From 45c92ba7db4b8a77ccd06304410e0845d2570164 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 7 Apr 2023 08:09:54 +0300 Subject: [PATCH 01/39] Upgrade Traefik (2.9.9 -> 2.9.10) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index a53a9d713..c5d4c8ecd 100644 --- a/requirements.yml +++ b/requirements.yml @@ -24,7 +24,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: 3d5bb2976815958cdce3f368fa34fb51554f899b - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.9.9-0 + version: v2.9.10-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 418dd953addc104f77547d2ff8c233fe964f424c Mon Sep 17 00:00:00 2001 From: Shreyas Ajjarapu Date: Fri, 7 Apr 2023 11:44:17 -0500 Subject: [PATCH 02/39] Updating maubot to the latest version --- roles/custom/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index caee9b132..a31d81913 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" -matrix_bot_maubot_version: v0.4.0 +matrix_bot_maubot_version: v0.4.1 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" From 717d4417b9104647ae446a22dc4678a914140cbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Apr 2023 16:59:03 +0000 Subject: [PATCH 03/39] Bump ansible-community/ansible-lint-action from 6.11.0 to 6.14.4 Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.11.0 to 6.14.4. - [Release notes](https://github.com/ansible-community/ansible-lint-action/releases) - [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.11.0...v6.14.4) --- updated-dependencies: - dependency-name: ansible-community/ansible-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 2f9e79534..c21db57a3 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -21,6 +21,6 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run ansible-lint - uses: ansible-community/ansible-lint-action@v6.11.0 + uses: ansible-community/ansible-lint-action@v6.14.4 with: path: roles/custom From 2649d9d8bb128dffc323d3cd3888f9d1158cf1e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 8 Apr 2023 08:10:22 +0300 Subject: [PATCH 04/39] Fix lint-reported errors --- requirements.yml | 2 ++ .../matrix-coturn/tasks/setup_install.yml | 8 -------- .../tasks/main.yml | 18 +++++++++--------- 3 files changed, 11 insertions(+), 17 deletions(-) diff --git a/requirements.yml b/requirements.yml index c5d4c8ecd..26414d8e9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,3 +1,5 @@ +--- + - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git version: v1.0.0-0 name: aux diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 1cb8bd696..503ffae10 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -73,7 +73,6 @@ src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service" mode: 0644 - register: matrix_coturn_systemd_service_change_results # This may be unnecessary when more long-lived certificates are used. # We optimize for the common use-case though (short-lived Let's Encrypt certificates). @@ -83,7 +82,6 @@ src: "{{ role_path }}/templates/systemd/{{ item }}.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" mode: 0644 - register: "matrix_coturn_systemd_service_change_results" when: "matrix_coturn_tls_enabled | bool" with_items: - matrix-coturn-reload.service @@ -94,13 +92,7 @@ ansible.builtin.file: path: "{{ item }}" state: absent - register: "matrix_coturn_systemd_service_change_results" when: "not matrix_coturn_tls_enabled | bool" with_items: - matrix-coturn-reload.service - matrix-coturn-reload.timer - -- name: Ensure systemd reloaded if systemd units changed - ansible.builtin.service: - daemon_reload: true - when: "matrix_coturn_systemd_service_change_results.changed" diff --git a/roles/custom/matrix-synapse-auto-compressor/tasks/main.yml b/roles/custom/matrix-synapse-auto-compressor/tasks/main.yml index 2cce1f122..5993e4f9b 100644 --- a/roles/custom/matrix-synapse-auto-compressor/tasks/main.yml +++ b/roles/custom/matrix-synapse-auto-compressor/tasks/main.yml @@ -1,20 +1,20 @@ --- -- block: +- tags: + - setup-all + - setup-synapse-auto-compressor + - install-all + - install-synapse-auto-compressor + block: - when: matrix_synapse_auto_compressor_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: matrix_synapse_auto_compressor_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" - tags: + +- tags: - setup-all - setup-synapse-auto-compressor - - install-all - - install-synapse-auto-compressor - -- block: + block: - when: not matrix_synapse_auto_compressor_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" - tags: - - setup-all - - setup-synapse-auto-compressor From 4546410f6a722084d9875034399137058bbbf139 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 10 Apr 2023 15:15:32 +0300 Subject: [PATCH 05/39] Restore matrix-nginx-proxy connectivity to the Jitsi container network Regression since 1d00d15482e8a2ec9e82a50 --- group_vars/matrix_servers | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 91a630baf..f25c4b4e1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2576,7 +2576,14 @@ matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_pu matrix_nginx_proxy_trust_forwarded_proto: "{{ matrix_playbook_reverse_proxy_type != 'playbook-managed-nginx' }}" matrix_nginx_proxy_x_forwarded_for: "{{ '$remote_addr' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '$proxy_add_x_forwarded_for' }}" -matrix_nginx_proxy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}" +matrix_nginx_proxy_container_additional_networks: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + + + ([jitsi_container_network] if jitsi_enabled and matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' and jitsi_container_network != matrix_nginx_proxy_container_network else []) + ) | unique + }} matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}" matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}" From 024d9ed3f3e9d366be3888810b13620448d4d6c5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 11 Apr 2023 17:18:58 +0300 Subject: [PATCH 06/39] Upgrade Synapse (v1.80.0 -> v1.81.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 5e45859c2..ad2fa74dc 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.80.0 +matrix_synapse_version: v1.81.0 matrix_synapse_username: '' matrix_synapse_uid: '' From fe2df30998759ae51dca9864dc0e2645e392dac2 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 11 Apr 2023 18:29:36 +0000 Subject: [PATCH 07/39] Update element 1.11.28 -> 1.11.29 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index b15d48981..e99ea55b0 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.28 +matrix_client_element_version: v1.11.29 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 591aa077a253e5231d8a344677ec01c10ffdb005 Mon Sep 17 00:00:00 2001 From: mgoerens Date: Wed, 12 Apr 2023 12:14:53 +0200 Subject: [PATCH 08/39] Removing warning that no longer applies Similar to: https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/362954aeab35398e3cd6cd5e735f3fade338b022 This warning was added because of: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090 The problem has since been fixed by: https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/e9e84341a91fb0013469d74ee8c88c2edb5ad3a5 This current patch was provoked by: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2352 --- docs/configuring-playbook-synapse.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index ef562ae88..40ce8fee9 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -42,8 +42,6 @@ devture_postgres_process_extra_arguments: [ ] ``` -**NOTE**: Disabling `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: false`) (that is, [using your own other webserver](configuring-playbook-own-webserver.md) when running a Synapse worker setup is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). - In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`. From 3d60ce496073ef2364a82ed6cbf2986eac49e8b5 Mon Sep 17 00:00:00 2001 From: spatterlight <81454789+spatterIight@users.noreply.github.com> Date: Wed, 12 Apr 2023 15:32:27 +0000 Subject: [PATCH 09/39] Update configuring-playbook-synapse.md This change adds a section that lets the reader know that it is possible to enable synapse metrics and references the relevant documentation. It aims to be short and concise, leaving the specifics to the referenced documentation, while still giving the reader a good idea of what it is and what it is for. --- docs/configuring-playbook-synapse.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 40ce8fee9..4823c88d5 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -117,3 +117,10 @@ matrix_synapse_container_image_customizations_templates_git_repository_ssh_priva As mentioned in Synapse's Templates documentation, Synapse will fall back to its own templates if a template is not found in that directory. Due to this, it's recommended to only store and maintain template files in your repository if you need to make custom changes. Other files (which you don't need to change), should not be duplicated, so that you don't need to worry about getting out-of-sync with the original Synapse templates. + + +## Monitoring Synapse Metrics with Prometheus and Grafana + +This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse. + +To enable Synapse metrics see [`configuring-playbook-prometheus-grafana.md`](./configuring-playbook-prometheus-grafana.md) From 2f11bf39c3c8204a4dbb47a932449bbe6f063c27 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 14 Apr 2023 06:05:24 +0000 Subject: [PATCH 10/39] Update borgmatic 1.7.11 -> 1.7.12 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 26414d8e9..19fbd79b3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-0 name: aux - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.11-1 + version: v1.2.4-1.7.12-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-1 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 9c75a1e20dc16bb3fea1e807e23ff1810430506f Mon Sep 17 00:00:00 2001 From: Kanlas <16520060+kanlas-net@users.noreply.github.com> Date: Sun, 16 Apr 2023 18:52:12 +0300 Subject: [PATCH 11/39] Fix recaptcha vars ansible-vault compatibility --- .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index db693582a..ca8289778 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1223,12 +1223,12 @@ oembed: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|to_json }} +recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|string|to_json }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|to_json }} +recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|string|to_json }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha From bf564e8bda8b79a33a4535386f84b25f77297ed4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 16 Apr 2023 16:58:06 +0000 Subject: [PATCH 12/39] Update mautrix-whatsapp 0.8.3 -> 0.8.4 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 88b917582..d54d2e1c2 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.8.3 +matrix_mautrix_whatsapp_version: v0.8.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From e323ab31d50413f8a576c80640c2f60f66c87536 Mon Sep 17 00:00:00 2001 From: Lilith Schier Date: Sun, 16 Apr 2023 19:04:35 +0000 Subject: [PATCH 13/39] Added a nix flake --- .envrc | 1 + .gitignore | 1 + flake.nix | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+) create mode 100644 .envrc create mode 100644 flake.nix diff --git a/.envrc b/.envrc new file mode 100644 index 000000000..8392d159f --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake \ No newline at end of file diff --git a/.gitignore b/.gitignore index 0b64b8594..421877392 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /roles/**/files/scratchpad .DS_Store .python-version +flake.lock # ignore roles pulled by ansible-galaxy /roles/galaxy/* diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..412309a89 --- /dev/null +++ b/flake.nix @@ -0,0 +1,19 @@ +{ + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + + outputs = { self, nixpkgs, ... }: + let + pkgs = import nixpkgs { system = "x86_64-linux"; }; + in + { + devShell.x86_64-linux = pkgs.mkShell { + buildInputs = with pkgs; [ + just + python311Packages.ansible-core + python311Packages.passlib + ]; + LC_ALL = "C.UTF-8"; + LC_CTYPE = "C.UTF-8"; + }; + }; +} From f5f158f221e672a48148997cbe0f995138d7757d Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 16 Apr 2023 22:22:30 +0000 Subject: [PATCH 14/39] Update mautrix-discord 0.2.0 -> 0.3.0 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 35bfa5c01..f088ae15f 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.2.0 +matrix_mautrix_discord_version: v0.3.0 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From c46f79358f042d495280d7ff0ee69f20d86f878a Mon Sep 17 00:00:00 2001 From: Jost Alemann <58050402+jalemann@users.noreply.github.com> Date: Mon, 17 Apr 2023 10:09:24 +0200 Subject: [PATCH 15/39] fix: add missing word --- examples/nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/nginx/README.md b/examples/nginx/README.md index f9be21fd2..11fca299e 100644 --- a/examples/nginx/README.md +++ b/examples/nginx/README.md @@ -10,7 +10,7 @@ To get started, first follow the [front the integrated reverse-proxy webserver w ## Using the nginx configuration -Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modify it to your needs and include it your nginx configuration (e.g. `include /path/to/matrix.conf;`). +Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modify it to your needs and include it in your nginx configuration (e.g. `include /path/to/matrix.conf;`). This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host. From 917167915b9a378a7baeb030d73e117f18f618a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 17:00:42 +0000 Subject: [PATCH 16/39] Bump ansible-community/ansible-lint-action from 6.14.4 to 6.15.0 Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.14.4 to 6.15.0. - [Release notes](https://github.com/ansible-community/ansible-lint-action/releases) - [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.14.4...v6.15.0) --- updated-dependencies: - dependency-name: ansible-community/ansible-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index c21db57a3..f69e60ff9 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -21,6 +21,6 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run ansible-lint - uses: ansible-community/ansible-lint-action@v6.14.4 + uses: ansible-community/ansible-lint-action@v6.15.0 with: path: roles/custom From 66930c9d75d4d6db9dfe608228103af5ed10217c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 18 Apr 2023 10:41:55 +0300 Subject: [PATCH 17/39] Upgrade systemd_docker_base, container_socket_proxy, Traefik These roles now obey `devture_systemd_docker_base_container_image_pull_method` and `devture_systemd_docker_base_container_network_creation_method` and can work on systems which don't have the Docker SDK for Python installed by avoiding the various Ansible Docker modules and using raw `docker` commands for pulling images and creating networks. --- requirements.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.yml b/requirements.yml index 19fbd79b3..c7032efea 100644 --- a/requirements.yml +++ b/requirements.yml @@ -6,7 +6,7 @@ - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.4-1.7.12-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git - version: v0.1.1-1 + version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git @@ -20,13 +20,13 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 8e9ec48a09284c84704d7a2dce17da35f181574d - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: 327d2e17f5189ac2480d6012f58cf64a2b46efba + version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: 3d5bb2976815958cdce3f368fa34fb51554f899b - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.9.10-0 + version: v2.9.10-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From c62896b97eff51ef902686acbf54917ed8728481 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 18 Apr 2023 10:59:02 +0300 Subject: [PATCH 18/39] Upgrade Traefik (v2.9.10-1 -> v2.9.10-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index c7032efea..559ff4649 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: 3d5bb2976815958cdce3f368fa34fb51554f899b - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.9.10-1 + version: v2.9.10-2 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From beb40134b7272447ebd0d1086d026f077b51e2da Mon Sep 17 00:00:00 2001 From: spatterlight <81454789+spatterIight@users.noreply.github.com> Date: Wed, 19 Apr 2023 05:52:03 +0000 Subject: [PATCH 19/39] Add support for backup LDAP servers (#2650) * Update homeserver.yaml.j2 * Update configuring-playbook-ldap-auth.md * Update homeserver.yaml.j2 --- docs/configuring-playbook-ldap-auth.md | 4 +++- .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ldap-auth.md b/docs/configuring-playbook-ldap-auth.md index ecc0f2579..dabc25219 100644 --- a/docs/configuring-playbook-ldap-auth.md +++ b/docs/configuring-playbook-ldap-auth.md @@ -8,7 +8,9 @@ If you decide that you'd like to let this playbook install it for you, you need ```yaml matrix_synapse_ext_password_provider_ldap_enabled: true -matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" +matrix_synapse_ext_password_provider_ldap_uri: + - "ldap://ldap-01.mydomain.tld:389" + - "ldap://ldap-02.mydomain.tld:389" matrix_synapse_ext_password_provider_ldap_start_tls: true matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com" matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid" diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index ca8289778..63cdafeb0 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2515,7 +2515,7 @@ password_providers: config: enabled: true mode: {{ matrix_synapse_ext_password_provider_ldap_mode | string | to_json }} - uri: {{ matrix_synapse_ext_password_provider_ldap_uri | string|to_json }} + uri: {{ matrix_synapse_ext_password_provider_ldap_uri | to_json }} start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} base: {{ matrix_synapse_ext_password_provider_ldap_base | string|to_json }} active_directory: {{ matrix_synapse_ext_password_provider_ldap_active_directory|to_json }} From c20d74af7904d2a867ee2749b39de2cbe2df332a Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 21 Apr 2023 12:45:32 +0300 Subject: [PATCH 20/39] buscarron and honoroit - add basic auth for metrics --- .../matrix-bot-buscarron/defaults/main.yml | 15 ++++++++++++ .../tasks/setup_install.yml | 22 ++++++++++++++++++ .../matrix-bot-buscarron/templates/labels.j2 | 23 ++++++++++++++++++- .../matrix-bot-honoroit/defaults/main.yml | 15 ++++++++++++ .../tasks/setup_install.yml | 22 ++++++++++++++++++ .../matrix-bot-honoroit/templates/labels.j2 | 23 ++++++++++++++++++- 6 files changed, 118 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 0596c440f..7a31514b9 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -14,6 +14,10 @@ matrix_bot_buscarron_hostname: '' # This value must either be `/` or not end with a slash (e.g. `/buscarron`). matrix_bot_buscarron_path_prefix: / +# The path at which Buscarron will expose metrics +# This value must either be `/` or not end with a slash (e.g. `/metrics`). +matrix_bot_buscarron_metrics_path: /metrics + matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron" matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config" matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data" @@ -36,6 +40,15 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_bot_buscarron_container_additional_networks: [] +# enable basic auth for metrics +matrix_bot_buscarron_basicauth_enabled: false +# temporary file name on the host that runs ansible +matrix_bot_buscarron_basicauth_file: "/tmp/matrix_bot_buscarron_htpasswd" +# username +matrix_bot_buscarron_basicauth_user: '' +# password +matrix_bot_buscarron_basicauth_password: '' + # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. # @@ -46,6 +59,8 @@ matrix_bot_buscarron_container_labels_traefik_hostname: "{{ matrix_bot_buscarron # The path prefix must either be `/` or not end with a slash (e.g. `/buscarron`). matrix_bot_buscarron_container_labels_traefik_path_prefix: "{{ matrix_bot_buscarron_path_prefix }}" matrix_bot_buscarron_container_labels_traefik_rule: "Host(`{{ matrix_bot_buscarron_container_labels_traefik_hostname }}`){% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_buscarron_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_bot_buscarron_container_labels_traefik_metrics_path: "{{ matrix_bot_buscarron_metrics_path }}" +matrix_bot_buscarron_container_labels_traefik_metrics_rule: "Host(`{{ matrix_bot_buscarron_container_labels_traefik_hostname }}`) && Path(`{{ matrix_bot_buscarron_container_labels_traefik_metrics_path }}`)" matrix_bot_buscarron_container_labels_traefik_priority: 0 matrix_bot_buscarron_container_labels_traefik_entrypoints: web-secure matrix_bot_buscarron_container_labels_traefik_tls: "{{ matrix_bot_buscarron_container_labels_traefik_entrypoints != 'web' }}" diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 1c2c62e14..2c478e459 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -40,6 +40,20 @@ - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} when: "item.when | bool" +- name: Determine basicauth filename + set_fact: + matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}" + when: matrix_bot_buscarron_basicauth_enabled | bool + +- name: Generate basic auth file + community.general.htpasswd: + path: "{{ matrix_bot_buscarron_basicauth_file }}" + name: "{{ matrix_bot_buscarron_basicauth_user }}" + password: "{{ matrix_bot_buscarron_basicauth_password }}" + become: false + delegate_to: 127.0.0.1 + when: matrix_bot_buscarron_basicauth_enabled | bool + - name: Ensure buscarron support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" @@ -51,6 +65,14 @@ - env - labels +- name: Ensure temporary basic auth file is removed + ansible.builtin.file: + path: "{{ matrix_bot_buscarron_basicauth_file }}" + state: absent + become: false + delegate_to: 127.0.0.1 + when: matrix_bot_buscarron_basicauth_enabled | bool + - name: Ensure buscarron image is pulled community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" diff --git a/roles/custom/matrix-bot-buscarron/templates/labels.j2 b/roles/custom/matrix-bot-buscarron/templates/labels.j2 index 5a53805a5..6a1ead33d 100644 --- a/roles/custom/matrix-bot-buscarron/templates/labels.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2 @@ -6,6 +6,7 @@ traefik.docker.network={{ matrix_bot_buscarron_container_labels_traefik_docker_n {% endif %} {% set middlewares = [] %} +{% set middlewares_metrics = [] %} {% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %} traefik.http.middlewares.matrix-bot-buscarron-slashless-redirect.redirectregex.regex=({{ matrix_bot_buscarron_container_labels_traefik_path_prefix | quote }})$ @@ -18,6 +19,11 @@ traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes= {% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %} {% endif %} +{% if matrix_bot_buscarron_basicauth_enabled %} +traefik.http.middlewares.matrix-bot-buscarron-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_buscarron_basicauth_file) }} +{% set middlewares_metrics = middlewares + ['matrix-bot-buscarron-auth'] %} +{% endif %} + {% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }} @@ -38,8 +44,23 @@ traefik.http.routers.matrix-bot-buscarron.tls={{ matrix_bot_buscarron_container_ {% if matrix_bot_buscarron_container_labels_traefik_tls %} traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} {% endif %} - traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 + +{% if middlewares_metrics | length > 0 %} +traefik.http.routers.matrix-bot-buscarron-metrics.rule={{ matrix_bot_buscarron_container_labels_traefik_metrics_rule }} +{% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-bot-buscarron-metrics.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-bot-buscarron-metrics.service=matrix-bot-buscarron +traefik.http.routers.matrix-bot-buscarron-metrics.middlewares={{ middlewares_metrics | join(',') }} +traefik.http.routers.matrix-bot-buscarron-metrics.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-bot-buscarron-metrics.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }} +{% if matrix_bot_buscarron_container_labels_traefik_tls %} +traefik.http.routers.matrix-bot-buscarron-metrics.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} +{% endif %} +traefik.http.services.matrix-bot-buscarron-metrics.loadbalancer.server.port=8080 +{% endif %} + {% endif %} {{ matrix_bot_buscarron_container_labels_additional_labels }} diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 5e90ef51f..ea93d55f2 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -11,6 +11,10 @@ matrix_bot_honoroit_hostname: '' # This value must either be `/` or not end with a slash (e.g. `/honoroit`). matrix_bot_honoroit_path_prefix: / +# The path at which honoroit will expose metrics +# This value must either be `/` or not end with a slash (e.g. `/metrics`). +matrix_bot_honoroit_metrics_path: /metrics + matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" @@ -34,6 +38,15 @@ matrix_bot_honoroit_container_network: matrix-bot-honoroit # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_bot_honoroit_container_additional_networks: [] +# enable basic auth for metrics +matrix_bot_honoroit_basicauth_enabled: false +# temporary file name on the host that runs ansible +matrix_bot_honoroit_basicauth_file: "/tmp/matrix_bot_honoroit_htpasswd" +# username +matrix_bot_honoroit_basicauth_user: '' +# password +matrix_bot_honoroit_basicauth_password: '' + # matrix_bot_honoroit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. # @@ -44,6 +57,8 @@ matrix_bot_honoroit_container_labels_traefik_hostname: "{{ matrix_bot_honoroit_h # The path prefix must either be `/` or not end with a slash (e.g. `/honoroit`). matrix_bot_honoroit_container_labels_traefik_path_prefix: "{{ matrix_bot_honoroit_path_prefix }}" matrix_bot_honoroit_container_labels_traefik_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`){% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_honoroit_container_labels_traefik_path_prefix }}`){% endif %}" +matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ matrix_bot_honoroit_metrics_path }}" +matrix_bot_honoroit_container_labels_traefik_metrics_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`) && Path(`{{ matrix_bot_honoroit_container_labels_traefik_metrics_path }}`)" matrix_bot_honoroit_container_labels_traefik_priority: 0 matrix_bot_honoroit_container_labels_traefik_entrypoints: web-secure matrix_bot_honoroit_container_labels_traefik_tls: "{{ matrix_bot_honoroit_container_labels_traefik_entrypoints != 'web' }}" diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index 14b5a0e47..dc490e4c1 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -40,6 +40,20 @@ - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} when: "item.when | bool" +- name: Determine basicauth filename + set_fact: + matrix_bot_honoroit_basicauth_file_tmp: "{{ matrix_bot_honoroit_basicauth_file }}_{{ inventory_hostname }}" + when: matrix_bot_honoroit_basicauth_enabled | bool + +- name: Generate basic auth file + community.general.htpasswd: + path: "{{ matrix_bot_honoroit_basicauth_file }}" + name: "{{ matrix_bot_honoroit_basicauth_user }}" + password: "{{ matrix_bot_honoroit_basicauth_password }}" + become: false + delegate_to: 127.0.0.1 + when: matrix_bot_honoroit_basicauth_enabled | bool + - name: Ensure honoroit support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" @@ -51,6 +65,14 @@ - env - labels +- name: Ensure temporary basic auth file is removed + ansible.builtin.file: + path: "{{ matrix_bot_honoroit_basicauth_file }}" + state: absent + become: false + delegate_to: 127.0.0.1 + when: matrix_bot_honoroit_basicauth_enabled | bool + - name: Ensure honoroit image is pulled community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" diff --git a/roles/custom/matrix-bot-honoroit/templates/labels.j2 b/roles/custom/matrix-bot-honoroit/templates/labels.j2 index f03af34a2..7943e00f1 100644 --- a/roles/custom/matrix-bot-honoroit/templates/labels.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/labels.j2 @@ -6,6 +6,7 @@ traefik.docker.network={{ matrix_bot_honoroit_container_labels_traefik_docker_ne {% endif %} {% set middlewares = [] %} +{% set middlewares_metrics = [] %} {% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %} traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.regex=({{ matrix_bot_honoroit_container_labels_traefik_path_prefix | quote }})$ @@ -25,6 +26,11 @@ traefik.http.middlewares.matrix-bot-honoroit-add-headers.headers.customresponseh {% set middlewares = middlewares + ['matrix-bot-honoroit-add-headers'] %} {% endif %} +{% if matrix_bot_honoroit_basicauth_enabled %} +traefik.http.middlewares.matrix-bot-honoroit-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_honoroit_basicauth_file) }} +{% set middlewares_metrics = middlewares + ['matrix-bot-honoroit-auth'] %} +{% endif %} + traefik.http.routers.matrix-bot-honoroit.rule={{ matrix_bot_honoroit_container_labels_traefik_rule }} {% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %} traefik.http.routers.matrix-bot-honoroit.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }} @@ -38,8 +44,23 @@ traefik.http.routers.matrix-bot-honoroit.tls={{ matrix_bot_honoroit_container_la {% if matrix_bot_honoroit_container_labels_traefik_tls %} traefik.http.routers.matrix-bot-honoroit.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }} {% endif %} - traefik.http.services.matrix-bot-honoroit.loadbalancer.server.port=8080 + +{% if middlewares_metrics | length > 0 %} +traefik.http.routers.matrix-bot-honoroit-metrics.rule={{ matrix_bot_honoroit_container_labels_traefik_metrics_rule }} +{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-bot-honoroit-metrics.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-bot-honoroit-metrics.service=matrix-bot-honoroit +traefik.http.routers.matrix-bot-honoroit-metrics.middlewares={{ middlewares_metrics | join(',') }} +traefik.http.routers.matrix-bot-honoroit-metrics.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-bot-honoroit-metrics.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }} +{% if matrix_bot_honoroit_container_labels_traefik_tls %} +traefik.http.routers.matrix-bot-honoroit-metrics.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }} +{% endif %} +traefik.http.services.matrix-bot-honoroit-metrics.loadbalancer.server.port=8080 +{% endif %} + {% endif %} {{ matrix_bot_honoroit_container_labels_additional_labels }} From f0be907971aeafd07b072e566628229e7bacf0e8 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 21 Apr 2023 12:48:50 +0300 Subject: [PATCH 21/39] create honoroit docker network --- roles/custom/matrix-bot-honoroit/tasks/setup_install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index dc490e4c1..5336e85dc 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -108,6 +108,11 @@ pull: true when: "matrix_bot_honoroit_container_image_self_build | bool" +- name: Ensure honoroit container network is created + community.general.docker_network: + name: "{{ matrix_bot_honoroit_container_network }}" + driver: bridge + - name: Ensure matrix-bot-honoroit.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2" From 15884b64c8ed1f0bbcc6c48109ba9b46d8f2341a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 21 Apr 2023 15:22:03 +0300 Subject: [PATCH 22/39] Fix ansible-lint-reported errors Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2654 --- roles/custom/matrix-bot-buscarron/tasks/setup_install.yml | 3 ++- roles/custom/matrix-bot-honoroit/tasks/setup_install.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 2c478e459..0559efec1 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -41,7 +41,7 @@ when: "item.when | bool" - name: Determine basicauth filename - set_fact: + ansible.builtin.set_fact: matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}" when: matrix_bot_buscarron_basicauth_enabled | bool @@ -50,6 +50,7 @@ path: "{{ matrix_bot_buscarron_basicauth_file }}" name: "{{ matrix_bot_buscarron_basicauth_user }}" password: "{{ matrix_bot_buscarron_basicauth_password }}" + mode: 0640 become: false delegate_to: 127.0.0.1 when: matrix_bot_buscarron_basicauth_enabled | bool diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index 5336e85dc..12d3ff1fd 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -41,7 +41,7 @@ when: "item.when | bool" - name: Determine basicauth filename - set_fact: + ansible.builtin.set_fact: matrix_bot_honoroit_basicauth_file_tmp: "{{ matrix_bot_honoroit_basicauth_file }}_{{ inventory_hostname }}" when: matrix_bot_honoroit_basicauth_enabled | bool @@ -50,6 +50,7 @@ path: "{{ matrix_bot_honoroit_basicauth_file }}" name: "{{ matrix_bot_honoroit_basicauth_user }}" password: "{{ matrix_bot_honoroit_basicauth_password }}" + mode: 0640 become: false delegate_to: 127.0.0.1 when: matrix_bot_honoroit_basicauth_enabled | bool From 4abd46de42b702bed1f2fcab2f42f3eda86de79a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 25 Apr 2023 12:03:29 +0000 Subject: [PATCH 23/39] Update element v1.11.29 -> v1.11.30 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index e99ea55b0..3d57b235b 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.29 +matrix_client_element_version: v1.11.30 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 1762fc18f3eb703eb3ea78089df320725c8879bc Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 25 Apr 2023 12:04:23 +0000 Subject: [PATCH 24/39] Update synapse 1.81.0 -> 1.82.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index ad2fa74dc..b7858fde5 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.81.0 +matrix_synapse_version: v1.82.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 905f0214cde429d2f0f008012a8454c3bb4f2998 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Apr 2023 15:15:13 +0300 Subject: [PATCH 25/39] Load `/directory/room/{roomAlias}` endpoint on workers Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2656 - https://github.com/matrix-org/synapse/commit/4af0aec54dad261bcad240d8a878a1c16934e77c --- roles/custom/matrix-synapse/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 406b8314a..b7b829cda 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -166,6 +166,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ - ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) + - ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ # Encryption requests # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri` From c8215c98e70cbdb8b78cb39cd53ac6e78a97158a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Apr 2023 15:16:03 +0300 Subject: [PATCH 26/39] Load `/capabilities` endpoint on workers Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2656 - https://github.com/matrix-org/synapse/commit/e4a25d022c1e4b71e043b07324d95362f7fb4067 --- roles/custom/matrix-synapse/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index b7b829cda..0c6d6296c 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -167,6 +167,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ - ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) - ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ + - ^/_matrix/client/(r0|v3|unstable)/capabilities$ # Encryption requests # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri` From 2d051679c0b3009ad5d7df8eab801e51ba9acf7f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Apr 2023 15:26:30 +0300 Subject: [PATCH 27/39] Ensure instance_map.port is numeric Fixup related to https://github.com/matrix-org/synapse/pull/15431 --- .../matrix-synapse/tasks/synapse/workers/util/inject_worker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml index 9765be6fc..c52777ebd 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -61,7 +61,7 @@ # Inject stream writers into the instance map. - ansible.builtin.set_fact: - matrix_synapse_instance_map: "{{ matrix_synapse_instance_map | combine({matrix_synapse_worker_details.name: {'host': matrix_synapse_worker_details.name, 'port': matrix_synapse_worker_details.replication_port}}) }}" + matrix_synapse_instance_map: "{{ matrix_synapse_instance_map | combine({matrix_synapse_worker_details.name: {'host': matrix_synapse_worker_details.name, 'port': matrix_synapse_worker_details.replication_port | int}}) }}" when: matrix_synapse_worker_details.type in matrix_synapse_known_instance_map_eligible_worker_types # Inject pusher instances. From b74ddf1c6bc5de8b4756703235a7e1ee81bb50aa Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 26 Apr 2023 21:35:04 +0000 Subject: [PATCH 28/39] update grafana (2.4.7 -> 2.5.1); update ntfy (2.3.1 -> 2.4.0) --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index 559ff4649..e0b2613f2 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,12 +35,12 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v9.4.7-1 + version: v9.5.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8319-6 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.3.1-0 + version: v2.4.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.43.0-0 name: prometheus From d2dbd88a38841c60f1b27451f97083436c94e7c5 Mon Sep 17 00:00:00 2001 From: Simon Biggs Date: Thu, 27 Apr 2023 15:02:45 +1000 Subject: [PATCH 29/39] Update configuring-playbook.md --- docs/configuring-playbook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index a65858f00..2f210f273 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -12,7 +12,7 @@ You can then follow these steps inside the playbook directory: 1. copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix./vars.yml`) -1. edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. +1. edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/custom/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. 1. copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`) From 67cffdfce6d6e70ad08a159630dcf8eeb7b8e6b4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 27 Apr 2023 08:12:09 +0300 Subject: [PATCH 30/39] Update configuring-playbook.md --- docs/configuring-playbook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 2f210f273..31eea8953 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -12,7 +12,7 @@ You can then follow these steps inside the playbook directory: 1. copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix./vars.yml`) -1. edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/custom/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. +1. edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/*/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. 1. copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`) From 34ffeb5f2f53f66df932e7fc6902f2e5b7b8bb4c Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 27 Apr 2023 14:11:31 +0000 Subject: [PATCH 31/39] Update hookshot 3.2.0 -> 4.0.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index ff53310cb..18fc01525 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 3.2.0 +matrix_hookshot_version: 4.0.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From f0e5a008025ecc6a315615ed0ab472fe94054314 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 27 Apr 2023 17:55:39 +0300 Subject: [PATCH 32/39] Upgrade backup-borg (v1.2.4-1.7.12-0 -> v1.2.4-1.7.12-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e0b2613f2..0de34a15e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-0 name: aux - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.12-0 + version: v1.2.4-1.7.12-1 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From a4e6f91ebb6bed767cf49e565efe911c10bc516d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 27 Apr 2023 17:55:51 +0300 Subject: [PATCH 33/39] Upgrade com.devture.ansible.role.systemd_service_manager (v1.0.0-0 -> v1.0.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0de34a15e..3c7502662 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,7 +22,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - version: v1.0.0-0 + version: v1.0.0-1 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: 3d5bb2976815958cdce3f368fa34fb51554f899b - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git From d4676f2c7cf64b5e3d98b62a79cec392701c102e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 29 Apr 2023 08:21:02 +0300 Subject: [PATCH 34/39] Upgrade com.devture.ansible.role.timesync to pinned tag (v1.0.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3c7502662..d93b97fed 100644 --- a/requirements.yml +++ b/requirements.yml @@ -24,7 +24,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-1 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - version: 3d5bb2976815958cdce3f368fa34fb51554f899b + version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git version: v2.9.10-2 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git From 4dae3f0fab47f6d012272f36005c994e60d7a3d4 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Mon, 1 May 2023 14:30:27 +0200 Subject: [PATCH 35/39] Update IRC appservice to 0.38.0 https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.38.0 --- roles/custom/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 0a659555f..b6e6f1195 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.37.1 +matrix_appservice_irc_version: 0.38.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 39ae66602c331e3975ef1032e8722453959dde54 Mon Sep 17 00:00:00 2001 From: Yousef Amar Date: Mon, 1 May 2023 14:25:17 +0100 Subject: [PATCH 36/39] Update signald version 0.23.1 no longer syncs groups properly, the solution is to use 0.23.2, which works as expected --- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 326e7ee53..f2b1048d0 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.4.2 -matrix_mautrix_signal_daemon_version: 0.23.1 +matrix_mautrix_signal_daemon_version: 0.23.2 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}" From 1e1ab70965f80200e2e9bc7ec3658b4906d655a2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 May 2023 13:22:31 +0300 Subject: [PATCH 37/39] Make use of matrix_synapse_container_network in the matrix-synapse role It's the same as `matrix_docker_network` for now, so this practically doesn't change anything. --- .../tasks/rust-synapse-compress-state/compress_room.yml | 2 +- .../templates/synapse/ext/s3-storage-provider/bin/migrate.j2 | 2 +- .../templates/synapse/ext/s3-storage-provider/bin/shell.j2 | 2 +- .../templates/synapse/systemd/matrix-synapse-worker.service.j2 | 2 +- .../templates/synapse/systemd/matrix-synapse.service.j2 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 1d71fea64..7f5e05666 100644 --- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -9,7 +9,7 @@ {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} --cap-drop=ALL - --network={{ matrix_docker_network }} + --network={{ matrix_synapse_container_network }} --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work {{ matrix_synapse_rust_synapse_compress_state_docker_image }} {{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 index 0f47b6155..5c3a534b5 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 @@ -7,7 +7,7 @@ --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \ --workdir=/data \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_synapse_container_network }} \ --entrypoint=/bin/bash \ {{ matrix_synapse_docker_image_final }} \ -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}--sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY{% endif %}' diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 index a54948826..6f3804cc4 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 @@ -8,6 +8,6 @@ --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \ --workdir=/data \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_synapse_container_network }} \ --entrypoint=/bin/bash \ {{ matrix_synapse_docker_image_final }} diff --git a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index de475bb44..578d91078 100644 --- a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -22,7 +22,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_synapse_container_network }} \ {% if matrix_synapse_worker_details.port != 0 %} --health-cmd 'curl -fSs http://localhost:{{ matrix_synapse_worker_details.port }}/health || exit 1' \ {% else %} diff --git a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index a287f5536..bd72f20a9 100644 --- a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_synapse_container_network }} \ {% if matrix_synapse_container_client_api_host_bind_port %} -p {{ matrix_synapse_container_client_api_host_bind_port }}:{{ matrix_synapse_container_client_api_port }} \ {% endif %} From 8ef23a655d414df57a15ecff417ac0e60a200c7f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 May 2023 13:32:35 +0300 Subject: [PATCH 38/39] Restore --tags=import-synapse-sqlite-db support Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2669 Removed in 04b9483f0d9e562398e (2022-11-28) when switching from matrix-postgres to the devture-postgres external Ansible role. More details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role The `import_synapse_sqlite_db.yml` file and documentation has been adapted somewhat compared to before, so that: - it doesn't try to start Postgres automatically. You need to handle this part manually - it doesn't rely on the integrated Postgres and may potentially work with external Postgres instances just the same - it doesn't wipe out the whole database anymore. By default, we assume it's empty anyway and there's no need for such things. If it's not, then it's also probably dangerous to be so destructive. This is all completely untested, but will hopefully work. --- docs/importing-synapse-sqlite.md | 16 +++++--- .../tasks/import_synapse_sqlite_db.yml | 40 +++++++++++++++++++ roles/custom/matrix-synapse/tasks/main.yml | 6 +++ 3 files changed, 56 insertions(+), 6 deletions(-) create mode 100644 roles/custom/matrix-synapse/tasks/import_synapse_sqlite_db.yml diff --git a/docs/importing-synapse-sqlite.md b/docs/importing-synapse-sqlite.md index aade22261..b5aa9f218 100644 --- a/docs/importing-synapse-sqlite.md +++ b/docs/importing-synapse-sqlite.md @@ -3,24 +3,28 @@ Run this if you'd like to import your database from a previous default installation of Synapse. (don't forget to import your `media_store` files as well - see [the importing-synapse-media-store guide](importing-synapse-media-store.md)). -While this playbook always sets up PostgreSQL, by default a Synapse installation would run -using an SQLite database. +While this playbook only supports running Synapse in combination with PostgreSQL, a Synapse instance installed manually usually defaults to using an SQLite database. -If you have such a Synapse setup and wish to migrate it here (and over to PostgreSQL), this command is for you. +If you have such a Synapse setup and wish to migrate it to one managed by the playbook (and over to PostgreSQL), this documentation page is for you. ## Prerequisites -Before doing the actual import, **you need to upload your SQLite database file to the server** (any path is okay). +Before doing the actual import: +- **ensure you have NOT started Synapse yet**. That is, make sure you have followed the [Installing step](installing.md), but haven't run the playbook's `start` tag yet. If you had started your new Synapse instance, it may have already initialized your Postgres database and importing onto it may not work. In such cases, you may need to clean up the `synapse` database first. +- **ensure you have uploaded your SQLite database file to the server** (any path is okay) +- if you're using the integrated Postgres server (**by default, you are** using it, unless you've explicitly switched to [Using an external PostgreSQL server](configuring-playbook-external-postgres.md)), **make sure Postgres is started** by running `just start-group postgres` ## Importing Run this command (make sure to replace `` with a file path on your server): - ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=' --tags=import-synapse-sqlite-db +```sh +just run-tags import-synapse-sqlite-db --extra-vars=server_path_homeserver_db= +``` **Notes**: -- `` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!). +- `` must be replaced with a file path to a `homeserver.db` **file on the server** (not on your local machine!). - if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise. diff --git a/roles/custom/matrix-synapse/tasks/import_synapse_sqlite_db.yml b/roles/custom/matrix-synapse/tasks/import_synapse_sqlite_db.yml new file mode 100644 index 000000000..92bd36b42 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/import_synapse_sqlite_db.yml @@ -0,0 +1,40 @@ +--- + +- name: Fail if playbook called incorrectly + ansible.builtin.fail: + msg: "The `server_path_homeserver_db` variable needs to be provided to this playbook, via --extra-vars" + when: "server_path_homeserver_db is not defined or server_path_homeserver_db.startswith('<')" + +- name: Check if the provided SQLite homeserver.db file exists + ansible.builtin.stat: + path: "{{ server_path_homeserver_db }}" + register: result_server_path_homeserver_db_stat + +- name: Fail if provided SQLite homeserver.db file doesn't exist + ansible.builtin.fail: + msg: "File cannot be found on the server at {{ server_path_homeserver_db }}" + when: "not result_server_path_homeserver_db_stat.stat.exists" + +# We don't use the `docker_container` module, because using it with `cap_drop` requires +# a very recent version, which is not available for a lot of people yet. +# +# Also, some old `docker_container` versions were buggy and would leave containers behind +# on failure, which we had to work around to allow retries (by re-running the playbook). +- name: Import SQLite database into Postgres + ansible.builtin.command: + cmd: | + docker run + --rm + --name=matrix-synapse-migrate + --log-driver=none + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network={{ matrix_synapse_container_network }} + --entrypoint=python + --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data + --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store + --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} + {{ matrix_synapse_docker_image_final }} + /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml + register: matrix_postgres_import_synapse_sqlite_db_result + changed_when: matrix_postgres_import_synapse_sqlite_db_result.rc == 0 diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml index 88a54afc5..743dab5fe 100644 --- a/roles/custom/matrix-synapse/tasks/main.yml +++ b/roles/custom/matrix-synapse/tasks/main.yml @@ -45,6 +45,12 @@ - when: matrix_synapse_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/import_media_store.yml" +- tags: + - import-synapse-sqlite-db + block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/import_synapse_sqlite_db.yml" + - tags: - register-user block: From 76d50a85fb21d30fd49d34d4b4f276956af51101 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 2 May 2023 11:02:52 +0000 Subject: [PATCH 39/39] Update jitsi stable-8319 -> stable-8615 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index d93b97fed..fc06393f7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v9.5.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8319-6 + version: v8615-0 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.4.0-0