diff --git a/.gitignore b/.gitignore index 421877392..6b56900a8 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /roles/**/files/scratchpad .DS_Store .python-version +.idea/ flake.lock # ignore roles pulled by ansible-galaxy diff --git a/CHANGELOG.md b/CHANGELOG.md index 950e38e4e..3db319afe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2023-07-24 + +## matrix-registration-bot usage changed + +[matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and now supports password-only-based login. Therefore the bot now doesn't need any manual configuration except setting a password in your `vars.yml`. The bot will be registered as admin and access tokens will be obtained automatically by the bot. + +**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings + +* `matrix_bot_matrix_registration_bot_bot_access_token` +* `matrix_bot_matrix_registration_bot_api_token` + # 2023-07-21 ## mautrix-gmessages support diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index fa7972cae..72171f28c 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -43,6 +43,11 @@ matrix_bot_chatgpt_openai_api_key: '' # Matrix access token (from bot user above) # see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix matrix_bot_chatgpt_matrix_access_token: '' + +# Configuring the system promt used, needed if the bot is used for special tasks. +# More information: https://github.com/mustvlad/ChatGPT-System-Prompts +matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' + ``` You will need to get tokens for ChatGPT. diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index b1e3fdc6c..66b3e5768 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -2,40 +2,28 @@ The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you. -The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server, -where you invite someone by sending them a registration token. They can register as normal but have to provide a valid -registration token in a final step of the registration. +The bot allows you to easily **create and manage registration tokens** aka. invitation codes. +It can be used for an invitation-based server, +where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration. See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it does and why it might be useful to you. -## Registering the bot user +## Configuration -By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable). - -For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - -## Obtaining an admin access token - -In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). - -## Adjusting the playbook configuration - -Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: +To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: ```yaml matrix_bot_matrix_registration_bot_enabled: true -# Token obtained via logging into the bot account (see above) -matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE" + +#By default, the playbook will set use the bot with a username like +## this: `@bot.matrix-registration-bot:DOMAIN`. +# To use a different username, uncomment & adjust the variable. +# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT # Enables registration matrix_synapse_enable_registration: true @@ -44,6 +32,7 @@ matrix_synapse_enable_registration: true matrix_synapse_registration_requires_token: true ``` +The bot account will be automatically created. ## Installing @@ -56,10 +45,16 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, message `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). + +To clean the cache (session&encryption data) after you changed the bot's username, changed the login methon form access_token to password etc.. you can use + +```bash +just run-tags bot-matrix-registration-bot-clean-cache +``` diff --git a/docs/configuring-playbook-client-element.md b/docs/configuring-playbook-client-element.md index 1f90aca68..ec8556011 100644 --- a/docs/configuring-playbook-client-element.md +++ b/docs/configuring-playbook-client-element.md @@ -32,7 +32,7 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo ## Themes -To change the look of Element, you can define your own themes manually by using the `matrix_client_element_settingDefaults_custom_themes` setting. +To change the look of Element, you can define your own themes manually by using the `matrix_client_element_setting_defaults_custom_themes` setting. Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`). diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 4472e103e..cafe6f4d6 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -3,6 +3,8 @@ **[Dimension](https://dimension.t2bot.io) can only be installed after Matrix services are installed and running.** If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later. +**Note**: Dimension is **[officially unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299)**. We recommend not bothering with installing it. + **Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index a0eb36ba4..a7aab981c 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -12,6 +12,7 @@ Element X Android requires manual compilation to get it working with a non-`matr **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. +**NOTE**: The sliding-sync proxy is **not required** when using the **Conduit homeserver**. Starting from version `0.6.0` Conduit has native support for some sliding sync features. If there are issues with the native implementation, you might have a better experience when enabling the sliding-sync proxy anyway. ## Decide on a domain and path diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index a4746a62c..85ae79d7a 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -30,7 +30,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Additional useful services -- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md)) +- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional; [unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md)) - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0a30f217b..5accdd85a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3341,7 +3341,7 @@ matrix_client_element_enable_presence_by_hs_url: | matrix_client_element_welcome_user_id: ~ -matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" +matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### # @@ -4018,6 +4018,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" +# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. +matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_url if matrix_conduit_enabled else '' }}" + ###################################################################### # # /matrix-sliding-sync @@ -4107,7 +4110,6 @@ matrix_conduit_systemd_required_services_list: | (['docker.service']) }} - ###################################################################### # # /matrix-conduit @@ -4123,6 +4125,12 @@ matrix_conduit_systemd_required_services_list: | matrix_user_creator_users_auto: | {{ + ([{ + 'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart, + 'initial_password': matrix_bot_matrix_registration_bot_bot_password, + 'initial_type': 'admin', + }] if matrix_bot_matrix_registration_bot_enabled else []) + + ([{ 'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart, 'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password, @@ -4166,13 +4174,20 @@ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_serv matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | - {{ - ['docker.service'] - + - (['matrix-synapse.service'] if matrix_synapse_enabled else []) - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) - }} + {{ + ['docker.service'] + + + (['matrix-' + matrix_homeserver_implementation + '.service']) + }} + +matrix_user_verification_service_container_additional_networks: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + + + ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else []) + ) | unique + }} # If Jitsi is managed by this playbook we can use the docker network - no need to expose a port. # If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose diff --git a/requirements.yml b/requirements.yml index bac5fea32..af22b8770 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-1 + version: v1.2.4-1.7.15-3 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git @@ -26,28 +26,28 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.3-0 + version: v2.10.4-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.0-0 + version: v1.9.2-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 6.1.0 + version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.2-1 + version: v10.0.3-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.6.2-0 + version: v2.7.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.45.0-0 + version: v2.45.0-1 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git - version: v1.6.0-0 + version: v1.6.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.13.1-0 + version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.0.10-0 + version: v7.2.0-0 diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 637ce3bb9..bb0d579fb 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -150,6 +150,12 @@ matrix_homeserver_container_url: "" # This likely gets overriden elsewhere. matrix_homeserver_container_federation_url: "" +# Specifies the public url of the Sync v3 (sliding-sync) API. +# This will be used to set the `org.matrix.msc3575.proxy` property in `/.well-known/matrix/client`. +# Once the API is stabilized, this will no longer be required. +# See MSC3575: https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md +matrix_homeserver_sliding_sync_url: "" + matrix_identity_server_url: ~ matrix_integration_manager_rest_url: ~ @@ -158,7 +164,7 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server -matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming +matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 45c3ea2a0..96c301a89 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -18,17 +18,17 @@ ] } {% endif %} - {% if matrix_client_element_jitsi_preferredDomain %}, + {% if matrix_client_element_jitsi_preferred_domain %}, "io.element.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} } {% endif %} - {% if matrix_sliding_sync_enabled %}, + {% if matrix_homeserver_sliding_sync_url %}, "org.matrix.msc3575.proxy": { - "url": "{{ matrix_sliding_sync_base_url }}" + "url": "{{ matrix_homeserver_sliding_sync_url }}" } {% endif %} {% if matrix_client_element_location_sharing_enabled %}, diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 00eae1676..298437ca3 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -88,3 +88,5 @@ matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true # matrix_bot_chatgpt_environment_variables_extension: | # chatgpt_TEXT_DONE=Done matrix_bot_chatgpt_environment_variables_extension: '' + +matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index bc8c38664..d9ca2d50c 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -25,6 +25,8 @@ MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }} MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }} MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }} +CHATGPT_PROMPT_PREFIX={{ matrix_bot_chatgpt_matrix_bot_prompt_prefix }} + DATA_PATH=/data/ {{ matrix_bot_chatgpt_environment_variables_extension }} diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 90ffa0c64..b190c3b79 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -20,7 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.17 +matrix_bot_honoroit_version: v0.9.18 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index d8e52b719..41143566a 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: latest -matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" +matrix_bot_matrix_registration_bot_version: 1.3.0 +matrix_bot_matrix_registration_bot_docker_iteration: 0 +matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}" +matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot" @@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" -# The access token that the bot uses to communicate in Matrix chats -# This does not necessarily need to be a privileged (admin) access token. -matrix_bot_matrix_registration_bot_bot_access_token: '' -# The access token that the bot uses to call the Matrix API for creating registration tokens. -# This needs to be a privileged (admin) access token. -# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is. -# If necessary, you can define your own other access token here, which might even be for a different Matrix user. -matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}" +# The bot's password (can also be used to login via a client like element) +matrix_bot_matrix_registration_bot_bot_password: '' + +# Optional variable that only needs to be set if the bot account is not admin +# Needs to be a valid access token of an admin account +matrix_bot_matrix_registration_bot_api_token: '' + +matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy" matrix_bot_matrix_registration_bot_logging_level: info matrix_bot_matrix_registration_environment_variables_extension: '' diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml new file mode 100644 index 000000000..ae4433b8f --- /dev/null +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml @@ -0,0 +1,12 @@ +--- + +- name: Delete cache files + ansible.builtin.file: + state: "{{ item }}" + path: "{{ matrix_bot_matrix_registration_bot_data_path }}" + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - absent + - directory diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml index 83291fb6d..cd11c1d5d 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -18,3 +18,9 @@ block: - when: not matrix_bot_matrix_registration_bot_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + +- tags: + - bot-matrix-registration-bot-clean-cache + block: + - when: matrix_bot_matrix_registration_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 515cd9973..655f3d275 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -9,7 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} - - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} when: "item.when | bool" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml index 39e97cde2..b7a475639 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -5,6 +5,13 @@ msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" + with_items: + - "matrix_bot_matrix_registration_bot_bot_password" + +- name: (Deprecation) Catch and report old settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot. + when: "item in vars" with_items: - "matrix_bot_matrix_registration_bot_bot_access_token" - - "matrix_bot_matrix_registration_bot_api_token" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 index 756efb018..4a2242aa2 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 @@ -1,12 +1,16 @@ bot: server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} - access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }} + password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }} + api: # API endpoint of the registration tokens base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }} # Access token of an administrator on the server +{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %} token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }} +{% endif %} + logging: level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }} diff --git a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 index 49bbcb878..7750ec9a3 100644 --- a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -60,7 +60,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: "https://{{ matrix_server_fqn_matrix }}" + url: {{ matrix_homeserver_container_url | to_json }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index b6e6f1195..2611da8a0 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.38.0 +matrix_appservice_irc_version: 1.0.1 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index 6fb6d7e7f..a3ea586be 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_slack_version: 2.0.2 +matrix_appservice_slack_version: 2.1.2 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 5dfe38105..c81c4fe6b 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.3 +matrix_heisenbridge_version: 1.14.5 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 3c1ba5193..491bf3188 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.4.0 +matrix_hookshot_version: 4.4.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index f9b853bc6..1f1e007ac 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.0 +matrix_mautrix_discord_version: v0.6.1 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 6a6c14b0a..9448dfde6 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: latest +matrix_mautrix_gmessages_version: v0.1.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 index a17f6cd1e..6dc136bb4 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -286,13 +286,7 @@ bridge: # Logging config. See https://github.com/tulir/zeroconfig for details. logging: - min_level: debug + min_level: {{ matrix_mautrix_gmessages_logging_level }} writers: - - type: stdout - format: pretty-colored - - type: file - format: json - filename: ./logs/mautrix-gmessages.log - max_size: 100 - max_backups: 10 - compress: true + - type: stdout + format: pretty-colored diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index a308811a7..fb11bc691 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.9.0 +matrix_mautrix_whatsapp_version: v0.10.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 9199a1d5a..b9a1aabae 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.36 +matrix_client_element_version: v1.11.39 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" @@ -149,17 +149,17 @@ matrix_client_element_integrations_ui_url: "https://scalar.vector.im/" matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" -matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming +matrix_client_element_permalink_prefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" -matrix_client_element_showLabsSettings: true # noqa var-naming +matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) -matrix_client_element_roomdir_servers: ['matrix.org'] +matrix_client_element_room_directory_servers: ['matrix.org'] matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" # URL to Logo on welcome page -matrix_client_element_welcome_logo: "welcome/images/logo.svg" +matrix_client_element_welcome_logo: "themes/element/img/logos/element-logo.svg" # URL of link on welcome image matrix_client_element_welcome_logo_link: "https://element.io" @@ -169,13 +169,13 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & col # Links, shown in footer of welcome page: # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}] -matrix_client_element_branding_authFooterLinks: ~ # noqa var-naming +matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming # URL to image, shown during Login -matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming +matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming # URL to Wallpaper, shown in background of welcome page -matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming +matrix_client_element_branding_welcome_background_url: ~ # noqa var-naming matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" @@ -183,7 +183,7 @@ matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/wel # point this to a `home.html` template file on your local filesystem. matrix_client_element_embedded_pages_home_path: ~ -matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming +matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming # Controls whether the self-check feature should validate SSL certificates. matrix_client_element_self_check_validate_certificates: true @@ -207,14 +207,14 @@ matrix_client_element_themes_repository_version: master # Controls the default theme matrix_client_element_default_theme: 'light' -# Controls the `settingsDefault.custom_themes` setting of the Element configuration. +# Controls the `setting_defaults.custom_themes` setting of the Element configuration. # You can use this setting to define custom themes. # # Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically. # If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well. # # Note that for a custom theme to work well, all Element instances that you use must have the same theme installed. -matrix_client_element_settingDefaults_custom_themes: [] # noqa var-naming +matrix_client_element_setting_defaults_custom_themes: [] # noqa var-naming # Default Element configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-client-element/tasks/prepare_themes.yml b/roles/custom/matrix-client-element/tasks/prepare_themes.yml index 70646c94c..194335b2f 100644 --- a/roles/custom/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml @@ -30,7 +30,7 @@ - name: Load Element theme ansible.builtin.set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming + matrix_client_element_setting_defaults_custom_themes: "{{ matrix_client_element_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming with_items: "{{ matrix_client_element_theme_file_contents.results }}" # diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index fdf42df7a..dc6c9f5ad 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -27,6 +27,22 @@ with_items: - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'} +- name: (Deprecation) Catch and report renamed element-web settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} + - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} + - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} + - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} + - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} + - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} + - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} + - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'} + - when: matrix_client_element_container_labels_traefik_enabled | bool block: - name: Fail if required matrix-client-element Traefik settings not defined diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 6f2498fd8..180a8f818 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -8,12 +8,12 @@ "base_url": {{ matrix_client_element_default_is_url | string | to_json }} } }, - "settingDefaults": { - "custom_themes": {{ matrix_client_element_settingDefaults_custom_themes | to_json }} + "setting_defaults": { + "custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }} }, "default_theme": {{ matrix_client_element_default_theme | string | to_json }}, "default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, - "permalinkPrefix": {{ matrix_client_element_permalinkPrefix | string | to_json }}, + "permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }}, "disable_custom_urls": {{ matrix_client_element_disable_custom_urls | to_json }}, "disable_guests": {{ matrix_client_element_disable_guests | to_json }}, "brand": {{ matrix_client_element_brand | to_json }}, @@ -22,28 +22,28 @@ "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls | to_json }}, "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string | to_json }}, "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url | to_json }}, - "showLabsSettings": {{ matrix_client_element_showLabsSettings | to_json }}, - "roomDirectory": { - "servers": {{ matrix_client_element_roomdir_servers | to_json }} + "show_labs_settings": {{ matrix_client_element_show_lab_settings | to_json }}, + "room_directory": { + "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, - "welcomeUserId": {{ matrix_client_element_welcome_user_id | to_json }}, + "welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} - "embeddedPages": { + "embedded_pages": { "homeUrl": {{ matrix_client_element_embedded_pages_home_url | string | to_json }} }, - {% if matrix_client_element_jitsi_preferredDomain %} + {% if matrix_client_element_jitsi_preferred_domain %} "jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferred_domain | to_json }} }, {% endif %} {% if matrix_client_element_location_sharing_enabled %} "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json", {% endif %} "branding": { - "authFooterLinks": {{ matrix_client_element_branding_authFooterLinks | to_json }}, - "authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl | to_json }}, - "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} + "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, + "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, + "welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} } } diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 7673a7d27..862e55c25 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -6,7 +6,7 @@ matrix_conduit_enabled: true matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" matrix_conduit_docker_image_name_prefix: "docker.io/" -matrix_conduit_docker_image_tag: "v0.5.0" +matrix_conduit_docker_image_tag: "v0.6.0" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 6369f1096..727dfd5bb 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls126 +matrix_dynamic_dns_version: v3.10.0-ls131 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index d8d73a869..8767fee1e 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.25.1-alpine +matrix_nginx_proxy_version: 1.25.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index cfc55ecd2..97301597a 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.4 +matrix_sliding_sync_version: v0.99.5 matrix_sliding_sync_scheme: https diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 048ded6bb..3a29791ce 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -25,7 +25,7 @@ matrix_synapse_reverse_proxy_companion_enabled: true -matrix_synapse_reverse_proxy_companion_version: 1.25.1-alpine +matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 48d8e8d98..c48ff09c6 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.88.0 +matrix_synapse_version: v1.90.0 matrix_synapse_username: '' matrix_synapse_uid: '' diff --git a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml index 0d8879392..4adb6566a 100644 --- a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml @@ -4,6 +4,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_encryption_disabler_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" @@ -12,6 +14,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" @@ -20,6 +24,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" @@ -28,6 +34,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_ldap_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml" @@ -36,6 +44,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" @@ -44,6 +54,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" @@ -52,6 +64,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml index 378a0dee5..a2185da57 100644 --- a/roles/custom/matrix-synapse/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/setup_install.yml @@ -26,6 +26,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml" @@ -34,6 +36,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_workers_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" @@ -41,12 +45,16 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_s3_media_store_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index f42f6e309..e12bdb194 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2351,7 +2351,7 @@ email: # must present a certificate that is valid for 'smtp_host'. If this option # is set to false, TLS will not be used. # - #enable_tls: false + enable_tls: {{ matrix_synapse_email_smtp_enable_tls|to_json }} # notif_from defines the "From" address to use when sending emails. # It must be set if email sending is enabled. diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 9ac7afeb7..a12b44017 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -5,6 +5,9 @@ matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" +# Optionally: `false` to fully disable tls on outbound smtp +matrix_synapse_email_smtp_enable_tls: true + # A Synapse generic worker can handle both federation and client-server API endpoints. # We wish to split these, as we normally serve federation separately and don't want them mixed up. # diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 5b3611b88..b553ad12b 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -18,6 +18,14 @@ matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service:{{ matrix_user_verification_service_version }}" matrix_user_verification_service_docker_image_force_pull: "{{ matrix_user_verification_service_docker_image.endswith(':latest') }}" +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_user_verification_service_container_network: "{{ matrix_docker_network }}" + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_user_verification_service_container_additional_networks: [] + matrix_user_verification_service_container_name: "matrix-user-verification-service" # This will be set in group vars matrix_user_verification_service_container_http_host_bind_port: '' diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 185b4b642..54d5d979b 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -30,6 +30,11 @@ group: "{{ matrix_user_groupname }}" mode: 0644 +- name: Ensure matrix-user-verification-service container network is created + community.general.docker_network: + name: "{{ matrix_user_verification_service_container_network }}" + driver: bridge + - name: Ensure matrix-user-verification-service.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-user-verification-service.service.j2" diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index eb24b1281..683982632 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -17,12 +17,14 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_user_verification_service_container_name }}\ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ + --rm \ + --name={{ matrix_user_verification_service_container_name }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_user_verification_service_container_network }} \ {% if matrix_user_verification_service_container_http_host_bind_port %} -p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \ {% endif %} @@ -32,6 +34,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_user_verification_service_docker_image }} +{% for network in matrix_user_verification_service_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_user_verification_service_container_name }} +{% endfor %} + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' Restart=always