16" - - "100.64.0.0/10" - - "169.254.0.0/16" - - '::1/128' - - 'fe80::/64' - - 'fc00::/7' - allowedNetworks: - # "Everything". The blacklist will help limit this. - # This is the default value for this field. - - "0.0.0.0/0" +# The maximum number of words to include in a preview's title +matrix_media_repo_url_previews_num_title_words: 30 - # How many days after a preview is generated before it expires and is deleted. The preview - # can be regenerated safely - this just helps free up some space in your database. Set to - # zero or negative to disable. Defaults to disabled. - expireAfterDays: 0 +# The maximum number of characters for a title +matrix_media_repo_url_previews_max_title_length: 150 - # The default Accept-Language header to supply when generating URL previews when one isn't - # supplied by the client. - # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language - defaultLanguage: "en-US,en" +# The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are +# calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be +# an image and the image's type must be allowed by the thumbnailer. +matrix_media_repo_url_previews_file_preview_types: + - "image/*" - # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for - # sites that do not support OpenGraph or page scraping, such as Twitter. For information on - # specifying providers for oEmbed, including your own, see the following documentation: - # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html - # Defaults to disabled. - oEmbed: false +# The number of workers to use when generating url previews. Raise this number if url +# previews are slow or timing out. +# +# Maximum memory usage = numWorkers multiplied by the maximum page size +# Average memory usage is dependent on how many concurrent urls your users are previewing. +matrix_media_repo_url_previews_num_workers: 10 + +# Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they +# will be merged. URL previews will be disabled if neither is supplied. Each entry must be +# a CIDR range. +matrix_media_repo_url_previews_disallowed_networks: + - "127.0.0.1/8" + - "10.0.0.0/8" + - "172.16.0.0/12" + - "192.168.0.0/16" + - "100.64.0.0/10" + - "169.254.0.0/16" + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' +matrix_media_repo_url_previews_allowed_networks: + # "Everything". The blacklist will help limit this. + # This is the default value for this field. + - "0.0.0.0/0" + +# How many days after a preview is generated before it expires and is deleted. The preview +# can be regenerated safely - this just helps free up some space in your database. Set to +# zero or negative to disable. Defaults to disabled. +matrix_media_repo_url_previews_expire_after_days: 0 + +# The default Accept-Language header to supply when generating URL previews when one isn't +# supplied by the client. +# Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language +matrix_media_repo_url_previews_default_language: "en-US,en" + +# Set the User-Agent header to supply when generating URL previews +matrix_media_repo_url_previews_user_agent: "matrix-media-repo" + +# When true, oEmbed previews will be enabled. Typically these kinds of previews are used for +# sites that do not support OpenGraph or page scraping, such as Twitter. For information on +# specifying providers for oEmbed, including your own, see the following documentation: +# https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html +# Defaults to disabled. +matrix_media_repo_url_previews_o_embed: false # The thumbnail configuration for the media repository. -matrix_media_repo_thumbnails: - thumbnails: - # The maximum number of bytes an image can be before the thumbnailer refuses. - maxSourceBytes: 10485760 # 10MB default, 0 to disable - # The maximum number of pixels an image can have before the thumbnailer refuses. Note that - # this only applies to image types: file types like audio and video are affected solely by - # the maxSourceBytes. - maxPixels: 32000000 # 32M default +# The maximum number of bytes an image can be before the thumbnailer refuses. +matrix_media_repo_thumbnails_max_source_bytes: 10485760 # 10MB default, 0 to disable - # The number of workers to use when generating thumbnails. Raise this number if thumbnails - # are slow to generate or timing out. - # - # Maximum memory usage = numWorkers multiplied by the maximum image source size - # Average memory usage is dependent on how many thumbnails are being generated by your users - numWorkers: 100 +# The maximum number of pixels an image can have before the thumbnailer refuses. Note that +# this only applies to image types: file types like audio and video are affected solely by +# the maxSourceBytes. +matrix_media_repo_thumbnails_max_pixels: 32000000 # 32M default - # All thumbnails are generated into one of the sizes listed here. The first size is used as - # the default for when no width or height is requested. The media repository will return - # either an exact match or the next largest size of thumbnail. - sizes: - - width: 32 - height: 32 - - width: 96 - height: 96 - - width: 320 - height: 240 - - width: 640 - height: 480 - - width: 768 # This size is primarily used for audio thumbnailing. - height: 240 - - width: 800 - height: 600 +# The number of workers to use when generating thumbnails. Raise this number if thumbnails +# are slow to generate or timing out. +# +# Maximum memory usage = numWorkers multiplied by the maximum image source size +# Average memory usage is dependent on how many thumbnails are being generated by your users +matrix_media_repo_thumbnails_num_workers: 100 - # To allow for thumbnails to be any size, not just in the sizes specified above, set this to - # true (default false). When enabled, whatever size requested by the client will be generated - # up to a maximum of the largest possible dimensions in the `sizes` list. For best results, - # specify only one size in the `sizes` list when this option is enabled. - dynamicSizing: false +# All thumbnails are generated into one of the sizes listed here. The first size is used as +# the default for when no width or height is requested. The media repository will return +# either an exact match or the next largest size of thumbnail. +matrix_media_repo_thumbnails_sizes: + - width: 32 + height: 32 + - width: 96 + height: 96 + - width: 320 + height: 240 + - width: 640 + height: 480 + - width: 768 # This size is primarily used for audio thumbnailing. + height: 240 + - width: 800 + height: 600 - # The content types to thumbnail when requested. Types that are not supported by the media repo - # will not be thumbnailed (adding application/json here won't work). Clients may still not request - # thumbnails for these types - this won't make clients automatically thumbnail these file types. - types: - - "image/jpeg" - - "image/jpg" - - "image/png" - - "image/apng" - - "image/gif" - - "image/heif" - - "image/webp" - # - "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files - - "audio/mpeg" - - "audio/ogg" - - "audio/wav" - - "audio/flac" - # - "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files +# To allow for thumbnails to be any size, not just in the sizes specified above, set this to +# true (default false). When enabled, whatever size requested by the client will be generated +# up to a maximum of the largest possible dimensions in the `sizes` list. For best results, +# specify only one size in the `sizes` list when this option is enabled. +matrix_media_repo_thumbnails_dynamic_sizing: false - # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated - # thumbnails, set this to false. If disabled, regular thumbnails will be returned. - allowAnimated: true +# The content types to thumbnail when requested. Types that are not supported by the media repo +# will not be thumbnailed (adding application/json here won't work). Clients may still not request +# thumbnails for these types - this won't make clients automatically thumbnail these file types. +matrix_media_repo_thumbnails_types: + - "image/jpeg" + - "image/jpg" + - "image/png" + - "image/apng" + - "image/gif" + - "image/heif" + - "image/heic" + - "image/webp" + - "image/bmp" + - "image/tiff" + #- "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files + - "audio/mpeg" + - "audio/ogg" + - "audio/wav" + - "audio/flac" + #- "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files - # Default to animated thumbnails, if available - defaultAnimated: false +# Animated thumbnails can be CPU intensive to generate. To disable the generation of animated +# thumbnails, set this to false. If disabled, regular thumbnails will be returned. +matrix_media_repo_thumbnails_allow_animated: true - # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image - # is larger than this, the thumbnail will be generated as a static image. - maxAnimateSizeBytes: 10485760 # 10MB default, 0 to disable +# Default to animated thumbnails, if available +matrix_media_repo_thumbnails_default_animated: false - # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try - # and thumbnail animated content? Defaults to 0.5 (middle of animation). - stillFrame: 0.5 +# The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image +# is larger than this, the thumbnail will be generated as a static image. +matrix_media_repo_thumbnails_max_animate_size_bytes: 10485760 # 10MB default, 0 to disable - # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail - # can be regenerated safely - this just helps free up some space in your datastores. Set to - # zero or negative to disable. Defaults to disabled. - expireAfterDays: 0 +# On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try +# and thumbnail animated content? Defaults to 0.5 (middle of animation). +matrix_media_repo_thumbnails_still_frame: 0.5 + +# How many days after a thumbnail is generated before it expires and is deleted. The thumbnail +# can be regenerated safely - this just helps free up some space in your datastores. Set to +# zero or negative to disable. Defaults to disabled. +matrix_media_repo_thumbnails_expire_after_days: 0 # Controls for the rate limit functionality @@ -623,67 +666,31 @@ matrix_media_repo_plugins: # Options for controlling various MSCs/unstable features of the media repo # Sections of this config might disappear or be added over time. By default all # features are disabled in here and must be explicitly enabled to be used. -matrix_media_repo_feature_support: - featureSupport: - # MSC2248 - Blurhash - MSC2448: - # Whether or not this MSC is enabled for use in the media repo - enabled: false +# featureSupport: + # No unstable features are currently supported. - # Maximum dimensions for converting a blurhash to an image. When no width and - # height options are supplied, the default will be half these values. - maxWidth: 1024 - maxHeight: 1024 +# Support for redis as a cache mechanism +# +# Note: Enabling Redis support will mean that the existing cache mechanism will do nothing. +# It can be safely disabled once Redis support is enabled. +# +# See docs/redis.md for more information on how this works and how to set it up. - # Thumbnail size in pixels to use to generate the blurhash string - thumbWidth: 64 - thumbHeight: 64 +# Whether or not use Redis instead of in-process caching. +matrix_media_repo_redis_enabled: false - # The X and Y components to use. Higher numbers blur less, lower numbers blur more. - xComponents: 4 - yComponents: 3 +# The database number to use. Leave at zero if using a dedicated Redis instance. +matrix_media_repo_redis_database_number: 0 - # The amount of contrast to apply when converting a blurhash to an image. Lower values - # make the effect more subtle, larger values make it stronger. - punch: 1 - - # IPFS Support - # This is currently experimental and might not work at all. - IPFS: - # Whether or not IPFS support is enabled for use in the media repo. - enabled: false - - # Options for the built in IPFS daemon - builtInDaemon: - # Enable this to spawn an in-process IPFS node to use instead of a localhost - # HTTP agent. If this is disabled, the media repo will assume you have an HTTP - # IPFS agent running and accessible. Defaults to using a daemon (true). - enabled: true - - # If the Daemon is enabled, set this to the location where the IPFS files should - # be stored. If you're using Docker, this should be something like "/data/ipfs" - # so it can be mapped to a volume. - repoPath: "./ipfs" - - # Support for redis as a cache mechanism - # - # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing. - # It can be safely disabled once Redis support is enabled. - # - # See docs/redis.md for more information on how this works and how to set it up. - redis: - # Whether or not use Redis instead of in-process caching. - enabled: false - - # The Redis shards that should be used by the media repo in the ring. The names of the - # shards are for your reference and have no bearing on the connection, but must be unique. - shards: - - name: "server1" - addr: ":7000" - - name: "server2" - addr: ":7001" - - name: "server3" - addr: ":7002" +# The Redis shards that should be used by the media repo in the ring. The names of the +# shards are for your reference and have no bearing on the connection, but must be unique. +matrix_media_repo_redis_shards: + - name: "server1" + addr: ":7000" + - name: "server2" + addr: ":7001" + - name: "server3" + addr: ":7002" # Optional sentry (https://sentry.io/) configuration for the media repo @@ -698,3 +705,27 @@ matrix_media_repo_sentry_environment: "" # Whether or not to turn on sentry's built in debugging. This will increase log output. matrix_media_repo_sentry_debug: false + +# Configuration for the internal tasks engine in the media repo. Note that this only applies +# to the media repo process with machine ID zero (the default in single-instance mode). +# +# Tasks include things like data imports/exports. + +# The number of workers to have available for tasks. Defaults to 5. +matrix_media_repo_tasks_num_workers: 5 + +# Options for collecting PGO-compatible CPU profiles and submitting them to a hosted pgo-fleet +# server. See https://github.com/t2bot/pgo-fleet for collection/more detail. +# +# If you process more than 1Hz of requests or have more than a dozen media repos deployed, please +# get in contact with `@travis:t2l.io` to submit profiles directly to MMR. Submitted profiles are +# used to improve the build speed for everyone. + +# Whether collection is enabled. Defaults to false. +matrix_media_repo_pgo_enabled: false + +# The pgo-fleet submit URL. +matrix_media_repo_pgo_submit_url: "https://pgo-mmr.t2host.io/v1/submit" + +# The pgo-fleet submit key. +matrix_media_repo_pgo_submit_key: "INSERT_VALUE_HERE" diff --git a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 index c304c1c2c..8dec40b18 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 @@ -41,6 +41,24 @@ federation: # the remote server do not count towards this. backoffAt: {{ matrix_media_repo_federation_backoff_at | to_json }} + # The domains the media repo should never serve media for. Existing media already stored from + # these domains will remain, however will not be downloadable without a data export. Media + # repo administrators will bypass this check. Admin APIs will still work for media on these + # domains. + # + # This will not prevent the listed domains from accessing media on this media repo - it only + # stops users on *this* media repo from accessing media originally uploaded to the listed domains. + # + # Note: Adding domains controlled by the media repo itself to this list is not advisable. +{% if (matrix_media_repo_federation_ignored_hosts | length) > 0 %} + ignoredHosts: +{{ matrix_media_repo_federation_ignored_hosts | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} +{% else %} + # ignoredHosts: + # - example.org +{% endif %} + # The database configuration for the media repository # Do NOT put your homeserver's existing database credentials here. Create a new database and # user instead. Using the same server is fine, just not the same username and database. @@ -61,17 +79,27 @@ database: # The configuration for the homeservers this media repository is known to control. Servers # not listed here will not be able to upload media. #homeservers: -# - name: example.org # This should match the server_name of your homeserver, and the Host header -# # provided to the media repo. -# csApi: "https://example.org/" # The base URL to where the homeserver can actually be reached -# backoffAt: 10 # The number of consecutive failures in calling this homeserver before the -# # media repository will start backing off. This defaults to 10 if not given. -# adminApiKind: "matrix" # The kind of admin API the homeserver supports. If set to "matrix", -# # the media repo will use the Synapse-defined endpoints under the -# # unstable client-server API. When this is "synapse", the new /_synapse -# # endpoints will be used instead. Unknown values are treated as the -# # default, "matrix". -{{ matrix_media_repo_homeservers | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +# - # Keep the dash from this line. +# +# # This should match the server_name of your homeserver, and the Host header +# # provided to the media repo. +# name: example.org +# +# # The base URL to where the homeserver can actually be reached by MMR. +# csApi: "https://example.org/" +# +# # The number of consecutive failures in calling this homeserver before the +# # media repository will start backing off. This defaults to 10 if not given. +# backoffAt: 10 +# +# # The admin API interface supported by the homeserver. MMR uses a subset of the admin API +# # during certain operations, like attempting to purge media from a room or validating server +# # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set +# # to "matrix", most functionality requiring the admin API will not work. +# adminApiKind: "synapse" +homeservers: +{{ matrix_media_repo_homeservers | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=2, first=true) }} # Options for controlling how access tokens work with the media repo. It is recommended that if # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints @@ -89,42 +117,58 @@ database: # *************************************************************************** # * IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE. * # *************************************************************************** -# accessTokens: -# # The maximum time a cached access token will be considered valid. Set to zero (the default) -# # to disable the cache and constantly hit the homeserver. This is recommended to be set to -# # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and -# # zero for servers who do not proxy the endpoints through. -# maxCacheTimeSeconds: 0 -# -# # Whether or not to use the `appservices` config option below. If disabled (the default), -# # the regular access token cache will be used for each user, potentially leading to high -# # memory usage. -# useLocalAppserviceConfig: false -# -# # The application services (and their namespaces) registered on the homeserver. Only used -# # if `useLocalAppserviceConfig` is enabled (recommended). -# # -# # Usually the appservice will provide you with these config details - they'll just need -# # translating from the appservice registration to here. Note that this does not require -# # all options from the registration, and only requires the bare minimum required to run -# # the media repo. -# appservices: -# - id: Name_of_appservice_for_your_reference -# asToken: Secret_token_for_appservices_to_use -# senderUserId: "@_example_bridge:yourdomain.com" -# userNamespaces: -# - regex: "@_example_bridge_.+:yourdomain.com" -# # A note about regexes: it is best to suffix *all* namespaces with the homeserver -# # domain users are valid for, as otherwise the appservice can use any user with -# # any domain name it feels like, even if that domain is not configured with the -# # media repo. This will lead to inaccurate reporting in the case of the media -# # repo, and potentially leading to media being considered "remote". -{{ matrix_media_repo_access_tokens | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +accessTokens: + # The maximum time a cached access token will be considered valid. Set to zero (the default) + # to disable the cache and constantly hit the homeserver. This is recommended to be set to + # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and + # zero for servers who do not proxy the endpoints through. + maxCacheTimeSeconds: {{ matrix_media_repo_access_tokens_max_cache_time_seconds | to_json }} + + # Whether or not to use the `appservices` config option below. If disabled (the default), + # the regular access token cache will be used for each user, potentially leading to high + # memory usage. + useLocalAppserviceConfig: {{ matrix_media_repo_access_tokens_use_local_appservice_config | to_json }} + + # The application services (and their namespaces) registered on the homeserver. Only used + # if `useLocalAppserviceConfig` is enabled (recommended). + # + # Usually the appservice will provide you with these config details - they'll just need + # translating from the appservice registration to here. Note that this does not require + # all options from the registration, and only requires the bare minimum required to run + # the media repo. +{% if (matrix_media_repo_access_tokens_appservices | length) > 0 %} +{# `to_nice_yaml` filter unfortunately does not correctly indent arrays. The `indent` filter + is a workaround fixes top-level arrays, but does not fix nested arrays. Hence the use of + the `replace` filter. #} + appservices: +{{ matrix_media_repo_access_tokens_appservices | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) + | replace(" - ", " - ") }} +{% else%} +# appservices: +# - id: Name_of_appservice_for_your_reference +# asToken: Secret_token_for_appservices_to_use +# senderUserId: "@_example_bridge:yourdomain.com" +# userNamespaces: +# - regex: "@_example_bridge_.+:yourdomain.com" +# # A note about regexes: it is best to suffix *all* namespaces with the homeserver +# # domain users are valid for, as otherwise the appservice can use any user with +# # any domain name it feels like, even if that domain is not configured with the +# # media repo. This will lead to inaccurate reporting in the case of the media +# # repo, and potentially leading to media being considered "remote". +{% endif %} # These users have full access to the administrative functions of the media repository. # See docs/admin.md for information on what these people can do. They must belong to one of the # configured homeservers above. -{{ matrix_media_repo_admins | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +{% if (matrix_media_repo_admins | length) > 0 %} +admins: +{{ matrix_media_repo_admins | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=2, first=true) }} +{% else %} +#admins: +# - "@your_username:example.org" +{% endif %} # Shared secret auth is useful for applications building on top of the media repository, such # as a management interface. The `token` provided here is treated as a repository administrator @@ -141,55 +185,58 @@ sharedSecretAuth: # Datastores are places where media should be persisted. This isn't dedicated for just uploads: # thumbnails and other misc data is also stored in these places. The media repo, when looking # for a datastore to use, will always use the smallest datastore first. -# datastores: -# - type: file -# enabled: false # Enable this to set up data storage. -# # Datastores can be split into many areas when handling uploads. Media is still de-duplicated -# # across all datastores (local content which duplicates remote content will re-use the remote -# # content's location). This option is useful if your datastore is becoming very large, or if -# # you want faster storage for a particular kind of media. -# # -# # The kinds available are: -# # thumbnails - Used to store thumbnails of media (local and remote). -# # remote_media - Original copies of remote media (servers not configured by this repo). -# # local_media - Original uploads for local media. -# # archives - Archives of content (GDPR and similar requests). -# forKinds: ["thumbnails"] -# opts: -# path: /var/matrix/media -# -# - type: s3 -# enabled: false # Enable this to set up s3 uploads -# forKinds: ["thumbnails", "remote_media", "local_media", "archives"] -# opts: -# # The s3 uploader needs a temporary location to buffer files to reduce memory usage on -# # small file uploads. If the file size is unknown, the file is written to this location -# # before being uploaded to s3 (then the file is deleted). If you aren't concerned about -# # memory usage, set this to an empty string. -# tempPath: "/tmp/mediarepo_s3_upload" -# endpoint: sfo2.digitaloceanspaces.com -# accessKeyId: "" -# accessSecret: "" -# ssl: true -# bucketName: "your-media-bucket" -# # An optional region for where this S3 endpoint is located. Typically not needed, though -# # some providers will need this (like Scaleway). Uncomment to use. -# #region: "sfo2" -# -# # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If -# # the feature is not enabled, this will not work. Note that IPFS support is experimental at -# # the moment and not recommended for general use. -# # -# # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo -# # puts authentication on the download endpoints. Only use this option for cases where you -# # expect your media to be publicly accessible. -# - type: ipfs -# enabled: false # Enable this to use IPFS support -# forKinds: ["local_media"] -# # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured -# # in the IPFS section of your main config. -# opts: {} -{{ matrix_media_repo_datastores | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +datastores: +{% if (matrix_media_repo_datastore_file_for_kinds | length) > 0 %} + - type: file + # ID for this datastore (cannot change). Alphanumeric recommended. + id: {{ matrix_media_repo_datastore_file_id | to_json }} + # Datastores can be split into many areas when handling uploads. Media is still de-duplicated + # across all datastores (local content which duplicates remote content will re-use the remote + # content's location). This option is useful if your datastore is becoming very large, or if + # you want faster storage for a particular kind of media. + # + # To disable this datastore, making it readonly, specify `forKinds: []`. + # + # The kinds available are: + # thumbnails - Used to store thumbnails of media (local and remote). + # remote_media - Original copies of remote media (servers not configured by this repo). + # local_media - Original uploads for local media. + # archives - Archives of content (GDPR and similar requests). + forKinds: {{ matrix_media_repo_datastore_file_for_kinds | to_json }} + opts: + path: {{ matrix_media_repo_datastore_opts_path | to_json }} +{% endif %} +{% if (matrix_media_repo_datastore_s3_for_kinds | length) > 0 %} + - type: s3 + # ID for this datastore (cannot change). Alphanumeric recommended. + id: {{ matrix_media_repo_datastore_s3_id | to_json }} + forKinds: {{ matrix_media_repo_datastore_s3_for_kinds | to_json }} + opts: + # The s3 uploader needs a temporary location to buffer files to reduce memory usage on + # small file uploads. If the file size is unknown, the file is written to this location + # before being uploaded to s3 (then the file is deleted). If you aren't concerned about + # memory usage, set this to an empty string. + tempPath: {{ matrix_media_repo_datastore_s3_opts_temp_path | to_json }} + endpoint: {{ matrix_media_repo_datastore_s3_opts_endpoint | to_json }} + accessKeyId: {{ matrix_media_repo_datastore_s3_opts_access_key_id | to_json }} + accessSecret: {{ matrix_media_repo_datastore_s3_opts_access_secret | to_json }} + ssl: {{ matrix_media_repo_datastore_s3_opts_ssl | to_json }} + bucketName: {{ matrix_media_repo_datastore_s3_opts_bucket_name | to_json }} +{% if matrix_media_repo_datastore_s3_opts_region is defined %} + region: {{ matrix_media_repo_datastore_s3_opts_region | to_json }} +{% else %} + # An optional region for where this S3 endpoint is located. Typically not needed, though + # some providers will need this (like Scaleway). Uncomment to use. + #region: "sfo2" +{% endif %} +{% if matrix_media_repo_datastore_s3_opts_storage_class is defined %} + storageClass: {{ matrix_media_repo_datastore_s3_opts_storage_class | to_json }} +{% else %} + # An optional storage class for tuning how the media is stored at s3. + # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. + #storageClass: STANDARD +{% endif %} +{% endif %} # Options for controlling archives. Archives are exports of a particular user's content for # the purpose of GDPR or moving media to a different server. @@ -209,42 +256,50 @@ archiving: targetBytesPerPart: {{ matrix_media_repo_archiving_target_bytes_per_part | to_json }} # 200mb default # The file upload settings for the media repository -# uploads: -# # The maximum individual file size a user can upload. -# maxBytes: 104857600 # 100MB default, 0 to disable -# -# # The minimum number of bytes to let people upload. This is recommended to be non-zero to -# # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend -# # to waste more CPU and database resources than small files, thus a default of 100 bytes -# # is applied here as an approximate break-even point. -# minBytes: 100 # 100 bytes by default -# -# # The number of bytes to claim as the maximum size for uploads for the limits API. If this -# # is not provided then the maxBytes setting will be used instead. This is useful to provide -# # if the media repo's settings and the reverse proxy do not match for maximum request size. -# # This is purely for informational reasons and does not actually limit any functionality. -# # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. -# #reportedMaxBytes: 104857600 -# -# # Options for limiting how much content a user can upload. Quotas are applied to content -# # associated with a user regardless of de-duplication. Quotas which affect remote servers -# # or users will not take effect. When a user exceeds their quota they will be unable to -# # upload any more media. -# quotas: -# # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo -# # will track how much media a user has uploaded. This is disabled by default. -# enabled: false -# -# # The quota rules that affect users. The first rule to match the uploader will take effect. -# # An implied rule which matches all users and has no quota is always last in this list, -# # meaning that if no rules are supplied then users will be able to upload anything. Similarly, -# # if no rules match a user then the implied rule will match, allowing the user to have no -# # quota. The quota will let the user upload to 1 media past their quota, meaning that from -# # a statistics perspective the user might exceed their quota however only by a small amount. -# users: -# - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. -# maxBytes: 53687063712 # 50GB default, 0 to disable -{{ matrix_media_repo_uploads | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +uploads: + # The maximum individual file size a user can upload. + maxBytes: {{ matrix_media_repo_max_bytes | to_json }} # 100MB default, 0 to disable + + # The minimum number of bytes to let people upload. This is recommended to be non-zero to + # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend + # to waste more CPU and database resources than small files, thus a default of 100 bytes + # is applied here as an approximate break-even point. + minBytes: {{ matrix_media_repo_min_bytes | to_json }} # 100 bytes by default + + # The number of bytes to claim as the maximum size for uploads for the limits API. If this + # is not provided then the maxBytes setting will be used instead. This is useful to provide + # if the media repo's settings and the reverse proxy do not match for maximum request size. + # This is purely for informational reasons and does not actually limit any functionality. + # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. + reportedMaxBytes: {{ matrix_media_repo_reported_max_bytes | to_json }} + + # The number of pending uploads a user is permitted to have at a given time. They must cancel, + # complete, or otherwise let pending requests expire before uploading any more media. Set to + # zero to disable. + maxPending: {{ matrix_media_repo_max_pending | to_json }} + + # The duration the server will wait to receive media that was asynchronously uploaded before + # expiring it entirely. This should be set sufficiently high for a client on poor connectivity + # to upload something. The Matrix specification recommends 24 hours (86400 seconds), however + # this project recommends 30 minutes (1800 seconds). + maxAgeSeconds: {{ matrix_media_repo_max_age_seconds | to_json }} + + # Options for limiting how much content a user can upload. Quotas are applied to content + # associated with a user regardless of de-duplication. Quotas which affect remote servers + # or users will not take effect. When a user exceeds their quota they will be unable to + # upload any more media. + quotas: + # Whether quotas are enabled/enforced. Note that even when disabled the media repo will + # track how much media a user has uploaded. Quotas are disabled by default. + enabled: {{ matrix_media_repo_quotas_enabled | to_json }} + + # The upload quota rules which affect users. The first rule to match the user ID will take + # effect. If a user does not match a rule, the defaults implied by the above config will + # take effect instead. The user will not be permitted to upload anything above these quota + # values, but can match them exactly. + users: +{{ matrix_media_repo_quotas_users | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=6, first=true) }} # Settings related to downloading files from the media repository downloads: @@ -262,186 +317,143 @@ downloads: # has passed, the media is able to be re-requested. failureCacheMinutes: {{ matrix_media_repo_downloads_failure_cache_minutes | to_json }} - # The cache control settings for downloads. This can help speed up downloads for users by - # keeping popular media in the cache. This cache is also used for thumbnails. - cache: - enabled: {{ matrix_media_repo_downloads_cache_enabled | to_json }} - - # The maximum size of cache to have. Higher numbers are better. - maxSizeBytes: {{ matrix_media_repo_downloads_cache_max_size_bytes | to_json }} # 1GB default - - # The maximum file size to cache. This should normally be the same size as your maximum - # upload size. - maxFileSizeBytes: {{ matrix_media_repo_downloads_cache_max_file_size_bytes | to_json }} # 100MB default - - # The number of minutes to track how many downloads a file gets - trackedMinutes: {{ matrix_media_repo_downloads_cache_tracked_minutes | to_json }} - - # The number of downloads a file must receive in the window above (trackedMinutes) in - # order to be cached. - minDownloads: {{ matrix_media_repo_downloads_cache_min_downloads | to_json }} - - # The minimum amount of time an item should remain in the cache. This prevents the cache - # from cycling out the file if it needs more room during this time. Note that the media - # repo regularly cleans out media which is past this point from the cache, so this number - # may need increasing depending on your use case. If the maxSizeBytes is reached for the - # media repo, and some cached items are still under this timer, new items will not be able - # to enter the cache. When this happens, consider raising maxSizeBytes or lowering this - # timer. - minCacheTimeSeconds: {{ matrix_media_repo_downloads_cache_min_cache_time_seconds | to_json }} - - # The minimum amount of time an item should remain outside the cache once it is removed. - minEvictedTimeSeconds: {{ matrix_media_repo_downloads_cache_min_evicted_time_seconds | to_json }} - # How many days after a piece of remote content is downloaded before it expires. It can be # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or # negative to disable. Defaults to disabled. expireAfterDays: {{ matrix_media_repo_downloads_expire_after_days | to_json }} + # The default size, in bytes, to return for range requests on media. Range requests are used + # by clients when they only need part of a file, such as a video or audio element. Note that + # the entire file will still be cached (if enabled), but only part of it will be returned. + # If the client requests a larger or smaller range, that will be honoured. + defaultRangeChunkSizeBytes: {{ matrix_media_repo_downloads_default_range_chunk_size_bytes | to_json }} # 10MB default + # URL Preview settings -# urlPreviews: -# enabled: true # If enabled, the preview_url routes will be accessible -# maxPageSizeBytes: 10485760 # 10MB default, 0 to disable -# -# # If true, the media repository will try to provide previews for URLs with invalid or unsafe -# # certificates. If false (the default), the media repo will fail requests to said URLs. -# previewUnsafeCertificates: false -# -# # Note: URL previews are limited to a given number of words, which are then limited to a number -# # of characters, taking off the last word if it needs to. This also applies for the title. -# -# numWords: 50 # The number of words to include in a preview (maximum) -# maxLength: 200 # The maximum number of characters for a description -# -# numTitleWords: 30 # The maximum number of words to include in a preview's title -# maxTitleLength: 150 # The maximum number of characters for a title -# -# # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are -# # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be -# # an image and the image's type must be allowed by the thumbnailer. -# filePreviewTypes: -# - "image/*" -# -# # The number of workers to use when generating url previews. Raise this number if url -# # previews are slow or timing out. -# # -# # Maximum memory usage = numWorkers multiplied by the maximum page size -# # Average memory usage is dependent on how many concurrent urls your users are previewing. -# numWorkers: 10 -# -# # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they -# # will be merged. URL previews will be disabled if neither is supplied. Each entry must be -# # a CIDR range. -# disallowedNetworks: -# - "127.0.0.1/8" -# - "10.0.0.0/8" -# - "172.16.0.0/12" -# - "192.168.0.0/16" -# - "100.64.0.0/10" -# - "169.254.0.0/16" -# - '::1/128' -# - 'fe80::/64' -# - 'fc00::/7' -# allowedNetworks: -# - "0.0.0.0/0" # "Everything". The blacklist will help limit this. -# # This is the default value for this field. -# -# # How many days after a preview is generated before it expires and is deleted. The preview -# # can be regenerated safely - this just helps free up some space in your database. Set to -# # zero or negative to disable. Defaults to disabled. -# expireAfterDays: 0 -# -# # The default Accept-Language header to supply when generating URL previews when one isn't -# # supplied by the client. -# # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language -# defaultLanguage: "en-US,en" -# -# # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for -# # sites that do not support OpenGraph or page scraping, such as Twitter. For information on -# # specifying providers for oEmbed, including your own, see the following documentation: -# # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html -# # Defaults to disabled. -# oEmbed: false -{{ matrix_media_repo_url_previews | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false)}} +urlPreviews: + # If enabled, the preview_url routes will be accessible + enabled: {{ matrix_media_repo_url_previews_enabled | to_json }} + # 10MB default, 0 to disable + maxPageSizeBytes: {{ matrix_media_repo_url_previews_max_page_size_bytes | to_json }} + + # If true, the media repository will try to provide previews for URLs with invalid or unsafe + # certificates. If false (the default), the media repo will fail requests to said URLs. + previewUnsafeCertificates: {{ matrix_media_repo_url_previews_preview_unsafe_certificates | to_json }} + + # Note: URL previews are limited to a given number of words, which are then limited to a number + # of characters, taking off the last word if it needs to. This also applies for the title. + + # The number of words to include in a preview (maximum) + numWords: {{ matrix_media_repo_url_previews_num_words | to_json }} + # The maximum number of characters for a description + maxLength: {{ matrix_media_repo_url_previews_max_length | to_json }} + + # The maximum number of words to include in a preview's title + numTitleWords: {{ matrix_media_repo_url_previews_num_title_words | to_json }} + # The maximum number of characters for a title + maxTitleLength: {{ matrix_media_repo_url_previews_max_title_length | to_json }} + + # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are + # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be + # an image and the image's type must be allowed by the thumbnailer. + filePreviewTypes: +{{ matrix_media_repo_url_previews_file_preview_types | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} + + # The number of workers to use when generating url previews. Raise this number if url + # previews are slow or timing out. + # + # Maximum memory usage = numWorkers multiplied by the maximum page size + # Average memory usage is dependent on how many concurrent urls your users are previewing. + numWorkers: {{ matrix_media_repo_url_previews_num_workers | to_json }} + + # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they + # will be merged. URL previews will be disabled if neither is supplied. Each entry must be + # a CIDR range. + disallowedNetworks: +{{ matrix_media_repo_url_previews_disallowed_networks | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} + allowedNetworks: + # "Everything". The deny list will help limit this. + # This is the default value for this field. +{{ matrix_media_repo_url_previews_allowed_networks | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} + + # How many days after a preview is generated before it expires and is deleted. The preview + # can be regenerated safely - this just helps free up some space in your database. Set to + # zero or negative to disable. Defaults to disabled. + expireAfterDays: {{ matrix_media_repo_url_previews_expire_after_days | to_json }} + + # The default Accept-Language header to supply when generating URL previews when one isn't + # supplied by the client. + # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language + defaultLanguage: {{ matrix_media_repo_url_previews_default_language | to_json }} + + # Set the User-Agent header to supply when generating URL previews + userAgent: {{ matrix_media_repo_url_previews_user_agent | to_json }} + + # When true, oEmbed previews will be enabled. Typically, these kinds of previews are used for + # sites that do not support OpenGraph or page scraping, such as Twitter. For information on + # specifying providers for oEmbed, including your own, see the following documentation: + # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html + # Defaults to disabled. + oEmbed: {{ matrix_media_repo_url_previews_o_embed | to_json }} # The thumbnail configuration for the media repository. -# thumbnails: -# # The maximum number of bytes an image can be before the thumbnailer refuses. -# maxSourceBytes: 10485760 # 10MB default, 0 to disable -# -# # The maximum number of pixels an image can have before the thumbnailer refuses. Note that -# # this only applies to image types: file types like audio and video are affected solely by -# # the maxSourceBytes. -# maxPixels: 32000000 # 32M default -# -# # The number of workers to use when generating thumbnails. Raise this number if thumbnails -# # are slow to generate or timing out. -# # -# # Maximum memory usage = numWorkers multiplied by the maximum image source size -# # Average memory usage is dependent on how many thumbnails are being generated by your users -# numWorkers: 100 -# -# # All thumbnails are generated into one of the sizes listed here. The first size is used as -# # the default for when no width or height is requested. The media repository will return -# # either an exact match or the next largest size of thumbnail. -# sizes: -# - width: 32 -# height: 32 -# - width: 96 -# height: 96 -# - width: 320 -# height: 240 -# - width: 640 -# height: 480 -# - width: 768 # This size is primarily used for audio thumbnailing. -# height: 240 -# - width: 800 -# height: 600 -# -# # To allow for thumbnails to be any size, not just in the sizes specified above, set this to -# # true (default false). When enabled, whatever size requested by the client will be generated -# # up to a maximum of the largest possible dimensions in the `sizes` list. For best results, -# # specify only one size in the `sizes` list when this option is enabled. -# dynamicSizing: false -# -# # The content types to thumbnail when requested. Types that are not supported by the media repo -# # will not be thumbnailed (adding application/json here won't work). Clients may still not request -# # thumbnails for these types - this won't make clients automatically thumbnail these file types. -# types: -# - "image/jpeg" -# - "image/jpg" -# - "image/png" -# - "image/apng" -# - "image/gif" -# - "image/heif" -# - "image/webp" -# #- "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files -# - "audio/mpeg" -# - "audio/ogg" -# - "audio/wav" -# - "audio/flac" -# #- "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files -# -# # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated -# # thumbnails, set this to false. If disabled, regular thumbnails will be returned. -# allowAnimated: true -# -# # Default to animated thumbnails, if available -# defaultAnimated: false -# -# # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image -# # is larger than this, the thumbnail will be generated as a static image. -# maxAnimateSizeBytes: 10485760 # 10MB default, 0 to disable -# -# # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try -# # and thumbnail animated content? Defaults to 0.5 (middle of animation). -# stillFrame: 0.5 -# -# # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail -# # can be regenerated safely - this just helps free up some space in your datastores. Set to -# # zero or negative to disable. Defaults to disabled. -# expireAfterDays: 0 -{{ matrix_media_repo_thumbnails | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +thumbnails: + # The maximum number of bytes an image can be before the thumbnailer refuses. + maxSourceBytes: {{ matrix_media_repo_thumbnails_max_source_bytes | to_json }} # 10MB default, 0 to disable + + # The maximum number of pixels an image can have before the thumbnailer refuses. Note that + # this only applies to image types: file types like audio and video are affected solely by + # the maxSourceBytes. + maxPixels: {{ matrix_media_repo_thumbnails_max_pixels | to_json }} # 32M default + + # The number of workers to use when generating thumbnails. Raise this number if thumbnails + # are slow to generate or timing out. + # + # Maximum memory usage = numWorkers multiplied by the maximum image source size + # Average memory usage is dependent on how many thumbnails are being generated by your users + numWorkers: {{ matrix_media_repo_thumbnails_num_workers | to_json }} + + # All thumbnails are generated into one of the sizes listed here. The first size is used as + # the default for when no width or height is requested. The media repository will return + # either an exact match or the next largest size of thumbnail. + sizes: +{{ matrix_media_repo_thumbnails_sizes | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} + + # To allow for thumbnails to be any size, not just in the sizes specified above, set this to + # true (default false). When enabled, whatever size requested by the client will be generated + # up to a maximum of the largest possible dimensions in the `sizes` list. For best results, + # specify only one size in the `sizes` list when this option is enabled. + dynamicSizing: {{ matrix_media_repo_thumbnails_dynamic_sizing | to_json }} + + # The content types to thumbnail when requested. Types that are not supported by the media repo + # will not be thumbnailed (adding application/json here won't work). Clients may still not request + # thumbnails for these types - this won't make clients automatically thumbnail these file types. + types: +{{ matrix_media_repo_thumbnails_types | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} + + # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated + # thumbnails, set this to false. If disabled, regular thumbnails will be returned. + allowAnimated: {{ matrix_media_repo_thumbnails_allow_animated | to_json }} + + # Default to animated thumbnails, if available + defaultAnimated: {{ matrix_media_repo_thumbnails_default_animated | to_json }} + + # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image + # is larger than this, the thumbnail will be generated as a static image. + maxAnimateSizeBytes: {{ matrix_media_repo_thumbnails_max_animate_size_bytes | to_json }} # 10MB default, 0 to disable + + # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try + # and thumbnail animated content? Defaults to 0.5 (middle of animation). + stillFrame: {{ matrix_media_repo_thumbnails_still_frame | to_json }} + + # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail + # can be regenerated safely - this just helps free up some space in your datastores. Set to + # zero or negative to disable. Defaults to disabled. + expireAfterDays: {{ matrix_media_repo_thumbnails_expire_after_days | to_json }} # Controls for the rate limit functionality rateLimit: @@ -543,66 +555,26 @@ metrics: # Sections of this config might disappear or be added over time. By default all # features are disabled in here and must be explicitly enabled to be used. # featureSupport: -# # MSC2248 - Blurhash -# MSC2448: -# # Whether or not this MSC is enabled for use in the media repo -# enabled: false + # No unstable features are currently supported. + +# Support for redis as a cache mechanism # -# # Maximum dimensions for converting a blurhash to an image. When no width and -# # height options are supplied, the default will be half these values. -# maxWidth: 1024 -# maxHeight: 1024 +# Note: Enabling Redis support will mean that the existing cache mechanism will do nothing. +# It can be safely disabled once Redis support is enabled. # -# # Thumbnail size in pixels to use to generate the blurhash string -# thumbWidth: 64 -# thumbHeight: 64 -# -# # The X and Y components to use. Higher numbers blur less, lower numbers blur more. -# xComponents: 4 -# yComponents: 3 -# -# # The amount of contrast to apply when converting a blurhash to an image. Lower values -# # make the effect more subtle, larger values make it stronger. -# punch: 1 -# -# # IPFS Support -# # This is currently experimental and might not work at all. -# IPFS: -# # Whether or not IPFS support is enabled for use in the media repo. -# enabled: false -# -# # Options for the built in IPFS daemon -# builtInDaemon: -# # Enable this to spawn an in-process IPFS node to use instead of a localhost -# # HTTP agent. If this is disabled, the media repo will assume you have an HTTP -# # IPFS agent running and accessible. Defaults to using a daemon (true). -# enabled: true -# -# # If the Daemon is enabled, set this to the location where the IPFS files should -# # be stored. If you're using Docker, this should be something like "/data/ipfs" -# # so it can be mapped to a volume. -# repoPath: "./ipfs" -# -# # Support for redis as a cache mechanism -# # -# # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing. -# # It can be safely disabled once Redis support is enabled. -# # -# # See docs/redis.md for more information on how this works and how to set it up. -# redis: -# # Whether or not use Redis instead of in-process caching. -# enabled: false -# -# # The Redis shards that should be used by the media repo in the ring. The names of the -# # shards are for your reference and have no bearing on the connection, but must be unique. -# shards: -# - name: "server1" -# addr: ":7000" -# - name: "server2" -# addr: ":7001" -# - name: "server3" -# addr: ":7002" -{{ matrix_media_repo_feature_support | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }} +# See docs/redis.md for more information on how this works and how to set it up. +redis: + # Whether or not use Redis instead of in-process caching. + enabled: {{ matrix_media_repo_redis_enabled | to_json }} + + # The database number to use. Leave at zero if using a dedicated Redis instance. + databaseNumber: {{ matrix_media_repo_redis_database_number | to_json }} + + # The Redis shards that should be used by the media repo in the ring. The names of the + # shards are for your reference and have no bearing on the connection, but must be unique. + shards: +{{ matrix_media_repo_redis_shards | to_json | from_json + | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }} # Optional sentry (https://sentry.io/) configuration for the media repo sentry: @@ -616,4 +588,28 @@ sentry: environment: {{ "" if matrix_media_repo_sentry_environment == "" else matrix_media_repo_sentry_environment | to_json }} # Whether or not to turn on sentry's built in debugging. This will increase log output. - debug: {{ matrix_media_repo_sentry_debug | to_json }} \ No newline at end of file + debug: {{ matrix_media_repo_sentry_debug | to_json }} + +# Configuration for the internal tasks engine in the media repo. Note that this only applies +# to the media repo process with machine ID zero (the default in single-instance mode). +# +# Tasks include things like data imports/exports. +tasks: + # The number of workers to have available for tasks. Defaults to 5. + numWorkers: {{ matrix_media_repo_tasks_num_workers | to_json }} + +# Options for collecting PGO-compatible CPU profiles and submitting them to a hosted pgo-fleet +# server. See https://github.com/t2bot/pgo-fleet for collection/more detail. +# +# If you process more than 1Hz of requests or have more than a dozen media repos deployed, please +# get in contact with `@travis:t2l.io` to submit profiles directly to MMR. Submitted profiles are +# used to improve the build speed for everyone. +pgo: + # Whether collection is enabled. Defaults to false. + enabled: {{ matrix_media_repo_pgo_enabled | to_json }} + + # The pgo-fleet submit URL. + submitUrl: {{ matrix_media_repo_pgo_submit_url | to_json }} + + # The pgo-fleet submit key. + submitKey: {{ matrix_media_repo_pgo_submit_key | to_json }} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index d28cbf150..01224e0fb 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -114,6 +114,9 @@ proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; + + client_body_buffer_size {{ ((matrix_media_repo_max_bytes | int) / 4) | int }}; + client_max_body_size {{ matrix_media_repo_max_bytes }}; } # Redirect other endpoints registered by the media-repo to its container From 85005d1b0b11161b38127d37f427e48ec53289ed Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Mon, 4 Dec 2023 13:26:13 -0600 Subject: [PATCH 054/100] Fixed linting warnings --- .../matrix-media-repo/defaults/main.yml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 6a09bdb51..026de1501 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -149,7 +149,7 @@ matrix_media_repo_homeservers: "{{ matrix_media_repo_homeservers_auto + matrix_m # Auto configured server setup by the playbook matrix_media_repo_homeservers_auto: - - # Keep the dash from this line. + - # Keep the dash from this line. # This should match the server_name of your homeserver, and the Host header # provided to the media repo. @@ -324,13 +324,13 @@ matrix_media_repo_archiving_target_bytes_per_part: 209715200 # 200mb default # The file upload settings for the media repository # The maximum individual file size a user can upload. -matrix_media_repo_max_bytes: 104857600 # 100MB default, 0 to disable +matrix_media_repo_max_bytes: 104857600 # 100MB default, 0 to disable # The minimum number of bytes to let people upload. This is recommended to be non-zero to # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend # to waste more CPU and database resources than small files, thus a default of 100 bytes # is applied here as an approximate break-even point. -matrix_media_repo_min_bytes: 100 # 100 bytes by default +matrix_media_repo_min_bytes: 100 # 100 bytes by default # The number of bytes to claim as the maximum size for uploads for the limits API. If this # is not provided then the maxBytes setting will be used instead. This is useful to provide @@ -368,7 +368,7 @@ matrix_media_repo_quotas_users: "{{ matrix_media_repo_quotas_users_auto + matrix matrix_media_repo_quotas_users_auto: - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. # The maximum number of TOTAL bytes a user can upload. Defaults to zero (no limit). - maxBytes: 53687063712 # 50gb + maxBytes: 53687063712 # 50gb # The same as maxPending above - the number of uploads the user can have waiting to # complete before starting another one. Defaults to maxPending above. Set to 0 to # disable. @@ -407,7 +407,7 @@ matrix_media_repo_downloads_expire_after_days: 0 # by clients when they only need part of a file, such as a video or audio element. Note that # the entire file will still be cached (if enabled), but only part of it will be returned. # If the client requests a larger or smaller range, that will be honoured. -matrix_media_repo_downloads_default_range_chunk_size_bytes: 10485760 # 10MB default +matrix_media_repo_downloads_default_range_chunk_size_bytes: 10485760 # 10MB default # URL Preview settings @@ -490,12 +490,12 @@ matrix_media_repo_url_previews_o_embed: false # The thumbnail configuration for the media repository. # The maximum number of bytes an image can be before the thumbnailer refuses. -matrix_media_repo_thumbnails_max_source_bytes: 10485760 # 10MB default, 0 to disable +matrix_media_repo_thumbnails_max_source_bytes: 10485760 # 10MB default, 0 to disable # The maximum number of pixels an image can have before the thumbnailer refuses. Note that # this only applies to image types: file types like audio and video are affected solely by # the maxSourceBytes. -matrix_media_repo_thumbnails_max_pixels: 32000000 # 32M default +matrix_media_repo_thumbnails_max_pixels: 32000000 # 32M default # The number of workers to use when generating thumbnails. Raise this number if thumbnails # are slow to generate or timing out. @@ -541,12 +541,12 @@ matrix_media_repo_thumbnails_types: - "image/webp" - "image/bmp" - "image/tiff" - #- "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files + # - "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files - "audio/mpeg" - "audio/ogg" - "audio/wav" - "audio/flac" - #- "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files + # - "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated # thumbnails, set this to false. If disabled, regular thumbnails will be returned. @@ -557,7 +557,7 @@ matrix_media_repo_thumbnails_default_animated: false # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image # is larger than this, the thumbnail will be generated as a static image. -matrix_media_repo_thumbnails_max_animate_size_bytes: 10485760 # 10MB default, 0 to disable +matrix_media_repo_thumbnails_max_animate_size_bytes: 10485760 # 10MB default, 0 to disable # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try # and thumbnail animated content? Defaults to 0.5 (middle of animation). @@ -667,7 +667,7 @@ matrix_media_repo_plugins: # Sections of this config might disappear or be added over time. By default all # features are disabled in here and must be explicitly enabled to be used. # featureSupport: - # No unstable features are currently supported. +# No unstable features are currently supported. # Support for redis as a cache mechanism # From 755c5ce30a1ada4a525eb3619d0af20f8431e029 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Dec 2023 09:11:57 +0200 Subject: [PATCH 055/100] Upgrade systemd_docker_base (v1.0.0-0 -> v1.0.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e4c8e0628..cddd9b413 100644 --- a/requirements.yml +++ b/requirements.yml @@ -55,7 +55,7 @@ version: v7.2.0-0 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: v1.0.0-0 + version: v1.0.0-1 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-3 From 90b0d559fd27c5c2c502166b08f33285bc4ce707 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Dec 2023 09:13:55 +0200 Subject: [PATCH 056/100] Upgrade Traefik (v2.10.6-0 -> v2.10.6-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cddd9b413..3734a2e0b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -64,7 +64,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.6-0 + version: v2.10.6-1 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 From 641fa7a8064bf6d37618b2151c579102b88388ed Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Dec 2023 09:16:06 +0200 Subject: [PATCH 057/100] Upgrade Postgres (v16.1-0 -> v16.1-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3734a2e0b..563934c4f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.1-0 + version: v16.1-1 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 From 7cf713f5912e292b83cc7b21e8fb9085f1b7ba6d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Dec 2023 09:17:20 +0200 Subject: [PATCH 058/100] Switch from devture_traefik_container_additional_networks to devture_traefik_container_additional_networks_auto Related to https://github.com/devture/com.devture.ansible.role.traefik/commit/e3375d56f36df250d4adacfa8cae29a050771de4 --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e5ca46e02..f044f6d4d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4397,7 +4397,7 @@ devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_ad devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" -devture_traefik_container_additional_networks: | +devture_traefik_container_additional_networks_auto: | {{ ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else []) }} From bde2d0dc42e41311695883bc4b8112331031d79f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Dec 2023 09:19:45 +0200 Subject: [PATCH 059/100] Upgrade postgres-backup --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 563934c4f..454c68052 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ version: v16.1-1 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2 + version: 4b0441bca6052c5a02ecd7f6d8bd83bba9742135 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.48.0-0 From 09f15bea1d96a1889c20ccd37bc0e89105a5ea4b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Dec 2023 09:32:10 +0200 Subject: [PATCH 060/100] Upgrade Redis (v7.2.0-0 -> v7.2.3-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 454c68052..177f2b83d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -52,7 +52,7 @@ version: v0.14.0-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.0-0 + version: v7.2.3-0 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-1 From cedeedcc06e20ef16d9ccee34d29daf2ec1d89a5 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Tue, 5 Dec 2023 23:35:05 -0600 Subject: [PATCH 061/100] Added config validation for matrix media repo --- roles/custom/matrix-media-repo/tasks/main.yml | 3 +++ .../tasks/validate_config.yml | 22 +++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 roles/custom/matrix-media-repo/tasks/validate_config.yml diff --git a/roles/custom/matrix-media-repo/tasks/main.yml b/roles/custom/matrix-media-repo/tasks/main.yml index 03c26ec5b..4bf63251d 100644 --- a/roles/custom/matrix-media-repo/tasks/main.yml +++ b/roles/custom/matrix-media-repo/tasks/main.yml @@ -6,6 +6,9 @@ - install-all - install-matrix-media-repo block: + - when: matrix_media_repo_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + - when: matrix_media_repo_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" diff --git a/roles/custom/matrix-media-repo/tasks/validate_config.yml b/roles/custom/matrix-media-repo/tasks/validate_config.yml new file mode 100644 index 000000000..fd9282d67 --- /dev/null +++ b/roles/custom/matrix-media-repo/tasks/validate_config.yml @@ -0,0 +1,22 @@ +--- + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_media_repo_access_tokens', 'new': ''} + - {'old': 'matrix_media_repo_datastores', 'new': 'flattened into matrix_media_repo_datastores_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} + - {'old': 'matrix_media_repo_uploads', 'new': 'flattened into multiple matrix_media_repo_uploads_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} + - {'old': 'matrix_media_repo_downloads_cache_enabled', 'new': ''} + - {'old': 'matrix_media_repo_downloads_cache_max_size_bytes', 'new': ''} + - {'old': 'matrix_media_repo_downloads_cache_max_file_size_bytes', 'new': ''} + - {'old': 'matrix_media_repo_downloads_cache_tracked_minutes', 'new': ''} + - {'old': 'matrix_media_repo_downloads_cache_min_downloads', 'new': ''} + - {'old': 'matrix_media_repo_downloads_cache_min_cache_time_seconds', 'new': ''} + - {'old': 'matrix_media_repo_downloads_cache_min_evicted_time_seconds', 'new': ''} + - {'old': 'matrix_media_repo_url_previews', 'new': 'flattened into multiple matrix_media_repo_url_previews_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} + - {'old': 'matrix_media_repo_thumbnails', 'new': 'flattened into multiple matrix_media_repo_thumbnails_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} + - {'old': 'matrix_media_repo_feature_support', 'new': ''} From e55d3a7366cf1b6f795e5fd7f0c085ac45ffc682 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Tue, 5 Dec 2023 23:38:34 -0600 Subject: [PATCH 062/100] Added missing angle brackets --- roles/custom/matrix-media-repo/tasks/validate_config.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-media-repo/tasks/validate_config.yml b/roles/custom/matrix-media-repo/tasks/validate_config.yml index fd9282d67..fdde7b02b 100644 --- a/roles/custom/matrix-media-repo/tasks/validate_config.yml +++ b/roles/custom/matrix-media-repo/tasks/validate_config.yml @@ -8,8 +8,8 @@ when: "item.old in vars" with_items: - {'old': 'matrix_media_repo_access_tokens', 'new': ''} - - {'old': 'matrix_media_repo_datastores', 'new': 'flattened into matrix_media_repo_datastores_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} - - {'old': 'matrix_media_repo_uploads', 'new': 'flattened into multiple matrix_media_repo_uploads_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} + - {'old': 'matrix_media_repo_datastores', 'new': ''} + - {'old': 'matrix_media_repo_uploads', 'new': ''} - {'old': 'matrix_media_repo_downloads_cache_enabled', 'new': ''} - {'old': 'matrix_media_repo_downloads_cache_max_size_bytes', 'new': ''} - {'old': 'matrix_media_repo_downloads_cache_max_file_size_bytes', 'new': ''} @@ -17,6 +17,6 @@ - {'old': 'matrix_media_repo_downloads_cache_min_downloads', 'new': ''} - {'old': 'matrix_media_repo_downloads_cache_min_cache_time_seconds', 'new': ''} - {'old': 'matrix_media_repo_downloads_cache_min_evicted_time_seconds', 'new': ''} - - {'old': 'matrix_media_repo_url_previews', 'new': 'flattened into multiple matrix_media_repo_url_previews_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} - - {'old': 'matrix_media_repo_thumbnails', 'new': 'flattened into multiple matrix_media_repo_thumbnails_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml'} + - {'old': 'matrix_media_repo_url_previews', 'new': ''} + - {'old': 'matrix_media_repo_thumbnails', 'new': ''} - {'old': 'matrix_media_repo_feature_support', 'new': ''} From 52c085df5e29e79d45cebf69a4e8a1ea99d191c9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 08:32:11 +0200 Subject: [PATCH 063/100] Upgrade traefik_certs_dumper (v2.8.1-0 -> v2.8.3-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 177f2b83d..31a92088b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,5 +67,5 @@ version: v2.10.6-1 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git - version: v2.8.1-0 + version: v2.8.3-0 name: traefik_certs_dumper From 26f45976f55c089ddccaacfd00aa00abea2cfe04 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 06:32:33 +0000 Subject: [PATCH 064/100] chore(deps): update vectorim/element-web docker tag to v1.11.51 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index c9726cc9c..3015797a7 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.50 +matrix_client_element_version: v1.11.51 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 86511743a48ad23c403388a81e7d4a02f0eb9ae0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:23:32 +0200 Subject: [PATCH 065/100] Upgrade traefik_certs_dumper (v2.8.3-0 -> v2.8.3-1) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3024 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 31a92088b..59801921c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,5 +67,5 @@ version: v2.10.6-1 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git - version: v2.8.3-0 + version: v2.8.3-1 name: traefik_certs_dumper From cf91ce61c19391522048bad102ae36647dd50702 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:24:54 +0200 Subject: [PATCH 066/100] Upgrade Traefik (v2.10.6-1 -> v2.10.6-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 59801921c..dd752376a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -64,7 +64,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.6-1 + version: v2.10.6-2 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 From 784d91abf42ba055fd86767cd2fdbd48de26f557 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:26:19 +0200 Subject: [PATCH 067/100] Upgrade Postgres (v16.1-1 -> v16.1-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index dd752376a..4a0c98a69 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.1-1 + version: v16.1-2 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 4b0441bca6052c5a02ecd7f6d8bd83bba9742135 From aa74095bcc7b5efaa230815c785cc8919a0f3374 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:27:37 +0200 Subject: [PATCH 068/100] Upgrade postgres-backup --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 4a0c98a69..4f22bee8e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ version: v16.1-2 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: 4b0441bca6052c5a02ecd7f6d8bd83bba9742135 + version: b29a9c551dd09079f5ef26d494973a499088b9e8 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.48.0-0 From 71fa79f9ecf6193da305a513dae7488f44794d97 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:30:51 +0200 Subject: [PATCH 069/100] Upgrade container_socket_proxy (v0.1.1-2 -> v0.1.1-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 4f22bee8e..ccf9d7139 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,7 +7,7 @@ version: v1.2.7-1.8.5-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git - version: v0.1.1-2 + version: v0.1.1-3 name: container_socket_proxy - src: git+https://github.com/geerlingguy/ansible-role-docker version: 7.0.2 From 572b0317a470f2ce435617ea2ff78db2b2f4a8db Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:37:33 +0200 Subject: [PATCH 070/100] Upgrade Redis (v7.2.3-0 -> v7.2.3-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ccf9d7139..64b055c52 100644 --- a/requirements.yml +++ b/requirements.yml @@ -52,7 +52,7 @@ version: v0.14.0-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.3-0 + version: v7.2.3-1 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-1 From f8d32c9bf480d2c9e1cb76aa99de2feb77fea922 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:40:36 +0200 Subject: [PATCH 071/100] Upgrade Grafana (v10.2.2-0 -> v10.2.2-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 64b055c52..c06216adb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,7 +19,7 @@ version: v1.9.3-0 name: etherpad - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.2.2-0 + version: v10.2.2-1 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v9111-0 From 0693978c2bba72a190194e237494de5cdb5daca8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:42:11 +0200 Subject: [PATCH 072/100] Upgrade Ntfy (v2.8.0-0 -> v2.8.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index c06216adb..afb866454 100644 --- a/requirements.yml +++ b/requirements.yml @@ -25,7 +25,7 @@ version: v9111-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.8.0-0 + version: v2.8.0-1 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f From 99e30653a788c9bc3b898656117c2d504b8ce608 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:43:52 +0200 Subject: [PATCH 073/100] Upgrade Jitsi (v9111-0 -> v9111-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index afb866454..ccd87cea7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,7 +22,7 @@ version: v10.2.2-1 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9111-0 + version: v9111-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.8.0-1 From 162c41e2289fa39e045d4b8def61111c51a5fb20 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:45:11 +0200 Subject: [PATCH 074/100] Upgrade Prometheus (v2.48.0-0 -> v2.48.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ccd87cea7..883432cef 100644 --- a/requirements.yml +++ b/requirements.yml @@ -43,7 +43,7 @@ version: b29a9c551dd09079f5ef26d494973a499088b9e8 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.48.0-0 + version: v2.48.0-1 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-0 From d98277dd2f134169e3ddacd636db8ec08b71f291 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:46:57 +0200 Subject: [PATCH 075/100] Upgrade Etherpad (v1.9.3-0 -> v1.9.3-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 883432cef..ab5c77107 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.3-0 + version: v1.9.3-1 name: etherpad - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.2-1 From 3114bec42fa88d92ab1f45eeca08e8df9ac5461d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:48:31 +0200 Subject: [PATCH 076/100] Upgrade prometheus-postgres-exporter (v0.14.0-0 -> v0.14.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ab5c77107..1bcb039cf 100644 --- a/requirements.yml +++ b/requirements.yml @@ -49,7 +49,7 @@ version: v1.7.0-0 name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.14.0-0 + version: v0.14.0-1 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.2.3-1 From ab40db755785f98e5958166fc12b0b669f17e581 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:49:51 +0200 Subject: [PATCH 077/100] Upgrade prometheus-node-exporter (v1.7.0-0 -> v1.7.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1bcb039cf..40bfcdab7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -46,7 +46,7 @@ version: v2.48.0-1 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.7.0-0 + version: v1.7.0-1 name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.14.0-1 From c36a8372d30657ec5c6c406791a3cfd56e1a4b10 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:51:02 +0200 Subject: [PATCH 078/100] Upgrade backup-borg (v1.2.7-1.8.5-0 -> v1.2.7-1.8.5-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 40bfcdab7..6a5890914 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.7-1.8.5-0 + version: v1.2.7-1.8.5-1 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-3 From 2511b34a7cd7868507f0607d3f8ad8394cc9725e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 11:52:23 +0200 Subject: [PATCH 079/100] Stop containers gracefully, instead of outright killing them --- .../templates/systemd/matrix-bot-buscarron.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-chatgpt.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-draupnir.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-go-neb.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-honoroit.service.j2 | 4 ++-- .../systemd/matrix-bot-matrix-registration-bot.service.j2 | 4 ++-- .../systemd/matrix-bot-matrix-reminder-bot.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-maubot.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-mjolnir.service.j2 | 4 ++-- .../templates/systemd/matrix-bot-postmoogle.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-discord.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-irc.service.j2 | 4 ++-- .../systemd/matrix-appservice-kakaotalk-node.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-kakaotalk.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-slack.service.j2 | 4 ++-- .../templates/systemd/matrix-appservice-webhooks.service.j2 | 4 ++-- .../templates/systemd/matrix-beeper-linkedin.service.j2 | 4 ++-- .../templates/systemd/matrix-go-skype-bridge.service.j2 | 4 ++-- .../templates/systemd/matrix-heisenbridge.service.j2 | 4 ++-- .../templates/systemd/matrix-hookshot.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-discord.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-facebook.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-gmessages.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-googlechat.service.j2 | 2 +- .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-instagram.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-signal-daemon.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-signal.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-slack.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-telegram.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-twitter.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-whatsapp.service.j2 | 4 ++-- .../systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-wsproxy.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-groupme.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-instagram.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-slack.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-steam.service.j2 | 4 ++-- .../templates/systemd/matrix-mx-puppet-twitter.service.j2 | 4 ++-- .../templates/systemd/matrix-cactus-comments.service.j2 | 4 ++-- .../templates/systemd/matrix-client-cinny.service.j2 | 4 ++-- .../templates/systemd/matrix-client-element.service.j2 | 4 ++-- .../templates/systemd/matrix-client-hydrogen.service.j2 | 4 ++-- .../templates/systemd/matrix-client-schildichat.service.j2 | 4 ++-- .../templates/conduit/systemd/matrix-conduit.service.j2 | 4 ++-- .../templates/systemd/matrix-corporal.service.j2 | 4 ++-- .../matrix-coturn/templates/systemd/matrix-coturn.service.j2 | 4 ++-- .../templates/dendrite/systemd/matrix-dendrite.service.j2 | 4 ++-- .../templates/systemd/matrix-dimension.service.j2 | 4 ++-- .../templates/systemd/matrix-dynamic-dns.service.j2 | 4 ++-- .../templates/systemd/matrix-email2matrix.service.j2 | 4 ++-- .../systemd/matrix-ldap-registration-proxy.service.j2 | 4 ++-- .../matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 | 4 ++-- .../matrix-mailer/templates/systemd/matrix-mailer.service.j2 | 4 ++-- .../templates/media-repo/systemd/matrix-media-repo.service.j2 | 4 ++-- .../templates/systemd/matrix-nginx-proxy.service.j2 | 4 ++-- .../systemd/matrix-prometheus-nginxlog-exporter.service.j2 | 4 ++-- .../templates/systemd/matrix-rageshake.service.j2 | 4 ++-- .../templates/systemd/matrix-registration.service.j2 | 4 ++-- .../templates/systemd/matrix-sliding-sync.service.j2 | 4 ++-- .../matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 | 4 ++-- .../templates/systemd/matrix-synapse-admin.service.j2 | 4 ++-- .../templates/matrix-synapse-auto-compressor.service.j2 | 4 ++-- .../systemd/matrix-synapse-reverse-proxy-companion.service.j2 | 4 ++-- .../templates/goofys/systemd/matrix-goofys.service.j2 | 4 ++-- .../synapse/systemd/matrix-synapse-worker.service.j2 | 4 ++-- .../templates/synapse/systemd/matrix-synapse.service.j2 | 4 ++-- .../systemd/matrix-user-verification-service.service.j2 | 4 ++-- 69 files changed, 137 insertions(+), 137 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 index 49c699488..aa4314a13 100644 --- a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-buscarron -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 index c8fa06c19..886156345 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ {% endfor %} {{ matrix_bot_chatgpt_container_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 index d36aebdd0..20a58611a 100644 --- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_bot_draupnir_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 150cd665f..876c13829 100644 --- a/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-go-neb 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -44,7 +44,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-go-neb -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-go-neb 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index 9bbc7d10b..2749ec520 100644 --- a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-honoroit 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-honoroit -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-honoroit 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index 704c512f0..b23595169 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-registration-bot 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ @@ -27,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --network={{ matrix_docker_network }} \ {{ matrix_bot_matrix_registration_bot_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-registration-bot 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index 71598232a..70c02224a 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-reminder-bot 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-reminder-bot 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 34c856350..20bf16bf0 100644 --- a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-maubot \ @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 23561c3c4..6d1e91945 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-mjolnir 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-mjolnir 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 index ab1177f67..17ebece27 100644 --- a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 +++ b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-postmoogle 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-postmoogle \ @@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_bot_postmoogle_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-postmoogle 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 8a7935731..d470fd3de 100644 --- a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-discord 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-discord 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index bd5cbbe3c..93678338e 100644 --- a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-irc 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-irc 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 index 4161241aa..f47f51f7d 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk-node 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \ @@ -28,7 +28,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_appservice_kakaotalk_node_docker_image }} \ node src/main.js --config /config.json -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk-node 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 index 0c85e7ba6..15d2b3525 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_appservice_kakaotalk_docker_image }} \ python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 0d1009faa..5503522bd 100644 --- a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-slack 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-slack 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index a50173690..091442c95 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-webhooks 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-webhooks 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 1a63311b9..2c30c8003 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-beeper-linkedin 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-beeper-linkedin 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 index f7ab10f86..93e736916 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 +++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-go-skype-bridge 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_go_skype_bridge_docker_image }} \ /usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-go-skype-bridge 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index 49abaf0a5..2c7367930 100644 --- a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-heisenbridge ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-heisenbridge \ @@ -41,7 +41,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-heisenbridge ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index 713c7a9fd..240598018 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_hookshot_container_url }} ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }} ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ @@ -30,7 +30,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_hookshot_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_hookshot_container_url }} ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }} Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 index 43a166071..d3af8eb77 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-discord 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_discord_docker_image }} \ /usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-discord 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 4097111e2..2786a3f74 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-facebook 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-facebook 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 index fb34e95b9..885fa8ada 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-gmessages 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_gmessages_docker_image }} \ /usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-gmessages 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index d52e5d6b5..ca5a1b9ea 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-googlechat 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index a24bcf868..ec3bfe751 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ @@ -44,7 +44,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-hangouts 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 808ace40d..c9b64229e 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-instagram 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-instagram 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 11a34d8f2..4ee7518d1 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -15,7 +15,7 @@ Wants={{ service }} Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal-daemon 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -41,7 +41,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal-daemon 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index 7b70cbe44..5d72b8ff0 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -14,7 +14,7 @@ Wants={{ service }} [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -38,7 +38,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 index af5f3c038..0c1a22b01 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-slack 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_slack_docker_image }} \ /usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-slack 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 2948a711c..732199888 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-telegram 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-telegram 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index c167eb067..114d3a6fa 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-twitter 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-twitter 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index effa086dc..39e2ff359 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-whatsapp 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-whatsapp 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 index 4531e12e3..14d5399be 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy-syncproxy 2>/dev/null' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -30,7 +30,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mautrix_wsproxy_syncproxy_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy-syncproxy 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 index 0965efa38..d09edac1f 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy 2>/dev/null' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -41,7 +41,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-mautrix-wsproxy -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 7304054e5..5f0e99897 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-discord 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-discord 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index d9fd49295..e98ac9073 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-groupme 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-groupme 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 5e3ad3eaa..b667c6500 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-instagram 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-instagram 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 06d5e10ad..f26154d04 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-slack 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-slack 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index 31dd2fae5..0c7956785 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-steam 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-steam 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 918b06d79..cd74e75b1 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-twitter 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. @@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-twitter 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 index 1ad84d5b7..b35e5e6c3 100644 --- a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 +++ b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-cactus-comments 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-cactus-comments \ @@ -26,7 +26,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --network={{ matrix_docker_network }} \ {{ matrix_cactus_comments_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-cactus-comments 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index 2c49a0f3b..c5b5ab3ac 100644 --- a/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -10,7 +10,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-cinny 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-cinny -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-cinny 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index bbb509896..e70869db2 100644 --- a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -10,7 +10,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -47,7 +47,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-element -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 1f1f0dc9b..28867dd5a 100644 --- a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -10,7 +10,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-hydrogen 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-hydrogen -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-hydrogen 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 index 8905f1ed7..97eac7704 100644 --- a/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 +++ b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2 @@ -10,7 +10,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-schildichat 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -46,7 +46,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-schildichat -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-schildichat 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 index 91c1e9151..ce857818d 100644 --- a/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 +++ b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 @@ -9,7 +9,7 @@ After={{ service }} [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduit 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -35,7 +35,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduit -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduit 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1' Restart=always diff --git a/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index b5ad685a7..a80d17de1 100644 --- a/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -10,7 +10,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-corporal 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-corporal \ @@ -34,7 +34,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-corporal 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 2c0c9cd9e..3354d3693 100644 --- a/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -10,7 +10,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-coturn 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-coturn \ @@ -43,7 +43,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-coturn 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true' # This only reloads certificates (not other configuration). diff --git a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 378cf596e..cf2309fab 100644 --- a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' {% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %} @@ -62,7 +62,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dendrite -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always diff --git a/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index 0b14a117c..7898a7ba3 100644 --- a/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dimension 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true' # Fixup database ownership if it got changed somehow (during a server migration, etc.) @@ -47,7 +47,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dimension -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dimension 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index 39cb94ca5..f624f8db9 100644 --- a/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dynamic-dns 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dynamic-dns \ --log-driver=none \ @@ -26,7 +26,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dynamic-dns 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index 270a0c530..df0d1f85e 100644 --- a/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -8,7 +8,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-email2matrix 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-email2matrix \ @@ -24,7 +24,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-email2matrix 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 index 641e321e2..d1f666407 100644 --- a/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 +++ b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true' # matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_ldap_registration_proxy_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 55505ab69..26e326e72 100644 --- a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ma1sd 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, @@ -46,7 +46,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ma1sd -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ma1sd 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 469d08172..87d593a6f 100644 --- a/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -8,7 +8,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mailer 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true' # --hostname gives us a friendlier hostname than the default. @@ -27,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mailer 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 index 0e73cb6ce..0defeb085 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_media_repo_identifier }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_media_repo_identifier }} 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_media_repo_identifier }} 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -45,7 +45,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_media_repo_identifier }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_media_repo_identifier }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_media_repo_identifier }} 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_media_repo_identifier }} 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_media_repo_identifier }} /bin/sh -c 'kill -HUP 1' Restart=always diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index f302c92e0..bd4bbb1df 100755 --- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-nginx-proxy 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -56,7 +56,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-nginx-proxy -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-nginx-proxy 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 index 0d01aa217..669bfe963 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' @@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_prometheus_nginxlog_exporter_docker_image }} \ -config-file /etc/prometheus-nginxlog-exporter/prometheus-nginxlog-exporter.yaml -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 b/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 index 75006c2d5..53857b53c 100644 --- a/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 +++ b/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-rageshake 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -40,7 +40,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-rageshake -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-rageshake 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 index f51d9fb95..f025ad6d4 100644 --- a/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-registration \ @@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_registration_docker_image }} \ serve -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/custom/matrix-sliding-sync/templates/systemd/matrix-sliding-sync.service.j2 b/roles/custom/matrix-sliding-sync/templates/systemd/matrix-sliding-sync.service.j2 index ac8d2ffb5..d3a22e1d4 100644 --- a/roles/custom/matrix-sliding-sync/templates/systemd/matrix-sliding-sync.service.j2 +++ b/roles/custom/matrix-sliding-sync/templates/systemd/matrix-sliding-sync.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sliding-sync 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sliding-sync 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sliding-sync 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-sliding-sync -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sliding-sync 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sliding-sync 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sliding-sync 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 49b513cda..12140146a 100644 --- a/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sygnal 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -41,7 +41,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-sygnal -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sygnal 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index ba56374c4..aa305718e 100644 --- a/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse-admin 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -41,7 +41,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse-admin -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse-admin 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 b/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 index f530d5b27..d2f08a2d3 100644 --- a/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 +++ b/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=oneshot Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-auto-compressor 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse-auto-compressor 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-auto-compressor 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse-auto-compressor -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-auto-compressor 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse-auto-compressor 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-auto-compressor 2>/dev/null || true' SyslogIdentifier=matrix-synapse-auto-compressor diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 index 125d7f498..abf42196e 100755 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ @@ -44,7 +44,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse-reverse-proxy-companion -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse-reverse-proxy-companion /usr/sbin/nginx -s reload Restart=always diff --git a/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index fea02d479..f123b5d91 100644 --- a/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -8,7 +8,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill %n +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} %n ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm %n ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name %n \ @@ -28,7 +28,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name TimeoutStartSec=5min ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop %n -ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} %n ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm %n ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} Restart=always diff --git a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 2441e4a8d..6d0c24937 100644 --- a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -9,7 +9,7 @@ Requires=matrix-synapse.service Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' # Intentional delay, so that the homeserver can manage to start. @@ -54,7 +54,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_synapse_worker_container_name }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' diff --git a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index bd72f20a9..27bc54e93 100644 --- a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -21,7 +21,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. @@ -71,7 +71,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index 268e4298f..19956496b 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' @@ -40,7 +40,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne {% endfor %} ExecStart=/usr/bin/env docker start --attach matrix-user-verification-service -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' Restart=always RestartSec=30 From 6b04afb49ae15fb95d3484eecd9ace0dcde91690 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 12:11:53 +0200 Subject: [PATCH 080/100] Optimize matrix-bot-chatgpt container stopping time --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 4 ++++ .../templates/systemd/matrix-bot-chatgpt.service.j2 | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 4e8f709f2..823452fc0 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -22,6 +22,10 @@ matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config" matrix_bot_chatgpt_data_path: "{{ matrix_bot_chatgpt_base_path }}/data" matrix_bot_chatgpt_container_src_path: "{{ matrix_bot_chatgpt_base_path }}/container-src" +# Controls how long to wait for the container to stop gracefully before killing it. +# We use a small value here, because this container does not seem to handle the SIGTERM signal. +matrix_bot_chatgpt_container_stop_grace_time_seconds: 1 + # A list of extra arguments to pass to the container matrix_bot_chatgpt_container_extra_arguments: [] diff --git a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 index 886156345..e27b018f5 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true' ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ @@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ {% endfor %} {{ matrix_bot_chatgpt_container_image }} -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true' Restart=always RestartSec=30 From c2605cd3ccaf13cdedd97c388b914cdcdf19e8e5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 12:13:06 +0200 Subject: [PATCH 081/100] Optimize matrix-heisenbridge container stopping time --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 4 ++++ .../templates/systemd/matrix-heisenbridge.service.j2 | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index c8d1bf946..8ffcf3122 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -17,6 +17,10 @@ matrix_heisenbridge_identd_enabled: false matrix_heisenbridge_base_path: "{{ matrix_base_data_path }}/heisenbridge" +# Controls how long to wait for the container to stop gracefully before killing it. +# We use a small value here, because this container does not seem to handle the SIGTERM signal. +matrix_heisenbridge_container_stop_grace_time_seconds: 1 + # A list of extra arguments to pass to the container matrix_heisenbridge_container_extra_arguments: [] diff --git a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index 2c7367930..6bb6b81b1 100644 --- a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -13,7 +13,7 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-heisenbridge +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_heisenbridge_container_stop_grace_time_seconds }} matrix-heisenbridge ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-heisenbridge \ @@ -41,7 +41,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-heisenbridge +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_heisenbridge_container_stop_grace_time_seconds }} matrix-heisenbridge ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 From 0a10bd77520a5267ecea1cdb327db5f78b1c290b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 12:43:29 +0200 Subject: [PATCH 082/100] Upgrade Postgres (v16.1-2 -> v16.1-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 6a5890914..d43219a11 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.1-2 + version: v16.1-3 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: b29a9c551dd09079f5ef26d494973a499088b9e8 From bfd0b5f4df720cbe8a61ab66b785bd0f904c5815 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 12:45:57 +0200 Subject: [PATCH 083/100] Upgrade Redis (v7.2.3-1 -> v7.2.3-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index d43219a11..45db7ce50 100644 --- a/requirements.yml +++ b/requirements.yml @@ -52,7 +52,7 @@ version: v0.14.0-1 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.3-1 + version: v7.2.3-2 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-1 From 1d7c7d7ad80faee15a32c1d85296eef807eae5da Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 12:56:55 +0200 Subject: [PATCH 084/100] Upgrade systemd_docker_base (v1.0.0-1 -> v1.0.0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 45db7ce50..33537db11 100644 --- a/requirements.yml +++ b/requirements.yml @@ -55,7 +55,7 @@ version: v7.2.3-2 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: v1.0.0-1 + version: v1.0.0-2 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-3 From 308b816d0cf3bd4fe2d7dfd1631d8e9df53c6e0e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 14:28:23 +0000 Subject: [PATCH 085/100] Update halfshot/matrix-hookshot Docker tag to v4.7.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 60807aa20..1cbe16388 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -11,7 +11,7 @@ matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" # renovate: datasource=docker depName=halfshot/matrix-hookshot -matrix_hookshot_version: 4.6.0 +matrix_hookshot_version: 4.7.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 9e35ceee910324da658ac93811acc6a16301a74f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 7 Dec 2023 09:52:44 +0200 Subject: [PATCH 086/100] Upgrade Traefik (v2.10.6-2 -> v2.10.7-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 33537db11..012873367 100644 --- a/requirements.yml +++ b/requirements.yml @@ -64,7 +64,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.6-2 + version: v2.10.7-0 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 From 9de6f0e187cebf53bf9ab1d0a086f9f6a32cb10b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 8 Dec 2023 17:44:06 +0200 Subject: [PATCH 087/100] borg: support postgres 16 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 012873367..acc9b2a05 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.7-1.8.5-1 + version: v1.2.7-1.8.5-2 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-3 From 5b1548b82b5f699b30b7423e2cc13b8bbe6bafa3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 16:53:16 +0000 Subject: [PATCH 088/100] chore(deps): update dependency prometheus to v2.48.1-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index acc9b2a05..a5cb06858 100644 --- a/requirements.yml +++ b/requirements.yml @@ -43,7 +43,7 @@ version: b29a9c551dd09079f5ef26d494973a499088b9e8 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.48.0-1 + version: v2.48.1-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-1 From 90354b2046628167282c48686086d9c40f584cfa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 00:35:02 +0000 Subject: [PATCH 089/100] chore(deps): update dependency etherpad to v1.9.5-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index a5cb06858..bb279f0b5 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.3-1 + version: v1.9.5-0 name: etherpad - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.2-1 From dee3de0bcbf337c97c8936ba428031d3df7db4bf Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Wed, 13 Dec 2023 02:25:06 +0800 Subject: [PATCH 090/100] bump synapse version --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 8c0f444b3..1b00d22a0 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.97.0 +matrix_synapse_version: v1.98.0 matrix_synapse_username: '' matrix_synapse_uid: '' From fe6a586428980e7eff501903ae5993fdbe9b4093 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 19:43:12 +0000 Subject: [PATCH 091/100] chore(deps): update matrixdotorg/dendrite-monolith docker tag to v0.13.5 --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 9830021b9..e4b14a929 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -11,7 +11,7 @@ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith -matrix_dendrite_docker_image_tag: "v0.13.4" +matrix_dendrite_docker_image_tag: "v0.13.5" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 8b9faa7e6575af176e6f1e00a3b309c52039f46f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 13 Dec 2023 09:13:14 +0200 Subject: [PATCH 092/100] Upgrade Etherpad (v1.9.5-0 -> v1.9.5-1) v1.9.5-0 was broken and failing to start, because of invalid Etherpad configuration. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index bb279f0b5..8addb6700 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.5-0 + version: v1.9.5-1 name: etherpad - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.2-1 From da039614fdb0b7d6d32f8f05ba1bdc532d54de59 Mon Sep 17 00:00:00 2001 From: axiopaladin Date: Wed, 13 Dec 2023 22:36:43 -0500 Subject: [PATCH 093/100] updated MMR yaml defaults and docs for basic dendrite support --- docs/configuring-playbook-matrix-media-repo.md | 4 ++-- roles/custom/matrix-media-repo/defaults/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md index d5d6eda37..82fab6402 100644 --- a/docs/configuring-playbook-matrix-media-repo.md +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -1,6 +1,6 @@ # Setting up matrix-media-repo (optional) -[matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/) is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification. +[matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/) (often abbreviated "MMR") is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification. Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption. Please do your research before deploying this as this project may not be useful for your environment. @@ -102,5 +102,5 @@ matrix_media_repo_datastores: ``` -Full list of configuration options with documentation can be found in `roles/custom/matrix-media-repo/templates/defaults/main.yml` +Full list of configuration options with documentation can be found in [`roles/custom/matrix-media-repo/defaults/main.yml`](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-media-repo/defaults/main.yml) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 026de1501..c36336e58 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -166,7 +166,7 @@ matrix_media_repo_homeservers_auto: # during certain operations, like attempting to purge media from a room or validating server # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set # to "matrix", most functionality requiring the admin API will not work. - adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'matrix' }}" + adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix' }}" # Additional servers to be managed by MMR matrix_media_repo_homeservers_additional: [] From 45bcb026dd87539d71353e9c2c6098fd78e4153a Mon Sep 17 00:00:00 2001 From: axiopaladin Date: Wed, 13 Dec 2023 22:48:19 -0500 Subject: [PATCH 094/100] updated MMR docs with instructions for importing existing media --- .../configuring-playbook-matrix-media-repo.md | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md index 82fab6402..12decd960 100644 --- a/docs/configuring-playbook-matrix-media-repo.md +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -6,6 +6,12 @@ Smaller/individual homeservers can still make use of this project's features, th For a simpler alternative (which allows you to offload your media repository storage to S3, etc.), you can [configure S3 storage](configuring-playbook-s3.md) instead of setting up matrix-media-repo. +| **Table of Contents** | +| :------------------------------------------------------------------------------------------ | +| [Quickstart](#quickstart) | +| [Additional configuration options](#configuring-the-media-repo) | +| [Importing data from an existing media store](#importing-data-from-an-existing-media-store) | + ## Quickstart Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: @@ -37,8 +43,9 @@ matrix_media_repo_database_max_connections: 25 matrix_media_repo_database_max_idle_connections: 5 # These users have full access to the administrative functions of the media repository. -# See https://github.com/turt2live/matrix-media-repo/blob/release-v1.2.8/docs/admin.md for information on what these people can do. They must belong to one of the -# configured homeservers above. +# See https://github.com/turt2live/matrix-media-repo/blob/release-v1.2.8/docs/admin.md for +# information on what these people can do. They must belong to one of the configured +# homeservers above. matrix_media_repo_admins: admins: [] # admins: @@ -104,3 +111,24 @@ matrix_media_repo_datastores: Full list of configuration options with documentation can be found in [`roles/custom/matrix-media-repo/defaults/main.yml`](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-media-repo/defaults/main.yml) +## Importing data from an existing media store + +If you want to add this repo to an existing homeserver managed by the playbook, you will need to import existing media into MMR's database or you will lose access to older media while it is active. MMR versions up to `v1.3.3` only support importing from Synapse, but newer versions (at time of writing: only `latest`) also support importing from Dendrite. + +1. Edit your vars.yml like in [quickstart](#quickstart) above and deploy with `just setup-all` +2. SSH into the homeserver and enter the Postgres command line interface: `/matrix/postgres/bin/cli`. +3. At that psql prompt, use `\l` to list all databases. On Dendrite, the one you're looking for is called `dendrite_mediaapi`; other homeserver software will have similar but slightly different names. Note down the correct name for your system and exit the prompt (use `\q`). +4. The MMR docker container includes an import utility explained [in its own docs here](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse). To invoke this tool, use the following command: + +```bash +docker exec -it matrix-media-repo /usr/local/bin/import_dendrite `# Synapse: import_synapse` \ + -dbName dendrite_mediaapi `# This is the database found in psql above` \ + -dbHost matrix-postgres \ + -dbPort 5432 \ + -dbUsername matrix \ + -dbPassword devture_postgres_connection_password `# Replace with the value from your vars.yml` +``` + +Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. + +This should output a `msg="Import completed"` when finished successfully! From abd0823554bc652fb2900d8b37a36512d26f3487 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Dec 2023 09:09:10 +0200 Subject: [PATCH 095/100] Add some parenthesis in if statement --- roles/custom/matrix-media-repo/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index c36336e58..8aada0896 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -166,7 +166,7 @@ matrix_media_repo_homeservers_auto: # during certain operations, like attempting to purge media from a room or validating server # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set # to "matrix", most functionality requiring the admin API will not work. - adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix' }}" + adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}" # Additional servers to be managed by MMR matrix_media_repo_homeservers_additional: [] From 03fb357c81465db6dc0af9545cdb238d784c88cc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Dec 2023 09:26:14 +0200 Subject: [PATCH 096/100] Split Synapse and Dendrite importing instructions for MMR --- .../configuring-playbook-matrix-media-repo.md | 54 ++++++++++++++----- 1 file changed, 42 insertions(+), 12 deletions(-) diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md index 12decd960..7dc011bb8 100644 --- a/docs/configuring-playbook-matrix-media-repo.md +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -14,7 +14,7 @@ For a simpler alternative (which allows you to offload your media repository sto ## Quickstart -Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file and [re-run the installation process](./installing.md) for the playbook: ```yaml matrix_media_repo_enabled: true @@ -115,18 +115,48 @@ Full list of configuration options with documentation can be found in [`roles/cu If you want to add this repo to an existing homeserver managed by the playbook, you will need to import existing media into MMR's database or you will lose access to older media while it is active. MMR versions up to `v1.3.3` only support importing from Synapse, but newer versions (at time of writing: only `latest`) also support importing from Dendrite. -1. Edit your vars.yml like in [quickstart](#quickstart) above and deploy with `just setup-all` -2. SSH into the homeserver and enter the Postgres command line interface: `/matrix/postgres/bin/cli`. -3. At that psql prompt, use `\l` to list all databases. On Dendrite, the one you're looking for is called `dendrite_mediaapi`; other homeserver software will have similar but slightly different names. Note down the correct name for your system and exit the prompt (use `\q`). -4. The MMR docker container includes an import utility explained [in its own docs here](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse). To invoke this tool, use the following command: +**Before importing**: ensure you have an initial matrix-media-repo deployment by following the [quickstart](#quickstart) guide above -```bash -docker exec -it matrix-media-repo /usr/local/bin/import_dendrite `# Synapse: import_synapse` \ - -dbName dendrite_mediaapi `# This is the database found in psql above` \ - -dbHost matrix-postgres \ - -dbPort 5432 \ - -dbUsername matrix \ - -dbPassword devture_postgres_connection_password `# Replace with the value from your vars.yml` +Depending on the homeserver implementation yu're using (Synapse, Dendrite), you'll need to use a different import tool (part of matrix-media-repo) and point it to the homeserver's database. + +### Importing data from the Synapse media store + +To import the Synapse media store, you're supposed to invoke the `import_synapse` tool which is part of the matrix-media-repo container image. Your Synapse database is called `synapse` by default, unless you've changed it by modifying `matrix_synapse_database_database`. + +This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse). + +Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file): + +```sh +docker exec -it matrix-media-repo \ + /usr/local/bin/import_synapse \ + -dbName synapse \ + -dbHost matrix-postgres \ + -dbPort 5432 \ + -dbUsername matrix \ + -dbPassword devture_postgres_connection_password +``` + +Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. + +This should output a `msg="Import completed"` when finished successfully! + +### Importing data from the Dendrite media store + +If you're using the [Dendrite](configuring-playbook-dendrite.md) homeserver instead of the default for this playbook (Synapse), follow this importing guide here. + +To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`. + +Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file): + +```sh +docker exec -it matrix-media-repo \ + /usr/local/bin/import_dendrite \ + -dbName dendrite_mediaapi \ + -dbHost matrix-postgres \ + -dbPort 5432 \ + -dbUsername matrix \ + -dbPassword devture_postgres_connection_password ``` Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. From cc70203008a3de5d33f00a6a8fdf6b558fadf1aa Mon Sep 17 00:00:00 2001 From: Joe Kappus Date: Thu, 14 Dec 2023 03:28:33 -0500 Subject: [PATCH 097/100] Update README.md: add mash-playbook, remove archived playbooks --- README.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 82899a369..e7afa15ba 100644 --- a/README.md +++ b/README.md @@ -197,14 +197,8 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w ## Related -You may also be interested in these other Ansible playbooks: +You may also be interested in another Ansible playbook for adding non-matrix related services: -- [gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy) - for deploying a [Gitea](https://gitea.io/) git version-control server +- [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) - for deploying a large number of self-hosted software. [List of supported services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md) -- [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy) - for deploying a [Nextcloud](https://nextcloud.com/) server - -- [peertube-docker-ansible-deploy](https://github.com/spantaleev/peertube-docker-ansible-deploy) - for deploying a [PeerTube](https://joinpeertube.org/) video-platform server - -- [vaultwarden-docker-ansible-deploy](https://github.com/spantaleev/vaultwarden-docker-ansible-deploy) - for deploying a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password manager server (unofficial [Bitwarden](https://bitwarden.com/) compatible server) - -They're all making use of Traefik as their reverse-proxy, so it should be easy to host all these services on the same server. Follow the `docs/configuring-playbook-interoperability.md` documentation in each playbook. +It makes use of Traefik as its reverse-proxy, so it should be easy to host all these services on the same server. See `docs/interoperability.md` contained there for further details. From 9cc4c8f169158126f907a28319c15b3fe67d25f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Dec 2023 11:35:01 +0200 Subject: [PATCH 098/100] Reword the Related secton of the README --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e7afa15ba..ade123144 100644 --- a/README.md +++ b/README.md @@ -197,8 +197,6 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w ## Related -You may also be interested in another Ansible playbook for adding non-matrix related services: +You may also be interested in [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) - another Ansible playbook for self-hosting non-Matrix services (see its [List of supported services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md)). -- [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) - for deploying a large number of self-hosted software. [List of supported services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md) - -It makes use of Traefik as its reverse-proxy, so it should be easy to host all these services on the same server. See `docs/interoperability.md` contained there for further details. +mash-playbook also makes use of [Traefik](./docs/configuring-playbook-traefik.md) as its reverse-proxy, so with minor [interoperability adjustments](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md), you can make matrix-docker-ansible-deploy and mash-playbook co-exist and host Matrix and non-Matrix services on the same server. From 66706e4535704deba63e5aa2102f324f9b14dae3 Mon Sep 17 00:00:00 2001 From: Joshua Hoffmann Date: Fri, 15 Dec 2023 22:08:20 +0100 Subject: [PATCH 099/100] Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev --- roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 index fddd411ef..66a98955e 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 @@ -112,7 +112,7 @@ queue: monolithic: true port: {{ matrix_hookshot_queue_port | default('6379') }} host: {{ matrix_hookshot_queue_host }} -{& endif %} +{% endif %} {% if matrix_hookshot_experimental_encryption_enabled %} experimentalEncryption: storagePath: /data/encryption From 06047763bbd427dde117c6635ac7301198571158 Mon Sep 17 00:00:00 2001 From: Joshua Hoffmann Date: Fri, 15 Dec 2023 22:15:54 +0100 Subject: [PATCH 100/100] Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev --- roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 index 66a98955e..77036b52c 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 @@ -107,11 +107,11 @@ metrics: # (Optional) Prometheus metrics support # enabled: {{ matrix_hookshot_metrics_enabled | to_json }} -{% if matrix_hookshot_queue_host is defined and matrix_hookshot_queue_host|d('')|length > 0 %} %} +{% if matrix_hookshot_queue_host != '' %} queue: monolithic: true - port: {{ matrix_hookshot_queue_port | default('6379') }} - host: {{ matrix_hookshot_queue_host }} + port: {{ matrix_hookshot_queue_port }} + host: {{ matrix_hookshot_queue_host | to_json }} {% endif %} {% if matrix_hookshot_experimental_encryption_enabled %} experimentalEncryption: