1
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-12-18 09:35:22 +02:00
Commit Graph

413 Commits

Author SHA1 Message Date
Slavi Pantaleev
5eed874199 Improve self-building experience (avoid conflict with pullable images)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/716

This patch makes us use more fully-qualified container image names
(either prefixed with docker.io/ or with localhost/).

The latter happens when self-building is enabled.

We've recently had issues where if an image was removed manually
and the service was restarted (making `docker run` fetch it from Docker Hub, etc.),
we'd end up with a pulled image, even though we're aiming for a self-built one.
Re-running the playbook would then not do a rebuild, because:
- the image with that name already exists (even though it's something
else)
- we sometimes had conditional logic where we'd build only if the git
repo changed

By explicitly changing the name of the images (prefixing with localhost/),
we avoid such confusion and the possibility that we'd automatically pul something
which is not what we expect.

Also, I've removed that condition where building would happen on git
changes only. We now always build (unless an image with that name
already exists). We just force-build when the git repo changes.
2020-11-14 23:00:49 +02:00
Marcel Partap
4678c5d7bd Merge remote-tracking branch 'origin/master' into synapse-workers
Also, replace vague FIXME by a proper NOTE on the complete
story of the user_dir endpoints..
2020-11-11 21:26:08 +01:00
Marcel Partap
f3d2797d9c synapse workers: make awk script invocation handle paths with spaces
(quoting ftw)
2020-11-10 22:40:48 +01:00
Marcel Partap
1e971312e8 synapse workers: handle auth fallback endpoint on main process only
(allegedly breaks with SSO enabled)
2020-11-10 21:23:19 +01:00
Slavi Pantaleev
5c91e56898 Upgrade Synapse (v1.22.0 -> v1.22.1) 2020-10-30 19:35:55 +02:00
Marcel Partap
cce90b187a synapse workers: fix undefined variable cases when removing workers 2020-10-28 23:09:21 +01:00
Marcel Partap
e078e29ef8 synapse workers: fix self name in workers-doc-to-yaml.awk script 2020-10-28 08:39:31 +01:00
Marcel Partap
2d1b9f2dbf synapse workers: reworkings + get endpoints from upstream docs via awk
(yes, a bit awkward and brittle… xD)
2020-10-28 07:13:19 +01:00
Slavi Pantaleev
70f0b97a0a Upgrade Synapse (v1.21.2 -> v1.22.0) 2020-10-27 14:24:02 +02:00
Marcel Partap
87bd64ce9e Merge remote-tracking branch 'origin/master' into synapse-workers 2020-10-23 23:45:07 +02:00
Marcel Partap
a4125d5446 synapse workers: polishing, cleansing and installation of jq dependency 2020-10-23 20:49:53 +02:00
Marcel Partap
501efee07e synapse workers: supply systemd with actual worker PIDs (requires jq)
also, worker.yaml.j2:
  - hone worker_name
  - remove worker_pid_file entry (would only be used if worker_daemonize
    set to true; also, synapse only knows about the container namespace
    and thus can not provide the required host-view PID)
2020-10-22 20:53:41 +02:00
Slavi Pantaleev
f7ecc7a2a5 Upgrade Synapse (v1.21.1 -> v1.21.2) 2020-10-15 17:42:52 +03:00
Slavi Pantaleev
5abd511368 Upgrade Synapse (v1.21.0 -> v1.21.1) 2020-10-13 13:08:25 +03:00
Aaron Raimist
78529cbd47
Upgrade Synapse (v1.20.1 -> v1.21.0) 2020-10-12 23:59:34 -05:00
Marcel Partap
d2e61af224 Add worker_name to synapse worker config template
& restrict federation listener; frontend_proxy / user_dir don't need it
2020-10-11 21:52:08 +02:00
Marcel Partap
36e9be6092 matrix_synapse_workers_{avail,enabled}_list: sort non-generic workers
.. alphabetically and put those not documented as multi-instance
capable on ports ending on zero.
2020-10-11 21:44:42 +02:00
Marcel Partap
e9241f5fb9 Improve synapse-workers systemd service template
Is the PID magic gonna work? or will it need an ExecStartPost hack..
2020-10-11 21:09:19 +02:00
Marcel Partap
40024e9b81 Prevent workers failing if their config doesn't exist
- cherry-pick "Ensure worker config exists in systemd service (#7528)"
  from synapse d74cdc1a42e8b487d74c214b1d0ca575429d546a:
  "check that the worker config file exists instead of silently failing."
2020-10-11 21:09:19 +02:00
Marcel Partap
93a8ea7e4a Merge remote-tracking branch 'master' into feature/add-worker-support 2020-10-11 20:59:05 +02:00
Slavi Pantaleev
e68450f094 Upgrade Synapse (v1.20.0 -> v1.20.1) 2020-09-24 18:43:54 +03:00
Slavi Pantaleev
dd217137b6 Upgrade Synapse (v1.19.3 -> v1.20.0) 2020-09-22 19:28:07 +03:00
Slavi Pantaleev
65e22a6888 Upgrade Synapse (v1.19.2 -> v1.19.3) 2020-09-18 17:37:04 +03:00
Slavi Pantaleev
e10e3e354d Upgrade Synapse (v1.19.1 -> v1.19.2) 2020-09-16 16:35:17 +03:00
Max Klenk
4fdfc0a34f
add missing ratelimiting options required for load testing 2020-09-11 09:46:20 +02:00
Max Klenk
a25a429a52
add redis support 2020-09-10 13:39:00 +02:00
Max Klenk
06bc430c7c
refactor to use new workers and routes they serve 2020-08-28 13:53:39 +02:00
Max Klenk
53ccc783b7
remove duplicated key 2020-08-27 15:26:46 +02:00
Max Klenk
567d0318b0
Merge branch 'synapse-workers' into feature/add-worker-support 2020-08-27 15:22:12 +02:00
Slavi Pantaleev
6e9600ffec Upgrade Synapse (v1.19.0 -> v1.19.1) 2020-08-27 12:59:11 +03:00
Slavi Pantaleev
daf13107a0 Add support for rust-synapse-compress-state 2020-08-21 13:53:39 +03:00
Slavi Pantaleev
9952ec6c16 Upgrade Synapse (v1.18.0 -> v1.19.0) 2020-08-17 17:02:40 +03:00
Slavi Pantaleev
f78a5d4ee8 Upgrade Synapse (v1.17.0 -> v1.18.0) 2020-07-30 14:21:44 +03:00
Slavi Pantaleev
c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Slavi Pantaleev
200f912c04 Upgrade Synapse (v1.16.1 -> v1.17.0)
Fixes #579 (Github Issue).
2020-07-13 14:08:50 +03:00
Slavi Pantaleev
eff55e4d00 Upgrade Synapse (v1.16.0 -> v1.16.1) 2020-07-10 14:33:18 +03:00
Slavi Pantaleev
928982cffe Upgrade Synapse (v1.15.2 -> v1.16.0) 2020-07-08 14:08:46 +03:00
Slavi Pantaleev
18ab677a96 Remove useless file 2020-07-08 00:22:47 +03:00
shadow
6293f1bdb0 Run all API self checks in check_mode 2020-07-04 15:24:33 +02:00
Slavi Pantaleev
f758ee90cb
Add |to_json to some values 2020-07-04 09:31:52 +03:00
Justin Croonenberghs
35c2655fa4 Removed troublesome #s 2020-07-03 19:01:03 -05:00
Justin Croonenberghs
1f21f0c09a Add variables for reCAPTCHA validation 2020-07-03 18:33:25 -05:00
Aaron Raimist
78382b0ce4
Upgrade Synapse (1.15.1 -> 1.15.2) 2020-07-02 10:38:25 -05:00
Slavi Pantaleev
10bc85962e Upgrade Synapse (1.15.0 -> 1.15.1) 2020-06-16 13:55:27 +03:00
Slavi Pantaleev
6538ae34f5 Upgrade Synapse (v1.14 -> v1.15)
Fixes #539 (Github Issue).
2020-06-11 16:02:01 +03:00
Slavi Pantaleev
10b3ceff72 Make Matrix federation port configurable
Fixes #523 (Github Issue).
2020-06-09 08:29:03 +03:00
Slavi Pantaleev
0113852504 Upgrade matrix-synapse-shared-secret-auth (1.0.1 -> 1.0.2)
There's no change in the source code. Just a release bump for packaing
reasons. It doesn't matter much for us here, but let's be on the latest
tag anyway.
2020-06-08 09:29:55 +03:00
Slavi Pantaleev
f56a9a0f5f
Merge pull request #524 from cnvandijk/fix-executable-path
Remove hardcoded paths to commands on the host machine
2020-05-28 15:39:25 +03:00
Slavi Pantaleev
8bae39050e Update settings for Synapse v1.14.0 2020-05-28 15:23:05 +03:00
tctovsli
45ba01510d
Synapse v.1.14.0 2020-05-28 14:04:37 +02:00
Chris van Dijk
6e3b877dc2 Remove hardcoded command paths in playbook shell usage 2020-05-27 23:14:56 +02:00
Chris van Dijk
6334f6c1ea Remove hardcoded command paths in systemd unit files
Depending on the distro, common commands like sleep and chown may either
be located in /bin or /usr/bin.

Systemd added path lookup to ExecStart in v239, allowing only the
command name to be put in unit files and not the full path as
historically required. At least Ubuntu 18.04 LTS is however still on
v237 so we should maintain portability for a while longer.
2020-05-27 23:14:54 +02:00
Slavi Pantaleev
8fb3ce6f6d Upgrade Synapse (v1.12.4 -> v1.13.0) 2020-05-19 21:35:32 +03:00
Chris van Dijk
7585bcc4ac Allow the matrix user username and groupname to be configured separately
No migration steps should be required.
2020-05-01 19:59:32 +02:00
Chris van Dijk
cf0e56e92b Consistent usage of matrix username and groupname, not uid and gid
This should be a no-op, no migration necessary.
2020-05-01 19:39:17 +02:00
Slavi Pantaleev
9cc0c5955d Use |quote in some command calls 2020-04-24 09:59:30 +03:00
Aaron Raimist
23bfaa72ec
Upgrade Synapse (1.12.3 -> 1.12.4) 2020-04-23 13:30:50 -05:00
Chris van Dijk
3f4bc9b881 Move config supprt for unfederated dimension into group_vars 2020-04-22 19:23:56 +02:00
Marcel Partap
5f63d287b7 Move synapse worker ports up 10k 2020-04-19 19:05:03 +02:00
Marcel Partap
66a4073512 Publish synapse worker ports, need to be accessible to nginx 2020-04-19 19:05:03 +02:00
Marcel Partap
cf452fdf0a Fix corner-cases found through testing (aka ansible is nuts) 2020-04-19 19:05:03 +02:00
Marcel Partap
353bc7c362 Add initial support for synapse workers
· needs documentation; no checks yet for port clashes or typos in worker name
· according to https://github.com/matrix-org/synapse/wiki/Workers-setup-with-nginx#results
  about 90% of requests go to the synchrotron endpoint
· thus, the synchrotron worker is especially suited to be load-balanced
· most of the other workers are documented to support only a single instance
· https://github.com/matrix-org/synapse/blob/master/docs/workers.md
2020-04-19 19:05:03 +02:00
Chris van Dijk
3ddb8cd148 Add support for running dimension in an unfederated environment
This config change follows:

  https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md
2020-04-18 19:00:20 +02:00
Slavi Pantaleev
c13c29f48e Fix |to_nice_yaml breaking formatting
Well, actually 8cd9cde won't work, unless we put the
`|to_nice_yaml` thing on a new line.

We can, but that takes more lines and makes things look uglier.
Using `|to_json` seems good enough.

The whole file is parsed as YAML later on and merged with the
`_extension` variable before being dumped as YAML again in the end.
2020-04-18 11:06:53 +03:00
Slavi Pantaleev
8cd9cdead0 Improve consistency 2020-04-18 11:05:47 +03:00
Tom
e54428b160 Expose allowed local 3pids as a configurable option 2020-04-18 00:11:30 +01:00
Slavi Pantaleev
f78fa3f328 Upgrade Synapse (1.12.0 -> 1.12.3) 2020-04-03 14:26:30 +03:00
Slavi Pantaleev
845f5f007b Make Synapse use ma1sd (if enabled) for threepid registration 2020-04-03 10:08:37 +03:00
Slavi Pantaleev
ac60115190 Fix git installation bug during synapse-simple-antispam installation
Fixes #424 (Github Issue).
2020-03-29 10:11:08 +03:00
Christian Wolf
51c271905d Removed bug in enhanced waiting 2020-03-28 13:00:56 +01:00
Christian Wolf
8c9b5ea6dd Removed a few syntax bugs in Archlinux configuration 2020-03-28 13:00:01 +01:00
Christian Wolf
26bc66117d Removed redunadant waiting 2020-03-28 11:42:41 +01:00
Christian Wolf
d84b2868b7 Added basic changes to make it compatible with Archlinux 2020-03-28 11:39:15 +01:00
mooomooo
eebc6e13f8 Made directory variables for /etc/systemd/system , /etc/cron.d , /usr/local/bin 2020-03-24 11:27:58 -07:00
Slavi Pantaleev
9032151486 Update Synapse configuration for v1.12.0
Some options are no longer required and have sensible default values.
2020-03-23 16:15:03 +02:00
tctovsli
949b5d7a46
Release synapse v.1.12.0 2020-03-23 15:03:40 +01:00
Slavi Pantaleev
027056e027 Fix weird path creation
Fixes #403 (Github Issue).
2020-03-18 18:24:30 +02:00
Slavi Pantaleev
3cee815baf Fix some typos 2020-03-15 11:34:35 +02:00
Slavi Pantaleev
2b85fde103 Rename some variables for consistency 2020-03-15 10:15:27 +02:00
Slavi Pantaleev
8fe97abe7d Wire matrix_container_images_self_build to self_build variables via group_vars/matrix_servers
This keeps the roles cleaner and more independent of matrix-base,
which may be important for people building their own playbook
out of the individual roles and not using the matrix-base role.
2020-03-15 10:10:41 +02:00
Horvath Gergely
2d537484d5 introduce variable 2020-03-14 19:16:29 +01:00
Horvath Gergely
3c8535c3bc check ansible version for self-building in every role 2020-03-08 19:17:10 +01:00
Horvath Gergely
a5d94eec0b refactor variable names 2020-03-08 00:28:14 +01:00
Horvath Gergely
310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
Horvath Gergely
d53d63ab07 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-03-07 13:57:44 +01:00
Slavi Pantaleev
a727e7c497 Upgrade Synapse (v1.11.0 -> v1.11.1) 2020-03-03 17:32:22 +02:00
Horvath Gergely
ac118d2f25 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-02-21 18:09:45 +01:00
Slavi Pantaleev
5de8f27122 Upgrade Synapse (v1.10.1 -> v1.11.0) 2020-02-21 12:32:35 +02:00
Horvath Gergely
5a4e4f6fb9 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-02-21 07:36:49 +01:00
Slavi Pantaleev
8343ff5268
Add missing to_json filter 2020-02-19 10:13:36 +02:00
Horvath Gergely
d8b31afd1a Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-02-18 21:46:59 +01:00
orange
45e32bdad2 add synapse config enable_group_creation 2020-02-18 18:05:54 +01:00
Horvath Gergely
a096eafb45 add possibility to install synapse on raspberry pi 2020-02-17 21:48:48 +01:00
Dan Arnfield
96557c6280 Update synapse (1.10.0 -> 1.10.1) 2020-02-17 13:27:05 -06:00
Dan Arnfield
bac7685ce4 Update synapse (1.9.1 -> 1.10.0) 2020-02-12 06:46:52 -06:00
Slavi Pantaleev
f9a67624e1 Upgrade Synapse (1.9.0 -> 1.9.1) 2020-01-28 16:02:09 +02:00
Slavi Pantaleev
c9f2bf89b5 Fix incorrect REST Auth module URL
Regression since #362 (Github Pull Request).
2020-01-27 12:22:40 +02:00
Slavi Pantaleev
c2135d1afe Switch from kamax-matrix/matrix-synapse-rest-password-provider to ma1uta/matrix-synapse-rest-password-provider
Synapse v1.9.0 changed some things which made the REST Auth Password
Provider break.

The ma1uta/matrix-synapse-rest-password-provider implements some
workarounds for now and will likely deliver a proper fix in the future.

Not much has changed between the 2 projects, so this should be a
painless transition.
2020-01-25 10:23:59 +02:00
Slavi Pantaleev
2c04384e8e Synchronize config with the one from Synapse 1.9.0
Related to #355.
2020-01-23 15:47:53 +02:00
Paul Tötterman
e9761679eb
Upgrade Synapse to 1.9.0 2020-01-23 15:46:24 +02:00
Dan Arnfield
86eff45e8b uri.follow_redirects is now a string field 2020-01-22 15:36:54 -06:00
Slavi Pantaleev
fddd3f922f Upgrade Synapse to 1.8.0 2020-01-09 15:33:35 +02:00
Dan Arnfield
4f3f263420 Update synapse (1.7.2 -> 1.7.3) 2019-12-31 06:28:58 -06:00
Slavi Pantaleev
8b5b075fda Fix typo 2019-12-31 11:25:09 +02:00
Slavi Pantaleev
0e3e3cdf86 Upgrade Synapse (1.7.1 -> 1.7.2) 2019-12-20 13:20:54 +02:00
Slavi Pantaleev
b09f5a783b Upgrade Synapse (1.7.0 -> 1.7.1) 2019-12-18 12:15:52 +02:00
Slavi Pantaleev
d69ddcfdac Upgrade Synapse (1.6.1 -> 1.7.0) 2019-12-13 14:52:29 +02:00
Aaron Raimist
79d1576648
Allow Synapse manhole to be enabled
Can you double check that the way I have this set only exposes it locally? It is important that the manhole is not available to the outside world since it is quite powerful and the password is hard coded.
2019-12-05 00:07:15 -06:00
Slavi Pantaleev
b8baf1356e Upgrade Synapse (1.6.0 -> 1.6.1) 2019-11-28 13:59:42 +02:00
Slavi Pantaleev
0c51440426 Update Synapse to v1.6.0 2019-11-26 16:28:17 +02:00
Slavi Pantaleev
2da40c729a Do not expose server room directory by default
Prompted by: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers

This is a bit controversial, because.. the Synapse default remains open,
while the general advice (as per the blog post) is to make it more private.

I'm not sure exactly what kind of server people set up and whether they
want to make the room directory public. Our general goal is to favor
privacy and security when running personal (family & friends) and corporate
homeservers, both of which likely benefit from having a more secure default.
2019-11-10 08:55:46 +02:00
Slavi Pantaleev
50614f1bad Simplify Prerequisites a bit
Don't mention systemd-journald adjustment anymore, because
we've changed log levels to WARNING and Synapse is not chatty by default
anymore.

The "excessive log messages may get dropped on CentOS" issue no longer
applies to most users and we shouldn't bother them with it.
2019-11-10 08:35:17 +02:00
Michael Haak
5b213e6ad0 Replace constructs appending elements with variables to matrix_synapse_container_extra_arguments. Fixes issue https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/304 2019-11-09 23:16:12 +01:00
Slavi Pantaleev
f0e80218b0 Upgrade Synapse (1.5.0 -> 1.5.1) 2019-11-06 12:28:48 +02:00
recklesscoder
5d3b765241
Actually use matrix_synapse_storage_path
matrix_synapse_storage_path is already defined in matrix-synapse/defaults/main.yml (with a default of "{{ matrix_synapse_base_path }}/storage"), but was not being used for its presumed purpose in matrix-synapse.service.j2. As a result, if matrix_synapse_storage_path was overridden (in a vars.yml), the synapse service failed to start.
2019-11-02 13:46:02 +01:00
Dan Arnfield
f0ce0db7dc Update synapse (1.4.1 -> 1.5.0) 2019-10-29 10:41:46 -05:00
Slavi Pantaleev
e0ea708acc Upgrade Synapse (1.4.0 -> 1.4.1) 2019-10-18 13:31:40 +03:00
Julian Foad
7ce80bc58e
Quote docker args in case inputs contain spaces 2019-10-14 08:59:56 +01:00
Slavi Pantaleev
a37b96d829 Upgrade Synapse to 1.4.0 2019-10-03 19:26:38 +03:00
Slavi Pantaleev
392f8202bd Make SAML2 configuration match sample config generated using generate command 2019-10-03 19:26:38 +03:00
Aaron Raimist
413d9ec143
WIP: Upgrade Synapse (1.3.1 -> 1.4.0rc2) 2019-10-02 21:35:44 -05:00
Slavi Pantaleev
73c90e9513 Try to make Synapse config/key generation respect uid/gid
Attempt at fixing #268 (Github Issue)
2019-09-23 18:08:36 +03:00
Slavi Pantaleev
68ed2ebefa Add support for Synapse Simple Antispam
Fixes #255 (Github Issue).
2019-09-09 08:13:10 +03:00
Slavi Pantaleev
4b1e9a4827 Add support for configuring Synapse spam_checker setting 2019-09-09 08:11:32 +03:00
Slavi Pantaleev
10a9deba4a Make Synapse configuration extensible 2019-08-22 09:49:22 +03:00
Slavi Pantaleev
b440d5b73c Remove some fact definitions during runtime 2019-08-22 08:00:02 +03:00
Dan Arnfield
42ea3cb0e1 Update synapse (1.3.0 -> 1.3.1) 2019-08-19 06:45:51 -05:00
Slavi Pantaleev
1b2191a0f1 Add new Synapse configuration options (since 1.3.0)
Continuation of #246 (Github Pull Request)
2019-08-16 09:57:51 +03:00
Dan Arnfield
7b5e633776 Update synapse (1.2.1 -> 1.3.0) 2019-08-15 06:59:37 -05:00
Slavi Pantaleev
99f5baa7bb Fix undefined variable error (matrix_synapse_id_servers_public)
This only gets triggered if:
- the Synapse role is used standalone and the default values are used
- the whole playbook is used, with `matrix_mxisd_enabled: false`
2019-08-08 18:30:54 +03:00
Oleg Fiksel
43628ddad6 Added "|to_json" to ensure we really pass a boolean 2019-08-08 12:11:19 +02:00
Oleg Fiksel
f713bbe0f8 Added possibility to enable guest access on synapse 2019-08-08 11:57:35 +02:00
Slavi Pantaleev
6fe4bafc2a Decrease default Synapse logging level
Also discussed previously in #213 (Github Pull Request).

shared-secret-auth and rest-auth logging is still at `INFO`
intentionally, as user login events seem more important to keep.
Those modules typically don't spam as much.
2019-08-03 07:48:04 +03:00
Slavi Pantaleev
bd99dd05b4 Upgrade Synapse (1.2.0 -> 1.2.1) 2019-07-26 14:17:31 +03:00
Slavi Pantaleev
255b67a0ce Update homeserver.yaml with new options from Synapse v1.2.0
Related to #223 (Github Pull Request)
2019-07-25 22:03:12 +03:00
Dan Arnfield
0e54515c9d Update synapse (1.1.0 -> 1.2.0) 2019-07-25 08:42:33 -05:00
Slavi Pantaleev
631a14bf0c Rename run control variables for consistency 2019-07-08 09:38:36 +03:00
Slavi Pantaleev
17cd52ced6 Make Synapse log messages a bit prettier
ef5e4ad061 intentionally makes us conform to
the logging format suggested by the official Docker image.

Reverting this part, because it's uglier.

This likely should be fixed upstream as well though.
2019-07-04 18:19:52 +03:00
Slavi Pantaleev
ef5e4ad061 Make Synapse not log to text files
Somewhat related to #213 (Github Pull Request).

We've been moving in the opposite direction for quite a long time.
All services should just leave logging to systemd's journald.
2019-07-04 17:46:31 +03:00
Slavi Pantaleev
b84139088c Fix password providers not working on Synapse v1.1.0
Fixes a regression introduced during the upgrade to
Synapse v1.1.0 (in 2b3865ceea).

Since Synapse v1.1.0 upgraded to Python 3.7
(https://github.com/matrix-org/synapse/pull/5546),
we need to use a different modules directory when mounting
password provider modules.
2019-07-04 17:28:38 +03:00
Slavi Pantaleev
73158e6c2f Fix unintentionally inverted boolean
Fixes a problem introduced by da6edc9cba.

Related to #145 (Github Pull Request).
2019-07-04 17:27:42 +03:00
Slavi Pantaleev
da6edc9cba Add support for disabling Synapse's local database for user auth
This is a new feature of Synapse v1.1.0.

Discussed in #145 (Github Pull Request).
2019-07-04 17:11:51 +03:00
Slavi Pantaleev
2b3865ceea Upgrade Synapse (1.0.0 -> 1.1.0) 2019-07-04 16:58:45 +03:00
Slavi Pantaleev
f4574961c7
Prevent double-quotes around default room version
Using `|to_json` on a string is expected to correctly wrap it in quotes (e.g. `"4"`).
Wrapping it explicitly in double-quotes results in undesirable double-quoting (`""4""`).
2019-06-12 09:17:35 +03:00
Aaron Raimist
483bdd8c01
Allow default room version to be configured 2019-06-11 21:18:06 -05:00
Slavi Pantaleev
e4068e55ee Upgrade Synapse (0.99.5.2 -> 1.0.0) 2019-06-11 20:30:18 +03:00
Slavi Pantaleev
7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
Aaron Raimist
79f4bcf5be
Enable sentry.io integration 2019-06-07 16:02:41 -05:00
Slavi Pantaleev
d6d6c152a3 Delay bridge startup to ensure Synapse is up
Bridges start matrix-synapse.service as a dependency, but
Synapse is sometimes slow to start, while bridges are quick to
hit it and die (if unavailable).

They'll auto-restart later, but .. this still breaks `--tags=start`,
which doesn't wait long enough for such a restart to happen.

This attempts to slow down bridge startup enough to ensure Synapse
is up and no failures happen at all.
2019-06-07 12:15:37 +03:00
Slavi Pantaleev
3bc8aa0a82 Upgrade Synapse (0.99.5.1 -> 0.99.5.2) 2019-05-30 20:50:09 +03:00
Slavi Pantaleev
2982b03809 Explicitly serialize matrix_synapse_app_service_config_files
Attempt to fix #192 (Github Issue), potential regression since
70487061f4.

Serializing as JSON/YAML explicitly is much better than relying on
magic (well, Python serialization being valid YAML..).
It seems like Python may prefix strings with `u` sometimes (Python 3?),
which causes Python serialization to not be compatible with YAML.
2019-05-30 09:42:08 +03:00
Slavi Pantaleev
70487061f4 Prefer --mount instead of -v for mounting volumes
This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.
2019-05-29 09:59:50 +03:00
Slavi Pantaleev
ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
Slavi Pantaleev
a8b633561d Upgrade Synapse (v0.99.4 -> v0.99.5.1) 2019-05-23 09:23:04 +09:00
Dan Arnfield
9c23d877fe Fix docker_image option for ansible < 2.8 2019-05-22 05:43:33 -05:00
Dan Arnfield
db15791819 Add source option to docker_image to fix deprecation warning 2019-05-21 10:29:12 -05:00
Dan Arnfield
3982f114af Fix CONDITIONAL_BARE_VARS deprecation warning in ansible 2.8 2019-05-21 10:25:59 -05:00
Slavi Pantaleev
affb99003c Improve Synapse variable naming consistency 2019-05-21 12:09:38 +09:00
Slavi Pantaleev
a1e9818356 Update comment 2019-05-21 11:25:32 +09:00
Slavi Pantaleev
fc7ba153b1 Make matrix-synapse role respect matrix_synapse_enabled flag 2019-05-21 10:46:49 +09:00
Slavi Pantaleev
8d654aecdd Improve file naming consistency 2019-05-21 09:57:48 +09:00
Slavi Pantaleev
e3b4622ac8 Split Synapse extension tasks into install/uninstall files 2019-05-18 06:36:54 +09:00
Slavi Pantaleev
663d1add92 Move matrix-appservice-discord into a separate role 2019-05-18 01:14:12 +09:00
Slavi Pantaleev
13c4e7e5b6 Merge branch 'master' into separate-bridge-roles 2019-05-16 09:45:06 +09:00
Slavi Pantaleev
ae7c8d1524 Use SyslogIdentifier to improve logging
Reasoning is the same as for matrix-org/synapse#5023.

For us, the journal used to contain `docker` for all services, which
is not very helpful when looking at them all together (`journalctl -f`).
2019-05-16 09:43:46 +09:00
Slavi Pantaleev
cf3117011b Upgrade Synapse (0.99.3.2 -> 0.99.4) 2019-05-16 09:20:43 +09:00
Slavi Pantaleev
3339e37ce9 Move matrix-appservice-irc into a separate role 2019-05-16 09:07:40 +09:00
Slavi Pantaleev
43fd3cc274 Move mautrix-facebook into a separate role 2019-05-15 09:34:31 +09:00
Marcel Partap
5aa7f637d8 Fix matrix_synapse_ext_password_provider_ldap_start_tls (it's boolean) 2019-05-14 23:09:59 +02:00
Slavi Pantaleev
bb816df557 Move mautrix telegram and whatsapp into separate roles
The goal is to move each bridge into its own separate role.
This commit starts off the work on this with 2 bridges:
- mautrix-telegram
- mautrix-whatsapp

Each bridge's role (including these 2) is meant to:

- depend only on the matrix-base role

- integrate nicely with the matrix-synapse role (if available)

- integrate nicely with the matrix-nginx-proxy role (if available and if
required). mautrix-telegram bridge benefits from integrating with
it.

- not break if matrix-synapse or matrix-nginx-proxy are not used at all

This has been provoked by #174 (Github Issue).
2019-05-14 23:47:22 +09:00
Slavi Pantaleev
873c291be6 Fix appservice-discord configuration-extension merging 2019-05-14 08:24:03 +09:00
Slavi Pantaleev
216cdf8c74
Merge pull request #166 from izissise/mautrix-facebook
Mautrix facebook
2019-05-09 10:05:14 +03:00
Dan Arnfield
958ad68078 Add registrations_require_3pid synapse option 2019-05-08 12:29:18 -05:00
Hugues Morisset
a82d5ed281 Add tulir mautrix-facebook (https://github.com/tulir/mautrix-facebook) 2019-05-08 17:11:07 +02:00
Slavi Pantaleev
5f2f17cb1e
Merge pull request #160 from danbob/fix-matrix-mxisd-config
Fix template indentation
2019-05-08 08:01:00 +03:00
Hugues De Keyzer
c451025134 Fix indentation in templates
Use Jinja2 lstrip_blocks option in templates to ensure consistent
indentation in generated files.
2019-05-07 21:23:35 +02:00
Dan Arnfield
3abed49764 Fix jinja config for indented code blocks 2019-05-07 06:02:38 -05:00
Slavi Pantaleev
0e7310fd7c
Merge pull request #164 from TheLastProject/fix/string_before_to_json
string before to_json when string value is expected
2019-05-07 10:41:41 +03:00
Sylvia van Os
9ea593df37 Fix incorrect casts 2019-05-07 09:35:51 +02:00
Sylvia van Os
ed0ecf5bea string before to_json when string value is expected
This prevents Ansible from sometimes failing to decrypt vault variables
2019-05-06 10:10:27 +02:00
Slavi Pantaleev
e0b7b4dc61
Merge pull request #159 from TheLastProject/feature/docker_add_hosts
Add the possibility to pass extra flags to the docker container
2019-05-05 10:22:59 +03:00
Slavi Pantaleev
1653e40239
Merge pull request #158 from lpopov/master
Add the ability to update user passwords with ansible
2019-05-05 10:21:45 +03:00
Slavi Pantaleev
6bea3237c9
Merge pull request #163 from aaronraimist/synapse-0.99.3.1
Update Synapse (0.99.3 -> 0.99.3.1)
2019-05-03 22:10:20 +03:00
Aaron Raimist
8051ea9ef9
Update Synapse (0.99.3.1 -> 0.99.3.2) 2019-05-03 13:34:45 -05:00
Aaron Raimist
d1646bb497
Update Synapse (0.99.3 -> 0.99.3.1) 2019-05-03 12:07:58 -05:00
Lyubomir Popov
a206b65ed7 Use the '-p' non-interactive option to generate password hash instead of 'expect' 2019-05-03 11:02:17 +03:00
Sylvia van Os
75b1528d13 Add the possibility to pass extra flags to the docker container 2019-04-30 16:35:18 +02:00
Lyubomir Popov
134faa3139 Add the ability to update user passwords with ansible (when using the matrix-postgres container). 2019-04-30 16:30:26 +03:00
Sylvia van Os
bf77f776a2 Add variable to disable homeserver url preview 2019-04-30 13:58:48 +02:00
Ciaran Ainsworth
8624cf4a57 Fixed default url preview settings 2019-04-26 14:11:40 +01:00
Slavi Pantaleev
892abdc700 Do not refer to Synapse as "Matrix Synapse" 2019-04-23 10:20:56 +03:00
Slavi Pantaleev
39566aa7fe Generate a Synapse signing key file, if missing
The code used to check for a `homeserver.yaml` file and generate
a configuration (+ key) only if such a configuration file didn't exist.

Certain rare cases (setting up with one server name and then
changing to another) lead to `homeserver.yaml` being there,
but a `matrix.DOMAIN.signing.key` file missing (because the domain
changed).
A new signing key file would never get generated, because `homeserver.yaml`'s
existence used to be (incorrectly) satisfactory for us.

From now on, we don't mix things up like that.
We don't care about `homeserver.yaml` anymore, but rather
about the actual signing key.

The rest of the configuration (`homeserver.yaml` and
`matrix.DOMAIN.log.config`) is rebuilt by us in any case, so whether
it exists or not is irrelevant and doesn't need checking.
2019-04-23 10:06:42 +03:00
Lyubomir Popov
eab8f31eed Add additional room config options:
- matrix_enable_room_list_search - Controls whether searching the public room list is enabled.
 - matrix_alias_creation_rules - Controls who's allowed to create aliases on this server.
 - matrix_room_list_publication_rules - Controls who can publish and which rooms can be published in the public room list.
2019-04-16 12:40:38 +03:00
Slavi Pantaleev
9a05b030cb Fix unknown tag error when generating Goofys service
`{% matrix_s3_media_store_custom_endpoint_enabled %}` should have
been `{% if matrix_s3_media_store_custom_endpoint_enabled %}` instead.

Related to #132 (Github Pull Request).
2019-04-10 08:45:52 +03:00
Alexander Acevedo
6cc6638098
revert 3953705682
that's not how it works
2019-04-05 06:01:58 -04:00
Alexander Acevedo
3953705682
add custom endpoint environment variable 2019-04-05 05:56:36 -04:00
Alexander Acevedo
3ffb03f20e
missing whitespace 2019-04-05 05:54:58 -04:00
Alexander Acevedo
c55e49d733
add custom endpoint to matrix-goofys.service.j2
This (should) check if custom endpoint is enabled.
2019-04-05 05:48:31 -04:00
Alexander Acevedo
b5fbec8d83
add goofys custom
Creates the configuration variable to toggle custom endpoint and the default custom endpoint.
2019-04-05 05:33:38 -04:00
Slavi Pantaleev
af1c9ae59d Do not force firewalld on people
In most cases, there's not really a need to touch the system
firewall, as Docker manages iptables by itself
(see https://docs.docker.com/network/iptables/).

All ports exposed by Docker containers are automatically whitelisted
in iptables and wired to the correct container.

This made installing firewalld and whitelisting ports pointless,
as far as this playbook's services are concerned.

People that wish to install firewalld (for other reasons), can do so
manually from now on.

This is inspired by and fixes #97 (Github Issue).
2019-04-03 11:37:20 +03:00