Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into maubot

6 lat temu · a2aeb0a7fd
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
 # 2020-03-29
 ## Archlinux support
 Thanks to [Christian](https://github.com/christianlupus)'s efforts, the playbook now supports installing to an [Archlinux](https://www.archlinux.org/) server.
 # 2020-03-24
 ## Jitsi support
--- a/README.md
+++ b/README.md
@@ -75,7 +75,7 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
 - this one **can be re-ran many times** without causing trouble
 - works on both **CentOS** (7.0+) and Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+)
 - works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux**
 - this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -1,6 +1,6 @@
 # Prerequisites
 - An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+) or **Ubuntu** (16.04+). This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
 - An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
 - `root` access to your server (or a user capable of elevating to `root` via `sudo`).
--- a/roles/matrix-base/tasks/sanity_check.yml
+++ b/roles/matrix-base/tasks/sanity_check.yml
@@ -44,3 +44,10 @@
    - "{{ matrix_server_fqn_matrix }}"
    - "{{ matrix_server_fqn_riot }}"
  when: "item != item|lower"
 - name: Fail if using python2 on Archlinux
  fail:
    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
  when:
    - ansible_distribution == 'Archlinux'
    - ansible_python.version.major != 3
--- a/roles/matrix-base/tasks/server_base/setup.yml
+++ b/roles/matrix-base/tasks/server_base/setup.yml
@@ -9,6 +9,9 @@
 - include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
  when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian') 
 - include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
  when: ansible_distribution == 'Archlinux'
 - name: Ensure Docker is started and autoruns
  service:
    name: docker
@@ -17,6 +20,6 @@
 - name: Ensure ntpd is started and autoruns
  service:
    name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}"
    name: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
    state: started
    enabled: yes
--- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml
+++ b/roles/matrix-base/tasks/server_base/setup_archlinux.yml
@@ -0,0 +1,20 @@
 ---
 - name: Install host dependencies
  pacman:
    name:
      - bash-completion
      - python-docker
      - ntp
      # TODO This needs to be verified. Which version do we need?
      - fuse3
      - python-dnspython
    state: latest
    update_cache: yes
 - name: Ensure Docker is installed
  pacman:
    name:
      - docker
    state: latest
  when: matrix_docker_installation_enabled|bool
--- a/roles/matrix-common-after/tasks/start.yml
+++ b/roles/matrix-common-after/tasks/start.yml
@@ -28,14 +28,37 @@
  delegate_to: 127.0.0.1
  become: false
 - name: Populate service facts
  service_facts:
 - name: Fail if service isn't detected to be running
  fail:
    msg: >-
      {{ item }} was not detected to be running.
      It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
      Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
  with_items: "{{ matrix_systemd_services_list }}"
  when: "ansible_facts.services[item + '.service']|default(none) is none or ansible_facts.services[item + '.service'].state != 'running'"
 - block:
  - name: Populate service facts
    service_facts:
  - name: Fail if service isn't detected to be running
    fail:
      msg: >-
        {{ item }} was not detected to be running.
        It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
        Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
    with_items: "{{ matrix_systemd_services_list }}"
    when:
      - "ansible_facts.services[item + '.service']|default(none) is none or ansible_facts.services[item + '.service'].state != 'running'"
  when: " ansible_distribution != 'Archlinux'"
 - block:
  # Currently there is a bug in ansible that renders is incompatible with systemd.
  # service_facts is not collecting the data successfully.
  # Therefore iterating here manually
  - name: Fetch systemd information
    systemd:
      name: "{{ item }}"
    register: systemdstatus
    with_items: "{{ matrix_systemd_services_list }}"
  - name: Fail if service isn't detected to be running
    fail:
      msg: >-
        {{ item.item }} was not detected to be running.
        It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
        Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate.
    with_items: "{{ systemdstatus.results }}"
    when: "item.status['ActiveState'] != 'active'"
  when: "ansible_distribution == 'Archlinux'"
--- a/roles/matrix-mxisd/tasks/setup_mxisd.yml
+++ b/roles/matrix-mxisd/tasks/setup_mxisd.yml
@@ -26,7 +26,7 @@
  when: matrix_mxisd_enabled|bool and not matrix_mxisd_container_image_self_build
 - block:
  - name: Ensure gradle is installed for self-building
  - name: Ensure gradle is installed for self-building (Debian)
    apt:
      name:
        - gradle
@@ -34,11 +34,19 @@
      update_cache: yes
    when: (ansible_os_family == 'Debian')
  - name: Ensure gradle is installed for self-building
  - name: Ensure gradle is installed for self-building (CentOS)
    fail:
      msg: "Installing gradle on CentOS is currently not supported, so self-building mxisd cannot happen at this time"
    when: ansible_distribution == 'CentOS'
  - name: Ensure gradle is installed for self-building (Archlinux)
    pacman:
      name:
        - gradle
      state: latest
      update_cache: yes
    when: ansible_distribution == 'Archlinux'
  - name: Ensure mxisd repository is present on self-build
    git:
      repo: https://github.com/kamax-matrix/mxisd.git
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml
@@ -16,6 +16,14 @@
    update_cache: no
  when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'Debian'"
 - name: Ensure OpenSSL installed (Archlinux)
  pacman:
    name:
      - openssl
    state: latest
    update_cache: no
  when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_distribution == 'Archlinux'"
 - name: Generate self-signed certificates
  include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml"
  with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
--- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
@@ -16,11 +16,19 @@
 - name: Ensure git installed (Debian)
  apt:
    name:
      - openssl
      - git
    state: present
    update_cache: no
  when: "ansible_os_family == 'Debian'"
 - name: Ensure git installed (Archlinux)
  pacman:
    name:
      - git
    state: present
    update_cache: no
  when: "ansible_distribution == 'Archlinux'"
 - name: Clone synapse-simple-antispam git repository
  git:
    repo: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url }}"
--- a/roles/matrix-synapse/tasks/update_user_password.yml
+++ b/roles/matrix-synapse/tasks/update_user_password.yml
@@ -33,12 +33,7 @@
 - name: Wait a while, so that Matrix Synapse can manage to start
  pause:
    seconds: 7
  when: "start_result.changed"
 - name: Wait a while, so that Matrix Postgres can manage to start
  pause:
    seconds: 7
  when: "postgres_start_result.changed"
  when: "start_result.changed or postgres_start_result.changed"
 - name: Generate password hash
  shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}"