From a4fdba9ba176cff1d4452e59f0b3b52bcb1f9deb Mon Sep 17 00:00:00 2001 From: throny Date: Sun, 25 Feb 2024 09:20:11 +0100 Subject: [PATCH 01/74] Update configuring-playbook-federation.md successfully tested running federation on 443 with current traefik-only setup. --- docs/configuring-playbook-federation.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 5d11b4990..fe8cfc40b 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -54,7 +54,6 @@ matrix_synapse_reverse_proxy_companion_federation_api_enabled: false Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection. -**NOTE**: this approach hasn't been tested with the new Traefik-only setup that the playbook started using in 2024-01. It may not work. The following changes in the configuration file (`inventory/host_vars/matrix./vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other: From ba2e31c48d8bb408f558ea610e40f3da4c03094a Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Mon, 26 Feb 2024 14:25:04 +0900 Subject: [PATCH 02/74] Update SchiliChat to v1.11.36 --- docs/configuring-playbook-client-schildichat.md | 2 +- roles/custom/matrix-client-schildichat/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-client-schildichat.md b/docs/configuring-playbook-client-schildichat.md index eeab99a76..2892fa592 100644 --- a/docs/configuring-playbook-client-schildichat.md +++ b/docs/configuring-playbook-client-schildichat.md @@ -2,7 +2,7 @@ By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application. -**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2023-08-31), SchildiChat is 10 releases behind (it being based on element-web `v1.11.30`, while element-web is now on `v1.11.40`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk! +**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2024-02-26), SchildiChat is 22 releases behind (it being based on element-web `v1.11.36`, while element-web is now on `v1.11.58`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk! ## Enabling SchildiChat diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index ae79615c1..cd0df2da3 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_schildichat_enabled: true matrix_client_schildichat_container_image_self_build: false # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/schildichat-web -matrix_client_schildichat_version: v1.11.30-sc.2 +matrix_client_schildichat_version: v1.11.36-sc.2 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}" matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}" matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}" From 2c56b6a4d145346923c4bda724669533782ad468 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:49:51 +0000 Subject: [PATCH 03/74] chore(deps): update dependency prometheus to v2.50.1-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2e6893a99..83db5d0f2 100644 --- a/requirements.yml +++ b/requirements.yml @@ -46,7 +46,7 @@ version: 7eadc992ca952fc29bf3fab5aa6335fa82ff01e5 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.50.0-0 + version: v2.50.1-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-3 From f876eefadb32e1c58a8028bdf7d093e24daf1fbe Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Tue, 27 Feb 2024 08:19:19 +0900 Subject: [PATCH 04/74] Update SchildiChat to v1.11.36-sc.3 --- roles/custom/matrix-client-schildichat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index cd0df2da3..e777e6d48 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_schildichat_enabled: true matrix_client_schildichat_container_image_self_build: false # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/schildichat-web -matrix_client_schildichat_version: v1.11.36-sc.2 +matrix_client_schildichat_version: v1.11.36-sc.3 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}" matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}" matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}" From 56d7b7a4025b41a62f88c66cd59e2a6806357e9a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:32:59 +0000 Subject: [PATCH 05/74] chore(deps): update vectorim/element-web docker tag to v1.11.59 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index cc65b6402..4905dc977 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.58 +matrix_client_element_version: v1.11.59 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 80f6f98ac42ae656661868872303735cbf7a053a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 27 Feb 2024 19:29:53 +0200 Subject: [PATCH 06/74] Remove welcome_user_id from Element and Schildichat Ref: - https://github.com/matrix-org/matrix-react-sdk/pull/12153 - https://github.com/element-hq/element-web/pull/26885 Technically, it may still work for Schildichat, because it's stuck in the past. It will catch up soon anyway. --- group_vars/matrix_servers | 4 ---- roles/custom/matrix-client-element/defaults/main.yml | 1 - .../matrix-client-element/tasks/validate_config.yml | 1 + .../matrix-client-element/templates/config.json.j2 | 1 - roles/custom/matrix-client-schildichat/defaults/main.yml | 1 - .../matrix-client-schildichat/tasks/validate_config.yml | 9 +++++++++ .../matrix-client-schildichat/templates/config.json.j2 | 1 - 7 files changed, 10 insertions(+), 8 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a3ec55f06..280b3e8fa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3901,8 +3901,6 @@ matrix_client_element_enable_presence_by_hs_url: | else {matrix_client_element_default_hs_url: false} }} -matrix_client_element_welcome_user_id: ~ - matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### @@ -4014,8 +4012,6 @@ matrix_client_schildichat_enable_presence_by_hs_url: | else {matrix_client_schildichat_default_hs_url: false} }} -matrix_client_schildichat_welcome_user_id: ~ - matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 4905dc977..7f6802280 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -151,7 +151,6 @@ matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/su matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) matrix_client_element_room_directory_servers: ['matrix.org'] -matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index e9d9b4105..bf90b3d03 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -43,6 +43,7 @@ - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'} + - {'old': 'matrix_client_element_welcome_user_id', 'new': ''} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 180a8f818..dfb03fb10 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -26,7 +26,6 @@ "room_directory": { "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, - "welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index e777e6d48..93e58bf7e 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -145,7 +145,6 @@ matrix_client_schildichat_bug_report_endpoint_url: "https://element.io/bugreport matrix_client_schildichat_show_lab_settings: true # noqa var-naming # schildichat public room directory server(s) matrix_client_schildichat_room_directory_servers: ['matrix.org'] -matrix_client_schildichat_welcome_user_id: ~ # Branding of schildichat matrix_client_schildichat_brand: "schildichat" diff --git a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml index 966a74931..b5b5db54d 100644 --- a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml +++ b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml @@ -1,5 +1,14 @@ --- +- name: (Deprecation) Catch and report renamed Schildichat settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_client_schildichat_welcome_user_id', 'new': ''} + - name: Fail if required schildichat settings not defined ansible.builtin.fail: msg: > diff --git a/roles/custom/matrix-client-schildichat/templates/config.json.j2 b/roles/custom/matrix-client-schildichat/templates/config.json.j2 index fcf60f5d5..bd5ab79d2 100644 --- a/roles/custom/matrix-client-schildichat/templates/config.json.j2 +++ b/roles/custom/matrix-client-schildichat/templates/config.json.j2 @@ -26,7 +26,6 @@ "room_directory": { "servers": {{ matrix_client_schildichat_room_directory_servers | to_json }} }, - "welcome_user_id": {{ matrix_client_schildichat_welcome_user_id | to_json }}, {% if matrix_client_schildichat_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_schildichat_enable_presence_by_hs_url | to_json }}, {% endif %} From abbcd2188dd54978c70e467f2ba4e89f35d43763 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 2 Mar 2024 16:15:44 +0000 Subject: [PATCH 07/74] mautrix-meta: enable spaces; add a hint into the display name (#3210) * mautrix-meta: enable spaces; add a hint into the display name * use the meta mode to determine displayname suffix * Allow for people to easily unset the mautrix-meta displayname suffix Previously, unsetting `matrix_mautrix_meta_messenger_bridge_displayname_suffix` or (`matrix_mautrix_meta_instagram_bridge_displayname_suffix`) variable would make you end up witha trailing space in `displayname`. It's possible that mautrix-meta trims this, but I haven't checked. It's better not to risk it anyway. --------- Co-authored-by: Slavi Pantaleev --- .../defaults/main.yml | 16 +++++++++++++++- .../templates/config.yaml.j2 | 2 +- .../defaults/main.yml | 16 +++++++++++++++- .../templates/config.yaml.j2 | 2 +- 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index da027a43b..530f77758 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -179,7 +179,17 @@ matrix_mautrix_meta_instagram_bridge_username_prefix: |- # Changing this may require that you change the regex in the appservice. matrix_mautrix_meta_instagram_bridge_username_template: "{{ matrix_mautrix_meta_instagram_bridge_username_prefix + '{{.}}' }}" -matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}' +matrix_mautrix_meta_instagram_bridge_displayname_suffix: |- + {{ + ({ + 'facebook': '(FB)', + 'facebook-tor': '(FB)', + 'messenger': '(FB)', + 'instagram': '(IG)', + })[matrix_mautrix_meta_instagram_meta_mode] + }} + +matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}' # The prefix for commands. Only required in non-management rooms. # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_instagram_meta_mode`): @@ -191,6 +201,10 @@ matrix_mautrix_meta_instagram_bridge_command_prefix: default # If false, created portal rooms will never be federated. matrix_mautrix_meta_instagram_bridge_federate_rooms: true +# Should the bridge create a space for each logged-in user and add bridged rooms to it? +# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. +matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces: true + # Enable End-to-bridge encryption matrix_mautrix_meta_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 index fe1287cc5..e48adf4b5 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 @@ -124,7 +124,7 @@ bridge: # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. - personal_filtering_spaces: false + personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }} # Should Matrix m.notice-type messages be bridged? bridge_notices: true # Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG? diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index e7d6ed321..44e8c7742 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -179,7 +179,17 @@ matrix_mautrix_meta_messenger_bridge_username_prefix: |- # Changing this may require that you change the regex in the appservice. matrix_mautrix_meta_messenger_bridge_username_template: "{{ matrix_mautrix_meta_messenger_bridge_username_prefix + '{{.}}' }}" -matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}' +matrix_mautrix_meta_messenger_bridge_displayname_suffix: |- + {{ + ({ + 'facebook': '(FB)', + 'facebook-tor': '(FB)', + 'messenger': '(FB)', + 'instagram': '(IG)', + })[matrix_mautrix_meta_messenger_meta_mode] + }} + +matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}' # The prefix for commands. Only required in non-management rooms. # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_messenger_meta_mode`): @@ -191,6 +201,10 @@ matrix_mautrix_meta_messenger_bridge_command_prefix: default # If false, created portal rooms will never be federated. matrix_mautrix_meta_messenger_bridge_federate_rooms: true +# Should the bridge create a space for each logged-in user and add bridged rooms to it? +# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. +matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces: true + # Enable End-to-bridge encryption matrix_mautrix_meta_messenger_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 index 09bb0c424..e2562c367 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 @@ -124,7 +124,7 @@ bridge: # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. - personal_filtering_spaces: false + personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }} # Should Matrix m.notice-type messages be bridged? bridge_notices: true # Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG? From 30627c4e387f6df82d78b70425fc533e97c8a05e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 3 Mar 2024 09:02:29 +0200 Subject: [PATCH 08/74] Add support for pinning mautrix-meta version to a specific commit We still remain on v0.1.0 for now, even though that's quite old nowadays and the bridge is moving quickly. Still, one could now pin to a specific commit like this: ```yml matrix_mautrix_meta_messenger_version: 682c4d75b0fdfe102af4b6d88bb5c76453adc86d matrix_mautrix_meta_instagram_version: 682c4d75b0fdfe102af4b6d88bb5c76453adc86d ``` --- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 4 +++- .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 530f77758..7aec8e117 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -23,8 +23,10 @@ matrix_mautrix_meta_instagram_container_src_files_path: "{{ matrix_mautrix_meta_ matrix_mautrix_meta_instagram_container_image_self_build: false matrix_mautrix_meta_instagram_container_image_self_build_repo: "https://github.com/mautrix/meta.git" -matrix_mautrix_meta_instagram_container_image: "{{ matrix_mautrix_meta_instagram_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_instagram_version }}" +matrix_mautrix_meta_instagram_container_image: "{{ matrix_mautrix_meta_instagram_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_instagram_container_image_tag }}" matrix_mautrix_meta_instagram_container_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_meta_instagram_container_image_self_build else 'dock.mau.dev/' }}" +# Prebuilt container images for specific commit hashes are tagged with an architecture suffix (e.g. `HASH-amd64`). +matrix_mautrix_meta_instagram_container_image_tag: "{{ matrix_mautrix_meta_instagram_version }}{{ ('-' ~ matrix_architecture) if (matrix_mautrix_meta_instagram_version | length == 40) else '' }}" matrix_mautrix_meta_instagram_container_image_force_pull: "{{ matrix_mautrix_meta_instagram_container_image.endswith(':latest') }}" matrix_mautrix_meta_instagram_container_network: "" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index 44e8c7742..0945fcc1b 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -23,8 +23,10 @@ matrix_mautrix_meta_messenger_container_src_files_path: "{{ matrix_mautrix_meta_ matrix_mautrix_meta_messenger_container_image_self_build: false matrix_mautrix_meta_messenger_container_image_self_build_repo: "https://github.com/mautrix/meta.git" -matrix_mautrix_meta_messenger_container_image: "{{ matrix_mautrix_meta_messenger_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_messenger_version }}" +matrix_mautrix_meta_messenger_container_image: "{{ matrix_mautrix_meta_messenger_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_messenger_container_image_tag }}" matrix_mautrix_meta_messenger_container_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_meta_messenger_container_image_self_build else 'dock.mau.dev/' }}" +# Prebuilt container images for specific commit hashes are tagged with an architecture suffix (e.g. `HASH-amd64`). +matrix_mautrix_meta_messenger_container_image_tag: "{{ matrix_mautrix_meta_messenger_version }}{{ ('-' ~ matrix_architecture) if (matrix_mautrix_meta_messenger_version | length == 40) else '' }}" matrix_mautrix_meta_messenger_container_image_force_pull: "{{ matrix_mautrix_meta_messenger_container_image.endswith(':latest') }}" matrix_mautrix_meta_messenger_container_network: "" From 3f810e42df18de4efccf34546f97dc55925e91e6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 3 Mar 2024 09:38:37 +0200 Subject: [PATCH 09/74] Fix typos in Traefik-label-related variables for matrix-ldap-registration-proxy Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3211 --- .../templates/labels.j2 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 index cc996d857..8ce1832f1 100644 --- a/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 +++ b/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 @@ -5,7 +5,7 @@ traefik.enable=true traefik.docker.network={{ matrix_ldap_registration_proxy_container_labels_traefik_docker_network }} {% endif %} -{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_enabled %} +{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_enabled %} ############################################################ # # # Registration # @@ -16,20 +16,20 @@ traefik.http.services.matrix-ldap-registration-proxy.loadbalancer.server.port={{ traefik.http.middlewares.matrix-ldap-registration-proxy-registration-endpoint-replacepath.replacepath.path=/register -traefik.http.routers.matrix-ldap-registration-proxy-registration.rule={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_rule }} +traefik.http.routers.matrix-ldap-registration-proxy-registration.rule={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_rule }} traefik.http.routers.matrix-ldap-registration-proxy-registration.middlewares=matrix-ldap-registration-proxy-registration-endpoint-replacepath -{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_priority | int > 0 %} -traefik.http.routers.matrix-ldap-registration-proxy-registration.priority={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_priority }} +{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority | int > 0 %} +traefik.http.routers.matrix-ldap-registration-proxy-registration.priority={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority }} {% endif %} traefik.http.routers.matrix-ldap-registration-proxy-registration.service=matrix-ldap-registration-proxy -traefik.http.routers.matrix-ldap-registration-proxy-registration.entrypoints={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_entrypoints }} +traefik.http.routers.matrix-ldap-registration-proxy-registration.entrypoints={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints }} -traefik.http.routers.matrix-ldap-registration-proxy-registration.tls={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls | to_json }} -{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls %} -traefik.http.routers.matrix-ldap-registration-proxy-registration.tls.certResolver={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls_certResolver }} +traefik.http.routers.matrix-ldap-registration-proxy-registration.tls={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls | to_json }} +{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls %} +traefik.http.routers.matrix-ldap-registration-proxy-registration.tls.certResolver={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls_certResolver }} {% endif %} ############################################################ From 9d5902f0963cd622cce826d45eeb135bd81cb338 Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 5 Mar 2024 15:09:52 +0100 Subject: [PATCH 10/74] Add support for D4A/Draupnir For All to the playbook. (#3204) * Draupnir for all Role * Draupnir for all Documentation * Pin D4A to Develop until D4A patches are in a release. * Update D4A Docs to mention pros and cons of D4A mode compared to normal * Change Documentation to mention a fixed simpler provisioning flow. Use of /plain allows us to bypass the bugs encountered during the development of this role with clients attempting to escape our wildcards causing the grief that led to using curl. This reworded commit does still explain you can automatically inject stuff into the room if you wanted to. * Emphasise the State of D4A mode * Link to Draupnir-for-all docs and tweak the docs some * Link to Draupnir-for-all from Draupnir documentation page * Announce Draupnir-for-all --------- Co-authored-by: Slavi Pantaleev --- CHANGELOG.md | 11 ++ ...ng-playbook-appservice-draupnir-for-all.md | 98 +++++++++++++++++ docs/configuring-playbook-bot-draupnir.md | 3 + docs/configuring-playbook.md | 2 + group_vars/matrix_servers | 55 ++++++++++ .../defaults/main.yml | 103 ++++++++++++++++++ .../tasks/main.yml | 20 ++++ .../tasks/setup_install.yml | 95 ++++++++++++++++ .../tasks/setup_uninstall.yml | 25 +++++ .../tasks/validate_config.yml | 9 ++ .../templates/production-appservice.yaml.j2 | 18 +++ .../templates/production-bots.yaml.j2 | 83 ++++++++++++++ ...rix-appservice-draupnir-for-all.service.j2 | 48 ++++++++ setup.yml | 1 + 14 files changed, 571 insertions(+) create mode 100644 docs/configuring-playbook-appservice-draupnir-for-all.md create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 create mode 100644 roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f716c9a1..bdd20ceb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2024-03-05 + +## Support for Draupnir-for-all + +Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) (aka multi-instance Draupnir running in appservice mode). + +This is an alternative to [running Draupnir in bot mode](./docs/configuring-playbook-bot-draupnir.md), which is still supported by the playbook. + +The documentation page for [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) contains more information on how to install it. + + # 2024-02-19 ## Support for bridging to Facebook/Messenger via the new mautrix-meta bridge diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md new file mode 100644 index 000000000..a9f33282d --- /dev/null +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -0,0 +1,98 @@ +# Setting up Draupnir for All/D4A (optional) + +The playbook can install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool for you in appservice mode. + +Appservice mode can be used together with the regular [Draupnir bot](configuring-playbook-bot-draupnir.md) or independently. Details about the differences between the 2 modes are described below. + + +## Draupnir Appservice mode compared to Draupnir bot mode + +The administrative functions for managing the appservice are alpha quality and very limited. However, the experience of using an appservice-provisioned Draupnir is on par with the experience of using Draupnir from bot mode except in the case of avatar customisation as described later on in this document. + +Draupnir for all is the way to go if you need more than 1 Draupnir instance, but you don't need access to Synapse Admin features as they are not accessible through Draupnir for All (Even though the commands do show up in help). + +Draupnir for all in the playbook is rate-limit-exempt automatically as its appservice configuration file does not specify any rate limits. + +Normal Draupnir does come with the benefit of access to Synapse Admin features. You are also able to more easily customise your normal Draupnir than D4A as D4A even on the branch with the Avatar command (To be Upstreamed to Mainline Draupnir) that command is clunky as it requires the use of things like Element devtools. In normal draupnir this is a quick operation where you login to Draupnir with a normal client and set Avatar and Display name normally. + +Draupnir for all does not support external tooling like [MRU](https://mru.rory.gay) as it can't access Draupnir's user account. + + +## Installation + +### 1. Create a main management room. + +The playbook does not create a management room for your Main Draupnir. This task you have to do on your own. + +The management room has to be given an alias and be public when you are setting up the bot for the first time as the bot does not differentiate between invites +and invites to the management room. + +This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element calls this powerlevel. + +As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions. +>Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. + +### 2. Give your main management room an alias. + +Give the room from step 1 an alias. This alias can be anything you want and its recommended for increased security during the setup phase of the bot that you make this alias be a random string. You can give your room a secondary human readable alias when it has been locked down after setup phase. + +### 3. Adjusting the playbook configuration. + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +You must replace `ALIAS_FROM_STEP_2_GOES_HERE` with the alias you created in step 2. + +```yaml +matrix_appservice_draupnir_for_all_enabled: true + +matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE" +``` + +### 4. Installing + +After configuring the playbook, run the [installation](installing.md) command: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:matrix-homeserver-domain` you have succesfully installed Draupnir for All and can now start using it. + +The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for allis almost identical to Draupnir bot mode. + +### 1. Granting Users the ability to use D4A + +Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended. + +To allow users or whole homeservers you type /plain @draupnir-main:matrix-homeserver-domain allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially. + +### 2. How to provision a D4A once you are allowed to. + +Open a DM with @draupnir-main:matrix-homeserver-domain and if using Element send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience. + +Congratulations if you made it all the way here because you now have a fully working Draupnir for all deployment. + +### Configuration of D4A + +You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for more configuration documentation. Please note that the playbook ships a full copy of the example config that does transfer to provisioned draupnirs in the production-bots.yaml.j2 file in the template directory of the role. + +Please note that Config extension does not affect the appservices config as this config is not extensible in current Draupnir anyways. Config extension instead touches the config passed to the Draupnirs that your Appservice creates. So for example below makes all provisioned Draupnirs protect all joined rooms. + +You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. + +For example to change draupnir's `protectAllJoinedRooms` option to `true` you would add the following to your `vars.yml` file. + +```yaml +matrix_appservice_draupnir_for_all_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_draupnir_for_all_yaml`. + protectAllJoinedRooms: true +``` diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 3c4d2569e..b20a3029e 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -4,6 +4,9 @@ The playbook can install and configure the [draupnir](https://github.com/the-dra See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you. +This documentation page is about installing Draupnir in bot mode. As an alternative, you can run a multi-instance Draupnir deployment by installing [Draupnir in appservice mode](./configuring-playbook-appservice-draupnir-for-all.md) (called Draupnir-for-all) instead. + + If your migrating from Mjolnir skip to step 5b. ## 1. Register the bot account diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fb4597fc8..95d801fee 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -195,6 +195,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Draupnir](configuring-playbook-bot-draupnir.md) - a moderation tool/bot, forked from Mjolnir and maintained by its former leader developer (optional) +- [Setting up Draupnir for all](configuring-playbook-appservice-draupnir-for-all.md) - like the [Draupnir bot](configuring-playbook-bot-draupnir.md) mentioned above, but running in appservice mode and supporting multiple instances (optional) + - [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 280b3e8fa..b50238415 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -71,6 +71,8 @@ matrix_homeserver_container_extra_arguments_auto: | {{ (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else []) + + (['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else []) + + (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else []) + (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else []) @@ -138,6 +140,8 @@ matrix_homeserver_app_service_config_files_auto: | {{ (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else []) + + (['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else []) + + (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else []) + (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else []) @@ -270,6 +274,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else []) + + ([{'name': 'matrix-appservice-draupnir-for-all.service', 'priority': 4000, 'groups': ['matrix', 'bridges', 'draupnir-for-all', 'appservice-draupnir-for-all']}] if matrix_appservice_draupnir_for_all_enabled else []) + + ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else []) + ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else []) @@ -2626,6 +2632,7 @@ matrix_bot_mjolnir_container_additional_networks_auto: |- # ###################################################################### + ###################################################################### # # matrix-bot-draupnir @@ -2656,6 +2663,48 @@ matrix_bot_draupnir_container_additional_networks_auto: |- ###################################################################### +###################################################################### +# +# matrix-appservice-draupnir-for-all +# +###################################################################### + +# We don't enable bots by default. +matrix_appservice_draupnir_for_all_enabled: false + +matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: | + {{ + matrix_addons_homeserver_systemd_services_list + + + ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) + }} + +matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +matrix_appservice_draupnir_for_all_container_network: "{{ matrix_addons_container_network }}" + +matrix_appservice_draupnir_for_all_container_additional_networks_auto: |- + {{ + ( + ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + + + ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != devture_postgres_container_network) else []) + ) | unique + }} + +matrix_appservice_draupnir_for_all_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.as.token', rounds=655555) | to_uuid }}" +matrix_appservice_draupnir_for_all_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.hs.token', rounds=655555) | to_uuid }}" + +matrix_appservice_draupnir_for_all_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.d4a.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-appservice-draupnir-for-all +# +###################################################################### + + ###################################################################### # # etke/backup_borg @@ -3541,6 +3590,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_appservice_discord_database_password, }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_appservice_draupnir_for_all_database_name, + 'username': matrix_appservice_draupnir_for_all_database_username, + 'password': matrix_appservice_draupnir_for_all_database_password, + }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ 'name': matrix_appservice_slack_database_name, 'username': matrix_appservice_slack_database_username, diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml new file mode 100644 index 000000000..207518099 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -0,0 +1,103 @@ +--- +# A moderation tool for Matrix +# Project source code URL: https://github.com/the-draupnir-project/Draupnir + +matrix_appservice_draupnir_for_all_enabled: true + +# renovate: datasource=docker depName=gnuxie/draupnir +matrix_appservice_draupnir_for_all_version: "develop" + +matrix_appservice_draupnir_for_all_container_image_self_build: false +matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" + +matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}" +matrix_appservice_draupnir_for_all_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':develop') }}" + +matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all" +matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config" +matrix_appservice_draupnir_for_all_data_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/data" +matrix_appservice_draupnir_for_all_docker_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src" + +matrix_appservice_draupnir_for_all_container_network: "" + +matrix_appservice_draupnir_for_all_container_additional_networks: "{{ matrix_appservice_draupnir_for_all_container_additional_networks_auto + matrix_appservice_draupnir_for_all_container_additional_networks_custom }}" +matrix_appservice_draupnir_for_all_container_additional_networks_auto: [] +matrix_appservice_draupnir_for_all_container_additional_networks_custom: [] + +# A list of extra arguments to pass to the container +matrix_appservice_draupnir_for_all_container_extra_arguments: [] + +# List of systemd services that matrix-bot-draupnir.service depends on +matrix_appservice_draupnir_for_all_systemd_required_services_list: "{{ matrix_appservice_draupnir_for_all_systemd_required_services_list_default + matrix_appservice_draupnir_for_all_systemd_required_services_list_auto + matrix_appservice_draupnir_for_all_systemd_required_services_list_custom }}" +matrix_appservice_draupnir_for_all_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: [] +matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: [] + +# List of systemd services that matrix-bot-draupnir.service wants +matrix_appservice_draupnir_for_all_systemd_wanted_services_list: [] + +# The room ID where people can use the bot. The bot has no access controls, so +# anyone in this room can use the bot - secure your room! +# This should be a room alias - not a matrix.to URL. +# Note: draupnir is fairly verbose - expect a lot of messages from it. +# This room is diffrent for Appservice Mode compared to normal mode. +# In Appservice mode it provides functions like user management. +matrix_appservice_draupnir_for_all_master_control_room_alias: "" + +# Placeholder Remenant of the fact that Cat belived Master Control Room to be separated from Access Control Policy List. +# The alias of the Policy list used to control who can provision a bot for them selfs. +# This should be a room alias - not a matrix.to URL. +# matrix_appservice_draupnir_for_all_management_policy_list_alias: "" + +matrix_appservice_draupnir_for_all_database_username: matrix_appservice_draupnir_for_all +matrix_appservice_draupnir_for_all_database_password: 'some-passsword' +matrix_appservice_draupnir_for_all_database_hostname: '' +matrix_appservice_draupnir_for_all_database_port: 5432 +matrix_appservice_draupnir_for_all_database_name: matrix_appservice_draupnir_for_all +matrix_appservice_draupnir_for_all_database_sslmode: disable + +matrix_appservice_draupnir_for_all_appservice_port: "9001" +matrix_appservice_draupnir_for_all_appservice_url: 'http://matrix-appservice-draupnir-for-all' + +matrix_appservice_draupnir_for_all_database_connection_string: 'postgresql://{{ matrix_appservice_draupnir_for_all_database_username }}:{{ matrix_appservice_draupnir_for_all_database_password }}@{{ matrix_appservice_draupnir_for_all_database_hostname }}:{{ matrix_appservice_draupnir_for_all_database_port }}/{{ matrix_appservice_draupnir_for_all_database_name }}?sslmode={{ matrix_appservice_draupnir_for_all_database_sslmode }}' + +matrix_appservice_draupnir_for_all_user_prefix: "draupnir_" + +matrix_appservice_draupnir_for_all_registration_yaml: | + id: "draupnir-for-all" + as_token: "{{ matrix_appservice_draupnir_for_all_appservice_token }}" + hs_token: "{{ matrix_appservice_draupnir_for_all_homeserver_token }}" + url: "{{ matrix_appservice_draupnir_for_all_appservice_url }}:{{ matrix_appservice_draupnir_for_all_appservice_port }}" + sender_localpart: draupnir-main + namespaces: + users: + - exclusive: true + regex: '@{{ matrix_appservice_draupnir_for_all_user_prefix }}*' + rate_limited: false + +matrix_appservice_draupnir_for_all_registration: "{{ matrix_appservice_draupnir_for_all_registration_yaml | from_yaml }}" +matrix_appservice_draupnir_for_all_configuration_appservice: "{{ lookup('template', 'templates/production-appservice.yaml.j2') | from_yaml }}" + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_draupnir_for_all_configuration_extension_yaml`) +# or completely replace this variable with your own template. + +matrix_appservice_draupnir_for_all_configuration_yaml: "{{ lookup('template', 'templates/production-bots.yaml.j2') }}" + +matrix_appservice_draupnir_for_all_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_draupnir_for_all_configuration_yaml`. + +matrix_appservice_draupnir_for_all_configuration_extension: "{{ matrix_appservice_draupnir_for_all_configuration_extension_yaml | from_yaml if matrix_appservice_draupnir_for_all_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_draupnir_for_all_configuration_yaml`. +matrix_appservice_draupnir_for_all_configuration: "{{ matrix_appservice_draupnir_for_all_configuration_yaml | from_yaml | combine(matrix_appservice_draupnir_for_all_configuration_extension, recursive=True) }}" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml new file mode 100644 index 000000000..8048ee95a --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- tags: + - setup-all + - setup-appservice-draupnir-for-all + - install-all + - install-appservice-draupnir-for-all + block: + - when: matrix_appservice_draupnir_for_all_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_appservice_draupnir_for_all_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-appservice-draupnir-for-all + block: + - when: not matrix_appservice_draupnir_for_all_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml new file mode 100644 index 000000000..d434c2a65 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml @@ -0,0 +1,95 @@ +--- + +- ansible.builtin.set_fact: + matrix_appservice_draupnir_for_all_requires_restart: false + +- name: Ensure matrix-appservice-draupnir-for-all paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true} + - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true} + - {path: "{{ matrix_appservice_draupnir_for_all_data_path }}", when: true} + - {path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"} + when: "item.when | bool" + +- name: Ensure draupnir Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_appservice_draupnir_for_all_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_draupnir_for_all_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_docker_image_force_pull }}" + when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure draupnir repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_appservice_draupnir_for_all_container_image_self_build_repo }}" + dest: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}" + version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_appservice_draupnir_for_all_git_pull_results + when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" + +- name: Ensure draupnir Docker image is built + community.docker.docker_image: + name: "{{ matrix_appservice_draupnir_for_all_docker_image }}" + source: build + force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}" + pull: true + when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" + +- name: Ensure matrix-appservice-draupnir-for-all appservice config installed + ansible.builtin.copy: + content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-draupnir-for-all bot config installed + ansible.builtin.copy: + content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-draupnir-for-all registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-draupnir-for-all container network is created + community.general.docker_network: + name: "{{ matrix_appservice_draupnir_for_all_container_network }}" + driver: bridge + +- name: Ensure matrix-appservice-draupnir-for-all.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-draupnir-for-all.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service" + mode: 0644 + register: matrix_appservice_draupnir_for_all_systemd_service_result + +- name: Ensure matrix-appservice-draupnir-for-all.service restarted, if necessary + ansible.builtin.service: + name: "matrix-appservice-draupnir-for-all.service" + state: restarted + daemon_reload: true + when: "matrix_appservice_draupnir_for_all_requires_restart | bool" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml new file mode 100644 index 000000000..f81cbfef3 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-appservice-draupnir-for-all service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service" + register: matrix_bot_draupnir_service_stat + +- when: matrix_bot_draupnir_service_stat.stat.exists | bool + block: + - name: Ensure matrix-appservice-draupnir-for-all is stopped + ansible.builtin.service: + name: matrix-appservice-draupnir-for-all + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-appservice-draupnir-for-all.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service" + state: absent + + - name: Ensure matrix-appservice-draupnir-for-all paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_draupnir_base_path }}" + state: absent diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml new file mode 100644 index 000000000..f0a1daf49 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required matrix-bot-draupnir variables are undefined + ansible.builtin.fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value." + with_items: + - "matrix_appservice_draupnir_for_all_master_control_room_alias" + - "matrix_bot_draupnir_container_network" + when: "vars[item] == '' or vars[item] is none" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 new file mode 100644 index 000000000..8bc927ad1 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 @@ -0,0 +1,18 @@ +homeserver: + # The Matrix server name, this will be the name of the server in your matrix id. + domain: "{{ matrix_domain }}" + # The url for the appservice to call the client server API from. + url: "{{ matrix_homeserver_url }}" + +# Database configuration for storing which Mjolnirs have been provisioned. +db: + engine: "postgres" + connectionString: "{{ matrix_appservice_draupnir_for_all_database_connection_string }}" + +# A room you have created that scopes who can access the appservice. +# See docs/access_control.md +adminRoom: "{{ matrix_appservice_draupnir_for_all_master_control_room_alias }}" + +# This is a web api that the widget connects to in order to interact with the appservice. +webAPI: + port: 9000 \ No newline at end of file diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 new file mode 100644 index 000000000..a40d7a105 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 @@ -0,0 +1,83 @@ +# The log level of terminal (or container) output, +# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. +# +# This should be at INFO or DEBUG in order to get support for Draupnir problems. +logLevel: "INFO" + +# Whether or not Draupnir should synchronize policy lists immediately after startup. +# Equivalent to running '!draupnir sync'. +syncOnStartup: true + +# Whether or not Draupnir should check moderation permissions in all protected rooms on startup. +# Equivalent to running `!draupnir verify`. +verifyPermissionsOnStartup: true + +# Whether Draupnir should check member lists quicker (by using a different endpoint), +# keep in mind that enabling this will miss invited (but not joined) users. +# +# Turn on if your bot is in (very) large rooms, or in large amounts of rooms. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for. +# +# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list, +# it will also remove the user's messages automatically. +# +# Typically this is useful to avoid having to give two commands to the bot. +# Advanced: Use asterisks to have the reason match using "globs" +# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting"). +# +# See here for more info: https://www.digitalocean.com/community/tools/glob +# Note: Keep in mind that glob is NOT regex! +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# Whether or not to add all joined rooms to the "protected rooms" list +# (excluding the management room and watched policy list rooms, see below). +# +# Note that this effectively makes the protectedRooms and associated commands useless +# for regular rooms. +# +# Note: the management room is *excluded* from this condition. +# Explicitly add it as a protected room to protect it. +# +# Note: Ban list rooms the bot is watching but didn't create will not be protected. +# Explicitly add these rooms as a protected room list if you want them protected. +protectAllJoinedRooms: false + +# Increase this delay to have Draupnir wait longer between two consecutive backgrounded +# operations. The total duration of operations will be longer, but the homeserver won't +# be affected as much. Conversely, decrease this delay to have Draupnir chain operations +# faster. The total duration of operations will generally be shorter, but the performance +# of the homeserver may be more impacted. +backgroundDelayMS: 500 + +# Misc options for command handling and commands +commands: + # Whether or not the `!draupnir` prefix is necessary to submit commands. + # + # If `true`, will allow commands like `!ban`, `!help`, etc. + # + # Note: Draupnir can also be pinged by display name instead of having to use + # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will address only my_moderator_bot. + allowNoPrefix: false + + # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`. + additionalPrefixes: + - "draupnir-bot" + - "draupnir_bot" + - "draupnir" + + # Whether or not commands with a wildcard (*) will require an additional `--force` argument + # in the command to be able to be submitted. + confirmWildcardBan: true + + # The default reasons to be prompted with if the reason is missing from a ban command. + ban: + defaultReasons: + - "spam" + - "brigading" + - "harassment" + - "disagreement" \ No newline at end of file diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 new file mode 100644 index 000000000..303e9e614 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 @@ -0,0 +1,48 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Draupnir for All appservice +{% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_draupnir_for_all_systemd_required_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-appservice-draupnir-for-all \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_appservice_draupnir_for_all_container_network }} \ + --mount type=bind,src={{ matrix_appservice_draupnir_for_all_config_path }},dst=/data/config,ro \ + --mount type=bind,src={{ matrix_appservice_draupnir_for_all_data_path }},dst=/data \ + {% for arg in matrix_appservice_draupnir_for_all_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_draupnir_for_all_docker_image }} \ + appservice -c /data/config/production-appservice.yaml -f /data/config/draupnir-for-all-registration.yaml -p {{ matrix_appservice_draupnir_for_all_appservice_port }} --draupnir-config /data/config/production-bots.yaml + +{% for network in matrix_appservice_draupnir_for_all_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-appservice-draupnir-for-all +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-appservice-draupnir-for-all + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-draupnir-for-all + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index c1ba0f06b..96a40fb10 100644 --- a/setup.yml +++ b/setup.yml @@ -49,6 +49,7 @@ - galaxy/redis - custom/matrix-corporal + - custom/matrix-appservice-draupnir-for-all - custom/matrix-bridge-appservice-discord - custom/matrix-bridge-appservice-slack - custom/matrix-bridge-appservice-webhooks From 8f800472cadb4f1afdcb91d801e4ed6dd3a4cd97 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Mar 2024 20:08:56 +0200 Subject: [PATCH 11/74] Upgrade Synapse (v1.101.0 -> v1.102.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 943d04032..ff19d4d83 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.101.0 +matrix_synapse_version: v1.102.0 matrix_synapse_username: '' matrix_synapse_uid: '' From b6f3c38d5f1f567f4c33f165fca850c444bf84a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 18:15:56 +0000 Subject: [PATCH 12/74] chore(deps): update dependency grafana to v10.4.0-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 83db5d0f2..102d0bb65 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,7 +22,7 @@ version: v4.97-r0-0-1 name: exim_relay - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.3.1-2 + version: v10.4.0-0 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v9258-0 From 7a2c95008de38ad52372c5534401db9c935840a9 Mon Sep 17 00:00:00 2001 From: 6502mos <116628899+6502mos@users.noreply.github.com> Date: Thu, 7 Mar 2024 02:36:26 +0100 Subject: [PATCH 13/74] Enable ephemeral events in mautrix-meta registration --- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 1 + .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 7aec8e117..0d8f1426f 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -282,5 +282,6 @@ matrix_mautrix_meta_instagram_registration_yaml: | url: {{ matrix_mautrix_meta_instagram_appservice_address }} sender_localpart: _bot_{{ matrix_mautrix_meta_instagram_appservice_username }} rate_limited: false + de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_meta_instagram_registration: "{{ matrix_mautrix_meta_instagram_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index 0945fcc1b..d25cc1721 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -282,5 +282,6 @@ matrix_mautrix_meta_messenger_registration_yaml: | url: {{ matrix_mautrix_meta_messenger_appservice_address }} sender_localpart: _bot_{{ matrix_mautrix_meta_messenger_appservice_username }} rate_limited: false + de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_meta_messenger_registration: "{{ matrix_mautrix_meta_messenger_registration_yaml | from_yaml }}" From 0c52cb4c4a778f53d3d3a2974a78f380d6dba3b6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 21:21:08 +0000 Subject: [PATCH 14/74] chore(deps): update dependency ntfy to v2.9.0-1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 102d0bb65..8cbe87918 100644 --- a/requirements.yml +++ b/requirements.yml @@ -28,7 +28,7 @@ version: v9258-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.8.0-1 + version: v2.9.0-1 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: 201c939eed363de269a83ba29784fc3244846048 From 095c74cc3e6327c9cc3b47436d9ee654be8db7ad Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Mar 2024 01:30:43 +0000 Subject: [PATCH 15/74] chore(deps): update joseluisq/static-web-server docker tag to v2.28.0 --- roles/custom/matrix-cactus-comments-client/defaults/main.yml | 2 +- roles/custom/matrix-static-files/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml index ef318b716..be967e686 100644 --- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml @@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas matrix_cactus_comments_client_public_path_file_permissions: "0644" # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_cactus_comments_client_version: 2.27.0 +matrix_cactus_comments_client_version: 2.28.0 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}" diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index e76c383b2..fc83e7100 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -8,7 +8,7 @@ matrix_static_files_enabled: true matrix_static_files_identifier: matrix-static-files # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_static_files_version: 2.27.0 +matrix_static_files_version: 2.28.0 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}" matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" From 97d43c78d398b1c404a1d7a22e6c8f9d27519428 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Mon, 11 Mar 2024 23:58:55 -0500 Subject: [PATCH 16/74] Added MMR media redirect config options --- .../matrix-media-repo/defaults/main.yml | 15 ++++++++++++++ .../templates/media-repo/media-repo.yaml.j2 | 20 ++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index bab6155bb..63a225674 100755 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -386,6 +386,21 @@ matrix_media_repo_datastore_s3_opts_bucket_name: "your-media-bucket" # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. # matrix_media_repo_datastore_s3_opts_storage_class: "STANDARD" +# When set, if the requesting user/server supports being redirected, and MMR is capable +# of performing that redirection, they will be redirected to the given object location. +# The object ID used in S3 is assumed to be the file name, and will simply be appended. +# It is therefore important to include any trailing slashes or path information. For +# example, an object with ID "hello/world" will get converted to "https://mycdn.example.org/hello/world". +# Note that MMR may not redirect in all cases, even if the client/server requests the +# capability. MMR may still be responsible for bandwidth charges incurred from going to +# the bucket directly. +# matrix_media_repo_datastore_s3_opts_public_base_url: "https://mycdn.example.org/" + +# Set to `true` to bypass any local cache when `publicBaseUrl` is set. Has no effect +# when `publicBaseUrl` is unset. Defaults to false (cached media will be served by MMR +# before redirection if present). +matrix_media_repo_datastore_s3_opts_redirect_when_cached: true + # Options for controlling archives. Archives are exports of a particular user's content for # the purpose of GDPR or moving media to a different server. diff --git a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 index 8dec40b18..d0543ebe6 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 @@ -229,13 +229,23 @@ datastores: # some providers will need this (like Scaleway). Uncomment to use. #region: "sfo2" {% endif %} -{% if matrix_media_repo_datastore_s3_opts_storage_class is defined %} - storageClass: {{ matrix_media_repo_datastore_s3_opts_storage_class | to_json }} +{% if matrix_media_repo_datastore_s3_opts_public_base_url is defined %} + publicBaseUrl: {{ matrix_media_repo_datastore_s3_opts_public_base_url | to_json }} {% else %} - # An optional storage class for tuning how the media is stored at s3. - # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. - #storageClass: STANDARD + # When set, if the requesting user/server supports being redirected, and MMR is capable + # of performing that redirection, they will be redirected to the given object location. + # The object ID used in S3 is assumed to be the file name, and will simply be appended. + # It is therefore important to include any trailing slashes or path information. For + # example, an object with ID "hello/world" will get converted to "https://mycdn.example.org/hello/world". + # Note that MMR may not redirect in all cases, even if the client/server requests the + # capability. MMR may still be responsible for bandwidth charges incurred from going to + # the bucket directly. + #publicBaseUrl: "https://mycdn.example.org/" {% endif %} + # Set to `true` to bypass any local cache when `publicBaseUrl` is set. Has no effect + # when `publicBaseUrl` is unset. Defaults to false (cached media will be served by MMR + # before redirection if present). + redirectWhenCached: {{ matrix_media_repo_datastore_s3_opts_redirect_when_cached | to_json }} {% endif %} # Options for controlling archives. Archives are exports of a particular user's content for From 227541d407681f7ffd4c84ebf66ad63dcffd8022 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Tue, 12 Mar 2024 00:03:59 -0500 Subject: [PATCH 17/74] Added back storageClass config option --- .../templates/media-repo/media-repo.yaml.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 index d0543ebe6..ee7d151b6 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 @@ -229,6 +229,13 @@ datastores: # some providers will need this (like Scaleway). Uncomment to use. #region: "sfo2" {% endif %} +{% if matrix_media_repo_datastore_s3_opts_storage_class is defined %} + storageClass: {{ matrix_media_repo_datastore_s3_opts_storage_class | to_json }} +{% else %} + # An optional storage class for tuning how the media is stored at s3. + # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. + #storageClass: STANDARD +{% endif %} {% if matrix_media_repo_datastore_s3_opts_public_base_url is defined %} publicBaseUrl: {{ matrix_media_repo_datastore_s3_opts_public_base_url | to_json }} {% else %} From 3612fc6969114d603215f9ddc4bf3521918ba98c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 19:31:07 +0000 Subject: [PATCH 18/74] chore(deps): update vectorim/element-web docker tag to v1.11.60 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 7f6802280..dbe5e01da 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.59 +matrix_client_element_version: v1.11.60 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 98e8bfd504af5e2c172ec699546dc2ab3bcae661 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:00:38 +0000 Subject: [PATCH 19/74] chore(deps): update folivonet/matrix-sms-bridge docker tag to v0.5.9 --- roles/custom/matrix-bridge-sms/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml index b67bd5467..50337ed17 100644 --- a/roles/custom/matrix-bridge-sms/defaults/main.yml +++ b/roles/custom/matrix-bridge-sms/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sms_bridge_enabled: true # renovate: datasource=docker depName=folivonet/matrix-sms-bridge -matrix_sms_bridge_version: 0.5.8 +matrix_sms_bridge_version: 0.5.9 matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" From 4f86b357be76625a251b134249f4c61fbd74a6f4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 20:27:10 +0000 Subject: [PATCH 20/74] chore(deps): update vectorim/element-web docker tag to v1.11.61 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index dbe5e01da..c15954fc3 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.60 +matrix_client_element_version: v1.11.61 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 236f7ab31123f659b3accd33168dd9aa1605a80f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Mar 2024 08:38:30 +0200 Subject: [PATCH 21/74] Upgrade postgres-backup Ref: https://github.com/devture/com.devture.ansible.role.postgres_backup/pull/5 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 8cbe87918..8b8418628 100644 --- a/requirements.yml +++ b/requirements.yml @@ -43,7 +43,7 @@ version: v16.1-6 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: 7eadc992ca952fc29bf3fab5aa6335fa82ff01e5 + version: 046004a8cb9946979b72ce81c2526c8033ea8067 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.50.1-0 From efbfc866b1b0fd61e4e961c4df2d67395dae76dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 12:57:06 +0000 Subject: [PATCH 22/74] chore(deps): update dock.mau.dev/mautrix/signal docker tag to v0.5.1 --- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 689510900..1c20b5912 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/ matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal -matrix_mautrix_signal_version: v0.5.0 +matrix_mautrix_signal_version: v0.5.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}" From 89a1b1a0ef8a4ecf88975160f51d0cbf83ab960f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 12:57:10 +0000 Subject: [PATCH 23/74] chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.6 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9919a3071..890a7d52e 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp -matrix_mautrix_whatsapp_version: v0.10.5 +matrix_mautrix_whatsapp_version: v0.10.6 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" From 6b44183770484e5288473215048866703420e2cd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 14:34:55 +0000 Subject: [PATCH 24/74] chore(deps): update dock.mau.dev/mautrix/gmessages docker tag to v0.3.0 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index be76e152a..f688918d7 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages -matrix_mautrix_gmessages_version: v0.2.4 +matrix_mautrix_gmessages_version: v0.3.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" From d84dee5d5fe9a29f8c10190be4d4af3f4068b5a2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 14:34:58 +0000 Subject: [PATCH 25/74] chore(deps): update dock.mau.dev/mautrix/meta docker tag to v0.2.0 --- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 2 +- .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 0d8f1426f..3c18f0e35 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta -matrix_mautrix_meta_instagram_version: v0.1.0 +matrix_mautrix_meta_instagram_version: v0.2.0 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index d25cc1721..6ff2a7502 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta -matrix_mautrix_meta_messenger_version: v0.1.0 +matrix_mautrix_meta_messenger_version: v0.2.0 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config" From 77e3bb38f1386af798390c5c5b769c28a33bd508 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Mar 2024 08:06:42 +0200 Subject: [PATCH 26/74] Upgrade Traefik (v2.11.0-0 -> v2.11.0-1) Ref: https://github.com/devture/com.devture.ansible.role.traefik/pull/11 Using a DNS challenge is now easier and more secure. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 8b8418628..f9a2ec627 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,7 +67,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.11.0-0 + version: v2.11.0-1 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 From 80ebad517871af20cecd101bd787a1300080d1bf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Mar 2024 08:11:19 +0200 Subject: [PATCH 27/74] Upgrade Traefik (v2.11.0-1 -> v2.11.0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index f9a2ec627..969831172 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,7 +67,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.11.0-1 + version: v2.11.0-2 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 From 27b464f1a6f2bbbb544eba3a7192585c9c1081c2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 15:48:14 +0000 Subject: [PATCH 28/74] chore(deps): update ghcr.io/matrix-org/rageshake docker tag to v1.12.0 --- roles/custom/matrix-rageshake/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml index bb2e45a1b..0598a0b7b 100644 --- a/roles/custom/matrix-rageshake/defaults/main.yml +++ b/roles/custom/matrix-rageshake/defaults/main.yml @@ -17,7 +17,7 @@ matrix_rageshake_path_prefix: / # There are no stable container image tags yet. # See: https://github.com/matrix-org/rageshake/issues/69 # renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake -matrix_rageshake_version: 1.11.0 +matrix_rageshake_version: 1.12.0 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake" matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config" From f19edbf4ed7c0084d5fb52fa50044e7de37c07bf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 22:38:13 +0000 Subject: [PATCH 29/74] chore(deps): update dependency etherpad to v2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 969831172..56db93a92 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.6-0 + version: v2.0.1-0 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.97-r0-0-1 From 4442a1d6b2c31d2e343af7a1a1508bc59a23cbf3 Mon Sep 17 00:00:00 2001 From: adam-kress Date: Mon, 18 Mar 2024 19:35:40 -0400 Subject: [PATCH 30/74] Upgrade Jitsi (v9258-0 -> v9364-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 56db93a92..f3da01daa 100644 --- a/requirements.yml +++ b/requirements.yml @@ -25,7 +25,7 @@ version: v10.4.0-0 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9258-0 + version: v9364-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.9.0-1 From ab008e20cf97f0fe5fa3d6b6283bba543e92f131 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Mar 2024 16:56:54 +0200 Subject: [PATCH 31/74] Upgrade Synapse (v1.102.0 -> v1.103.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index ff19d4d83..84bdd92d8 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.102.0 +matrix_synapse_version: v1.103.0 matrix_synapse_username: '' matrix_synapse_uid: '' From d48e384f4e3560119a0797661ce741f59f923172 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Mar 2024 17:41:49 +0200 Subject: [PATCH 32/74] Upgrade Prometheus (v2.50.1-0 -> v2.51.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index f3da01daa..614324777 100644 --- a/requirements.yml +++ b/requirements.yml @@ -46,7 +46,7 @@ version: 046004a8cb9946979b72ce81c2526c8033ea8067 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.50.1-0 + version: v2.51.0-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-3 From c1cc5e1595b391db3d96226a23bed1bc66674956 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Tue, 19 Mar 2024 21:50:52 +0100 Subject: [PATCH 33/74] Fix D4A Documentation flaw In the process of writing the Draupnir for all role documentation it was forgotten that Draupnir needs to have the ability to write to the main management room policy list that controls who can access the bot. This flaw was overlooked during development as naturally without thinking the bot had these powers. Upstream Docs had this exact bug also and the author of this commit will have to go and fix upstream docs also to resolve this bug. --- docs/configuring-playbook-appservice-draupnir-for-all.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index a9f33282d..b3ffe05f3 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -67,6 +67,8 @@ The installation of Draupnir for all in this playbook is very much Alpha quality Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended. +The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297)) + To allow users or whole homeservers you type /plain @draupnir-main:matrix-homeserver-domain allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially. ### 2. How to provision a D4A once you are allowed to. From b54e1b9cf6e8d8ac47f7c5491d91a21d5c279578 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Mar 2024 10:20:04 +0200 Subject: [PATCH 34/74] Upgrade Etherpad (v2.0.1-0 -> v2.0.1-1) Ref: https://gitlab.com/etke.cc/roles/etherpad/-/commit/2fb5d777814c4ae558a184aad1b6f32ca4261fd4 Possible fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3231 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 614324777..d5fbc6cf1 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v2.0.1-0 + version: v2.0.1-1 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.97-r0-0-1 From 6d1fdce34a2d5db31fdd2d8a53ae6dedc9baafd7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 16:06:43 +0000 Subject: [PATCH 35/74] chore(deps): update matrixdotorg/sygnal docker tag to v0.14.0 --- roles/custom/matrix-sygnal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml index 7c7d8261b..a365f2951 100644 --- a/roles/custom/matrix-sygnal/defaults/main.yml +++ b/roles/custom/matrix-sygnal/defaults/main.yml @@ -13,7 +13,7 @@ matrix_sygnal_hostname: '' matrix_sygnal_path_prefix: / # renovate: datasource=docker depName=matrixdotorg/sygnal -matrix_sygnal_version: v0.13.0 +matrix_sygnal_version: v0.14.0 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" From afc3c4df0de4f0508e1dff89e09f9e984094dd08 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 22 Mar 2024 10:58:10 +0200 Subject: [PATCH 36/74] Upgrade Grafana (v10.4.0-0 -> v10.4.1-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index d5fbc6cf1..0a366b958 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,7 +22,7 @@ version: v4.97-r0-0-1 name: exim_relay - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.4.0-0 + version: v10.4.1-0 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v9364-0 From 8bb2fbe653d3637c07c5e8aa6535576805c57fd2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 22 Mar 2024 11:40:17 +0200 Subject: [PATCH 37/74] Upgrade Etherpad (v2.0.1-1 -> v2.0.1-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0a366b958..37b71c2c9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v2.0.1-1 + version: v2.0.1-2 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.97-r0-0-1 From 55b6abdbc998fe3298c4813cf19e3c66a760356e Mon Sep 17 00:00:00 2001 From: adam-kress Date: Fri, 22 Mar 2024 20:00:37 -0400 Subject: [PATCH 38/74] Upgrade Jitsi (v9364-0 -> v9364-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 37b71c2c9..f27fd4130 100644 --- a/requirements.yml +++ b/requirements.yml @@ -25,7 +25,7 @@ version: v10.4.1-0 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9364-0 + version: v9364-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.9.0-1 From 23aee07cf48753963d55e3ce7e123ca0163c59d8 Mon Sep 17 00:00:00 2001 From: gardar Date: Sun, 24 Mar 2024 02:58:03 +0000 Subject: [PATCH 39/74] feat: global option to configure all bridges encryption default Signed-off-by: gardar --- docs/configuring-playbook-mautrix-bridges.md | 1 + roles/custom/matrix-base/defaults/main.yml | 3 +++ .../matrix-bridge-appservice-kakaotalk/defaults/main.yml | 2 +- roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 +- roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- .../custom/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 2 +- .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 18 files changed, 20 insertions(+), 16 deletions(-) diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index c6e78d02d..bf528b543 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -40,6 +40,7 @@ Encryption support is off by default. If you would like to enable encryption, ad ```yaml matrix_bridges_encryption_enabled: true +matrix_bridges_encryption_default: true ``` **Alternatively**, for a specific bridge: diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index a4c31bfcd..8bfecc833 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -16,6 +16,9 @@ matrix_admin: '' # Global var to enable/disable encryption across all bridges with encryption support matrix_bridges_encryption_enabled: false +# Global var to make encryption default/optional across all bridges with encryption support +matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}" + # Global var to enable/disable relay mode across all bridges with relay mode support matrix_bridges_relay_enabled: false diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index e567a6693..1dc7e6b96 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -130,7 +130,7 @@ matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_' # End-to-bridge encryption configuration matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}" +matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" # Specifies the default log level for all bridge loggers. matrix_appservice_kakaotalk_logging_level: WARNING diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 6fb00a1f9..9c84d9ba6 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -96,7 +96,7 @@ matrix_beeper_linkedin_logging_level: WARNING # Enable End-to-bridge encryption matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}" +matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}" # Default beeper-linkedin configuration template which covers the generic use case. diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 3e4d41cd8..1100a8790 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -98,7 +98,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map: # Enable End-to-bridge encryption matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index b7a9287d7..3f981af04 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -151,7 +151,7 @@ matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yam # Enable End-to-bridge encryption matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" +matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" # On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge. diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index ecd5ae55b..b8130315e 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -203,5 +203,5 @@ matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_y # Enable End-to-bridge encryption matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}" +matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index f688918d7..e44ca39cd 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -139,7 +139,7 @@ matrix_mautrix_gmessages_bridge_login_shared_secret_map: # Enable End-to-bridge encryption matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" +matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index 5d050eaaa..93f10de93 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -191,4 +191,4 @@ matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registrati # Enable End-to-bridge encryption matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}" +matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml index 621aa8be5..1aa5e5a71 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -187,4 +187,4 @@ matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_y # Enable End-to-bridge encryption matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}" +matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 23ead80f4..3814220bf 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -174,5 +174,5 @@ matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration # Enable End-to-bridge encryption matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}" +matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 3c18f0e35..4079143e4 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -209,7 +209,7 @@ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces: true # Enable End-to-bridge encryption matrix_mautrix_meta_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}" +matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}" matrix_mautrix_meta_instagram_bridge_encryption_appservice: false matrix_mautrix_meta_instagram_bridge_encryption_require: false diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index 6ff2a7502..7a9cd2f80 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -209,7 +209,7 @@ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces: true # Enable End-to-bridge encryption matrix_mautrix_meta_messenger_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}" +matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}" matrix_mautrix_meta_messenger_bridge_encryption_appservice: false matrix_mautrix_meta_messenger_bridge_encryption_require: false diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 1c20b5912..4e11de2da 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -196,7 +196,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml # Enable End-to-bridge encryption matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" +matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_personal_filtering_spaces: true diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index d0f17d96f..dfe41b9e2 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -145,5 +145,5 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | # Enable End-to-bridge encryption matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" +matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 863e3a012..faa4d101f 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -234,5 +234,5 @@ matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)' # Enable End-to-bridge encryption matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}" +matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 091a6899d..30e8d153d 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -169,5 +169,5 @@ matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yam # Enable End-to-bridge encryption matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}" +matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 890a7d52e..fdbe6145c 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -141,7 +141,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true From e3bfd1779230c96ea9dfb5a7fa2f19bd699e3d61 Mon Sep 17 00:00:00 2001 From: gardar Date: Sun, 24 Mar 2024 03:02:11 +0000 Subject: [PATCH 40/74] docs: use available encryption vars instead of configuration extension Signed-off-by: gardar --- docs/configuring-playbook-mautrix-bridges.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index bf528b543..4ceb67459 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -46,11 +46,8 @@ matrix_bridges_encryption_default: true **Alternatively**, for a specific bridge: ```yaml -matrix_mautrix_SERVICENAME_configuration_extension_yaml: | - bridge: - encryption: - allow: true - default: true +matrix_mautrix_SERVICENAME_bridge_encryption_enabled: true +matrix_mautrix_SERVICENAME_bridge_encryption_default: true ``` ## relay mode From 6de6dd4759edfa6d1724f8cad6fa43daedc40b6f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 Mar 2024 16:57:30 +0200 Subject: [PATCH 41/74] Upgrade Traefik (v2.11.0-2 -> v2.11.0-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index f27fd4130..6674636de 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,7 +67,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.11.0-2 + version: v2.11.0-3 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 From d25d0572fbc5beaaa82a7970086df268f14cbb98 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 Mar 2024 16:59:51 +0200 Subject: [PATCH 42/74] Upgrade exim-relay (v4.97-r0-0-1 -> v4.97-r0-0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 6674636de..b4975a938 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,7 +19,7 @@ version: v2.0.1-2 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - version: v4.97-r0-0-1 + version: v4.97-r0-0-2 name: exim_relay - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.4.1-0 From 0049ddf002d1eebe7ba6e143948296c6f82d8255 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 Mar 2024 18:25:19 +0200 Subject: [PATCH 43/74] Add Pantalaimon support This is actually authored by Julian Foad here (https://lab.trax.im/matrix/matrix-docker-ansible-deploy), but was in need of a rebase and various adjustments caused by huge playbook refactoring that landed in the past months. This rework is completely untested. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/266 --- CHANGELOG.md | 9 +++ README.md | 1 + docs/configuring-playbook-bot-draupnir.md | 49 +++++++++++++- docs/configuring-playbook-bot-mjolnir.md | 2 +- docs/configuring-playbook-pantalaimon.md | 21 ++++++ docs/configuring-playbook.md | 4 +- docs/self-building.md | 1 + group_vars/matrix_servers | 41 ++++++++++-- .../matrix-bot-draupnir/defaults/main.yml | 21 +++++- .../tasks/validate_config.yml | 21 ++++-- .../templates/production.yaml.j2 | 48 ++++++------- .../matrix-pantalaimon/defaults/main.yml | 57 ++++++++++++++++ .../matrix-pantalaimon/tasks/install.yml | 67 +++++++++++++++++++ .../custom/matrix-pantalaimon/tasks/main.yml | 20 ++++++ .../matrix-pantalaimon/tasks/uninstall.yml | 25 +++++++ .../tasks/validate_config.yml | 8 +++ .../templates/pantalaimon.conf.j2 | 10 +++ .../systemd/matrix-pantalaimon.service.j2 | 46 +++++++++++++ setup.yml | 1 + 19 files changed, 414 insertions(+), 38 deletions(-) create mode 100644 docs/configuring-playbook-pantalaimon.md create mode 100644 roles/custom/matrix-pantalaimon/defaults/main.yml create mode 100644 roles/custom/matrix-pantalaimon/tasks/install.yml create mode 100644 roles/custom/matrix-pantalaimon/tasks/main.yml create mode 100644 roles/custom/matrix-pantalaimon/tasks/uninstall.yml create mode 100644 roles/custom/matrix-pantalaimon/tasks/validate_config.yml create mode 100644 roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 create mode 100644 roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index bdd20ceb1..7dbcc9928 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2024-03-24 + +## Pantalaimon support + +Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install the [Pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you. It's already possible to integrate it with [Draupnir](docs/configuring-playbook-bot-draupnir.md) to allow it to work in E2EE rooms - see our Draupnir docs for details. + +See our [Setting up Pantalaimon](docs/configuring-playbook-pantalaimon.md) documentation to get started. + + # 2024-03-05 ## Support for Draupnir-for-all diff --git a/README.md b/README.md index 460399308..880d9e772 100644 --- a/README.md +++ b/README.md @@ -172,6 +172,7 @@ Various services that don't fit any other category. | [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) | | [Jitsi](https://jitsi.org/) | x | An open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) | | [Cactus Comments](https://cactus.chat) | x | A federated comment system built on matrix | [Link](docs/configuring-playbook-cactus-comments.md) | +| [Pantalaimon](https://github.com/matrix-org/pantalaimon) | x | An E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) | ## Installation diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index b20a3029e..a5f855120 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -43,14 +43,57 @@ The following command works on semi up to date Windows 10 installs and All Windo ## 4. Create a management room -Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. + +If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below). Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. Finally invite the `@bot.draupnir:DOMAIN` account you created earlier into the room. -## 5a. Adjusting the playbook configuration +## 5. Adjusting the playbook configuration + +Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). + +### 5a. Configuration with E2EE support + +When using Pantalaimon, Draupnir will log in to its bot account itself through Pantalaimon, so configure its username and password. + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md +matrix_pantalaimon_enabled: true + +# Enable Draupnir +matrix_bot_draupnir_enabled: true + +# Tell Draupnir to use Pantalaimon +matrix_bot_draupnir_pantalaimon_use: true + +# User name and password for the bot. Required when using Pantalaimon. +matrix_bot_draupnir_pantalaimon_username: "bot.draupnir" +matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account + +matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + +The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Draupnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: + +```yaml +# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" + +# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" +``` + +### 5b. Configuration without E2EE support + +When NOT using Pantalaimon, Draupnir does not log in by itself and you must give it an access token for its bot account. Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): @@ -64,7 +107,7 @@ matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` -## 5b. Migrating from Mjolnir (Only required if migrating.) +### 5c. Migrating from Mjolnir (Only required if migrating.) Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable mjolnir if you're doing migration. That is all you need to do due to that Draupnir can complete migration on its own. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index efedceebe..13301d819 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -37,7 +37,7 @@ The following command works on semi up to date Windows 10 installs and All Windo ## 4. Create a management room -Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since this role does not support [using Pantalaimon](configuring-playbook-pantalaimon.md) yet. Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. diff --git a/docs/configuring-playbook-pantalaimon.md b/docs/configuring-playbook-pantalaimon.md new file mode 100644 index 000000000..dae77b264 --- /dev/null +++ b/docs/configuring-playbook-pantalaimon.md @@ -0,0 +1,21 @@ +# Setting up pantalaimon (optional) + +The playbook can install and configure the [pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you. + +See the project's [documentation](https://github.com/matrix-org/pantalaimon) to learn what it does and why it might be useful to you. + +This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [matrix-bot-draupnir](configuring-playbook-bot-draupnir.md) role and possibly others can use it. + +## 1. Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +matrix_pantalaimon_enabled: true +``` + +The default configuration should suffice. For advanced configuration, you can override the variables documented in the role's [defaults](../roles/custom/matrix-pantalaimon/defaults/main.yml). + +## 2. Installing + +After configuring the playbook, run the [installation](installing.md) command. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 95d801fee..86139e1a4 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -105,7 +105,9 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) -- [Matrix User Verification Service](configuring-playbook-user-verification-service.md) (optional, advanced) +- [Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (optional, advanced) + +- [Setting up Pantalaimon (E2EE aware proxy daemon)](configuring-playbook-pantalaimon.md) (optional, advanced) ### Bridging other networks diff --git a/docs/self-building.md b/docs/self-building.md index affe23860..4304f4ded 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -40,6 +40,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl - `matrix-bot-matrix-reminder-bot` - `matrix-bot-maubot` - `matrix-email2matrix` +- `matrix-pantalaimon` Adding self-building support to other roles is welcome. Feel free to contribute! diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b50238415..3ecb2738a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -72,7 +72,7 @@ matrix_homeserver_container_extra_arguments_auto: | (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else []) + (['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else []) - + + + (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else []) + (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else []) @@ -141,7 +141,7 @@ matrix_homeserver_app_service_config_files_auto: | (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else []) + (['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else []) - + + + (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else []) + (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else []) @@ -275,7 +275,7 @@ devture_systemd_service_manager_services_list_auto: | ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else []) + ([{'name': 'matrix-appservice-draupnir-for-all.service', 'priority': 4000, 'groups': ['matrix', 'bridges', 'draupnir-for-all', 'appservice-draupnir-for-all']}] if matrix_appservice_draupnir_for_all_enabled else []) - + + + ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else []) + ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else []) @@ -402,6 +402,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else []) + + ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) + + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) @@ -2645,6 +2647,8 @@ matrix_bot_draupnir_enabled: false matrix_bot_draupnir_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + + + (['matrix-pantalaimon.service'] if matrix_bot_draupnir_pantalaimon_use else []) }} matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -2656,6 +2660,9 @@ matrix_bot_draupnir_container_additional_networks_auto: |- ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) }} +matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" +matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" + ###################################################################### # # /matrix-bot-draupnir @@ -2705,6 +2712,32 @@ matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_h ###################################################################### +###################################################################### +# +# matrix-pantalaimon +# +###################################################################### + +matrix_pantalaimon_enabled: false + +matrix_pantalaimon_systemd_required_services_list_auto: | + {{ + matrix_addons_homeserver_systemd_services_list + }} + +matrix_pantalaimon_container_network: "{{ matrix_homeserver_container_network }}" + +matrix_pantalaimon_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_pantalaimon_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" + +###################################################################### +# +# /matrix-pantalaimon +# +###################################################################### + + ###################################################################### # # etke/backup_borg @@ -3595,7 +3628,7 @@ devture_postgres_managed_databases_auto: | 'username': matrix_appservice_draupnir_for_all_database_username, 'password': matrix_appservice_draupnir_for_all_database_password, }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) - + + + ([{ 'name': matrix_appservice_slack_database_name, 'username': matrix_appservice_slack_database_username, diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index e2a7ca9cb..4cb70fe94 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -37,15 +37,34 @@ matrix_bot_draupnir_systemd_required_services_list_custom: [] # List of systemd services that matrix-bot-draupnir.service wants matrix_bot_draupnir_systemd_wanted_services_list: [] -# The access token for the bot user +# Whether Draupnir should talk to the homeserver through Pantalaimon +# If true, then other variables must be provided including pointing +# `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL. +matrix_bot_draupnir_pantalaimon_use: false + +# The access token for the bot user. Required when NOT using Pantalaimon. +# (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.) matrix_bot_draupnir_access_token: "" +# User name and password for the bot. Required when using Pantalaimon. +# (Otherwise provide `matrix_bot_draupnir_access_token` instead.) +matrix_bot_draupnir_pantalaimon_username: "bot.draupnir" +matrix_bot_draupnir_pantalaimon_password: "" + # The room ID where people can use the bot. The bot has no access controls, so # anyone in this room can use the bot - secure your room! # This should be a room alias or room ID - not a matrix.to URL. # Note: draupnir is fairly verbose - expect a lot of messages from it. matrix_bot_draupnir_management_room: "" +# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_draupnir_homeserver_url: "" + +# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_draupnir_raw_homeserver_url: "" + # Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot. # This setting is described the following way in the Configuration. # diff --git a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml index b81378c47..efc5e7ddc 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml @@ -2,9 +2,20 @@ - name: Fail if required matrix-bot-draupnir variables are undefined ansible.builtin.fail: - msg: "The `{{ item }}` variable must be defined and have a non-null value." + msg: "The `{{ item.name }}` variable must be defined and have a non-null value." with_items: - - "matrix_bot_draupnir_access_token" - - "matrix_bot_draupnir_management_room" - - "matrix_bot_draupnir_container_network" - when: "vars[item] == '' or vars[item] is none" + - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_draupnir_management_room', when: true} + - {'name': 'matrix_bot_draupnir_container_network', when: true} + - {'name': 'matrix_bot_draupnir_homeserver_url', when: true} + - {'name': 'matrix_bot_draupnir_raw_homeserver_url', when: true} + - {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"} + when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)" + +- name: Fail if inappropriate variables are defined + ansible.builtin.fail: + msg: "The `{{ item.name }}` variable must be undefined or have a null value." + with_items: + - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"} + when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)" diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 36488a111..b4d3a0bcc 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -1,32 +1,34 @@ # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API), # set this to the pantalaimon URL if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" +homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }} # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. -rawHomeserverUrl: "{{ matrix_homeserver_url }}" +rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }} # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false. -accessToken: "{{ matrix_bot_draupnir_access_token }}" +accessToken: {{ matrix_bot_draupnir_access_token | to_json }} +{% if matrix_bot_draupnir_pantalaimon_use %} # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # Whether or not Draupnir will use pantalaimon to access the matrix homeserver, -# # set to `true` if you're using pantalaimon. -# # -# # Be sure to point homeserverUrl to the pantalaimon instance. -# # -# # Draupnir will log in using the given username and password once, -# # then store the resulting access token in a file under dataPath. -# use: false -# -# # The username to login with. -# username: draupnir -# -# # The password Draupnir will login with. -# # -# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. -# password: your_password +pantalaimon: + # Whether or not Draupnir will use pantalaimon to access the matrix homeserver, + # set to `true` if you're using pantalaimon. + # + # Be sure to point homeserverUrl to the pantalaimon instance. + # + # Draupnir will log in using the given username and password once, + # then store the resulting access token in a file under dataPath. + use: true + + # The username to login with. + username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }} + + # The password Draupnir will login with. + # + # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. + password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }} +{% endif %} # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers. dataPath: "/data" @@ -49,7 +51,7 @@ recordIgnoredInvites: false # # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room. # (see verboseLogging to adjust this a bit.) -managementRoom: "{{ matrix_bot_draupnir_management_room }}" +managementRoom: {{ matrix_bot_draupnir_management_room | to_json }} # Deprecated and will be removed in a future version. # Running with verboseLogging is unsupported. @@ -77,7 +79,7 @@ noop: false # Whether or not Draupnir should apply `m.room.server_acl` events. # DO NOT change this to `true` unless you are very confident that you know what you are doing. -disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}" +disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }} # Whether Draupnir should check member lists quicker (by using a different endpoint), # keep in mind that enabling this will miss invited (but not joined) users. @@ -161,7 +163,7 @@ commands: # The default reasons to be prompted with if the reason is missing from a ban command. ban: - defaultReasons: + defaultReasons: - "spam" - "brigading" - "harassment" diff --git a/roles/custom/matrix-pantalaimon/defaults/main.yml b/roles/custom/matrix-pantalaimon/defaults/main.yml new file mode 100644 index 000000000..b8f5c0d4c --- /dev/null +++ b/roles/custom/matrix-pantalaimon/defaults/main.yml @@ -0,0 +1,57 @@ +--- +# E2EE aware proxy daemon for matrix clients. +# Project source code URL: https://github.com/matrix-org/pantalaimon + +matrix_pantalaimon_enabled: true + +matrix_pantalaimon_version: "0.10.5" + +matrix_pantalaimon_container_image_self_build: false +matrix_pantalaimon_container_image_self_build_repo: "https://github.com/matrix-org/pantalaimon.git" +matrix_pantalaimon_container_image_self_build_repo_version: "{{ 'main' if matrix_pantalaimon_version == 'latest' else matrix_pantalaimon_version }}" + +matrix_pantalaimon_docker_image: "{{ matrix_pantalaimon_docker_image_name_prefix }}matrixdotorg/pantalaimon:v{{ matrix_pantalaimon_version }}" +matrix_pantalaimon_docker_image_name_prefix: "{{ 'localhost/' if matrix_pantalaimon_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_pantalaimon_docker_image_force_pull: "{{ matrix_pantalaimon_docker_image.endswith(':latest') }}" + +matrix_pantalaimon_base_path: "{{ matrix_base_data_path }}/pantalaimon" +matrix_pantalaimon_data_path: "{{ matrix_pantalaimon_base_path }}/data" +matrix_pantalaimon_container_src_files_path: "{{ matrix_pantalaimon_base_path }}/container-src" + +# The base container network +matrix_pantalaimon_container_network: '' + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +matrix_pantalaimon_container_additional_networks: "{{ matrix_pantalaimon_container_additional_networks_auto + matrix_pantalaimon_container_additional_networks_custom }}" +matrix_pantalaimon_container_additional_networks_auto: [] +matrix_pantalaimon_container_additional_networks_custom: [] + +# A list of extra arguments to pass to the container +matrix_pantalaimon_container_extra_arguments: [] + +# List of systemd services that matrix-pantalaimon.service depends on +matrix_pantalaimon_systemd_required_services_list: "{{ matrix_pantalaimon_systemd_required_services_list_default + matrix_pantalaimon_systemd_required_services_list_auto + matrix_pantalaimon_systemd_required_services_list_custom }}" +matrix_pantalaimon_systemd_required_services_list_default: ['docker.service'] +matrix_pantalaimon_systemd_required_services_list_auto: [] +matrix_pantalaimon_systemd_required_services_list_custom: [] + +# List of systemd services that matrix-pantalaimon.service wants +matrix_pantalaimon_systemd_wanted_services_list: "{{ matrix_pantalaimon_systemd_wanted_services_list_default + matrix_pantalaimon_systemd_wanted_services_list_auto + matrix_pantalaimon_systemd_wanted_services_list_custom }}" +matrix_pantalaimon_systemd_wanted_services_list_default: [] +matrix_pantalaimon_systemd_wanted_services_list_auto: [] +matrix_pantalaimon_systemd_wanted_services_list_custom: [] + +# Pantalaimon log level, case-insensitive (Error, Warning, Info, Debug) +matrix_pantalaimon_log_level: Warning + +# Base URL where matrix-pantalaimon can reach your homeserver C-S API. +# If the homeserver runs on the same machine, you may need to add its service to `matrix_pantalaimon_systemd_required_services_list`. +matrix_pantalaimon_homeserver_url: "" + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can +# completely replace this variable with your own template. +matrix_pantalaimon_configuration: "{{ lookup('template', 'templates/pantalaimon.conf.j2') }}" diff --git a/roles/custom/matrix-pantalaimon/tasks/install.yml b/roles/custom/matrix-pantalaimon/tasks/install.yml new file mode 100644 index 000000000..74a90cce2 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/install.yml @@ -0,0 +1,67 @@ +--- + +- name: Ensure matrix-pantalaimon paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_pantalaimon_base_path }}", when: true} + - {path: "{{ matrix_pantalaimon_data_path }}", when: true} + - {path: "{{ matrix_pantalaimon_container_src_files_path }}", when: "{{ matrix_pantalaimon_container_image_self_build }}"} + when: "item.when | bool" + +- name: Ensure matrix-pantalaimon config installed + ansible.builtin.copy: + content: "{{ matrix_pantalaimon_configuration }}" + dest: "{{ matrix_pantalaimon_data_path }}/pantalaimon.conf" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure pantalaimon container image is pulled + community.docker.docker_image: + name: "{{ matrix_pantalaimon_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_pantalaimon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_pantalaimon_docker_image_force_pull }}" + when: "not matrix_pantalaimon_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure pantalaimon repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_pantalaimon_container_image_self_build_repo }}" + version: "{{ matrix_pantalaimon_container_image_self_build_repo_version }}" + dest: "{{ matrix_pantalaimon_container_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_pantalaimon_git_pull_results + when: "matrix_pantalaimon_container_image_self_build | bool" + +- name: Ensure pantalaimon container image is built + community.docker.docker_image: + name: "{{ matrix_pantalaimon_docker_image }}" + source: build + force_source: "{{ matrix_pantalaimon_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_pantalaimon_container_src_files_path }}" + pull: true + when: "matrix_pantalaimon_container_image_self_build | bool" + +- name: Ensure pantalaimon container network is created + community.general.docker_network: + name: "{{ matrix_pantalaimon_container_network }}" + driver: bridge + +- name: Ensure matrix-pantalaimon.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-pantalaimon.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-pantalaimon.service" + mode: 0644 diff --git a/roles/custom/matrix-pantalaimon/tasks/main.yml b/roles/custom/matrix-pantalaimon/tasks/main.yml new file mode 100644 index 000000000..63cdef198 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- tags: + - setup-all + - setup-pantalaimon + - install-all + - install-pantalaimon + block: + - when: matrix_pantalaimon_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_pantalaimon_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-pantalaimon + block: + - when: not matrix_pantalaimon_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-pantalaimon/tasks/uninstall.yml b/roles/custom/matrix-pantalaimon/tasks/uninstall.yml new file mode 100644 index 000000000..a6c7cd5f6 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-pantalaimon service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-pantalaimon.service" + register: matrix_pantalaimon_service_stat + +- when: matrix_pantalaimon_service_stat.stat.exists | bool + block: + - name: Ensure matrix-pantalaimon is stopped + ansible.builtin.service: + name: matrix-pantalaimon + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-pantalaimon.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-pantalaimon.service" + state: absent + + - name: Ensure matrix-pantalaimon paths don't exist + ansible.builtin.file: + path: "{{ matrix_pantalaimon_base_path }}" + state: absent diff --git a/roles/custom/matrix-pantalaimon/tasks/validate_config.yml b/roles/custom/matrix-pantalaimon/tasks/validate_config.yml new file mode 100644 index 000000000..00fc96ced --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/validate_config.yml @@ -0,0 +1,8 @@ +--- + +- name: Fail if required variables are undefined + ansible.builtin.fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value." + with_items: + - "matrix_pantalaimon_homeserver_url" + when: "vars[item] == '' or vars[item] is none" diff --git a/roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 b/roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 new file mode 100644 index 000000000..9e8f6fd97 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 @@ -0,0 +1,10 @@ +[Default] +LogLevel = {{ matrix_pantalaimon_log_level }} + +[homeserver] +Homeserver = {{ matrix_pantalaimon_homeserver_url }} +ListenAddress = 0.0.0.0 +ListenPort = 8009 +SSL = False +UseKeyring = False +IgnoreVerification = True diff --git a/roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 b/roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 new file mode 100644 index 000000000..be752e561 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Pantalaimon +{% for service in matrix_pantalaimon_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_pantalaimon_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-pantalaimon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-pantalaimon 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-pantalaimon \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_pantalaimon_container_network }} \ + --mount type=bind,src={{ matrix_pantalaimon_data_path }},dst=/data \ + {% for arg in matrix_pantalaimon_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_pantalaimon_docker_image }} + +{% for network in matrix_pantalaimon_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-pantalaimon +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-pantalaimon + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-pantalaimon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-pantalaimon 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-pantalaimon + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 96a40fb10..5b371a9f3 100644 --- a/setup.yml +++ b/setup.yml @@ -123,6 +123,7 @@ - custom/matrix-static-files - custom/matrix-coturn - custom/matrix-media-repo + - custom/matrix-pantalaimon - role: galaxy/auxiliary From 96d42d2009db0dfabf3a46932c32aa8763c1e8a6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 Mar 2024 19:08:12 +0200 Subject: [PATCH 44/74] Upgrade systemd_docker_base (v1.0.0-2 -> v1.1.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index b4975a938..1a14106d3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -58,7 +58,7 @@ version: v7.2.3-2 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: v1.0.0-2 + version: v1.1.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-4 From 3758b0cfebdac19e756c71e07730266c8c14f63e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 Mar 2024 19:15:43 +0200 Subject: [PATCH 45/74] Squashed commit of the following: commit cf8637efaca0a0be3609fd6add0dff893a0a9194 Author: Slavi Pantaleev Date: Sun Mar 24 19:14:57 2024 +0200 Make devture_systemd_docker_base_ipv6_enabled automatically reconfigure geerlingguy/ansible-role-docker Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3218 commit dc7af3bc7d25f321bf409477d823e43ea8a05803 Author: Slavi Pantaleev Date: Sun Mar 24 19:10:31 2024 +0200 Replace matrix_ipv6_enabled with devture_systemd_docker_base_ipv6_enabled Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3218 commit 07e900d6a2926233a4fce34d9d8be292ff115260 Author: Slavi Pantaleev Date: Sun Mar 24 19:01:51 2024 +0200 Improve matrix_ipv6_enabled comments commit 3f03ca7f6983cb06b64607efef7a96b30c7def5b Author: Tilo Spannagel Date: Sat Mar 9 19:27:50 2024 +0000 Add setting to enable ipv6 --- group_vars/matrix_servers | 21 +++++++++++++++++++ .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-bot-chatgpt/tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-bot-go-neb/tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-bot-maubot/tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/install.yml | 1 + .../tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-bridge-sms/tasks/setup_install.yml | 1 + .../tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-conduit/tasks/setup_install.yml | 1 + .../matrix-corporal/tasks/setup_install.yml | 1 + .../matrix-dendrite/tasks/setup_install.yml | 1 + .../matrix-dimension/tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-ma1sd/tasks/setup_install.yml | 1 + .../matrix-media-repo/tasks/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + .../custom/matrix-rageshake/tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../matrix-sliding-sync/tasks/install.yml | 1 + .../matrix-static-files/tasks/install.yml | 1 + roles/custom/matrix-sygnal/tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/install.yml | 1 + .../tasks/setup_install.yml | 1 + .../tasks/synapse/setup_install.yml | 1 + .../tasks/setup_install.yml | 1 + 67 files changed, 87 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 3ecb2738a..1ee9226d8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -475,6 +475,27 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d ###################################################################### +######################################################################## +# # +# geerlingguy/ansible-role-docker # +# # +######################################################################## + +docker_daemon_options: | + {{ + { + 'experimental': devture_systemd_docker_base_ipv6_enabled, + 'ip6tables': devture_systemd_docker_base_ipv6_enabled, + } + }} + +######################################################################## +# # +# /geerlingguy/ansible-role-docker # +# # +######################################################################## + + ###################################################################### # # matrix-base diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml index d434c2a65..e54956a2e 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml @@ -77,6 +77,7 @@ - name: Ensure matrix-appservice-draupnir-for-all container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_draupnir_for_all_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 51548749d..e3b792bf5 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -94,6 +94,7 @@ - name: Ensure buscarron container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_buscarron_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-chatgpt/tasks/install.yml b/roles/custom/matrix-bot-chatgpt/tasks/install.yml index 9a09ab11a..68eaf7443 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/install.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/install.yml @@ -58,6 +58,7 @@ - name: Ensure chatgpt container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_chatgpt_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml index 761ae8897..91830ac98 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml @@ -61,6 +61,7 @@ - name: Ensure matrix-bot-draupnir container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_draupnir_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-go-neb/tasks/install.yml b/roles/custom/matrix-bot-go-neb/tasks/install.yml index d251248af..96178ddb9 100644 --- a/roles/custom/matrix-bot-go-neb/tasks/install.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/install.yml @@ -45,6 +45,7 @@ - name: Ensure go-neb container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_go_neb_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index faf905363..93e219e89 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -111,6 +111,7 @@ - name: Ensure honoroit container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_honoroit_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 2b07f439e..652e2d4bb 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -58,6 +58,7 @@ - name: Ensure matrix-registration-bot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_matrix_registration_bot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 27b9f89ed..0489187cd 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -86,6 +86,7 @@ - name: Ensure matrix-reminder-bot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_matrix_reminder_bot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml index 0d3bb4cae..bceab14ec 100644 --- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml @@ -72,6 +72,7 @@ - name: Ensure maubot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_maubot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml index 085049bdd..5fe1f4306 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml @@ -61,6 +61,7 @@ - name: Ensure matrix-bot-mjolnir container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_mjolnir_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml index 17f84e143..a14718289 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml @@ -81,6 +81,7 @@ - name: Ensure postmoogle container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_postmoogle_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index 56d875f2a..ccfc3bad7 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -106,6 +106,7 @@ - name: Ensure matrix-appservice-discord container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_discord_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml index c322b3747..77eb3bf8c 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -190,6 +190,7 @@ - name: Ensure matrix-appservice-irc container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_irc_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml index 585604d02..8235d550e 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -99,6 +99,7 @@ - name: Ensure matrix-appservice-kakaotalk container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_kakaotalk_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml index 740918337..7ad2b26d6 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -84,6 +84,7 @@ - name: Ensure matrix-appservice-slack container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_slack_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index bb538e22b..145bf2165 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -83,6 +83,7 @@ - name: Ensure matrix-appservice-webhooks container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_webhooks_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c35c4f37d..4a0f88f0f 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -85,6 +85,7 @@ - name: Ensure beeper-linkedin container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_beeper_linkedin_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 211c0e75d..304d55039 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -128,6 +128,7 @@ - name: Ensure matrix-go-skype-bridge container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_go_skype_bridge_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml index 728a3975a..887ebe14c 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -31,6 +31,7 @@ - name: Ensure heisenbridge container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_heisenbridge_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml index 146a3f3eb..05b3005e5 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml @@ -109,6 +109,7 @@ - name: Ensure matrix-hookshot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_hookshot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml index 77ff027e4..e160bc9f6 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -95,6 +95,7 @@ - name: Ensure mautrix-discord container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_discord_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 8e81d85d0..d17488ee0 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure matrix-mautrix-facebook container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_facebook_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml index 88a26cfde..f9387eb4a 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml @@ -144,6 +144,7 @@ - name: Ensure matrix-mautrix-gmessages container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_gmessages_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index eb33e14a2..3b3a55803 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure matrix-mautrix-googlechat container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_googlechat_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index a648972f0..eca5cc260 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure matrix-mautrix-hangouts container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_hangouts_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index e0d4da4a1..9ad03a5a6 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -77,6 +77,7 @@ - name: Ensure matrix-mautrix-instagram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_instagram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml index 906e5040d..b0240e298 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml @@ -104,6 +104,7 @@ - name: Ensure mautrix-meta-instagram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_meta_instagram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml index d9f305be4..2b5738c90 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml @@ -104,6 +104,7 @@ - name: Ensure mautrix-meta-messenger container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_meta_messenger_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 8facac9b0..a04757499 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -138,6 +138,7 @@ - name: Ensure matrix-mautrix-signal container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_signal_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml index c0ff0ba70..15a54d426 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -95,6 +95,7 @@ - name: Ensure matrix-mautrix-slack container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_slack_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 7f384e909..410ee2022 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -150,6 +150,7 @@ - name: Ensure matrix-mautrix-telegram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_telegram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 04fc858d2..bf7c3fa1a 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -79,6 +79,7 @@ - name: Ensure matrix-mautrix-twitter container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_twitter_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 0d620c07c..9e9a583b2 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -138,6 +138,7 @@ - name: Ensure matrix-mautrix-whatsapp container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_whatsapp_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml index 725296e6c..d7d24cf4a 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -93,6 +93,7 @@ - name: Ensure mautrix-wsproxy container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_wsproxy_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 7681587e3..c3037d8c6 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -114,6 +114,7 @@ - name: Ensure mx-puppet-discord container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_discord_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index d91f99c2a..55bb29aa3 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -115,6 +115,7 @@ - name: Ensure mx-puppet-groupme container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_groupme_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index ebd37688a..238ea1f2b 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -94,6 +94,7 @@ - name: Ensure mx-puppet-instagram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_instagram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 10480a7b6..9524f338c 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure mx-puppet-slack container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_slack_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index dc4f24bff..24ef30b59 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -115,6 +115,7 @@ - name: Ensure mx-puppet-steam container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_steam_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 50c51f5ea..e5e051841 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure mx-puppet-twitter container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_twitter_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml index 95ea5b3d4..6d0cfd08f 100644 --- a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml @@ -48,6 +48,7 @@ - name: Ensure matrix-sms-bridge container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_sms_bridge_container_network }}" driver: bridge diff --git a/roles/custom/matrix-cactus-comments-client/tasks/install.yml b/roles/custom/matrix-cactus-comments-client/tasks/install.yml index f0c797b65..53eaee90c 100644 --- a/roles/custom/matrix-cactus-comments-client/tasks/install.yml +++ b/roles/custom/matrix-cactus-comments-client/tasks/install.yml @@ -73,6 +73,7 @@ - name: Ensure matrix-cactus-comments-client container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_cactus_comments_client_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml index e4eb79387..162514f52 100644 --- a/roles/custom/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml @@ -66,6 +66,7 @@ - name: Ensure Cinny container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_cinny_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml index f3273d229..0e5053d35 100644 --- a/roles/custom/matrix-client-element/tasks/setup_install.yml +++ b/roles/custom/matrix-client-element/tasks/setup_install.yml @@ -100,6 +100,7 @@ - name: Ensure Element container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_element_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 5ca6cb732..42cfd563a 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -78,6 +78,7 @@ - name: Ensure Hydrogen container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_hydrogen_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-schildichat/tasks/setup_install.yml b/roles/custom/matrix-client-schildichat/tasks/setup_install.yml index 6633878aa..f6bd61a17 100644 --- a/roles/custom/matrix-client-schildichat/tasks/setup_install.yml +++ b/roles/custom/matrix-client-schildichat/tasks/setup_install.yml @@ -99,6 +99,7 @@ - name: Ensure schildichat container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_schildichat_container_network }}" driver: bridge diff --git a/roles/custom/matrix-conduit/tasks/setup_install.yml b/roles/custom/matrix-conduit/tasks/setup_install.yml index 295b5c4f2..00d8a1330 100644 --- a/roles/custom/matrix-conduit/tasks/setup_install.yml +++ b/roles/custom/matrix-conduit/tasks/setup_install.yml @@ -36,6 +36,7 @@ - name: Ensure Conduit container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_conduit_container_network }}" driver: bridge diff --git a/roles/custom/matrix-corporal/tasks/setup_install.yml b/roles/custom/matrix-corporal/tasks/setup_install.yml index bfa0a2ac2..3213fc9f4 100644 --- a/roles/custom/matrix-corporal/tasks/setup_install.yml +++ b/roles/custom/matrix-corporal/tasks/setup_install.yml @@ -68,6 +68,7 @@ - name: Ensure Matrix Corporal container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_corporal_container_network }}" driver: bridge diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 05c96aced..248a15dd7 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -109,6 +109,7 @@ - name: Ensure Dendrite container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_dendrite_container_network }}" driver: bridge diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml index b1f0c242d..04c2248f9 100644 --- a/roles/custom/matrix-dimension/tasks/setup_install.yml +++ b/roles/custom/matrix-dimension/tasks/setup_install.yml @@ -130,6 +130,7 @@ - name: Ensure Dimension container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_dimension_container_network }}" driver: bridge diff --git a/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml index 17e13963d..f8ce0c48e 100644 --- a/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml @@ -58,6 +58,7 @@ - name: Ensure matrix-dynamic-dns container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_dynamic_dns_container_network }}" driver: bridge diff --git a/roles/custom/matrix-email2matrix/tasks/setup_install.yml b/roles/custom/matrix-email2matrix/tasks/setup_install.yml index f6fe55e23..5d49e7d47 100644 --- a/roles/custom/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_install.yml @@ -58,6 +58,7 @@ - name: Ensure matrix-email2matrix container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_email2matrix_container_network }}" driver: bridge diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml index c54a2f65e..760d4728f 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml @@ -53,6 +53,7 @@ - name: Ensure matrix-ldap-registration-proxy container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_ldap_registration_proxy_container_network }}" driver: bridge diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml index 4a408b468..0fcdb8c0a 100644 --- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml @@ -134,6 +134,7 @@ - name: Ensure ma1sd container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_ma1sd_container_network }}" driver: bridge diff --git a/roles/custom/matrix-media-repo/tasks/setup_install.yml b/roles/custom/matrix-media-repo/tasks/setup_install.yml index b36df6d9a..a25b3f130 100755 --- a/roles/custom/matrix-media-repo/tasks/setup_install.yml +++ b/roles/custom/matrix-media-repo/tasks/setup_install.yml @@ -79,6 +79,7 @@ - name: Ensure media-repo container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_media_repo_container_network }}" driver: bridge diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml index 37cf96c29..2133e54a0 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml @@ -42,6 +42,7 @@ - name: Ensure prometheus-nginxlog-exporter container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_prometheus_nginxlog_exporter_container_network }}" driver: bridge diff --git a/roles/custom/matrix-rageshake/tasks/install.yml b/roles/custom/matrix-rageshake/tasks/install.yml index a1db9a877..f19304b8a 100644 --- a/roles/custom/matrix-rageshake/tasks/install.yml +++ b/roles/custom/matrix-rageshake/tasks/install.yml @@ -67,6 +67,7 @@ - name: Ensure rageshake container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_rageshake_container_network }}" driver: bridge diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml index db0085086..9c6791365 100644 --- a/roles/custom/matrix-registration/tasks/setup_install.yml +++ b/roles/custom/matrix-registration/tasks/setup_install.yml @@ -109,6 +109,7 @@ - name: Ensure matrix-registration container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_registration_container_network }}" driver: bridge diff --git a/roles/custom/matrix-sliding-sync/tasks/install.yml b/roles/custom/matrix-sliding-sync/tasks/install.yml index cb41cec06..7e7f2569c 100644 --- a/roles/custom/matrix-sliding-sync/tasks/install.yml +++ b/roles/custom/matrix-sliding-sync/tasks/install.yml @@ -60,6 +60,7 @@ - name: Ensure matrix-sliding-sync container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_sliding_sync_container_network }}" driver: bridge diff --git a/roles/custom/matrix-static-files/tasks/install.yml b/roles/custom/matrix-static-files/tasks/install.yml index 94de62b8e..8d715de78 100644 --- a/roles/custom/matrix-static-files/tasks/install.yml +++ b/roles/custom/matrix-static-files/tasks/install.yml @@ -83,6 +83,7 @@ - name: Ensure matrix-static-files container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_static_files_container_network }}" driver: bridge diff --git a/roles/custom/matrix-sygnal/tasks/install.yml b/roles/custom/matrix-sygnal/tasks/install.yml index 7ee75a94e..a3015a385 100644 --- a/roles/custom/matrix-sygnal/tasks/install.yml +++ b/roles/custom/matrix-sygnal/tasks/install.yml @@ -41,6 +41,7 @@ - name: Ensure Sygnal container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_sygnal_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse-admin/tasks/setup_install.yml b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml index 2eefe06f6..d8819524f 100644 --- a/roles/custom/matrix-synapse-admin/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml @@ -53,6 +53,7 @@ - name: Ensure matrix-synapse-admin container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_admin_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml b/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml index 7e1bbf55f..bb26c0acf 100644 --- a/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml +++ b/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml @@ -70,6 +70,7 @@ - name: Ensure matrix-synapse-auto-compressor container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_auto_compressor_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml index 6a2293b2f..8af00cf67 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml @@ -41,6 +41,7 @@ - name: Ensure matrix-synapse-reverse-proxy-companion container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_reverse_proxy_companion_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml index fab610464..736493280 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml @@ -117,6 +117,7 @@ - name: Ensure Synapse container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_container_network }}" driver: bridge diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 700614cbd..d42401f4e 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -57,6 +57,7 @@ - name: Ensure matrix-user-verification-service container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_user_verification_service_container_network }}" driver: bridge From a99b57943dbb3de56f0fd3df337cdbc113d496c0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 Mar 2024 20:05:19 +0200 Subject: [PATCH 46/74] Announce initial work on IPv6 support in the changelog Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3218 --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7dbcc9928..a6c9e84a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # 2024-03-24 +## Initial work on IPv6 support + +Thanks to [Tilo Spannagel](https://github.com/tilosp), the playbook can now enable IPv6 for container networks for various components (roles) via [the `devture_systemd_docker_base_ipv6_enabled` variable](https://github.com/devture/com.devture.ansible.role.systemd_docker_base/blob/c11a526bb8e318b42eb52055056377bb31154f13/defaults/main.yml#L14-L31). + +It should be noted that: + +- Matrix roles (`roles/custom/matrix-*`) respect this variable, but external roles (those defined in `requirements.yml` and installed via `just roles`) do not respect it yet. Additional work is necessary +- changing the variable subsequently may not change existing container networks. Refer to [these instructions](https://github.com/devture/com.devture.ansible.role.systemd_docker_base/blob/c11a526bb8e318b42eb52055056377bb31154f13/defaults/main.yml#L26-L30) +- this is all very new and untested + ## Pantalaimon support Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install the [Pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you. It's already possible to integrate it with [Draupnir](docs/configuring-playbook-bot-draupnir.md) to allow it to work in E2EE rooms - see our Draupnir docs for details. From 530df651c2c61c2c9a2d850c6068ade3fd6a02ba Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Sun, 24 Mar 2024 21:03:56 +0100 Subject: [PATCH 47/74] Pin Draupnir Appservice to 1.87.0 instead of Develop & update Draupnir Appservice Draupnir for All required Develop before the release of 1.87.0 to work at all in the playbook. Now that we have a release to pin to we will return to being pinned to a release. Especially as Draupnir 2.0.0 push is happening now in main. This will mean that Draupnir develop is expected to be much more unstable than usual for a bit so its important that we pin to a stable release. These releases are validated due to having been dogfooded ever since D4A was merged into the playbook. --- .../matrix-appservice-draupnir-for-all/defaults/main.yml | 4 ++-- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml index 207518099..21c98ee1b 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -5,14 +5,14 @@ matrix_appservice_draupnir_for_all_enabled: true # renovate: datasource=docker depName=gnuxie/draupnir -matrix_appservice_draupnir_for_all_version: "develop" +matrix_appservice_draupnir_for_all_version: "1.87.0" matrix_appservice_draupnir_for_all_container_image_self_build: false matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}" matrix_appservice_draupnir_for_all_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':develop') }}" +matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}" matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all" matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config" diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 4cb70fe94..cb840ef15 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_draupnir_enabled: true # renovate: datasource=docker depName=gnuxie/draupnir -matrix_bot_draupnir_version: "v1.86.2" +matrix_bot_draupnir_version: "v1.87.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" From 2d78ff2bda15d58ecf38e7951aef510eb5905510 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 24 Mar 2024 20:05:40 +0000 Subject: [PATCH 48/74] chore(deps): update gnuxie/draupnir docker tag to v1.87.0 --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 4cb70fe94..cb840ef15 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_draupnir_enabled: true # renovate: datasource=docker depName=gnuxie/draupnir -matrix_bot_draupnir_version: "v1.86.2" +matrix_bot_draupnir_version: "v1.87.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" From 3b7468787f09f1315d05d7bd484cf95a38979539 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Sun, 24 Mar 2024 21:55:21 +0100 Subject: [PATCH 49/74] Improve Pantalaimon Support in Draupnir and add Mjolnir support --- docs/configuring-playbook-bot-draupnir.md | 2 +- docs/configuring-playbook-bot-mjolnir.md | 45 ++++++++++++++++++- group_vars/matrix_servers | 4 ++ .../matrix-bot-draupnir/defaults/main.yml | 4 +- .../matrix-bot-mjolnir/defaults/main.yml | 21 ++++++++- .../tasks/validate_config.yml | 22 ++++++--- .../templates/production.yaml.j2 | 44 +++++++++--------- 7 files changed, 111 insertions(+), 31 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index a5f855120..27b2a06a6 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -73,7 +73,7 @@ matrix_bot_draupnir_enabled: true matrix_bot_draupnir_pantalaimon_use: true # User name and password for the bot. Required when using Pantalaimon. -matrix_bot_draupnir_pantalaimon_username: "bot.draupnir" +matrix_bot_draupnir_pantalaimon_username: "DRAUPNIR_USERNAME_FROM_STEP_1" matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 13301d819..69a89ac8e 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -37,7 +37,9 @@ The following command works on semi up to date Windows 10 installs and All Windo ## 4. Create a management room -Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since this role does not support [using Pantalaimon](configuring-playbook-pantalaimon.md) yet. +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. + +If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below). Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. @@ -46,6 +48,47 @@ Finally invite the `@bot.mjolnir:DOMAIN` account you created earlier into the ro ## 5. Adjusting the playbook configuration +Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). + +### 5a. Configuration with E2EE support + +When using Pantalaimon, Mjolnir will log in to its bot account itself through Pantalaimon, so configure its username and password. + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md +matrix_pantalaimon_enabled: true + +# Enable Mjolnir +matrix_bot_mjolnir_enabled: true + +# Tell Mjolnir to use Pantalaimon +matrix_bot_mjolnir_pantalaimon_use: true + +# User name and password for the bot. Required when using Pantalaimon. +matrix_bot_mjolnir_pantalaimon_username: "MJOLNIR_USERNAME_FROM_STEP_1" +matrix_bot_mjolnir_pantalaimon_password: ### you should create a secure password for the bot account + +matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + +The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Mjolnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: + +```yaml +# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" + +# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" +``` + +### 5b. Configuration without E2EE support + +When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give it an access token for its bot account. + Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1ee9226d8..a2e74951f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2638,6 +2638,8 @@ matrix_bot_mjolnir_enabled: false matrix_bot_mjolnir_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + + + (['matrix-pantalaimon.service'] if matrix_bot_mjolnir_pantalaimon_use else []) }} matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2649,6 +2651,8 @@ matrix_bot_mjolnir_container_additional_networks_auto: |- ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) }} +matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" +matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" ###################################################################### # # /matrix-bot-mjolnir diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 4cb70fe94..861c9d9a6 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -48,13 +48,13 @@ matrix_bot_draupnir_access_token: "" # User name and password for the bot. Required when using Pantalaimon. # (Otherwise provide `matrix_bot_draupnir_access_token` instead.) -matrix_bot_draupnir_pantalaimon_username: "bot.draupnir" +matrix_bot_draupnir_pantalaimon_username: "" matrix_bot_draupnir_pantalaimon_password: "" # The room ID where people can use the bot. The bot has no access controls, so # anyone in this room can use the bot - secure your room! # This should be a room alias or room ID - not a matrix.to URL. -# Note: draupnir is fairly verbose - expect a lot of messages from it. +# Note: Draupnir is fairly verbose - expect a lot of messages from it. matrix_bot_draupnir_management_room: "" # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API). diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 4b5ac95bd..950f791fa 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -37,15 +37,34 @@ matrix_bot_mjolnir_systemd_required_services_list_custom: [] # List of systemd services that matrix-bot-mjolnir.service wants matrix_bot_mjolnir_systemd_wanted_services_list: [] -# The access token for the bot user +# Whether Mjolnir should talk to the homeserver through Pantalaimon +# If true, then other variables must be provided including pointing +# `matrix_bot_mjolnir_homeserver_url` to the Pantalaimon URL. +matrix_bot_mjolnir_pantalaimon_use: false + +# The access token for the bot user. Required when NOT using Pantalaimon. +# (Otherwise provide `matrix_bot_mjolnir_pantalaimon_username` and `matrix_bot_mjolnir_pantalaimon_password` instead.) matrix_bot_mjolnir_access_token: "" +# User name and password for the bot. Required when using Pantalaimon. +# (Otherwise provide `matrix_bot_mjolnir_access_token` instead.) +matrix_bot_mjolnir_pantalaimon_username: "" +matrix_bot_mjolnir_pantalaimon_password: "" + # The room ID where people can use the bot. The bot has no access controls, so # anyone in this room can use the bot - secure your room! # This should be a room alias or room ID - not a matrix.to URL. # Note: Mjolnir is fairly verbose - expect a lot of messages from it. matrix_bot_mjolnir_management_room: "" +# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_mjolnir_homeserver_url: "" + +# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_mjolnir_raw_homeserver_url: "" + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml index 63289d7ba..7fd67e589 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml @@ -1,9 +1,21 @@ --- -- name: Fail if required variables are undefined +- name: Fail if required matrix-bot-mjolnir variables are undefined ansible.builtin.fail: - msg: "The `{{ item }}` variable must be defined and have a non-null value." + msg: "The `{{ item.name }}` variable must be defined and have a non-null value." with_items: - - "matrix_bot_mjolnir_access_token" - - "matrix_bot_mjolnir_management_room" - when: "vars[item] == '' or vars[item] is none" + - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ not matrix_bot_mjolnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_mjolnir_management_room', when: true} + - {'name': 'matrix_bot_mjolnir_container_network', when: true} + - {'name': 'matrix_bot_mjolnir_homeserver_url', when: true} + - {'name': 'matrix_bot_mjolnir_raw_homeserver_url', when: true} + - {'name': 'matrix_bot_mjolnir_pantalaimon_username', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_mjolnir_pantalaimon_password', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"} + when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)" + +- name: Fail if inappropriate variables are defined + ansible.builtin.fail: + msg: "The `{{ item.name }}` variable must be undefined or have a null value." + with_items: + - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"} + when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)" diff --git a/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 index 7643d65f7..23da8375e 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 @@ -1,32 +1,34 @@ # Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API), # set this to the pantalaimon URL if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" +homeserverUrl: {{ matrix_bot_mjolnir_homeserver_url | to_json }} # Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. -rawHomeserverUrl: "{{ matrix_homeserver_url }}" +rawHomeserverUrl: {{ matrix_bot_mjolnir_raw_homeserver_url | to_json }} # Matrix Access Token to use, Mjolnir will only use this if pantalaimon.use is false. -accessToken: "{{ matrix_bot_mjolnir_access_token }}" +accessToken: {{ matrix_bot_mjolnir_access_token | to_json }} +{% if matrix_bot_mjolnir_pantalaimon_use %} # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver, -# # set to `true` if you're using pantalaimon. -# # -# # Be sure to point homeserverUrl to the pantalaimon instance. -# # -# # Mjolnir will log in using the given username and password once, -# # then store the resulting access token in a file under dataPath. -# use: false -# -# # The username to login with. -# username: mjolnir -# -# # The password Mjolnir will login with. -# # -# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. -# password: your_password +pantalaimon: + # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver, + # set to `true` if you're using pantalaimon. + # + # Be sure to point homeserverUrl to the pantalaimon instance. + # + # Mjolnir will log in using the given username and password once, + # then store the resulting access token in a file under dataPath. + use: true + + # The username to login with. + username: {{ matrix_bot_mjolnir_pantalaimon_username | to_json }} + + # The password Mjolnir will login with. + # + # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. + password: {{ matrix_bot_mjolnir_pantalaimon_password | to_json }} +{% endif %} # The path Mjolnir will store its state/data in, leave default ("/data/storage") when using containers. dataPath: "/data" @@ -49,7 +51,7 @@ recordIgnoredInvites: false # # Note: By default, Mjolnir is fairly verbose - expect a lot of messages in this room. # (see verboseLogging to adjust this a bit.) -managementRoom: "{{ matrix_bot_mjolnir_management_room }}" +managementRoom: {{ matrix_bot_mjolnir_management_room | to_json }} # Whether Mjolnir should log a lot more messages in the room, # mainly involves "all-OK" messages, and debugging messages for when mjolnir checks bans in a room. From 7143133beb6d7cac6d5daf02dca7fdbb9202ff59 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Mar 2024 07:06:52 +0200 Subject: [PATCH 50/74] Update Pantalaimon docs page to mention Mjolnir --- docs/configuring-playbook-pantalaimon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-pantalaimon.md b/docs/configuring-playbook-pantalaimon.md index dae77b264..6f6146e1e 100644 --- a/docs/configuring-playbook-pantalaimon.md +++ b/docs/configuring-playbook-pantalaimon.md @@ -4,7 +4,7 @@ The playbook can install and configure the [pantalaimon](https://github.com/matr See the project's [documentation](https://github.com/matrix-org/pantalaimon) to learn what it does and why it might be useful to you. -This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [matrix-bot-draupnir](configuring-playbook-bot-draupnir.md) role and possibly others can use it. +This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [Draupnir](configuring-playbook-bot-draupnir.md) and [Mjolnir](configuring-playbook-bot-mjolnir.md) roles (and possibly others) can use it. ## 1. Adjusting the playbook configuration From 9c01d875f31a7da5244c975e209aac26c8b16972 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Mar 2024 07:11:04 +0200 Subject: [PATCH 51/74] become -> ansible_become For some of these, the `ansible_` prefix does not seem to be needed, but it's the canonical way to do things and it may become required in newer Ansible versions. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3237 --- examples/hosts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/hosts b/examples/hosts index cb6459f97..3455812f3 100644 --- a/examples/hosts +++ b/examples/hosts @@ -2,8 +2,8 @@ # If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`. # # To connect using a non-root user (and elevate to root with sudo later), -# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username become=true become_user=root`. -# If sudo requires a password, either add `become_password=PASSWORD_HERE` to the host line +# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`. +# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line # or tell Ansible to ask you for the password interactively by adding a `--ask-become-pass` (`-K`) flag to all `ansible-playbook` (or `just`) commands. # # For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`. From 345439485723aea2d7cda46c5c6938175171c0d0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Mar 2024 18:47:05 +0200 Subject: [PATCH 52/74] Upgrade Traefik (v2.11.0-3 -> v2.11.0-4) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1a14106d3..9ea20bcf6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,7 +67,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.11.0-3 + version: v2.11.0-4 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 From 56cf263eb20f0b31db324fc17414a1fde205a0f6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 08:22:44 +0200 Subject: [PATCH 53/74] Upgrade ntfy (v2.9.0-1 -> v2.10.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 9ea20bcf6..cf77d695c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -28,7 +28,7 @@ version: v9364-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.9.0-1 + version: v2.10.0-0 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: 201c939eed363de269a83ba29784fc3244846048 From 0b4309c8ef94d4f500c816ae77f6b0a90e05b93b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:25:18 +0000 Subject: [PATCH 54/74] Add keydb (#3244) * add keydb as redis replacement * sort requirements --- group_vars/matrix_servers | 43 +++++++++++++++++++++++++++++++++------ requirements.yml | 3 +++ setup.yml | 1 + 3 files changed, 41 insertions(+), 6 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a2e74951f..4919d9162 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -402,6 +402,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else []) + + ([{'name': (keydb_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'keydb']}] if keydb_enabled else []) + + ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) @@ -1862,12 +1864,14 @@ matrix_hookshot_systemd_wanted_services_list: | matrix_addons_homeserver_systemd_services_list + ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else []) + + + ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else []) }} # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available. # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled), # because connectivity is still potentially troublesome and is to be investigated. -matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else '' }}" +matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '' }}" matrix_hookshot_container_network: "{{ matrix_addons_container_network }}" @@ -1878,6 +1882,8 @@ matrix_hookshot_container_additional_networks_auto: | + ([redis_container_network] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else []) + + ([keydb_container_network] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else []) + + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else []) ) | unique }} @@ -3956,7 +3962,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | # ###################################################################### -redis_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}" +redis_enabled: "{{ not keydb_enabled and (matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled)) }}" redis_identifier: matrix-redis @@ -3967,7 +3973,28 @@ redis_base_path: "{{ matrix_base_data_path }}/redis" ###################################################################### # -# /etle/redis +# /etke/redis +# +###################################################################### + +###################################################################### +# +# keydb +# +###################################################################### + +keydb_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}" + +keydb_identifier: matrix-keydb + +keydb_uid: "{{ matrix_user_uid }}" +keydb_gid: "{{ matrix_user_gid }}" + +keydb_base_path: "{{ matrix_base_data_path }}/keydb" + +###################################################################### +# +# keydb # ###################################################################### @@ -4174,6 +4201,8 @@ matrix_synapse_container_additional_networks_auto: | + ([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) + + ([keydb_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else []) + + ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else []) + ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else []) @@ -4256,6 +4285,8 @@ matrix_synapse_systemd_required_services_list_auto: | + ([redis_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) + + ([keydb_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else []) + + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} @@ -4267,9 +4298,9 @@ matrix_synapse_systemd_wanted_services_list_auto: | }} # Synapse workers (used for parallel load-scaling) need Redis for IPC. -matrix_synapse_redis_enabled: "{{ redis_enabled }}" -matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else '' }}" -matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else '' }}" +matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled }}" +matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else keydb_identifier if keydb_enabled else '' }}" +matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else keydb_connection_password if keydb_enabled else '' }}" matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" diff --git a/requirements.yml b/requirements.yml index cf77d695c..2d8c21eff 100644 --- a/requirements.yml +++ b/requirements.yml @@ -27,6 +27,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v9364-1 name: jitsi +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git + version: v6.3.4-0 + name: keydb - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.10.0-0 name: ntfy diff --git a/setup.yml b/setup.yml index 5b371a9f3..9d5db5bc0 100644 --- a/setup.yml +++ b/setup.yml @@ -48,6 +48,7 @@ - role: galaxy/postgres - galaxy/redis + - galaxy/keydb - custom/matrix-corporal - custom/matrix-appservice-draupnir-for-all - custom/matrix-bridge-appservice-discord From 859f4ca26b841f69b44a39e1e1f06481ba87348a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:25:53 +0000 Subject: [PATCH 55/74] chore(deps): update dependency redis to v7.2.4-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2d8c21eff..2de25833e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -58,7 +58,7 @@ version: v0.14.0-4 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.3-2 + version: v7.2.4-0 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.1.0-0 From b5ec8f83b1f922325a57de070f237b02e310308c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 11:54:12 +0200 Subject: [PATCH 56/74] Revert "become -> ansible_become" This reverts commit 9c01d875f31a7da5244c975e209aac26c8b16972. This is very confusing and messy.. but it's documented. `ansible_become_*` variables actually take priority and override all `become_*` variables set at the task level. As such, using `ansible_become=true ansible_become_user=root` in `inventory/hosts` causes issues because tasks that specify `become: OTHER_USER` will be forced to run as `root` due to `ansible_become_user`. --- examples/hosts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/hosts b/examples/hosts index 3455812f3..cb6459f97 100644 --- a/examples/hosts +++ b/examples/hosts @@ -2,8 +2,8 @@ # If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`. # # To connect using a non-root user (and elevate to root with sudo later), -# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`. -# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line +# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username become=true become_user=root`. +# If sudo requires a password, either add `become_password=PASSWORD_HERE` to the host line # or tell Ansible to ask you for the password interactively by adding a `--ask-become-pass` (`-K`) flag to all `ansible-playbook` (or `just`) commands. # # For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`. From a34ab877821de8a678d142121868fbac2703e991 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:15:12 +0200 Subject: [PATCH 57/74] Upgrade KeyDB (v6.3.4-0 -> v6.3.4-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2de25833e..013565394 100644 --- a/requirements.yml +++ b/requirements.yml @@ -28,7 +28,7 @@ version: v9364-1 name: jitsi - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git - version: v6.3.4-0 + version: v6.3.4-1 name: keydb - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.10.0-0 From 9a8c9850aa4f66f8a75fb3e505c8ac8c04837ee7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:15:46 +0200 Subject: [PATCH 58/74] Pass and remap `matrix_architecture` to KeyDB role Only `amd64` and `arm64` actually work. The KeyDB role includes a validation task and will complain about unsupported architectures (like `arm32`). `arm32` users can stick to Redis for now (`keydb_enabled: false` + `redis_enabled: true`) until: - the KeyDB role starts supporting self-building.. although building such large projects on weak CPUs is probably impractical - a prebuilt arm32 image is made available by other means --- group_vars/matrix_servers | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4919d9162..227802723 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3992,6 +3992,15 @@ keydb_gid: "{{ matrix_user_gid }}" keydb_base_path: "{{ matrix_base_data_path }}/keydb" +keydb_arch: |- + {{ + ({ + 'amd64': 'x86_64', + 'arm32': 'arm32', + 'arm64': 'arm64', + })[matrix_architecture] + }} + ###################################################################### # # keydb From d0fd25dcda4f74627b3977b73cfd22ca6aa3af3c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:37:02 +0200 Subject: [PATCH 59/74] Add some () for better readability --- group_vars/matrix_servers | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 227802723..aa507a6e2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1871,7 +1871,7 @@ matrix_hookshot_systemd_wanted_services_list: | # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available. # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled), # because connectivity is still potentially troublesome and is to be investigated. -matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '' }}" +matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}" matrix_hookshot_container_network: "{{ matrix_addons_container_network }}" @@ -4308,8 +4308,8 @@ matrix_synapse_systemd_wanted_services_list_auto: | # Synapse workers (used for parallel load-scaling) need Redis for IPC. matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled }}" -matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else keydb_identifier if keydb_enabled else '' }}" -matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else keydb_connection_password if keydb_enabled else '' }}" +matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '') }}" +matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else (keydb_connection_password if keydb_enabled else '') }}" matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" From 0e05a332db9583290b38b71fc316c4f92c7c49a8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:37:16 +0200 Subject: [PATCH 60/74] Announce (Redis -> KeyDB) switch --- CHANGELOG.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6c9e84a2..0d15d0be9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,29 @@ +# 2023-03-26 + +## (Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis + +**TLDR**: if the playbook used installed Redis as a dependency for you before, it will now replace it with [KeyDB](https://docs.keydb.dev/) (a drop-in alternative) due to [Redis having changed its license](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now uses [KeyDB](https://docs.keydb.dev/) (a drop-in alternative), instead of [Redis](https://redis.io/). + +The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), enabling Hookshot encryption, etc.) or if you explicitly enable the service (`redis_enabled: true` or `keydb_enabled: true`). + +This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the limitations of the new license (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis. + +Next time your run the playbook (via the `setup-all` tag), **Redis will be automatically uninstalled and replaced with KeyDB**. Some Synapse downtime may occur while the switch happens. + +Users on `arm32` should be aware that there's **neither a prebuilt `arm32` container image for KeyDB**, nor the KeyDB role supports self-building yet. Users on this architecture likely don't run Synapse with workers, etc., so they're likely in no need of KeyDB (or Redis). If Redis is necessary in an `arm32` deployment, disabling KeyDB and making the playbook fall back to Redis is possible (see below). + +**The playbook still supports Redis** and you can keep using Redis (for now) if you'd like, by adding this additional configuration to your `vars.yml` file: + +```yml +# Explicitly disable KeyDB, which will auto-enable Redis +# if the playbook requires it as a dependency for its operation. +keydb_enabled: false +``` + + + # 2024-03-24 ## Initial work on IPv6 support From 661f8c7121366f0512af7c16bc34d695dc11f509 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:43:03 +0200 Subject: [PATCH 61/74] Improve wording of changelog entry --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d15d0be9..87bfdbfb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,11 @@ **TLDR**: if the playbook used installed Redis as a dependency for you before, it will now replace it with [KeyDB](https://docs.keydb.dev/) (a drop-in alternative) due to [Redis having changed its license](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). -Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now uses [KeyDB](https://docs.keydb.dev/) (a drop-in alternative), instead of [Redis](https://redis.io/). +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now uses [KeyDB](https://docs.keydb.dev/) (a drop-in alternative for Redis), instead of [Redis](https://redis.io/). -The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), enabling Hookshot encryption, etc.) or if you explicitly enable the service (`redis_enabled: true` or `keydb_enabled: true`). +The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), enabling Hookshot encryption, etc.) or if you explicitly enabled the service (`redis_enabled: true` or `keydb_enabled: true`). -This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the limitations of the new license (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis. +This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the Limitations of [the new license](https://redis.com/legal/rsalv2-agreement/) (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis. Next time your run the playbook (via the `setup-all` tag), **Redis will be automatically uninstalled and replaced with KeyDB**. Some Synapse downtime may occur while the switch happens. From 23dda314efa308d0171247849641b7c94e81e0b3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:45:22 +0200 Subject: [PATCH 62/74] Add one more link to changelog entry --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87bfdbfb6..e0d52ca31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now uses [KeyDB](https://docs.keydb.dev/) (a drop-in alternative for Redis), instead of [Redis](https://redis.io/). -The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), enabling Hookshot encryption, etc.) or if you explicitly enabled the service (`redis_enabled: true` or `keydb_enabled: true`). +The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), [enabling Hookshot encryption](docs/configuring-playbook-bridge-hookshot.md#end-to-bridge-encryption), etc.) or if you explicitly enabled the service (`redis_enabled: true` or `keydb_enabled: true`). This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the Limitations of [the new license](https://redis.com/legal/rsalv2-agreement/) (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis. From 42c036c920436b557e840a8f0d2c93ebc2122eab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 12:47:04 +0200 Subject: [PATCH 63/74] Fix typo in changelog entry --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0d52ca31..09596e17b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), [enabling Hookshot encryption](docs/configuring-playbook-bridge-hookshot.md#end-to-bridge-encryption), etc.) or if you explicitly enabled the service (`redis_enabled: true` or `keydb_enabled: true`). -This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the Limitations of [the new license](https://redis.com/legal/rsalv2-agreement/) (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis. +This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the Limitations of [the new license](https://redis.com/legal/rsalv2-agreement/) (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis's. Next time your run the playbook (via the `setup-all` tag), **Redis will be automatically uninstalled and replaced with KeyDB**. Some Synapse downtime may occur while the switch happens. From 17b109d9f67d8a1b6e18bfc197cc7eb80e5ce8f6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 13:26:50 +0200 Subject: [PATCH 64/74] Fix year number in CHANGELOG section Ref: https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/0e05a332db9583290b38b71fc316c4f92c7c49a8#commitcomment-140240527 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09596e17b..372a27be3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# 2023-03-26 +# 2024-03-26 ## (Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis From 50813c600db1c47b1f3e76707b81fe05d6c46ef5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 17:04:00 +0200 Subject: [PATCH 65/74] Only run Debian Signed-By migration if Docker installation is managed by the playbook --- roles/custom/matrix_playbook_migration/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index bbee3000f..33e685b1e 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -6,7 +6,7 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- when: ansible_os_family == 'Debian' and matrix_playbook_migration_debian_signedby_migration_enabled | bool +- when: ansible_os_family == 'Debian' and matrix_playbook_docker_installation_enabled | bool and matrix_playbook_migration_debian_signedby_migration_enabled | bool tags: - setup-all - install-all From 37143b1305327428bb1cc6546df6408323b3e171 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 20:00:06 +0200 Subject: [PATCH 66/74] Upgrade Element (v1.11.61 -> v1.11.62) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index c15954fc3..d3eecdd42 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.61 +matrix_client_element_version: v1.11.62 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From e1a086ff87df7ebab37014aeaef2607e8f64bf6d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 Mar 2024 21:15:38 +0200 Subject: [PATCH 67/74] Upgrade Element (v1.11.62 -> v1.11.63) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index d3eecdd42..506f07f83 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.62 +matrix_client_element_version: v1.11.63 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 0430baf567943ed4ff1d9331ee226cdaef334dc2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 30 Mar 2024 22:26:37 +0000 Subject: [PATCH 68/74] chore(deps): update dependency backup_borg to v1.2.8-1.8.9-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 013565394..03bbf2265 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.7-1.8.6-0 + version: v1.2.8-1.8.9-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-3 From de4eb1ace1adade5cafc905473d710226e4ea390 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 31 Mar 2024 09:20:59 +0300 Subject: [PATCH 69/74] Upgrade exim-relay (v4.97-r0-0-2 -> v4.97-r0-0-3) This new version makes the mail spool persistent, so that exim can be restarted without losing queued messages. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 03bbf2265..f33c35b1c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,7 +19,7 @@ version: v2.0.1-2 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - version: v4.97-r0-0-2 + version: v4.97-r0-0-3 name: exim_relay - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.4.1-0 From 532e8b498bfc4452644b2ecebb1d7ee160b5d75e Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 1 Apr 2024 23:24:40 +0300 Subject: [PATCH 70/74] add matrix_synapse_redis_dbid var --- roles/custom/matrix-synapse/defaults/main.yml | 1 + .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 3 +++ 2 files changed, 4 insertions(+) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 84bdd92d8..6c68c588b 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -1038,6 +1038,7 @@ matrix_synapse_redis_enabled: false matrix_synapse_redis_host: "" matrix_synapse_redis_port: 6379 matrix_synapse_redis_password: "" +matrix_synapse_redis_dbid: 0 # Controls whether Synapse starts a replication listener necessary for workers. # diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index b22178fcd..29f11d8e9 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2921,6 +2921,9 @@ redis: host: {{ matrix_synapse_redis_host }} port: {{ matrix_synapse_redis_port }} + # Optional database ID to connect to. Defaults to 0. + dbid: {{ matrix_synapse_redis_dbid }} + # Optional password if configured on the Redis instance # password: {{ matrix_synapse_redis_password }} From 348c8c25e07db26bab8a4aed0faf2a93c16dd7b1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 18:49:21 +0000 Subject: [PATCH 71/74] chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.104.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 6c68c588b..c9499207a 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.103.0 +matrix_synapse_version: v1.104.0 matrix_synapse_username: '' matrix_synapse_uid: '' From dd6ee2dd14c0dd28d8b5ca0297aff72ac87ebe29 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Apr 2024 09:42:34 +0300 Subject: [PATCH 72/74] Fix incorrect Conduit configuration template path Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3248 --- roles/custom/matrix-conduit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 3bccf1078..3957c5c43 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -115,7 +115,7 @@ matrix_conduit_container_extra_arguments: [] # the original files into your inventory (e.g. in `inventory/host_vars//`) # and then change the specific host's `vars.yaml` file like this: # matrix_conduit_template_conduit_config: "{{ playbook_dir }}/inventory/host_vars//conduit.toml.j2" -matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit/conduit.toml.j2" +matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit.toml.j2" # Max size for uploads, in bytes matrix_conduit_max_request_size: 20_000_000 From 98bd0f9272cb123648740df4f74b40a25709be7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Swetz=C3=A9n?= Date: Thu, 4 Apr 2024 10:00:40 +0200 Subject: [PATCH 73/74] Meta messenger documentation clarification * Add link to database migration documentation. * Correct configuration snippet to dict instead of str --- docs/configuring-playbook-bridge-mautrix-meta-messenger.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-meta-messenger.md b/docs/configuring-playbook-bridge-mautrix-meta-messenger.md index 541f52112..8a7d62330 100644 --- a/docs/configuring-playbook-bridge-mautrix-meta-messenger.md +++ b/docs/configuring-playbook-bridge-mautrix-meta-messenger.md @@ -9,9 +9,9 @@ This documentation page only deals with the bridge's ability to bridge to Facebo ## Migrating from the old mautrix-facebook bridge -If you've been using the [mautrix-facebook](./configuring-playbook-bridge-mautrix-facebook.md) bridge, you may wish to get rid of it first. +If you've been using the [mautrix-facebook](./configuring-playbook-bridge-mautrix-facebook.md) bridge, it's possible to migrate the database using [instructions from the bridge documentation](https://docs.mau.fi/bridges/go/meta/facebook-migration.html) (advanced). -To do so, send a `clean-rooms` command to the management room with the old bridge bot (`@facebookbot:YOUR_DOMAIN`). +Then you may wish to get rid of the Facebook bridge. To do so, send a `clean-rooms` command to the management room with the old bridge bot (`@facebookbot:YOUR_DOMAIN`). This would give you a list of portals and groups of portals you may purge. Proceed with sending commands like `clean recommended`, etc. @@ -67,7 +67,7 @@ If you don't define the `matrix_admin` in your configuration (e.g. `matrix_admin You may redefine `matrix_mautrix_meta_messenger_bridge_permissions_default` any way you see fit, or add extra permissions using `matrix_mautrix_meta_messenger_bridge_permissions_custom` like this: ```yaml -matrix_mautrix_meta_messenger_bridge_permissions_custom: | +matrix_mautrix_meta_messenger_bridge_permissions_custom: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` From f6aa94deb95877d1a05a51ef979929cbf14138e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Apr 2024 11:03:46 +0300 Subject: [PATCH 74/74] Fix matrix_mautrix_meta_instagram_bridge_permissions_custom to use a dict Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3254 --- docs/configuring-playbook-bridge-mautrix-meta-instagram.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-meta-instagram.md b/docs/configuring-playbook-bridge-mautrix-meta-instagram.md index 0e30de56a..674f01b81 100644 --- a/docs/configuring-playbook-bridge-mautrix-meta-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-meta-instagram.md @@ -56,7 +56,7 @@ If you don't define the `matrix_admin` in your configuration (e.g. `matrix_admin You may redefine `matrix_mautrix_meta_instagram_bridge_permissions_default` any way you see fit, or add extra permissions using `matrix_mautrix_meta_instagram_bridge_permissions_custom` like this: ```yaml -matrix_mautrix_meta_instagram_bridge_permissions_custom: | +matrix_mautrix_meta_instagram_bridge_permissions_custom: '@YOUR_USERNAME:YOUR_DOMAIN': admin ```