1
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-12-12 08:43:55 +02:00
Commit Graph

1229 Commits

Author SHA1 Message Date
Agustin Ferrario
2082242499 Add matrix_nginx_proxy_ssl_config
A new variable called `matrix_nginx_proxy_ssl_config` is created for
configuring how the nginx proxy configures SSL. Also a new configuration
validation option and other auxiliary variables are created.

A new variable configuration called `matrix_nginx_proxy_ssl_config` is
created. This allow to set the SSL configuration easily using the
default options proposed by Mozilla. The default configuration is set to
"Intermediate", removing the weak ciphers used in the old
configurations.

The new variable can also be set to "Custom" for a more granular control.
This allows to set another three variables called:

- `matrix_nginx_proxy_ssl_protocols`,
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`
- `matrix_nginx_proxy_ssl_ciphers`

Also a new task is added to validate the SSL configuration variable.
2020-12-16 10:35:37 +01:00
Slavi Pantaleev
a4b8baee49 Fix inability to send (Matrix -> Discord) messages via appservice-discord
Revert "Correct inabillity for appservice-discord to connect"
This reverts commit 673e19f830.

While certain things do work even with such a local URL, sending
messages leads to an error like this:

> [DiscordBot] verbose: DiscordAPIError: Invalid Form Body
> avatar_url: Not a well formed URL.

Fixes https://github.com/Half-Shot/matrix-appservice-discord/issues/649

The sample configuration file for appservice-discord
c29cfc72f5/config/config.sample.yaml (L8)
explicitly says that we need a public URL.
2020-12-16 03:35:13 +02:00
Slavi Pantaleev
69f71f48a6 Upgrade matrix-registration (v0.7.1 -> 0.7.2) and use official image
This switches us to a container image maintained by the
matrix-registration developer.

0.7.2 also supports a `base_url` configuration option we can use to
make it easier to reverse-proxy at a different base URL.

We still keep some workarounds, because of this issue:
https://github.com/ZerataX/matrix-registration/issues/47
2020-12-15 22:02:06 +02:00
Slavi Pantaleev
6e1dfb62f0 Rename some doc files and commands related to importing
Since we'll likely have generic SQLite database importing
via [pgloader](https://pgloader.io/) for migrating bridge
databases from SQLite to Postgres, we'd rather avoid
calling the "import Synapse SQLite database" command
as just `--tags=import-sqlite-db`.

Similarly, for the media store, we'd like to mention that it's
related to Synapse as well.

We'd like to be more explicit, so as to be less confusing,
especially in light of other homeserver implementations
coming in the future.
2020-12-14 01:51:00 +02:00
Slavi Pantaleev
47613e5a27 Remove synapse-janitor support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/746
2020-12-11 23:24:42 +02:00
Slavi Pantaleev
86988ae180 Switch matrix-registration to v0.7.1
Now that a new release has been made, we no longer need to use
`latest` / `master`.

Related to 0a9109771d and https://github.com/ZerataX/matrix-registration/issues/43
2020-12-11 22:52:42 +02:00
Slavi Pantaleev
0a9109771d Use latest/master version of matrix-registration
v0.7.0 is broken right now, because it calls
`/_matrix/client/r0/admin/register`, which is now at
`/_synapse/admin/v1/register`.

This has been fixed here: 6b26255fea

.. but it's not part of any release.

Switching to `master` (`docker.io/devture/zeratax-matrix-registration:latest`) until it gets resolved.

Reported upstream here: https://github.com/ZerataX/matrix-registration/issues/43
2020-12-11 22:22:07 +02:00
Aaron Raimist
3c2a644e5c
Upgrade synapse-admin (v0.5.0 -> 0.6.1) 2020-12-10 16:28:48 -06:00
Slavi Pantaleev
7593d969e3 Make matrix-mailer not occupy matrix_server_fqn_matrix
Starting with Docker 20.10, `--hostname` seems to have the side-effect
of making Docker's internal DNS server resolve said hostname to the IP
address of the container.

Because we were giving the mailer service a hostname of `matrix.DOMAIN`,
all requests destined for `matrix.DOMAIN` originating from other
services on the container network were resolving to `matrix-mailer`.
This is obviously wrong.

Initially reported here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/748

We normally try to not use the public hostname (and IP address) on the
container network and try to make services talk to one another locally,
but it sometimes could happen.

With this, we use a `matrix-mailer` hostname for the matrix-mailer
container. My testing shows that it doesn't cause any trouble with
email deliverability.
2020-12-10 23:51:11 +02:00
Slavi Pantaleev
d08b27784f Fix systemd services autostart problem with Docker 20.10
The Docker 19.04 -> 20.10 upgrade contains the following change
in `/usr/lib/systemd/system/docker.service`:

```
-BindsTo=containerd.service
-After=network-online.target firewalld.service containerd.service
+After=network-online.target firewalld.service containerd.service multi-user.target
-Requires=docker.socket
+Requires=docker.socket containerd.service
Wants=network-online.target
```

The `multi-user.target` requirement in `After` seems to be in conflict
with our `WantedBy=multi-user.target` and `After=docker.service` /
`Requires=docker.service` definitions, causing the following error on
startup for all of our systemd services:

> Job matrix-synapse.service/start deleted to break ordering cycle starting with multi-user.target/start

A workaround which appears to work is to add `DefaultDependencies=no`
to all of our services.
2020-12-10 11:43:20 +02:00
John Goerzen
673e19f830
Correct inabillity for appservice-discord to connect
After recently updating my matrix-docker-ansible-deploy installation, matrix-appservice-discord would refuse to start, logging ECONNREFUSED to https://matrix.[mydomain]:443, which was resolving to 172.18.0.2 due to the `--hostname` in mailer grabbing that hostname.

Curious why the IRC bridge didn't have this issue, I looked into it, and it was connecting to `http://matrix-synapse:8008`.  Correcting this one to that URL resolved the issue.
2020-12-09 21:20:06 -06:00
Slavi Pantaleev
245b749946 Upgrade Synapse for ARM (v1.23.0 -> v1.24.0)
Continuation of aa86e0dac6, now that ARM images are out.
2020-12-09 20:54:18 +02:00
Slavi Pantaleev
aa86e0dac6 Upgrade Synapse (v1.23.0 -> v1.24.0)
Because the ARM images are not pushed yet, we hold back to v1.23.0
for now.
2020-12-09 13:31:10 +02:00
benkuly
ad92c61fdd updated matrix-sms-bridge 2020-12-09 09:45:44 +01:00
Slavi Pantaleev
c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Slavi Pantaleev
8c02f7b79b Upgrade services 2020-12-07 15:18:03 +02:00
Slavi Pantaleev
d556aa943f Update docker-ce.repo to not hardcode $releasever=7
This keeps it in line with https://download.docker.com/linux/centos/docker-ce.repo

Whether or not Docker works well on CentOS 8 for our purposes
hasn't been verified yet.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300
2020-12-07 07:20:47 +02:00
Slavi Pantaleev
7372480e95 Properly serialize some ma1sd configuration values
We've had a report of the `connection` value getting cut off,
supposedly because it contains something that breaks off the string.

Using `|to_json` takes care of it.
2020-12-06 23:59:58 +02:00
Hardy Erlinger
ec2a9d4852 Remove the recording button from the Jitsi UI if recording is disabled. 2020-12-06 13:50:45 +01:00
Slavi Pantaleev
a5ae7e9ef0 Add self-building support to matrix-corporal 2020-12-04 01:48:08 +02:00
Slavi Pantaleev
b3d91ed488 Fix passing of matrix_appservice_discord_auth_usePrivilegedIntents 2020-12-04 01:06:42 +02:00
Slavi Pantaleev
05cecb5261 Merge branch 'discord-v1.0'
This may be a bit premature, because the bridge didn't work for me
the last time I tried it (RC3).

Some bugs have been fixed to make our config compatible with v1.0.0
though, so it may work for some people (especially those starting
fresh).

I'm not for shipping potentially broken things, but given that we were
using `docker.io/halfshot/matrix-appservice-discord:latest` and that
points to v1.0.0 already (with no other tag we can use), our setup was
already broken in any case.

Now, at least it has some chance of running.
2020-12-03 15:17:30 +02:00
Slavi Pantaleev
edd40811a5 Update matrix-appservice-discord to v1.0.0 final 2020-12-03 15:16:26 +02:00
Slavi Pantaleev
04da1bddf7 Update matrix-mautrix-facebook config a bit
This also disables presence if it's disabled for Synapse.
2020-12-01 11:55:18 +02:00
Slavi Pantaleev
90078dd296 Add matrix_services_autostart_enabled variable for preventing services autostart
Some people requested that `--tags=start` not set up service autostart.

One can now do `--tags=start --extra-vars="matrix_services_autostart_enabled=false"`
to just start services ones and not set up autostarting.
2020-11-30 20:58:21 +02:00
Slavi Pantaleev
e0d7d5f0ca Disable Jitsi recording/transcriptions by default
It's not like it worked anyway, because we don't have the necessary
services installed for transcription (Jigasi), nor recording (Jibri).

Disabling these, should hopefully disable their related elements
in the Jitsi Web UI.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/726
2020-11-28 22:31:00 +02:00
Slavi Pantaleev
be5263f397 Move self-building git repository URLs to variables (stop hardcoding) 2020-11-28 21:34:14 +02:00
Slavi Pantaleev
b354155d7c Make JVB websockets reverse-proxying work 2020-11-27 17:57:15 +02:00
Slavi Pantaleev
fa76128fd8 Update Jitsi to build 5142
This supersedes/fixes-up this Pull Request:
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/719

The Jitsi Web and JVB containers now (in build 5142) always
start by bulding their own default configuration
(`config.js` and `sip-communicator.properties`, respectively).

The fact that we were generating these files ourselves was no longer of use,
because our configuration was thrown away in favor of the one created
by the containers on startup.

With this commit, we're completely redoing things. We no longer
generate these configuration files. We try to pass the proper
environment variables, so that Jitsi services can generate the
configuration files themselves.

Besides that, we try to use the "custom configuration" mechanism
provided by Jitsi Web and Jitsi JVB (`custom-config.js` and
`custom-sip-communicator.properties`, respectively), so that
we and our users can inject additional configuration.

Some configuration options we had are gone now. Others are no longer
controllable via variables and need to be injected using
the `_config_extension` variables that we provide.

The validation logic that is part of the role should take care
to inform people about how to upgrade (if they're using some custom
configuration, which needs special care now). Most users should not
have to do anything special though.
2020-11-27 17:57:15 +02:00
benkuly
f93a4f6474 updated matrix-sms-bridge 2020-11-27 16:01:24 +01:00
Slavi Pantaleev
d702e74079 Fix matrix-nginx-proxy static files mounting when SSL retrieval is none
Fixup for 12867e9f18.

This shouldn't have been caught in the `if`.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734
2020-11-26 18:40:15 +02:00
Slavi Pantaleev
12867e9f18 Do not try to mount /matrix/ssl when matrix_ssl_retrieval_method is 'none'
Since the switch from `-v` to `--mount` (in 1fca917ad1),
we've regressed when `matrix_ssl_retrieval_method == 'none'`.

In such a case, we don't create `/matrix/ssl` directories at all
and shouldn't be trying to mount them into the `matrix-nginx-proxy`
container.

Previously, with `-v`, Docker would auto-create them, effectively hiding
our mistake. Now that `--mount` doesn't do such auto-creation magic,
the `matrix-nginx-proxy` container was failing to start.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734
2020-11-26 09:55:26 +02:00
Slavi Pantaleev
796c752b60 Ensure Postgres passwords are not longer than 99 characters
Complements https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/732
2020-11-26 09:51:48 +02:00
Slavi Pantaleev
47db2d5363
Merge pull request #730 from benkuly/master
updates matrix-sms-bridge (changed SMS provider)
2020-11-25 16:36:11 +02:00
Slavi Pantaleev
75f9fde7a4 Remove some more -v usage
Continuation of 1fca917ad1.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/722
2020-11-25 10:49:59 +02:00
Slavi Pantaleev
1fca917ad1 Replace some -v instances with --mount
`-v` magically creates the source destination as a directory,
if it doesn't exist already. We'd like to avoid this magic
and the potential breakage that it might cause.

We'd rather fail while Docker tries to find things to `--mount`
than have it automatically create directories and fail anyway,
while having contaminated the filesystem.

There's a lot more `-v` instances remaining to be fixed later on.
This is just some start.

Things like `matrix_synapse_container_additional_volumes` and
`matrix_nginx_proxy_container_additional_volumes` were not changed to
use `--mount`, as options for each one are passed differently
(`ro` is `ro`, but `rw` doesn't exist and `slave` is `bind-propagation=slave`).
To avoid breaking people's custom volume mounts, we keep it as it is for now.

A deficiency with `--mount` is that it lacks the `z` option (SELinux
ownership changes), and some of our `-v` instances use that. I'm not
sure how supported SELinux is for us right now, but it might be,
and breaking that would not be a good idea.
2020-11-24 10:26:05 +02:00
Slavi Pantaleev
27c9014cb8 Improve uninstallation instructions
Also switches to using `docker system prune -a` for a less invasive
cleanup of Docker images and related resources.
2020-11-24 09:38:17 +02:00
Slavi Pantaleev
3e2355282b Upgrade Postgres minor versions
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/727
2020-11-24 09:06:19 +02:00
Aaron Raimist
c9d2ef7981
Upgrade Element (1.7.13 -> 1.7.14) 2020-11-23 23:05:54 -06:00
benkuly
ff9a4e90c4 updated matrix-sms-bridge 2020-11-23 13:43:04 +01:00
benkuly
3a2e058f2e updated version of matrix-sms-bridge 2020-11-23 13:07:08 +01:00
benkuly
f1ceb49ae2 fixed wrong path of truststore 2020-11-23 12:52:16 +01:00
benkuly
ad1f0a01ce fixed systemd service typo 2020-11-23 12:49:28 +01:00
benkuly
76b0b9dc34 fixed application.yml loading 2020-11-23 12:48:08 +01:00
benkuly
2fb42dd7f1 fixed typo in truststore path 2020-11-23 12:38:17 +01:00
benkuly
75600aa357 Merge remote-tracking branch 'github/master' 2020-11-23 12:31:14 +01:00
benkuly
4713e5d5f7 updated matrix-sms-bridge to 0.5.0 2020-11-23 12:30:39 +01:00
Slavi Pantaleev
6c85b84c1e Fix self-building for synapse-admin 2020-11-18 18:36:03 +02:00
Slavi Pantaleev
b627d93cdc Update homeserver.yaml to keep up with Synapse v1.23.0
Related to #724 (Github Pull Request)
2020-11-18 16:57:50 +02:00
transcaffeine
c58a7e03c7
synapse: update to 1.23.0 2020-11-18 14:16:46 +01:00