1
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-12-12 08:43:55 +02:00
Commit Graph

283 Commits

Author SHA1 Message Date
fnoah
64370cb58b Fix formatting issues 2019-10-22 09:54:13 +02:00
Noah Fleischmann
852fceb33f Add documentation 2019-10-21 20:11:00 +02:00
Slavi Pantaleev
e32aaacaa7 Make gzipped SQL dumps by default during --upgrade-postgres 2019-10-05 11:42:08 +03:00
Slavi Pantaleev
29526e7bb1 Add support for backing up / importing all Postgres databases/users 2019-10-05 11:42:08 +03:00
Paul Tötterman
aabb16d78b Fix spelling ngnix -> nginx 2019-10-04 11:07:37 +03:00
Slavi Pantaleev
9c438a3870 Add support for Postgres v12 2019-10-04 08:51:36 +03:00
Slavi Pantaleev
810d0fb0e4 Make it possible to serve static websites from the base domain 2019-10-03 11:24:04 +03:00
Arehandoro
d7343389ec
Update configuring-well-known.md 2019-09-23 16:44:13 +01:00
Slavi Pantaleev
68ed2ebefa Add support for Synapse Simple Antispam
Fixes #255 (Github Issue).
2019-09-09 08:13:10 +03:00
sudneo
b2e0e4efe3 Adds doc for HAproxy 2019-08-25 22:53:34 +03:00
Slavi Pantaleev
0edd7e8089 Make Riot-web configuration extensible
Fixes #71 (Github Issue).
2019-08-25 10:37:05 +03:00
Slavi Pantaleev
c4eebc5355 Add information about community-grouping for the Facebook bridge 2019-08-24 12:14:17 +03:00
Slavi Pantaleev
10a9deba4a Make Synapse configuration extensible 2019-08-22 09:49:22 +03:00
Slavi Pantaleev
65da600426
Merge branch 'master' into master 2019-08-21 07:34:20 +03:00
Slavi Pantaleev
63d1ed1d56 Update changelog and documentation 2019-08-21 07:24:58 +03:00
Slavi Pantaleev
c8a4d59a81
Merge pull request #251 from Munfred/master
Add mautrix-hangouts bridge role and documentation
2019-08-21 07:15:14 +03:00
Eduardo Beltrame
53ae84f627
Add documentation on mautrix-hangouts bridge 2019-08-19 23:00:05 -07:00
Eduardo Beltrame
ecff0f4a67
Describe setting up SMTP server with Sendgrid 2019-08-18 19:55:54 -07:00
kingoftheconnors
63cf891842 Improved documentation 2019-08-13 10:54:58 -04:00
Slavi Pantaleev
c2c0481d90 Mention Email2Matrix usage alongside Postfix 2019-08-09 12:15:44 +03:00
Slavi Pantaleev
3e57a1463a Serve nginx status page over HTTPS as well
Continuation of #234 (Github Pull Request).

I had unintentionally updated the documentation for the feature,
saying the page is available at `https://matrix.DOMAIN/nginx_status`.

Looks like it wasn't the case, going against my expectations.

I'm correcting this with this patch.
The status page is being made available on both HTTP and HTTPS.
Serving over HTTP is likely necessary for services like
Longview
(https://www.linode.com/docs/platform/longview/longview-app-for-nginx/)
2019-08-07 12:53:53 +03:00
Slavi Pantaleev
f97175a1c6
Update configuring-playbook-ngnix.md 2019-08-07 12:35:48 +03:00
p5t2vspoqqw
4b8190dc3f serve status page for matrix.DOMAIN only 2019-08-07 10:54:14 +02:00
p5t2vspoqqw
281f2ee519 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-08-07 09:30:24 +02:00
Slavi Pantaleev
bce165f247 Do not suggest DEBUG logging when submitting issues
It's been pointed out that DEBUG logs could contain sensitive
information (access tokens, etc.), which makes them unsuitable
for sharing with others. INFO should be enough.
2019-08-06 07:14:52 +03:00
Slavi Pantaleev
d222640140 Add firewall notice about email2matrix 2019-08-05 14:10:24 +03:00
Slavi Pantaleev
4be35822dd Add Email2Matrix support 2019-08-05 13:09:49 +03:00
p5t2vspoqqw
51d5741bb3 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-08-05 09:34:30 +02:00
Esko
f084bb4ae5
Clarify sentence about dedicated user for access token 2019-08-04 05:18:16 +02:00
Slavi Pantaleev
6fe4bafc2a Decrease default Synapse logging level
Also discussed previously in #213 (Github Pull Request).

shared-secret-auth and rest-auth logging is still at `INFO`
intentionally, as user login events seem more important to keep.
Those modules typically don't spam as much.
2019-08-03 07:48:04 +03:00
kingoftheconnors
49766c5dac Added Slack role 2019-07-26 21:37:21 -04:00
p5t2vspoqqw
5054fff88b Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-12 15:45:19 +02:00
Slavi Pantaleev
99283ef684 Add note about SMTPS not being supported
Fixes #216 (Github Issue).
2019-07-10 08:43:27 +03:00
Slavi Pantaleev
0e4030f05c Add missing word 2019-07-09 09:14:57 +03:00
Slavi Pantaleev
76862f4f2a Suggest running start tag after janitor and Postgres vacuum
We do restart Synapse explicitly, but some other services
(bridges, matrix-corporal, ..) may not restart sometimes.

It's best to restart all services explicitly.
2019-07-08 11:09:23 +03:00
Slavi Pantaleev
e317de5ac1 Fix broken link 2019-07-08 09:40:52 +03:00
Slavi Pantaleev
0ca21d80d7 Add Synapse Maintenance docs and synapse-janitor integration 2019-07-08 09:38:36 +03:00
p5t2vspoqqw
d88e261150 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-05 16:12:29 +02:00
Slavi Pantaleev
ef5e4ad061 Make Synapse not log to text files
Somewhat related to #213 (Github Pull Request).

We've been moving in the opposite direction for quite a long time.
All services should just leave logging to systemd's journald.
2019-07-04 17:46:31 +03:00
Slavi Pantaleev
da6edc9cba Add support for disabling Synapse's local database for user auth
This is a new feature of Synapse v1.1.0.

Discussed in #145 (Github Pull Request).
2019-07-04 17:11:51 +03:00
p5t2vspoqqw
9874c3df90 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-26 10:41:14 +02:00
Slavi Pantaleev
8529efcd1c Make Discord bridge configuration playbook-managed
Well, `config.yaml` has been playbook-managed for a long time.
It's now extended to match the default sample config of the Discord
bridge.

With this patch, we also make `registration.yaml` playbook-managed,
which leads us to consistency with all other bridges.

Along with that, we introduce `./config` and `./data` separation,
like we do for the other bridges.
2019-06-26 10:35:00 +03:00
Slavi Pantaleev
59b56fa504 Update Docker image of Ansible (2.7.0 -> 2.8.1) 2019-06-26 07:40:36 +03:00
p5t2vspoqqw
466b35b1b6 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-19 16:56:29 +02:00
Slavi Pantaleev
174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev
5002c7edaa Fix broken docs link 2019-06-19 10:30:04 +03:00
Slavi Pantaleev
2e16257e50 Do not ask for _matrix._tcp SRV records anymore
With most people on Synapse v0.99+ and Synapse v1.0 now available,
we should no longer try to be backward compatible with Synapse 0.34,
because this just complicates the instructions for no good reason.
2019-06-12 14:51:10 +03:00
p5t2vspoqqw
8fcdac3738 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-12 10:10:52 +02:00
Slavi Pantaleev
8a7b3d5bd0
Make instructions simpler and safer
Changes to the original are:
- it tells people to stop and disable services, so that:
   - services won't be running while you are copying files
   - services won't accidentally start again later
- it does the file-copying in 1 step
- it does copying before running `--tags=setup-all`, so that existing files (SSL certificates, etc.) can be reused. Otherwise, the playbook starts from a blank slate, retrieves them anew, generates new signing keys anew, etc. Only to have those replaced by your own old backup later.
- it mentions DNS changes
- combines `--tags=setup-all,start` into a single step, thanks to the files being already copied
2019-06-12 09:36:19 +03:00
Michael Haak
a8dc0befa9 Added a basic guide on migrating to another server 2019-06-11 22:06:25 +02:00
Slavi Pantaleev
4f0bcc624f Fix typo 2019-06-07 14:29:51 +03:00
Slavi Pantaleev
04bc50a282 Make Facebook bridge docs more detailed 2019-06-07 13:51:43 +03:00
p5t2vspoqqw
4b657b3822 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-03 10:13:25 +02:00
Slavi Pantaleev
70487061f4 Prefer --mount instead of -v for mounting volumes
This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.
2019-05-29 09:59:50 +03:00
Slavi Pantaleev
5bfd22d13b Fix incorrect inventory host_vars paths 2019-05-24 08:06:42 +09:00
p5t2vspoqqw
0cfa73f153 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-23 10:48:22 +02:00
Slavi Pantaleev
1e1c7933e2 Mention Postgres + SSL in the docs
Refers to #89 (Github Issue)
2019-05-22 09:17:33 +09:00
Marcel Partap
66388c1f5b Provide a sample rest_auth_endpoint close to actual setup 2019-05-15 01:51:02 +02:00
Aaron Raimist
2d1fbdb51d
Move around options on updating-users-passwords.md
and provide an example for using the admin API
2019-05-11 21:39:31 -05:00
Aaron Raimist
59e05672d0
Convert registering-users.md to use ``` syntax for code blocks
The bit about the matrix-make-user-admin script was messed up (it wasn't actually a code block so the "<username>" was hidden). For me at least it seems like the ``` syntax is much harder to accidentally mess up.
2019-05-10 15:38:22 -05:00
Aaron Raimist
12b7cccbc6
Mention the Synapse User Admin API on updating-users-passwords.md 2019-05-10 15:33:15 -05:00
p5t2vspoqqw
4315b472af Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-09 09:34:09 +02:00
Slavi Pantaleev
2dd8d07ac9 Add docs about using other S3-compatible object stores 2019-05-09 10:28:01 +03:00
Slavi Pantaleev
216cdf8c74
Merge pull request #166 from izissise/mautrix-facebook
Mautrix facebook
2019-05-09 10:05:14 +03:00
Slavi Pantaleev
d91cff3f7a Add docs about integrating mxisd's Registration feature
Docs for #161 (Github issue) and #168 (Github Pull Request).
2019-05-09 09:55:03 +03:00
Slavi Pantaleev
ccb33369a7
Merge pull request #169 from verb/federation-tester
Update URL for Matrix federation tester
2019-05-09 09:22:10 +03:00
Lee Verberne
8b5c1b0bd5 Update URL for Matrix federation tester
The previous URL returns a 404.
2019-05-09 07:04:46 +02:00
Hugues Morisset
d4372d5ba8 Add mautrix-facebook doc 2019-05-08 17:11:07 +02:00
Slavi Pantaleev
e6fecd51d5 Explain DNS SRV vs /.well-known/matrix/server better
Hopefully, we no longer lead people to believe that DNS SRV
records are going away forever and for all use-cases.

Fixes #156 (Github Issue)
2019-05-05 11:04:52 +03:00
Lyubomir Popov
134faa3139 Add the ability to update user passwords with ansible (when using the matrix-postgres container). 2019-04-30 16:30:26 +03:00
p5t2vspoqqw
c2eabf2b9d Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-04-23 09:45:10 +02:00
p5t2vspoqqw
7ee6927ca9 add suggested change; correct indent 2019-04-23 09:44:02 +02:00
Slavi Pantaleev
892abdc700 Do not refer to Synapse as "Matrix Synapse" 2019-04-23 10:20:56 +03:00
Slavi Pantaleev
9ea5088761 Add TURN server configuration documentation 2019-04-19 09:57:41 +03:00
Slavi Pantaleev
a4da1535dd Split additional configuration options in groups
It's too many configuration options to keep them in a single list.
Trying to put some order.
2019-04-19 09:54:18 +03:00
p5t2vspoqqw
deeefac84c add ngnix-status to config
add doc
2019-04-17 13:45:42 +02:00
jreichmann
aba8327991
Give a hint to look into the examples if using caddy 2019-04-16 19:46:17 +02:00
Slavi Pantaleev
9c401efb2d Add a note about beta/pre-release distros 2019-04-16 13:10:31 +03:00
Slavi Pantaleev
9202b2b8d9 Ensure systemd services are running when doing --tags=start
Fixes #129 (Github Issue).

Unfortunately, we rely on `service_facts`, which is only available
in Ansible >= 2.5.

There's little reason to stick to an old version such as Ansible 2.4:
- some time has passed since we've raised version requirements - it's
time to move into the future (a little bit)
- we've recently (in 82b4640072) improved the way one can run
Ansible in a Docker container

From now on, Ansible >= 2.5 is required.
2019-04-03 11:19:06 +03:00
Slavi Pantaleev
82b4640072 Use a more suitable Docker image for running Ansible
Inspired by #128 (Github Issue), we've created a new Docker image
to replace https://hub.docker.com/r/qmxme/ansible

Adding dnspython or dig to `qmxme/ansible` doesn't seem like a good
idea (that might be accepted by them), given that it's specific to our
use case. That's why we'll be maintaining our own image from now on.
2019-04-03 10:28:23 +03:00
Slavi Pantaleev
631b7cc6a6 Add support for adjusting Synapse rate-limiting configuration 2019-04-01 21:40:14 +03:00
Borjan Tchakaloff
cbd629e7ea Specify that cron is likely required on the server
When using Let's Encrypt SSL certificates, a cronjob is set up to
automatically renew them. Though it does require a `cron`-compatible
program on the server.

This fixes the error that is caused by the `/etc/cron.d` directory
not existing and the `ansible-cron` module trying to write out a
file there -- without checking if the directory exists first.
2019-03-22 17:44:24 +01:00
Slavi Pantaleev
1939fc9113 Improve documentation a bit 2019-03-19 18:23:54 +02:00
Slavi Pantaleev
59e37105e8 Add TLS support to Coturn 2019-03-19 10:24:39 +02:00
Slavi Pantaleev
10d9293121 Indicate that TURN ports are a range 2019-03-13 08:23:10 +02:00
Slavi Pantaleev
c545d3eb85 Add support for serving base domain via matrix-nginx-proxy 2019-03-12 23:01:16 +02:00
Slavi Pantaleev
1974935bc6 Update docs a bit 2019-03-12 11:38:59 +02:00
Slavi Pantaleev
54e79c10a1
Merge pull request #112 from NullIsNot0/master
Fix Dimension documentation
2019-03-10 21:53:33 +02:00
Slavi Pantaleev
52486356e5 Add some more links to Dimension's homepage 2019-03-10 21:43:03 +02:00
Edgars Voroboks
c49ba1c4ab Fix Dimension documentation 2019-03-10 21:41:31 +02:00
Slavi Pantaleev
a1f9869eb2 Improve documentation about getting the playbook 2019-03-10 17:02:20 +02:00
Edgars Voroboks
9f5215c95a Make some additions to Dimension documentation 2019-03-10 13:17:56 +02:00
Edgars Voroboks
1bff4893d9 Provide Dimension documentation 2019-03-10 10:12:31 +02:00
Slavi Pantaleev
ae7e17e64a Add information about mxisd email template customization
Related to #108 (Github Pull Request).
2019-03-08 12:06:50 +02:00
Slavi Pantaleev
401d7560e9 Make Discord bridging instructions more detailed
It didn't mention `matrix_appservice_discord_client_id` and
`matrix_appservice_discord_bot_token`, which makes it hard for
beginners.

Related to #105 (Github Pull Request).
2019-03-05 09:10:32 +02:00
Lionstiger
b5ae0254fd used ` backticks instead of double quotes 2019-03-04 14:41:58 +01:00
Lionstiger
faa16617da add documentation 2019-03-03 19:34:30 +01:00
Lionstiger
835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
Slavi Pantaleev
041a1947b3 Update Synapse (0.99.1.1 -> 0.99.2) 2019-03-02 10:03:09 +02:00
frlae
6b47ebeaa7 fixed a small path typo in playbook telemetry docs 2019-03-01 07:48:45 +01:00
Slavi Pantaleev
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev
28bd6dc75b Improve Telegram/Whatsapp instructions 2019-02-22 14:50:07 +02:00
Slavi Pantaleev
747574ab56 Update Prerequisites a bit 2019-02-20 11:39:04 +02:00
Slavi Pantaleev
b79db89221 Improve wording a bit 2019-02-15 10:03:33 +02:00
Slavi Pantaleev
fcdc2a6c4f Fix incomplete sentence 2019-02-15 10:01:10 +02:00
Slavi Pantaleev
eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
Slavi Pantaleev
70b2f07fec Add PostgreSQL backup information 2019-02-09 14:36:47 +02:00
Slavi Pantaleev
46accfdb3c Add guide about certificates for other domains
We had something like that on the Server Delegation how-to page,
but it's better if we have it on the SSL certificates page.

Relocated there and improved linking.

Fixes #94 (Github Issue)
2019-02-08 11:59:00 +02:00
Slavi Pantaleev
f4fa03d4b9 Re-iterate where one can find the well-known files 2019-02-07 19:43:00 +02:00
Slavi Pantaleev
ef903fe544 Add some quick links 2019-02-06 13:30:24 +02:00
Slavi Pantaleev
e9cfcb8429 Fix another YAML indentation problem on documentation page 2019-02-06 13:04:19 +02:00
Slavi Pantaleev
92aa5bfa2d Fix YAML indentation on documentation page 2019-02-06 13:03:26 +02:00
Slavi Pantaleev
33726cdb08 Fix anchor 2019-02-06 13:02:17 +02:00
Slavi Pantaleev
5148f8edf4 Update docs 2019-02-06 09:36:03 +02:00
Slavi Pantaleev
91a757c581 Add support for reloading Synapse 2019-02-06 09:25:13 +02:00
Slavi Pantaleev
772154f3b9 Update Server Delegation docs a bit 2019-02-05 13:38:20 +02:00
Slavi Pantaleev
b540427974 Mention alternative ways to do Server Delegation 2019-02-05 13:02:15 +02:00
Slavi Pantaleev
f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
Plailect
29b40b428a
Database files must be stored on permanent storage 2019-02-01 11:44:06 -05:00
Slavi Pantaleev
5e8a7fd05b Update own-webserver guide and add sample Apache configuration
This supersedes #59 (Github Pull Request),
which was greatly beneficial in creating our sample Apache configuration.
2019-02-01 16:58:11 +02:00
Slavi Pantaleev
8681a5dc69 Add 'none' SSL certificate retrieval method 2019-02-01 16:50:25 +02:00
Slavi Pantaleev
e09b7435d1 Update documentation a bit 2019-02-01 12:26:43 +02:00
Slavi Pantaleev
cd332d9b4e Add TLS v1.3 support to matrix-nginx-proxy
This was mentioned in #27 (Github Pull Request),
but it's just now that the nginx Docker image actually supports
TLS v1.3 and we can enable it.
2019-02-01 11:49:22 +02:00
Slavi Pantaleev
a9fae8e3b1 Revert "Use native OpenSSL module to generate passkey.pem"
This reverts commit 0dac5ea508.

Relying on pyOpenSSL is the Ansible way of doing things, but is
impractical and annoying for users.

`openssl` is easily available on most servers, even by default.
We'd better use that.
2019-01-31 20:45:14 +02:00
Plailect
0dac5ea508
Use native OpenSSL module to generate passkey.pem 2019-01-31 11:38:54 -05:00
Plailect
0a2a8e118c
Update example configuration and documentation 2019-01-31 11:05:27 -05:00
Plailect
1c057bf06d
Correct variable name in documentation 2019-01-31 10:58:45 -05:00
Plailect
3a4a671dd7
Add support for matrix-appservice-irc 2019-01-31 00:37:23 -05:00
Slavi Pantaleev
299a8c4c7c Make (most) containers start as non-root
This makes all containers (except mautrix-telegram and
mautrix-whatsapp), start as a non-root user.

We do this, because we don't trust some of the images.
In any case, we'd rather not trust ALL images and avoid giving
`root` access at all. We can't be sure they would drop privileges
or what they might do before they do it.

Because Postfix doesn't support running as non-root,
it had to be replaced by an Exim mail server.

The matrix-nginx-proxy nginx container image is patched up
(by replacing its main configuration) so that it can work as non-root.
It seems like there's no other good image that we can use and that is up-to-date
(https://hub.docker.com/r/nginxinc/nginx-unprivileged is outdated).

Likewise for riot-web (https://hub.docker.com/r/bubuntux/riot-web/),
we patch it up ourselves when starting (replacing the main nginx
configuration).
Ideally, it would be fixed upstream so we can simplify.
2019-01-27 20:25:13 +02:00
Slavi Pantaleev
c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00
Slavi Pantaleev
51312b8250 Split playbook into multiple roles
As suggested in #63 (Github issue), splitting the
playbook's logic into multiple roles will be beneficial for
maintainability.

This patch realizes this split. Still, some components
affect others, so the roles are not really independent of one
another. For example:
- disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse
and riot-web to reconfigure themselves with other (public)
Identity servers.

- enabling matrix-corporal (`matrix_corporal_enabled: true`) affects
how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to
put matrix-corporal's gateway server in front of Synapse

We may be able to move away from such dependencies in the future,
at the expense of a more complicated manual configuration, but
it's probably not worth sacrificing the convenience we have now.

As part of this work, the way we do "start components" has been
redone now to use a loop, as suggested in #65 (Github issue).
This should make restarting faster and more reliable.
2019-01-12 18:01:10 +02:00
Slavi Pantaleev
9a9b7383e9 Completely redo how mxisd configuration gets generated
This change is provoked by a few different things:

- #54 (Github Pull Request), which rightfully says that we need a
way to support ALL mxisd configuration options easily

- the upcoming mxisd 1.3.0 release, which drops support for
property-style configuration (dot-notation), forcing us to
redo the way we generate the configuration file

With this, mxisd is much more easily configurable now
and much more easily maintaneable by us in the future
(no need to introduce additional playbook variables and logic).
2019-01-11 19:33:54 +02:00
Slavi Pantaleev
5135c0cc0a Add Ansible guide and Ansible version checks
After having multiple people report issues with retrieving
SSL certificates, we've finally discovered the culprit to be
Ansible 2.5.1 (default and latest version on Ubuntu 18.04 LTS).

As silly as it is, certain distributions ("LTS" even) are 13 bugfix
versions of Ansible behind.

From now on, we try to auto-detect buggy Ansible versions and tell the
user. We also provide some tips for how to upgrade Ansible or
run it from inside a Docker container.

My testing shows that Ansible 2.4.0 and 2.4.6 are OK.
All other intermediate 2.4.x versions haven't been tested, but we
trust they're OK too.

From the 2.5.x releases, only 2.5.0 and 2.5.1 seem to be affected.
Ansible 2.5.2 corrects the problem with `include_tasks` + `with_items`.
2019-01-03 16:24:14 +02:00
Slavi Pantaleev
76506f34e0 Make media-store restore work with server files, not local
This is a simplification and a way to make it consistent with
how we do Postgres imports (see 6d89319822), using
files coming from the server, not from the local machine.

By encouraging people NOT to use local files,
we potentially avoid problems such as #34 (Github issue),
where people would download `media_store` to their Mac's filesystem
and case-sensitivity issues will actually corrupt it.

By not encouraging local files usage, it's less likely that
people would copy (huge) directories to their local machine like that.
2019-01-01 15:57:50 +02:00
Slavi Pantaleev
543b98d24c Update documentation 2019-01-01 15:35:33 +02:00
Slavi Pantaleev
4c2e1a0588 Make SQLite database import work with server files, not local
This is a simplification and a way to make it consistent with
how we do Postgres imports (see 6d89319822), using
files coming from the server, not from the local machine.
2019-01-01 15:21:52 +02:00
Slavi Pantaleev
6d89319822 Add support for importing an existing Postgres database 2019-01-01 14:45:37 +02:00
Slavi Pantaleev
c48e31381d Add minimum version requirement for Ansible 2018-12-29 15:31:05 +02:00
Slavi Pantaleev
d28bdb3258 Add support for 2 more SSL certificate retrieval methods
Adds support for managing certificates manually and for
having the playbook generate self-signed certificates for you.

With this, Let's Encrypt usage is no longer required.

Fixes Github issue #50.
2018-12-23 11:00:12 +02:00
Slavi Pantaleev
4fd8b66b6e Update documentation about email configuration (relayhost brackets)
Relay hostnames that have MX records are looked up by postfix
and the MX record's payload is used instead.

This special behavior may be undesirable, so we make sure to
point it out.
2018-12-13 16:32:10 +09:00
Slavi Pantaleev
2b2409bf1e Update documentation about email configuration
This makes it explicit that outgoing traffic (25/587) needs
to be let through, as well as documenting how to debug
other non-delivery issues.
2018-12-13 15:19:01 +09:00
Aaron Raimist
92ef6986a2
Link to Synapse Homeowners room 2018-12-11 10:15:09 -06:00
Slavi Pantaleev
9dad4c7c2d Fix /.well-known/matrix/client for CORS
This is provoked by Github issue #46.

No client had made use of the well-known mechanism
so far, so the set up performed by this playbook was not tested
and turned out to be a little deficient.

Even though /.well-known/matrix/client is usually requested with a
simple request (no preflight), it's still considered cross-origin
and [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
applies. Thus, the file always needs to be served with the appropriate
`Access-Control-Allow-Origin` header.

Github issue #46 attempts to fix it at the "reverse-proxying" layer,
which may work, but would need to be done for every server.
It's better if it's done "upstream", so that all reverse-proxy
configurations can benefit.
2018-11-29 09:13:25 +02:00
Thomas vO
bb849bd34f Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into new-cmds 2018-11-28 11:03:47 +01:00
Thomas vO
caba16ea0d add script + doc to remove everything 2018-11-28 11:02:51 +01:00
Thomas vO
2bdc35de63 add script + doc to change a user to admin 2018-11-28 11:02:15 +01:00
Slavi Pantaleev
3fec9dfa0e Add LDAP auth password provider documentation and changelog description 2018-11-28 11:21:03 +02:00
Slavi Pantaleev
5533db8a28 Add a note about trying to use local PostgreSQL instances 2018-11-26 07:27:53 +02:00
Slavi Pantaleev
733b806833 Annotate certain features as optional/advanced
We've had some people get confused into installing
Matrix Corporal and having pain with that.

With this documentation change, we try to make it clearer
that it's an advanced feature not to be touched unless
you know what you're doing.

On a similar note, we also make sure other things are properly
labeled as "(optional)" and/or "(advanced)".
2018-11-26 07:23:42 +02:00
Aaron Raimist
d260b17508
Add initial version of maintenance and troubleshooting doc 2018-11-14 14:34:24 -06:00