Merge pull request #1176 from GoMatrixHosting/master

GoMatrixHosting v0.5.4
4 лет назад · a435c64c13
--- a/roles/matrix-awx/surveys/backup_server.json.j2
+++ b/roles/matrix-awx/surveys/backup_server.json.j2
@@ -16,4 +16,3 @@
    }
  ]
 }

--- a/roles/matrix-awx/tasks/customise_website_access_export.yml
+++ b/roles/matrix-awx/tasks/customise_website_access_export.yml
@@ -128,18 +128,13 @@
    validate_certs: yes
  when: customise_base_domain_website is undefined

 - name: Ensure group "sftp" exists
  group:
    name: sftp
    state: present

 - name: If user doesn't define a sftp_password, create a disabled 'sftp' account
  user:
    name: sftp
    comment: SFTP user to set custom web files and access servers export
    shell: /bin/false
    home: /home/sftp
    group: sftp
    group: matrix
    password: '*'
    update_password: always
  when: sftp_password|length == 0
@@ -150,15 +145,20 @@
    comment: SFTP user to set custom web files and access servers export
    shell: /bin/false
    home: /home/sftp
    group: sftp
    group: matrix
    password: "{{ sftp_password | password_hash('sha512') }}"
    update_password: always
  when: sftp_password|length > 0

 - name: Ensure group "sftp" exists
  group:
    name: sftp
    state: present

 - name: adding existing user 'sftp' to group matrix
  user:
    name: sftp
    groups: matrix
    groups: sftp
    append: yes
  when: customise_base_domain_website is defined

@@ -214,14 +214,14 @@
    group: sftp
    mode: '0644'
  when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")

 - name: Alter SSH Subsystem State 1
    
 - name: Remove any existing Subsystem lines
  lineinfile:
    path: /etc/ssh/sshd_config
    line: "Subsystem sftp	/usr/lib/openssh/sftp-server"
    state: absent
    regexp: '^Subsystem'

 - name: Alter SSH Subsystem State 2
 - name: Set SSH Subsystem State
  lineinfile:
    path: /etc/ssh/sshd_config
    insertafter: "^# override default of no subsystems"
--- a/roles/matrix-awx/tasks/purge_media_local.yml
+++ b/roles/matrix-awx/tasks/purge_media_local.yml
@@ -6,7 +6,7 @@

 - name: Purge local media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
  register: purge_command
  
 - name: Print output of purge command
--- a/roles/matrix-awx/tasks/purge_media_main.yml
+++ b/roles/matrix-awx/tasks/purge_media_main.yml
@@ -17,15 +17,16 @@
    - jq
    state: present

 - name: Collect access token for janitor user
  shell: |
    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
  register: janitors_token
  
 - name: Collect the internal IP of the matrix-synapse container
  shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
  register: synapse_container_ip
    

 - name: Collect access token for janitor user
  shell: |
    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
  register: janitors_token
  no_log: True

 - name: Generate list of dates to purge to
  delegate_to: 127.0.0.1
  shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
--- a/roles/matrix-awx/tasks/purge_media_remote.yml
+++ b/roles/matrix-awx/tasks/purge_media_remote.yml
@@ -6,7 +6,7 @@

 - name: Purge remote media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
  register: purge_command
  
 - name: Print output of purge command