Merge branch 'master' into feature/dendrite

.github/workflows/ansible-lint.yml

@@ -0,0 +1,19 @@
+name: Ansible Lint
+
+on: [push, pull_request]
+
+jobs:
+  build:
+  
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Lint Ansible Playbook
+      uses: ansible/ansible-lint-action@master
+      with:
+        # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
+        targets: "./"
+
+        args: "-x metadata, formatting"

roles/matrix-awx/defaults/main.yml

@@ -1 +1,6 @@
 matrix_awx_enabled: true
+
+# Defaults for 'Customise Website + Access Export' template
+awx_sftp_auth_method: 'Disabled'
+awx_sftp_password: ''
+awx_sftp_public_key: ''

roles/matrix-awx/tasks/purge_database_main.yml

@@ -29,9 +29,9 @@
   when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
   register: awx_synapse_container_ip
 
-- name: Collect access token for @_janitor user
+- name: Collect access token for @admin-janitor user
   shell: |
-    curl -X POST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
+    curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
   when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
   register: awx_janitors_token
   no_log: True

roles/matrix-awx/tasks/purge_media_main.yml

@@ -21,9 +21,9 @@
   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
   register: awx_synapse_container_ip
 
-- name: Collect access token for @_janitor user
+- name: Collect access token for @admin-janitor user
   shell: |
-    curl -XPOST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
+    curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
   register: awx_janitors_token
   no_log: True
 

roles/matrix-awx/tasks/self_check.yml

@@ -50,12 +50,14 @@
 - name: Calculate size of local media repository
   shell: du -sh /matrix/synapse/storage/media-store/local*
   register: awx_local_media_size_stat
+  async: 600
   ignore_errors: yes
   no_log: True
 
 - name: Calculate size of remote media repository
   shell: du -sh /matrix/synapse/storage/media-store/remote*
   register: awx_remote_media_size_stat
+  async: 600
   ignore_errors: yes
   no_log: True
 

roles/matrix-awx/tasks/set_variables_dimension.yml

@@ -12,9 +12,9 @@
       - curl
     state: present
 
-- name: Collect access token of @_dimension user
+- name: Collect access token of @admin-dimension user
   shell: |
-    curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "_dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
+    curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
   register: awx_dimension_user_access_token
 
 - name: Record Synapse variables locally on AWX

roles/matrix-common-after/tasks/awx_post.yml

@@ -1,11 +1,11 @@
 ---
 
-- name: Create user account @_janitor
+- name: Create user account @admin-janitor
   command: |
-    /usr/local/bin/matrix-synapse-register-user _janitor {{ awx_janitor_user_password | quote }} 1
+    /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1
   register: cmd
   when: not awx_janitor_user_created|bool
-  no_log: True
+  no_log: false
     
 - name: Update AWX janitor user created variable
   delegate_to: 127.0.0.1
@@ -18,12 +18,12 @@
     'awx_janitor_user_created': 'true'
   when: not awx_janitor_user_created|bool
 
-- name: Create user account @_dimension
+- name: Create user account @admin-dimension
   command: |
-    /usr/local/bin/matrix-synapse-register-user _dimension {{ awx_dimension_user_password | quote }} 0
+    /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0
   register: cmd
   when: not awx_dimension_user_created|bool
-  no_log: True
+  no_log: false
   
 - name: Update AWX dimension user created variable
   delegate_to: 127.0.0.1
@@ -36,12 +36,12 @@
     'awx_dimension_user_created': 'true'
   when: not awx_dimension_user_created|bool
 
-- name: Create user account @_mjolnir
+- name: Create user account @admin-mjolnir
   command: |
-    /usr/local/bin/matrix-synapse-register-user _mjolnir {{ awx_mjolnir_user_password | quote }} 0
+    /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0
   register: cmd
   when: not awx_mjolnir_user_created|bool
-  no_log: True
+  no_log: false
   
 - name: Update AWX dimension user created variable
   delegate_to: 127.0.0.1

roles/matrix-jitsi/templates/jvb/env.j2

@@ -25,7 +25,7 @@ COLIBRI_REST_ENABLED
 SHUTDOWN_REST_ENABLED
 TZ={{ matrix_jitsi_timezone }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
-XMPP_INTERNAL_MUC_DOMAIN= {{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
 XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
 
 {{ matrix_jitsi_jvb_environment_variables_extension }}

roles/matrix-nginx-proxy/defaults/main.yml

@@ -442,7 +442,14 @@ matrix_ssl_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains
 matrix_ssl_additional_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
+# If you'd like to use another ACME Certificate Authority server (not Let's Encrypt), use `matrix_ssl_lets_encrypt_server`
 matrix_ssl_lets_encrypt_staging: false
+
+# Controls from which Certificate Authority server to retrieve the SSL certificates (passed as a `--server` flag to Certbot).
+# By default, we use the Let's Encrypt production environment (use `matrix_ssl_lets_encrypt_staging` for using the staging environment).
+# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
+matrix_ssl_lets_encrypt_server: ''
+
 matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml

@@ -42,6 +42,7 @@
     --non-interactive
     --work-dir=/tmp
     --http-01-port 8080
+    {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
     {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
     --standalone
     --preferred-challenges http
@@ -70,6 +71,7 @@
     --non-interactive
     --work-dir=/tmp
     --http-01-port 8080
+    {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
     {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
     --standalone
     --preferred-challenges http

roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml

@@ -8,6 +8,7 @@
     name: "{{ item.key }}"
     state: stopped
   with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}"
+  when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461
 
 - name: Find worker configs to be cleaned
   find: