Merge branch 'master' into matrix-federation-api-port

CHANGELOG.md

@@ -253,6 +253,8 @@ The fact that we've renamed Synapse's database from `homeserver` to `synapse` (i
 
 ## (Breaking Change) The mautrix-facebook bridge now requires a Postgres database
 
+**Update from 2021-11-15**: SQLite support has been re-added to the mautrix-facebook bridge in [v0.3.2](https://github.com/mautrix/facebook/releases/tag/v0.3.2). You can ignore this changelog entry.
+
 A new version of the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge has been released. It's a full rewrite of its backend and the bridge now requires Postgres. New versions of the bridge can no longer run on SQLite.
 
 **TLDR**: if you're NOT using an [external Postgres server](docs/configuring-playbook-external-postgres.md) and have NOT forcefully kept the bridge on SQLite during [The big move to all-on-Postgres (potentially dangerous)](#the-big-move-to-all-on-postgres-potentially-dangerous), you will be automatically upgraded without manual intervention. All you need to do is send a `login` message to the Facebook bridge bot again.

docs/configuring-playbook-matrix-corporal.md

@@ -37,6 +37,7 @@ matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-corporal
 
 matrix_corporal_enabled: true
 
+# See below for an example of how to use a locally-stored static policy
 matrix_corporal_policy_provider_config: |
   {
     "Type": "http",
@@ -74,10 +75,48 @@ Matrix Corporal operates with a specific Matrix user on your server.
 By default, it's `matrix-corporal` (controllable by the `matrix_corporal_reconciliation_user_id_local_part` setting, see above).
 No matter what Matrix user id you configure to run it with, make sure that:
 
-- the Matrix Corporal user is created by [registering it](registering-users.md). Use a password you remember, as you'll need to log in from time to time to create or join rooms
+- the Matrix Corporal user is created by [registering it](registering-users.md) **with administrator privileges**. Use a password you remember, as you'll need to log in from time to time to create or join rooms
 
 - the Matrix Corporal user is joined and has Admin/Moderator-level access to any rooms you want it to manage
 
+### Using a locally-stored static policy
+
+If you'd like to use a [static policy file](https://github.com/devture/matrix-corporal/blob/master/docs/policy-providers.md#static-file-pull-style-policy-provider), you can use a configuration like this:
+
+```yaml
+matrix_corporal_policy_provider_config: |
+  {
+    "Type": "static_file",
+    "Path": "/etc/matrix-corporal/policy.json"
+  }
+
+# Modify the policy below as you see fit
+matrix_aux_file_definitions:
+  - dest: "{{ matrix_corporal_config_dir_path }}/policy.json"
+    content: |
+      {
+        "schemaVersion": 1,
+        "identificationStamp": "stamp-1",
+        "flags": {
+          "allowCustomUserDisplayNames": false,
+          "allowCustomUserAvatars": false,
+          "forbidRoomCreation": false,
+          "forbidEncryptedRoomCreation": true,
+          "forbidUnencryptedRoomCreation": false,
+          "allowCustomPassthroughUserPasswords": true,
+          "allowUnauthenticatedPasswordResets": false,
+          "allow3pidLogin": false
+        },
+        "managedCommunityIds": [],
+        "managedRoomIds": [],
+        "users": []
+      }
+```
+
+To learn more about what the policy configuration, see the matrix-corporal documentation on [policy](https://github.com/devture/matrix-corporal/blob/master/docs/policy.md).
+
+Each time you update the policy in your `vars.yml` file, you'd need to re-run the playbook and restart matrix-corporal (`--tags=setup-all,start` or `--tags=setup-aux-files,setup-corporal,start`).
+
 
 ## Matrix Corporal files
 

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_mautrix_facebook_enabled: true
 matrix_mautrix_facebook_container_image_self_build: false
 matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
 
-matrix_mautrix_facebook_version: v0.3.1
+matrix_mautrix_facebook_version: v0.3.2
 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
 matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml

@@ -10,22 +10,14 @@
     - "matrix_mautrix_facebook_homeserver_token"
 
 - block:
-    - name: Fail if on SQLite, unless on the last version supporting SQLite
-      fail:
-        msg: >-
-          You're trying to use the mautrix-facebook bridge with an SQLite database.
-          Going forward, this bridge only supports Postgres.
-          To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database
-      when: "not matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
-
-    - name: Inject warning if still on SQLite
+    - name: Inject warning if on an old SQLite-supporting version
       set_fact:
         matrix_playbook_runtime_results: |
           {{
             matrix_playbook_runtime_results|default([])
             +
             [
-              "NOTE: Your mautrix-facebook bridge setup is still on SQLite. Your bridge is not getting any updates and will likely stop working at some point. To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database"
+              "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)"
             ]
           }}
-  when: "matrix_mautrix_facebook_database_engine == 'sqlite'"
+  when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"

roles/matrix-corporal/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_version: 2.1.2
+matrix_corporal_version: 2.1.3
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

roles/matrix-postgres-backup/defaults/main.yml

@@ -32,6 +32,7 @@ matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_pr
 matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11{{ matrix_postgres_backup_docker_image_suffix }}"
 matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}"
 matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}"
+matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}"
 matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.

roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml

@@ -54,3 +54,8 @@
   set_fact:
     matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}"
   when: "matrix_postgres_backup_detected_version == '12' or matrix_postgres_backup_detected_version.startswith('12.')"
+
+- name: Determine corresponding Docker image to detected version (use 13.x, if detected)
+  set_fact:
+    matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v13 }}"
+  when: "matrix_postgres_backup_detected_version == '13' or matrix_postgres_backup_detected_version.startswith('13.')"

roles/matrix-postgres/defaults/main.yml

@@ -18,11 +18,11 @@ matrix_postgres_architecture: amd64
 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
 
 matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.0{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.19{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.14{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.9{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.5{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.1{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.