From c5f9e021036a8ed79b1737326a5c5938aa478fd7 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sun, 14 Jun 2020 17:49:59 +0200 Subject: [PATCH 01/13] updated matrix sms bridge container --- roles/matrix-bridge-sms/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index a53056b7e..2d905ea31 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -3,7 +3,7 @@ matrix_sms_bridge_enabled: true -matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.1.RELEASE" +matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.2.RELEASE" matrix_sms_bridge_database_docker_image: "neo4j:latest" matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}" From 226d5a9c648076e17a03f532547f077ab819b7b6 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sun, 14 Jun 2020 18:10:15 +0200 Subject: [PATCH 02/13] remove force pull --- roles/matrix-bridge-sms/tasks/setup_install.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 47454b27e..254510a3f 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -4,8 +4,6 @@ docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_sms_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_docker_image_force_pull }}" - name: Ensure matrix-sms-bridge databse image is pulled docker_image: From bd3223cdd475664fee1c5d3c37479834f45cc204 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sun, 14 Jun 2020 18:28:42 +0200 Subject: [PATCH 03/13] updated matrix-sms-bridge container --- roles/matrix-bridge-sms/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 2d905ea31..a20ddb39c 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -3,7 +3,7 @@ matrix_sms_bridge_enabled: true -matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.2.RELEASE" +matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.3.RELEASE" matrix_sms_bridge_database_docker_image: "neo4j:latest" matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}" From 8e1a418a4573f143792bfdbb38f2abafbb8048c4 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sun, 14 Jun 2020 20:13:39 +0200 Subject: [PATCH 04/13] updated matrix-sms-bridge container --- roles/matrix-bridge-sms/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index a20ddb39c..40ee8846d 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -3,7 +3,7 @@ matrix_sms_bridge_enabled: true -matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.3.RELEASE" +matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.4.RELEASE" matrix_sms_bridge_database_docker_image: "neo4j:latest" matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}" From 3553d3d513ce24eab9faddc57aab32a78570233e Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Wed, 8 Jul 2020 14:27:57 +0200 Subject: [PATCH 05/13] updated version of matrix-sms-bridge --- roles/matrix-bridge-sms/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 40ee8846d..e598213b9 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -3,7 +3,7 @@ matrix_sms_bridge_enabled: true -matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.4.RELEASE" +matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.3.0.RELEASE" matrix_sms_bridge_database_docker_image: "neo4j:latest" matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}" From eff55e4d001771788703c13f8eb9d95177c781a0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 10 Jul 2020 14:33:18 +0300 Subject: [PATCH 06/13] Upgrade Synapse (v1.16.0 -> v1.16.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 6fc7eab2c..c56db7b6c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.16.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.16.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From ddfc945fcf7e31d63dde0d508068b7c6729183eb Mon Sep 17 00:00:00 2001 From: shadow Date: Fri, 10 Jul 2020 19:20:36 +0200 Subject: [PATCH 07/13] Remove unused validate_config.yml, since it causes ansible warnings --- roles/matrix-base/tasks/main.yml | 5 ----- roles/matrix-base/tasks/validate_config.yml | 1 - 2 files changed, 6 deletions(-) delete mode 100644 roles/matrix-base/tasks/validate_config.yml diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index 26e019967..a1bb6754b 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -2,11 +2,6 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool" - tags: - - setup-all - - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" when: run_setup|bool tags: diff --git a/roles/matrix-base/tasks/validate_config.yml b/roles/matrix-base/tasks/validate_config.yml deleted file mode 100644 index ed97d539c..000000000 --- a/roles/matrix-base/tasks/validate_config.yml +++ /dev/null @@ -1 +0,0 @@ ---- From 0074ca646e23babb732879542d9c11be3076cce2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 12 Jul 2020 09:50:39 +0300 Subject: [PATCH 08/13] Improve Goofys documentation example for GCS Fixes #573 (Github Issue). --- docs/configuring-playbook-s3.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-s3.md b/docs/configuring-playbook-s3.md index ed7c4d926..643edb5b2 100644 --- a/docs/configuring-playbook-s3.md +++ b/docs/configuring-playbook-s3.md @@ -47,5 +47,6 @@ You can use any S3-compatible object store by **additionally** configuring these ```yaml matrix_s3_media_store_custom_endpoint_enabled: true +# Example: "https://storage.googleapis.com" matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" ``` From 200f912c042327355644b14393b23219a32868f2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Jul 2020 14:08:50 +0300 Subject: [PATCH 09/13] Upgrade Synapse (v1.16.1 -> v1.17.0) Fixes #579 (Github Issue). --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 35 ++++++++++++++++--- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c56db7b6c..eb9462d20 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.16.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.17.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index fb432f870..5ed2524bf 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1781,12 +1781,39 @@ sso: #template_dir: "res/templates" -# The JWT needs to contain a globally unique "sub" (subject) claim. +# JSON web token integration. The following settings can be used to make +# Synapse JSON web tokens for authentication, instead of its internal +# password database. +# +# Each JSON Web Token needs to contain a "sub" (subject) claim, which is +# used as the localpart of the mxid. +# +# Note that this is a non-standard login type and client support is +# expected to be non-existant. +# +# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md. # #jwt_config: -# enabled: true -# secret: "a secret" -# algorithm: "HS256" + # Uncomment the following to enable authorization using JSON web + # tokens. Defaults to false. + # + #enabled: true + + # This is either the private shared secret or the public key used to + # decode the contents of the JSON web token. + # + # Required if 'enabled' is true. + # + #secret: "provided-by-your-issuer" + + # The algorithm used to sign the JSON web token. + # + # Supported algorithms are listed at + # https://pyjwt.readthedocs.io/en/latest/algorithms.html + # + # Required if 'enabled' is true. + # + #algorithm: "provided-by-your-issuer" password_config: From c23a0620f2c5d9c0b0d98e1ea8652fb45393a340 Mon Sep 17 00:00:00 2001 From: Julian Strobl Date: Mon, 13 Jul 2020 11:07:16 +0200 Subject: [PATCH 10/13] Fix default SSL path for federation api in docs One could also remove the two variables from the docs completely, because they are set by the playbook automatically. Error: javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [] Fixes #577 (Github Issue). --- docs/howto-server-delegation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/howto-server-delegation.md b/docs/howto-server-delegation.md index 9fa343268..5235b843b 100644 --- a/docs/howto-server-delegation.md +++ b/docs/howto-server-delegation.md @@ -82,8 +82,8 @@ Based on your setup, you have different ways to go about it: # # NOTE: these are in-container paths. `/matrix/ssl` on the host is mounted into the container # at the same path (`/matrix/ssl`) by default, so if that's the path you need, it would be seamless. -matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: /matrix/ssl/config/live//fullchain.pem -matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/config/live//privkey.pem +matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: /matrix/ssl/config/live/matrix./fullchain.pem +matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/config/live/matrix./privkey.pem ``` If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container: From 000b482d18dad47bd70174d4ee6246b88de0f334 Mon Sep 17 00:00:00 2001 From: bertiebaggio <7524620+bertiebaggio@users.noreply.github.com> Date: Mon, 13 Jul 2020 15:03:24 +0100 Subject: [PATCH 11/13] Add 'Troubleshooting' w/workaround for ownership If a Postgres dump contains ALTER TABLE ... OWNER_TO statements which set the owner to a username different from 'synapse' the post Postgres import task will fail complaining about lack of role. Changing the matrix_postgres_connection_username group var has no effect. However, the ALTER TABLE statements (and accompanying comments) can be rewritten to change the username to 'synapse', which permits the import task to succeed. From a sample of 1, having the owner set in this was causes no discernable side effects on the homeserver. --- docs/importing-postgres.md | 51 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index f1adaa06a..4410db535 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -24,3 +24,54 @@ To import, run this command (make sure to replace `` must be a file path to a Postgres dump file on the server (not on your local machine!). + +## Troubleshooting + +A table ownership issue can occur if you are importing from a Synapse installation which was both: + + - migrated from SQLite to Postgres, and + - used a username other than 'synapse' + +In this case you may run into the following error during the import task: + +``` +"ERROR: role \"synapse_user\" does not exist" +``` + +where `synapse_user` is the database username from the previous Synapse installation. + +This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username: + +```Shell +$ grep "ALTER TABLE" homeserver.sql" +ALTER TABLE public.access_tokens OWNER TO synapse_user; +ALTER TABLE public.account_data OWNER TO synapse_user; +ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user; +ALTER TABLE public.account_validity OWNER TO synapse_user; +ALTER TABLE public.application_services_state OWNER TO synapse_user; +... +``` + +It can be worked around by changing the username to `synapse`, for example by using `sed`: + +```sed +$ sed -i "s/synapse_user/synapse/g" homeserver.sql" +``` + +This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. + +Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as: + +``` +ERROR: relation \"access_tokens\" already exists +``` + +In this case you can use the command suggested in the import task to clear the database before retrying the import: + +```Shell +# systemctl stop matrix-postgres +# rm -rf /matrix/postgres/data/* +# systemctl start matrix-postgres +``` + +Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed. From 866d6fc1c9a136b96fefdbccfe5cadeb0079b9d9 Mon Sep 17 00:00:00 2001 From: bertiebaggio <7524620+bertiebaggio@users.noreply.github.com> Date: Mon, 13 Jul 2020 15:12:17 +0100 Subject: [PATCH 12/13] Fix sed formatting --- docs/importing-postgres.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index 4410db535..a88067e1c 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -54,7 +54,7 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user; It can be worked around by changing the username to `synapse`, for example by using `sed`: -```sed +```Shell $ sed -i "s/synapse_user/synapse/g" homeserver.sql" ``` From b50cfe8d18a8ef81014e65cfb6c9758795918a4a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jul 2020 10:35:32 +0300 Subject: [PATCH 13/13] Upgrade mautrix-telegram (0.7.2 -> 0.8.1) --- .../defaults/main.yml | 2 +- .../templates/config.yaml.j2 | 26 +++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 36b146089..43210c070 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -4,7 +4,7 @@ matrix_mautrix_telegram_enabled: true # See: https://mau.dev/tulir/mautrix-telegram/container_registry -matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2" +matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.1" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 2a5b5785e..490494cc6 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -124,8 +124,8 @@ bridge: # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) # at startup and when creating a bridge. sync_matrix_state: true - # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix - # login website (see appservice.public config section) + # Allow logging in within Matrix. If false, users can only log in using login-qr or the + # out-of-Matrix login website (see appservice.public config section) allow_matrix_login: true # Whether or not to bridge plaintext highlights. # Only enable this if your displayname_template has some static part that the bridge can use to @@ -184,6 +184,28 @@ bridge: # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false + # Database for the encryption data. Currently only supports Postgres and an in-memory + # store that's persisted as a pickle. + # If set to `default`, will use the appservice postgres database + # or a pickle file if the appservice database is sqlite. + # + # Format examples: + # Pickle: pickle:///filename.pickle + # Postgres: postgres://username:password@hostname/dbname + database: default + + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This will be implicitly enabled if encryption.default is true. + private_chat_portal_meta: false + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to Telegram. + delivery_receipts: false + # Whether or not delivery errors should be reported as messages in the Matrix room. + delivery_error_reports: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false # Overrides for base power levels. initial_power_level_overrides: