diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index 1ab6950a3..87ea228a9 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -31,9 +31,9 @@ Updates to this section are trailed here: ## Does I need an AWX setup to use this? How do I configure it? -Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation.md). +Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). -For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal.md). +For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md). ## Does I need a front-end WordPress site? And a DigitalOcean account? diff --git a/docs/configuring-playbook-bridge-heisenbridge.md b/docs/configuring-playbook-bridge-heisenbridge.md index 9cf016f24..2c1b438f6 100644 --- a/docs/configuring-playbook-bridge-heisenbridge.md +++ b/docs/configuring-playbook-bridge-heisenbridge.md @@ -4,7 +4,7 @@ The playbook can install and configure [Heisenbridge](https://github.com/hifi/heisenbridge) - the bouncer-style [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat) bridge for you. -See the project's [README](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you. +See the project's [README](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you. You can also take a look at [this demonstration video](https://www.youtube.com/watch?v=nQk1Bp4tk4I). ## Configuration @@ -33,4 +33,6 @@ After the bridge is successfully running just DM `@heisenbridge:your-homeserver` Help is available for all commands with the `-h` switch. If the bridge ignores you and a DM is not accepted then the owner setting may be wrong. +You can also learn the basics by watching [this demonstration video](https://www.youtube.com/watch?v=nQk1Bp4tk4I). + If you encounter issues or feel lost you can join the project room at [#heisenbridge:vi.fi](https://matrix.to/#/#heisenbridge:vi.fi) for help. diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index bdfdfa63d..e152e662c 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -55,3 +55,22 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per ## Synapse + OpenID Connect for Single-Sign-On If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). + +In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ; + +``` + - idp_id: keycloak + idp_name: "Keycloak" + issuer: "https://url.ix/auth/realms/x" + client_id: "matrix" + client_secret: "{{ vault_synapse_keycloak }}" + scopes: ["openid", "profile"] + authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth" + token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token" + userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo" + user_mapping_provider: + config: + display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}" + email_template: "{%raw}{{ user.email }}{% endraw %}" +``` + diff --git a/roles/matrix-awx/surveys/configure_email_relay.json.j2 b/roles/matrix-awx/surveys/configure_email_relay.json.j2 new file mode 100644 index 000000000..65c21a94b --- /dev/null +++ b/roles/matrix-awx/surveys/configure_email_relay.json.j2 @@ -0,0 +1,19 @@ +{ + "name": "Configure Email Relay", + "description": "Enable MailGun relay to increase verification email reliability.", + "spec": [ + { + "question_name": "Enable Email Relay", + "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.", + "required": false, + "min": null, + "max": null, + "default": "{{ matrix_mailer_relay_use | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_mailer_relay_use", + "type": "multiplechoice" + } + ] +} + diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index a82f46b06..b7a82b960 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -54,10 +54,6 @@ validate_certs: yes tags: use-survey -- name: Run export.sh if this job template is run by the client - command: /bin/sh /root/export.sh - tags: use-survey - - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' @@ -70,8 +66,28 @@ mode: '0660' tags: use-survey -- name: Perform the borg backup - command: borgmatic +- name: Run initial backup of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" + with_items: + - borgmatic -c /root/.config/borgmatic/config_1.yaml + - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 + register: _create_instances + async: 3600 # Maximum runtime in seconds. + poll: 0 # Fire and continue (never poll) + when: matrix_awx_backup_enabled|bool + +- name: Wait for both of these jobs to finish + async_status: + jid: "{{ item.ansible_job_id }}" + register: _jobs + until: _jobs.finished + delay: 5 # Check every 5 seconds. + retries: 720 # Retry for a full hour. + with_items: "{{ _create_instances.results }}" + when: matrix_awx_backup_enabled|bool + +- name: Perform borg backup of postgres dump + command: borgmatic -c /root/.config/borgmatic/config_2.yaml when: matrix_awx_backup_enabled|bool - name: Set boolean value to exit playbook diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml new file mode 100644 index 000000000..c70b0beb1 --- /dev/null +++ b/roles/matrix-awx/tasks/export_server.yml @@ -0,0 +1,33 @@ + +- name: Run export of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" + with_items: + - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 + - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 + register: _create_instances + async: 3600 # Maximum runtime in seconds. + poll: 0 # Fire and continue (never poll) + +- name: Wait for both of these jobs to finish + async_status: + jid: "{{ item.ansible_job_id }}" + register: _jobs + until: _jobs.finished + delay: 5 # Check every 5 seconds. + retries: 720 # Retry for a full hour. + with_items: "{{ _create_instances.results }}" + +- name: Schedule deletion of the export in 24 hours + at: + command: rm /chroot/export/matrix* + count: 1 + units: days + unique: yes + +- name: Set boolean value to exit playbook + set_fact: + end_playbook: true + +- name: End playbook if this task list is called. + meta: end_play + when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml index 6017152fb..d9c3ca6f1 100644 --- a/roles/matrix-awx/tasks/import_awx.yml +++ b/roles/matrix-awx/tasks/import_awx.yml @@ -1,15 +1,4 @@ -- name: Ensure /matrix/awx is empty - shell: rm -r /matrix/awx/* - ignore_errors: yes - -- name: Ensure /matrix/synapse is empty - shell: rm -r /matrix/synapse/* - ignore_errors: yes - -- name: Extract from /chroot/export - shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/ - - name: Ensure correct ownership of /matrix/awx shell: chown -R matrix:matrix /matrix/awx diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 654cdf627..6e192ce0f 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -25,6 +25,15 @@ when: run_setup|bool and matrix_awx_enabled|bool tags: - backup-server + +# Perform a export of the server +- include_tasks: + file: "export_server.yml" + apply: + tags: export-server + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - export-server # Create a user account if called - include_tasks: @@ -98,6 +107,15 @@ tags: - setup-client-element +# Additional playbook to set the variable file during Mailer configuration +- include_tasks: + file: "set_variables_mailer.yml" + apply: + tags: setup-mailer + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - setup-mailer + # Additional playbook to set the variable file during Element configuration - include_tasks: file: "set_variables_element_subdomain.yml" diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml new file mode 100644 index 000000000..924454d6e --- /dev/null +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -0,0 +1,50 @@ + +- name: Record Mailer variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Email Settings Start' + with_dict: + 'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' + +- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' + +- name: Copy new 'Configure Email Relay' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' + dest: '/matrix/awx/configure_email_relay.json' + mode: '0660' + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + register: tower_token + no_log: True + +- name: Recreate 'Configure Email Relay' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Email Relay" + description: "Enable MailGun relay to increase verification email reliability." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-mailer" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" + become_enabled: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index bdf49f65b..ca8797b4f 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.26.0 +matrix_appservice_irc_version: release-0.26.1 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index b9a58e005..e13557963 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build and matrix_appservice_irc_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 6a1bf869f..0584e6247 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build and matrix_appservice_slack_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 83e54cb42..fdfdfdaed 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 07fb254db..63a046180 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index 6944003eb..c0b7da32f 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index c8f7f895e..84ac86d0b 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build and matrix_mautrix_telegram_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 983e3895e..33d35e603 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index eb598ecb5..4cd3c6b3c 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index 2ef99f025..a12885e78 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index 1bdc4c2ba..e8ed1a3a6 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index de3ffd7cd..716cb3517 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index c7b3d67fb..38d0f9a22 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 94fafd900..f23a6a647 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}" diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index f0596d917..f836d4a49 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.7.29 +matrix_client_element_version: v1.7.30 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/matrix-client-element/tasks/init.yml index 102cae383..44fa15440 100644 --- a/roles/matrix-client-element/tasks/init.yml +++ b/roles/matrix-client-element/tasks/init.yml @@ -7,4 +7,4 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build and matrix_client_element_enabled" diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index f7a3059e4..929565c54 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.1.53 +matrix_client_hydrogen_version: v0.1.57 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml index 1115f63d6..8116a0034 100644 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ b/roles/matrix-client-hydrogen/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}" diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index 993ace81e..e5062c275 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index ad8735fe0..2539d8b1c 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -2,7 +2,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn" -matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r0" +matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r1" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" matrix_coturn_version: 4.5.2 diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index c645c06bf..a7d8a3434 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index 039b5b023..e7d33ff28 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}" diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 7c5c217c7..bfd67e965 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 7.5.7 +matrix_grafana_version: 8.0.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" @@ -38,11 +38,11 @@ matrix_grafana_default_admin_password: admin matrix_grafana_content_security_policy: true # specify content security policy template to customized template -# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers. # added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers. # [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/) # [Content Security Policy Reference](https://content-security-policy.com/script-src/) -matrix_grafana_content_security_policy_customized: true +matrix_grafana_content_security_policy_customized: false +matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';" # A list of extra arguments to pass to the container matrix_grafana_container_extra_arguments: [] diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2 index 322762b42..8f4c88f08 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/matrix-grafana/templates/grafana.ini.j2 @@ -13,7 +13,7 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}" # specify content security policy template to customized template {% if matrix_grafana_content_security_policy_customized %} -content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';""" +content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}""" {% endif %} [auth.anonymous] diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 14545bc97..87d877065 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -39,6 +39,7 @@ matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280 matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi +matrix_jitsi_xmpp_modules: '' matrix_jitsi_recorder_domain: recorder.meet.jitsi diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 index 0c977d452..38b2456c6 100644 --- a/roles/matrix-jitsi/templates/prosody/env.j2 +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -25,7 +25,7 @@ XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_MODULES= +XMPP_MODULES={{ matrix_jitsi_xmpp_modules }} XMPP_MUC_MODULES= XMPP_INTERNAL_MUC_MODULES= diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index f09cfcfd4..04cc3a213 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled|bool" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}" diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index 5895343e8..d07380f0e 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index e7ee00a52..e71a10382 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -404,7 +404,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.14.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.16.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index e33e74934..409c7926f 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -5,7 +5,7 @@ matrix_redis_connection_password: "" matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" -matrix_redis_version: 6.0.10-alpine +matrix_redis_version: 6.2.4-alpine matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}" matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index b58ba659d..32a35c7da 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index 7898dec94..9e1710156 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_self_build and matrix_synapse_admin_enabled" - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 5cfa5c5fe..cb5f9a3af 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.35.0 -matrix_synapse_version_arm64: v1.35.0 +matrix_synapse_version: v1.36.0 +matrix_synapse_version_arm64: v1.36.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 167906646..bc23fc861 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -3,7 +3,7 @@ - name: Fail if trying to self-build on Ansible < 2.8 fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 734a7e909..d92efdba9 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2977,19 +2977,4 @@ redis: password: {{ matrix_synapse_redis_password }} -# Enable experimental features in Synapse. -# -# Experimental features might break or be removed without a deprecation -# period. -# -experimental_features: - # Support for Spaces (MSC1772), it enables the following: - # - # * The Spaces Summary API (MSC2946). - # * Restricting room membership based on space membership (MSC3083). - # - # Uncomment to disable support for Spaces. - #spaces_enabled: false - - # vim:ft=yaml diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index c989fb5b7..1f817c8eb 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -51,6 +51,9 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ + - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/ + - ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$ + - ^/_matrix/client/(api/v1|r0|unstable)/search$ # Registration/login requests - ^/_matrix/client/(api/v1|r0|unstable)/login$