Commit Graph

498 Commits

Author SHA1 Message Date
Paul N
96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2.
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2023-02-06 15:26:08 +01:00
Paul N
d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll
6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N
1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N
50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N
07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll
0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll
f53731756d Change comment
Applying the assumption, that synapse is always managed by this playbook.
2023-02-06 12:15:54 +01:00
jakicoll
94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
jakicoll
42e4e50f5b Matrix Authentication Support for Jitsi
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.

1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
2023-01-04 14:27:16 +01:00
Samuel Meenzen
0179b0f165
Remove conduit workaround
Conduit update 0.5.0 fixed the issue, so this is no longer needed.
2022-12-21 18:28:34 +01:00
Matthew Cengia
3453fff901
Use upstream Docker image for amd64 rather than self-build 2022-12-11 21:25:43 +11:00
Slavi Pantaleev
da82c3bd4f
Merge pull request #2327 from ikkemaniac/fix-nginxlog-prometheus
fix: nginxlog prometheus config port
2022-12-08 13:15:34 +02:00
ikkemaniac
e6fc6b7a86 fix: nginxlog prometheus config port 2022-12-08 01:10:05 +01:00
ikkemaniac
8ef6341fd7 fix: systemd entry 2022-12-08 00:02:54 +01:00
ikkemaniac
8ebf18a885
add prometheus-nginxlog-exporter role (#2315)
* add prometheus-nginxlog-exporter role

* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname

* avoid referencing variables from other roles, handover info using group_vars/matrix_servers

* fix: stop service when uninstalling

fix: typo

move available arch's into a var

fix: text

* fix: prometheus enabled condition

Co-authored-by: ikkemaniac <ikkemaniac@localhost>
2022-12-07 16:58:36 +02:00
Slavi Pantaleev
0a018ac22b Add internal Postgres instance (if enabled) to postgres-backup dependencies 2022-11-30 11:22:00 +02:00
Slavi Pantaleev
d5ea17d66f Make postgres-backup priority start later 2022-11-30 11:18:39 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev
de979bc6a2 Upgrade com.devture.ansible.role.postgres 2022-11-30 09:42:06 +02:00
Slavi Pantaleev
4b2d30a474 Fix matrix_dendrite_client_api_turn_shared_secret not being defined
Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2290
2022-11-28 18:33:18 +02:00
Slavi Pantaleev
81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev
7b43ef34b7 Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00
Slavi Pantaleev
3d5d843418 Replace some devture_postgres_identifier instances with devture_postgres_connection_hostname 2022-11-27 08:31:54 +02:00
Slavi Pantaleev
eedf5ad94d Remove some hardcoded matrix-postgres references 2022-11-27 08:23:43 +02:00
Slavi Pantaleev
04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00
Slavi Pantaleev
018a609e47 Simplify matrix_postgres_backup_databases definition
Related to 71de7cd8cd
2022-11-26 18:57:45 +02:00
Slavi Pantaleev
71de7cd8cd Simplify matrix_backup_borg_postgresql_databases definition
There was no need to add `synapse` to the list manually
and then add all other additional databases.

When the `synapse` database was the main database, this made sense.
Since a long time ago already, ALL databases are "additional" databases,
so the `synapse` database is part of that list.

We could additional add the main (`matrix`) database to this list,
but there's probably no point in backing that one up.
2022-11-26 18:53:54 +02:00
Array in a Matrix
504d4a4134
Add dendrite captcha config to doc and hCaptcha (#2290)
* added dendrite captcha options

* added hcaptcha doc

* proper url

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update main.yml

* renamed captcha vars to new naming scheme

* change vars to new format

* Rename back some incorrect renamed variables

These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9

* Fix up naming inconsistencies

Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.

* Add validation/deprecation for renamed Dendrite variables

Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-11-26 09:27:43 +02:00
Slavi Pantaleev
34c01da9d2 Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.

After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.

These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.

The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).

Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):

> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
Slavi Pantaleev
4d881477a3 Add matrix_homeserver_enabled variable
We need this to control whether `('matrix-' + matrix_homeserver_implementation + '.service')`
would get injected into `devture_systemd_service_manager_services_list_auto`
2022-11-23 16:56:39 +02:00
Slavi Pantaleev
1bd3a27acd Do not try to enable non-enableable matrix_ssl_renewal_systemd_units_list 2022-11-23 13:00:15 +02:00
Slavi Pantaleev
f696928b7d Fix variable typos 2022-11-23 12:18:35 +02:00
Slavi Pantaleev
ccfaefa4d2 Add service groups 2022-11-23 11:45:47 +02:00
Slavi Pantaleev
93d4f8d425 Replace matrix-common-after systemd service management with com.devture.ansible.role.systemd_service_manager 2022-11-23 11:45:46 +02:00
Slavi Pantaleev
360e643f84 Add service priorities - try to stop/start them in an optimal order 2022-11-23 11:45:46 +02:00
Slavi Pantaleev
0ea7cb5d18 Remove various init.yml files - initialize systemd services, etc., statically (not at runtime) 2022-11-23 11:45:46 +02:00
Aine
b8b5acdb16
fix user creator role 2022-11-22 15:46:00 +02:00
Slavi Pantaleev
d8f2141eb0 Install Docker via geerlingguy.docker Galaxy role 2022-11-22 09:01:26 +02:00
Slavi Pantaleev
e9e84341a9 Reverse-proxy to Synapse via matrix-synapse-reverse-proxy-companion
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
2022-11-20 16:43:33 +02:00
Slavi Pantaleev
424de93f82 Remove useless matrix_nginx_proxy_synapse_presence_disabled variable definition 2022-11-20 11:13:23 +02:00
Aine
eec7970689
update postmoogle 0.9.8 -> 0.9.9 2022-11-19 00:55:03 +02:00
Aine
06eb186729
add matrix_etherpad_mode 2022-11-05 09:17:47 +02:00
Aine
9b97957022
Merge branch 'master' into make-etherpad-great-again 2022-11-04 17:36:15 +02:00
Aine
a86cb2336a
etherpad - do not request ssl cert for subdomain if dimension is installed 2022-11-04 17:16:29 +02:00
Slavi Pantaleev
04c6c11561 Install ntpd/systemd-timesync via com.devture.ansible.role.timesync 2022-11-04 16:34:23 +02:00
Slavi Pantaleev
c3a7237de7 Initial work on using externally defined roles 2022-11-04 14:58:28 +02:00
Aine
83c40fce15
standalone etherpad 2022-11-04 11:36:10 +02:00
Samuel Meenzen
752d2ba8d0
Update matrix_servers 2022-11-02 20:39:14 +01:00
Samuel Meenzen
c330b85de3
Merge branch 'spantaleev:master' into mautrix-discord-restricted-rooms-config 2022-11-02 20:36:04 +01:00