From 23d0832e85a3e35f4c6ecc3f90cc6ec4c166ba8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 12 Apr 2022 20:14:12 +0200 Subject: [PATCH 1/8] Improve borg backup instructions --- docs/configuring-playbook-backup-borg.md | 26 ++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 7ca962c87..2bcc14cee 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -4,17 +4,23 @@ The playbook can install and configure [borgbackup](https://www.borgbackup.org/) BorgBackup is a deduplicating backup program with optional compression and encryption. That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service. -The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day +You will need a remote server where borg will store the backups. There are hosted, borg compatible solutions available, such as [BorgBase](https://www.borgbase.com). + +The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day. ## Prerequisites -1. Create ssh key on any machine: +1. Create a new SSH key: ```bash ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix ``` -2. Add public part of that ssh key to your borg provider / server: +This can be done on any machine and you don't need to place the key in the `.ssh` folder. It will be added to the Ansible config later. + +2. Add the **public** part of this SSH key (the `matrix-borg-backup.pub` file) to your borg provider/server: + +If you plan to use a hosted solution, follow their instructions. If you have your own server, copy the key over: ```bash # example to append the new PUBKEY contents, where: @@ -35,17 +41,21 @@ matrix_backup_borg_location_repositories: matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | PRIVATE KEY +matrix_backup_borg_location_source_directories: + - "{{ matrix_base_data_path }}" ``` where: -* USER - ssh user of a provider / server -* HOST - ssh host of a provider / server +* USER - SSH user of a provider/server +* HOST - SSH host of a provider/server * REPO - borg repository name, it will be initialized on backup start, eg: `matrix` -* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager -* PRIVATE KEY - the content of the public part of the ssh key you created before +* PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager +* PRIVATE KEY - the content of the **private** part of the SSH key you created before + +`matrix_backup_borg_location_source_directories` defines the list of directories to back up, `{{ matrix_base_data_path }}` is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. -Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options +Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. ## Installing From 121f860d634c04efc4ab83e2d93fd9c74a95aa45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Wed, 13 Apr 2022 08:58:19 +0200 Subject: [PATCH 2/8] Update configuring-playbook-backup-borg.md --- docs/configuring-playbook-backup-borg.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 2bcc14cee..70466a6e6 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -41,8 +41,6 @@ matrix_backup_borg_location_repositories: matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | PRIVATE KEY -matrix_backup_borg_location_source_directories: - - "{{ matrix_base_data_path }}" ``` where: @@ -53,7 +51,7 @@ where: * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager * PRIVATE KEY - the content of the **private** part of the SSH key you created before -`matrix_backup_borg_location_source_directories` defines the list of directories to back up, `{{ matrix_base_data_path }}` is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. +`matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. From 2df993977a5c821675b3b8224ae75ddb1aae788a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Apr 2022 08:52:37 +0300 Subject: [PATCH 3/8] Ensure git cloning when self-building is done with the matrix user, not root Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749 --- CHANGELOG.md | 13 +++++++++++++ roles/matrix-backup-borg/tasks/setup_install.yml | 2 ++ roles/matrix-bot-honoroit/tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ roles/matrix-bot-mjolnir/tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../matrix-bridge-hookshot/tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 4 ++++ .../tasks/setup_install.yml | 4 ++++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ roles/matrix-client-cinny/tasks/setup_install.yml | 2 ++ roles/matrix-client-element/tasks/setup_install.yml | 2 ++ .../matrix-client-hydrogen/tasks/setup_install.yml | 2 ++ roles/matrix-corporal/tasks/setup_corporal.yml | 2 ++ roles/matrix-coturn/tasks/setup_install.yml | 2 ++ roles/matrix-dimension/tasks/setup_install.yml | 2 ++ roles/matrix-dynamic-dns/tasks/install.yml | 2 ++ roles/matrix-email2matrix/tasks/setup_install.yml | 2 ++ roles/matrix-ma1sd/tasks/setup_install.yml | 2 ++ roles/matrix-mailer/tasks/setup_mailer.yml | 2 ++ .../tasks/util/migrate_db_to_postgres.yml | 2 ++ roles/matrix-registration/tasks/setup_install.yml | 2 ++ roles/matrix-synapse-admin/tasks/setup.yml | 2 ++ .../matrix-synapse/tasks/synapse/setup_install.yml | 2 ++ 39 files changed, 93 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0196a1b06..9c68ed63d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2022-04-14 + +## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action + +Users who build container images from source will need to manually correct file permissions of some directories on the server. + +When self-building, the playbook used to `git clone` repositories (into `/matrix/SERVICE/docker-src`) using the `root` user, but now uses `matrix` instead to work around [the following issue with git 2.35.2](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749). + +If you're on a non-`amd64` architecture (that is, you're overriding `matrix_architecture` in your `vars.yml` file) or you have enabled self-building for some service (e.g. `matrix_*_self_build: true`), you're certainly building some container images from source and have `docker-src` directories with mixed permissions lying around in various `/matrix/SERVICE` directories. + +The playbook *could* correct these permissions automatically, but that requires additional Ansible tasks in some ~45 different places - something that takes considerable effort. So we ask users observing errors related to `docker-src` directories to correct the problem manually by **running this command on the Matrix server** (which deletes all `/matrix/*/docker-src` directories): `find /matrix -maxdepth 2 -name 'docker-src' | xargs rm -rf` + + # 2022-03-17 ## (Compatibility Break) ma1sd identity server no longer installed by default diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index f2c65a164..90757a803 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -52,6 +52,8 @@ repo: "{{ matrix_backup_borg_docker_repo }}" dest: "{{ matrix_backup_borg_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_backup_borg_git_pull_results when: "matrix_backup_borg_container_image_self_build|bool" diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index f3ad9b630..584df9b71 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -64,6 +64,8 @@ repo: "{{ matrix_bot_honoroit_docker_repo }}" dest: "{{ matrix_bot_honoroit_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_bot_honoroit_git_pull_results when: "matrix_bot_honoroit_container_image_self_build|bool" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index ffb38ffc8..d7f4706fb 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -57,6 +57,8 @@ repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}" dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_bot_matrix_reminder_bot_git_pull_results when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index f3b031fa9..66f2806a8 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -35,6 +35,8 @@ dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}" version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_bot_mjolnir_git_pull_results when: "matrix_bot_mjolnir_container_image_self_build|bool" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 1b317464e..1ae0b3fa3 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -74,6 +74,8 @@ repo: "{{ matrix_appservice_irc_docker_repo }}" dest: "{{ matrix_appservice_irc_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_appservice_irc_git_pull_results when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 2dcc23c61..42aa020c5 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -48,6 +48,8 @@ repo: "{{ matrix_appservice_slack_docker_repo }}" dest: "{{ matrix_appservice_slack_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_appservice_slack_git_pull_results when: "matrix_appservice_slack_container_image_self_build|bool" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 6759bca86..274f54c53 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -33,6 +33,8 @@ dest: "{{ matrix_appservice_webhooks_docker_src_files_path }}" version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_appservice_webhooks_git_pull_results - name: Ensure Appservice webhooks Docker image is built diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 575b22c16..74f80314b 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -41,6 +41,8 @@ dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_beeper_linkedin_git_pull_results # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 38dc62a3b..25f2978cd 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -32,6 +32,8 @@ dest: "{{ matrix_hookshot_docker_src_files_path }}" version: "{{ matrix_hookshot_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_hookshot_git_pull_results when: "matrix_hookshot_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index c37b9e10c..699ed88a0 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -66,6 +66,8 @@ dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_facebook_git_pull_results when: "matrix_mautrix_facebook_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index daab10e31..bf04e834c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -65,6 +65,8 @@ repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_googlechat_git_pull_results when: "matrix_mautrix_googlechat_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index d2b7157ec..6a8808159 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -65,6 +65,8 @@ repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_hangouts_git_pull_results when: "matrix_mautrix_hangouts_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 4e531615f..5e30adbe4 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -38,6 +38,8 @@ repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_instagram_git_pull_results when: "matrix_mautrix_instagram_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 840cbd6e4..c7202f05a 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -26,6 +26,8 @@ repo: "{{ matrix_mautrix_signal_docker_repo }}" dest: "{{ matrix_mautrix_signal_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_signal_git_pull_results when: "matrix_mautrix_signal_container_image_self_build|bool" @@ -56,6 +58,8 @@ repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}" dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_signal_daemon_git_pull_results when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 1960288d6..55e7d016f 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -65,6 +65,8 @@ repo: "{{ matrix_telegram_lottieconverter_docker_repo }}" dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_telegram_lottieconverter_git_pull_results when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_mautrix_telegram_container_image_self_build|bool" @@ -85,6 +87,8 @@ repo: "{{ matrix_mautrix_telegram_docker_repo }}" dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_telegram_git_pull_results when: "matrix_mautrix_telegram_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 6e587900d..552c9d525 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -43,6 +43,8 @@ dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_twitter_git_pull_results when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 8f27ac2a3..f47675b58 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -68,6 +68,8 @@ dest: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mautrix_whatsapp_git_pull_results when: "matrix_mautrix_whatsapp_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 26a7c0c3f..3ddfa39d5 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -83,6 +83,8 @@ dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" force: "yes" version: "{{ matrix_mx_puppet_discord_container_image_self_build_version }}" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_discord_git_pull_results when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 0d43a0d02..286c5611c 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_groupme_git_pull_results when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index cb613074c..2e74c059e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -66,6 +66,8 @@ repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_instagram_git_pull_results when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index c3776c708..96ae82e61 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_skype_git_pull_results when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index b064ee838..3a7dfb409 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -80,6 +80,8 @@ dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index b8b3f737d..ac2a2fda9 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_steam_git_pull_results when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 485900a85..6336b0a08 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -83,6 +83,8 @@ repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_twitter_git_pull_results when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 48865008f..da979f565 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -29,6 +29,8 @@ dest: "{{ matrix_client_cinny_docker_src_files_path }}" version: "{{ matrix_client_cinny_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_client_cinny_git_pull_results when: "matrix_client_cinny_container_image_self_build|bool" diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index e9c7096e9..4d0af82d6 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -30,6 +30,8 @@ dest: "{{ matrix_client_element_docker_src_files_path }}" version: "{{ matrix_client_element_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_client_element_git_pull_results when: "matrix_client_element_container_image_self_build|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index 0e4868f6b..db866178e 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -30,6 +30,8 @@ dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_client_hydrogen_git_pull_results when: "matrix_client_hydrogen_container_image_self_build|bool" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 6c520ee00..a3582592c 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -23,6 +23,8 @@ dest: "{{ matrix_corporal_container_src_files_path }}" version: "{{ matrix_corporal_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_corporal_git_pull_results when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index 621177e52..a721f186b 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -36,6 +36,8 @@ dest: "{{ matrix_coturn_docker_src_files_path }}" version: "{{ matrix_coturn_container_image_self_build_repo_version }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_coturn_git_pull_results - name: Ensure Coturn Docker image is built diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 1ba4f2d4c..b999383e1 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -102,6 +102,8 @@ dest: "{{ matrix_dimension_docker_src_files_path }}" version: "{{ matrix_dimension_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" when: "matrix_dimension_container_image_self_build|bool" register: matrix_dimension_git_pull_results diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index 4dffe6819..60f079374 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -30,6 +30,8 @@ repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}" dest: "{{ matrix_dynamic_dns_docker_src_files_path }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_dynamic_dns_git_pull_results when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 74e7c6764..a2470728e 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -39,6 +39,8 @@ dest: "{{ matrix_email2matrix_docker_src_files_path }}" version: "{{ matrix_email2matrix_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_email2matrix_git_pull_results when: "matrix_email2matrix_container_image_self_build|bool" diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index c56c81f98..e3347a4db 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -85,6 +85,8 @@ dest: "{{ matrix_ma1sd_docker_src_files_path }}" version: "{{ matrix_ma1sd_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_ma1sd_git_pull_results - name: Ensure ma1sd Docker image is built diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 5ad02a577..d2f8f9171 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -29,6 +29,8 @@ dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}" version: "{{ matrix_mailer_container_image_self_build_version }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_mailer_git_pull_results when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index 73acb4330..90f73dba8 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -38,6 +38,8 @@ dest: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" version: "{{ matrix_postgres_pgloader_container_image_self_build_repo_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_postgres_pgloader_git_pull_results # If `stable` is used, we hit an error when processing /opt/src/pgloader/build/quicklisp/dists/quicklisp/software/uax-15-20201220-git/data/CompositionExclusions.txt: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 2b5beafa0..6ff2de302 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -63,6 +63,8 @@ dest: "{{ matrix_registration_docker_src_files_path }}" version: "{{ matrix_registration_container_image_self_build_branch }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_registration_git_pull_results when: "matrix_registration_container_image_self_build|bool" diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 2243706be..f83ccdc3f 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -22,6 +22,8 @@ dest: "{{ matrix_synapse_admin_docker_src_files_path }}" version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_synapse_admin_git_pull_results when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index deedd7bde..2302a6f23 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -25,6 +25,8 @@ dest: "{{ matrix_synapse_docker_src_files_path }}" version: "{{ matrix_synapse_docker_image.split(':')[1] }}" force: "yes" + become: true + become_user: "{{ matrix_user_username }}" register: matrix_synapse_git_pull_results - name: Check if Synapse Docker image exists From 7e062328ff420062aa919cb74f14e2dff698e78d Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Thu, 14 Apr 2022 15:01:40 +0200 Subject: [PATCH 4/8] Upgrade Hookshot (1.4.0 -> 1.5.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index a55b995d1..45807ba9c 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.4.0 +matrix_hookshot_version: 1.5.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From d5f4c17146dbe87d44770dc9dbf215b24eb2375b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 14 Apr 2022 18:06:54 +0300 Subject: [PATCH 5/8] matrix-backup-borg: integrate postgres backups, add extended borgmatic configuration --- group_vars/matrix_servers | 26 ++++++++++-- roles/matrix-backup-borg/defaults/main.yml | 42 ++++++++++++++++--- .../tasks/setup_install.yml | 9 ++-- .../util/detect_existing_postgres_version.yml | 42 +++++++++++++++++++ .../templates/config.yaml.j2 | 10 +++++ setup.yml | 2 +- 6 files changed, 118 insertions(+), 13 deletions(-) create mode 100644 roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 85b8a7013..91324025e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1081,13 +1081,33 @@ matrix_bot_mjolnir_systemd_required_services_list: | ###################################################################### matrix_backup_borg_enabled: false +matrix_backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_backup_borg_postgresql_enabled: "{{ matrix_postgres_enabled }}" +matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection_hostname }}" +matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}" +matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}" +matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}" +matrix_backup_borg_postgresql_databases: | + {{ + (([{ + 'name': matrix_synapse_database_database + }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + + + matrix_postgres_additional_databases)|map(attribute='name')|list + }} matrix_backup_borg_location_source_directories: - "{{ matrix_base_data_path }}" matrix_backup_borg_location_exclude_patterns: | {{ - { - 'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"], - }[matrix_homeserver_implementation] + ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else []) + + + ([matrix_postgres_data_path] if matrix_postgres_enabled else []) + }} +matrix_backup_borg_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) }} ###################################################################### diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index c8a09f7f4..374b5befa 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -1,17 +1,17 @@ --- matrix_backup_borg_enabled: true +matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" +matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" + matrix_backup_borg_container_image_self_build: false matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" -matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src" +matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src" -matrix_backup_borg_version: latest +matrix_backup_borg_version: "" matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" -matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}" - -matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" -matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version|default('') == '' }}" # A list of extra arguments to pass to the container matrix_backup_borg_container_extra_arguments: [] @@ -28,6 +28,14 @@ matrix_backup_borg_schedule: "*-*-* 04:00:00" # what directories should be added to backup matrix_backup_borg_location_source_directories: [] +# postgres db backup +matrix_backup_borg_postgresql_enabled: true +matrix_backup_borg_postgresql_databases: [] +matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres" +matrix_backup_borg_postgresql_databases_username: "matrix" +matrix_backup_borg_postgresql_databases_password: "" +matrix_backup_borg_postgresql_databases_port: 5432 + # target repositories matrix_backup_borg_location_repositories: [] @@ -61,3 +69,25 @@ matrix_backup_borg_retention_keep_yearly: 2 # retention prefix matrix_backup_borg_retention_prefix: "matrix-" + +# Default borgmatic configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_backup_borg_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_backup_borg_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_backup_borg_configuration_extension_yaml: | + # Your custom YAML configuration for borgmatic goes here. + # This configuration extends the default starting configuration (`matrix_borg_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_backup_borg_configuration_yaml`. + +matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml|from_yaml if matrix_backup_borg_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final borgmatic configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`. +matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml|from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 90757a803..9c34c53f1 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,4 +1,7 @@ --- +- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" + when: 'matrix_backup_borg_enabled|bool and matrix_backup_borg_postgresql_enabled|bool and matrix_postgres_backup_postgres_data_path != ""' + - name: Ensure borg paths exist file: path: "{{ item.path }}" @@ -11,9 +14,9 @@ - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} when: "item.when|bool" -- name: Ensure borg config is created - template: - src: "{{ role_path }}/templates/config.yaml.j2" +- name: Ensure borgmatic config is created + copy: + content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_backup_borg_config_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml new file mode 100644 index 000000000..0d50d93f5 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml @@ -0,0 +1,42 @@ +--- + +# This utility aims to determine if there is some existing Postgres version in use or not. +# If there is, it also tries to detect the Docker image that corresponds to that version. + +- name: Initialize Postgres version determination variables (default to empty) + set_fact: + matrix_backup_borg_postgresql_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" + matrix_backup_borg_postgresql_detected_existing: false + matrix_backup_borg_postgresql_detected_version: "" + matrix_backup_borg_version: "" + +- name: Determine existing Postgres version (check PG_VERSION file) + stat: + path: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" + register: result_pg_version_stat + +- set_fact: + matrix_backup_borg_postgresql_detected_existing: true + when: "result_pg_version_stat.stat.exists" + +- name: Determine existing Postgres version (read PG_VERSION file) + slurp: + src: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" + register: result_pg_version + when: matrix_backup_borg_postgresql_detected_existing|bool + +- name: Determine existing Postgres version (make sense of PG_VERSION file) + set_fact: + matrix_backup_borg_postgresql_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + when: matrix_backup_borg_postgresql_detected_existing|bool + +- name: Determine corresponding Docker image version to detected version + set_fact: + matrix_backup_borg_version: "{{ matrix_backup_borg_postgresql_detected_version }}" + when: "matrix_backup_borg_postgresql_detected_version == '12' or matrix_backup_borg_postgresql_detected_version.startswith('12.') or matrix_backup_borg_postgresql_detected_version == '13' or matrix_backup_borg_postgresql_detected_version.startswith('13.') or matrix_backup_borg_postgresql_detected_version == '14' or matrix_backup_borg_postgresql_detected_version.startswith('14.')" + +- name: Fail if existing Postgres version is not supported by borgmatic docker image + fail: + msg: >- + Your Postgres v{{ matrix_backup_borg_postgresql_detected_version }} is not supported. + when: "matrix_backup_borg_version == ''" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 89b6ab7d4..8ac2a8b2f 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -26,6 +26,16 @@ consistency: - archives hooks: +{% if matrix_backup_borg_postgresql_enabled %} + postgresql_databases: + {% for database in matrix_backup_borg_postgresql_databases %} + - name: {{ database }} + hostname: {{ matrix_backup_borg_postgresql_databases_hostname }} + username: {{ matrix_backup_borg_postgresql_databases_username }} + password: {{ matrix_backup_borg_postgresql_databases_password }} + port: {{ matrix_backup_borg_postgresql_databases_port }} + {% endfor %} +{% endif %} after_backup: - echo "Backup created." on_error: diff --git a/setup.yml b/setup.yml index 52079e32c..de86665b6 100755 --- a/setup.yml +++ b/setup.yml @@ -13,7 +13,6 @@ - matrix-postgres - matrix-redis - matrix-corporal - - matrix-backup-borg - matrix-bridge-appservice-discord - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks @@ -62,4 +61,5 @@ - matrix-aux - matrix-postgres-backup - matrix-prometheus-postgres-exporter + - matrix-backup-borg - matrix-common-after From 5611cab71ae06c83527a8c8bb566cdec4e0b6010 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Thu, 14 Apr 2022 13:38:38 -0400 Subject: [PATCH 6/8] Update element 1.10.9 -> 1.10.10 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 34cf22a74..205f3480a 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.9 +matrix_client_element_version: v1.10.10 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From a9d0cbc560a380fb9a5147101c817574d9d134ab Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 15 Apr 2022 19:38:10 +0300 Subject: [PATCH 7/8] feedback --- roles/matrix-backup-borg/defaults/main.yml | 8 ++-- .../tasks/setup_install.yml | 14 ++++++- .../util/detect_existing_postgres_version.yml | 42 ------------------- .../templates/config.yaml.j2 | 32 +++++++------- 4 files changed, 33 insertions(+), 63 deletions(-) delete mode 100644 roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 374b5befa..189b6042b 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -5,9 +5,10 @@ matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" matrix_backup_borg_container_image_self_build: false -matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" +matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic" matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src" +# version determined automatically, based on postgres server version (if enabled), otherwise latest is used matrix_backup_borg_version: "" matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" @@ -30,6 +31,7 @@ matrix_backup_borg_location_source_directories: [] # postgres db backup matrix_backup_borg_postgresql_enabled: true +matrix_backup_borg_supported_postgres_versions: ['12', '13', '14'] matrix_backup_borg_postgresql_databases: [] matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres" matrix_backup_borg_postgresql_databases_username: "matrix" @@ -55,7 +57,7 @@ matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new matrix_backup_borg_storage_compression: lz4 # archive name format -matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" +matrix_backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S} # repository passphrase matrix_backup_borg_storage_encryption_passphrase: "" @@ -68,7 +70,7 @@ matrix_backup_borg_retention_keep_monthly: 12 matrix_backup_borg_retention_keep_yearly: 2 # retention prefix -matrix_backup_borg_retention_prefix: "matrix-" +matrix_backup_borg_retention_prefix: matrix- # Default borgmatic configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 9c34c53f1..1903d8654 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,16 @@ --- -- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" - when: 'matrix_backup_borg_enabled|bool and matrix_backup_borg_postgresql_enabled|bool and matrix_postgres_backup_postgres_data_path != ""' +- block: + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" + + - name: Fail if detected Postgres version is unsupported + fail: + msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" + when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" + + - name: Set the correct borg backup version to use + set_fact: + matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" + when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist file: diff --git a/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml deleted file mode 100644 index 0d50d93f5..000000000 --- a/roles/matrix-backup-borg/tasks/util/detect_existing_postgres_version.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- - -# This utility aims to determine if there is some existing Postgres version in use or not. -# If there is, it also tries to detect the Docker image that corresponds to that version. - -- name: Initialize Postgres version determination variables (default to empty) - set_fact: - matrix_backup_borg_postgresql_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" - matrix_backup_borg_postgresql_detected_existing: false - matrix_backup_borg_postgresql_detected_version: "" - matrix_backup_borg_version: "" - -- name: Determine existing Postgres version (check PG_VERSION file) - stat: - path: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" - register: result_pg_version_stat - -- set_fact: - matrix_backup_borg_postgresql_detected_existing: true - when: "result_pg_version_stat.stat.exists" - -- name: Determine existing Postgres version (read PG_VERSION file) - slurp: - src: "{{ matrix_backup_borg_postgresql_detection_pg_version_path }}" - register: result_pg_version - when: matrix_backup_borg_postgresql_detected_existing|bool - -- name: Determine existing Postgres version (make sense of PG_VERSION file) - set_fact: - matrix_backup_borg_postgresql_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" - when: matrix_backup_borg_postgresql_detected_existing|bool - -- name: Determine corresponding Docker image version to detected version - set_fact: - matrix_backup_borg_version: "{{ matrix_backup_borg_postgresql_detected_version }}" - when: "matrix_backup_borg_postgresql_detected_version == '12' or matrix_backup_borg_postgresql_detected_version.startswith('12.') or matrix_backup_borg_postgresql_detected_version == '13' or matrix_backup_borg_postgresql_detected_version.startswith('13.') or matrix_backup_borg_postgresql_detected_version == '14' or matrix_backup_borg_postgresql_detected_version.startswith('14.')" - -- name: Fail if existing Postgres version is not supported by borgmatic docker image - fail: - msg: >- - Your Postgres v{{ matrix_backup_borg_postgresql_detected_version }} is not supported. - when: "matrix_backup_borg_version == ''" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 8ac2a8b2f..2929db8b1 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -7,18 +7,18 @@ location: exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }} storage: - compression: {{ matrix_backup_borg_storage_compression }} - ssh_command: {{ matrix_backup_borg_storage_ssh_command }} - archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}' - encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }} + compression: {{ matrix_backup_borg_storage_compression|to_json }} + ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }} + archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }} + encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }} retention: - keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} - keep_daily: {{ matrix_backup_borg_retention_keep_daily }} - keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} - keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} - keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} - prefix: '{{ matrix_backup_borg_retention_prefix }}' + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }} + prefix: {{ matrix_backup_borg_retention_prefix|to_json }} consistency: checks: @@ -26,14 +26,14 @@ consistency: - archives hooks: -{% if matrix_backup_borg_postgresql_enabled %} +{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %} postgresql_databases: {% for database in matrix_backup_borg_postgresql_databases %} - - name: {{ database }} - hostname: {{ matrix_backup_borg_postgresql_databases_hostname }} - username: {{ matrix_backup_borg_postgresql_databases_username }} - password: {{ matrix_backup_borg_postgresql_databases_password }} - port: {{ matrix_backup_borg_postgresql_databases_port }} + - name: {{ database|to_json }} + hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }} + username: {{ matrix_backup_borg_postgresql_databases_username|to_json }} + password: {{ matrix_backup_borg_postgresql_databases_password|to_json }} + port: {{ matrix_backup_borg_postgresql_databases_port|to_json }} {% endfor %} {% endif %} after_backup: From c520a758ec78f035a616195a141858ad11e2dbe5 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 15 Apr 2022 19:43:45 +0300 Subject: [PATCH 8/8] fix linter --- roles/matrix-backup-borg/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 1903d8654..6ef398631 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -9,7 +9,7 @@ - name: Set the correct borg backup version to use set_fact: - matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" + matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist