From ed5cf043063ccdc1bb993daabf792b2920b054d1 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 3 May 2023 19:27:57 +0000 Subject: [PATCH 01/10] nginx: fix base domain configuration to allow serving custom content --- .../templates/nginx/conf.d/matrix-base-domain.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 index 44978dc40..07350b1a0 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 @@ -1,7 +1,10 @@ #jinja2: lstrip_blocks: "True" {% macro render_vhost_directives() %} + absolute_redirect off; root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}{{ matrix_nginx_proxy_data_path_extension }}; + index index.html index.htm; + try_files $uri $uri/ =404; gzip on; gzip_types text/plain application/json; From 2bd94a52bb657c738aeddb4a53e585e9266f7254 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Sun, 7 May 2023 17:07:37 -0700 Subject: [PATCH 02/10] Adds self build option for dendrite --- .../custom/matrix-dendrite/defaults/main.yml | 16 ++++++--- .../matrix-dendrite/tasks/setup_install.yml | 33 +++++++++++++++---- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 41cd35ed0..3c083b99d 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -4,8 +4,12 @@ matrix_dendrite_enabled: true -matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" -matrix_dendrite_docker_image_name_prefix: "docker.io/" +matrix_dendrite_container_image_self_build: false +matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/dendrite.git" + +matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" +matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" +matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_dendrite_docker_image_tag: "v0.12.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" @@ -17,6 +21,8 @@ matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" +matrix_dendrite_docker_src_files_path: "{{ matrix_dendrite_base_path }}/docker-src" + # By default, we make Dendrite only serve HTTP (not HTTPS). # HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`). # @@ -85,14 +91,14 @@ matrix_dendrite_systemd_wanted_services_list: [] # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" -matrix_dendrite_client_api_registration_shared_secret: '' +matrix_dendrite_client_api_registration_shared_secret: "" matrix_dendrite_allow_guest_access: false matrix_dendrite_max_file_size_bytes: 10485760 # Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client. # This is likely required if Dendrite is running behind a reverse proxy server. -matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For' +matrix_dendrite_sync_api_real_ip_header: "X-Forwarded-For" # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_dendrite_tmp_directory_size_mb: 500 @@ -147,7 +153,7 @@ matrix_dendrite_metrics_password: "metrics" # Postgres database information matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}" -matrix_dendrite_database_hostname: '' +matrix_dendrite_database_hostname: "" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" matrix_dendrite_federation_api_database: "dendrite_federationapi" diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 283e8b019..d96ddaeb6 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -1,17 +1,21 @@ --- - - name: Ensure Dendrite paths exist ansible.builtin.file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_dendrite_config_dir_path }}" - - "{{ matrix_dendrite_bin_path }}" - - "{{ matrix_dendrite_ext_path }}" - - "{{ matrix_dendrite_nats_storage_path }}" + - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } + - { path: "{{ matrix_dendrite_bin_path }}", when: true } + - { path: "{{ matrix_dendrite_ext_path }}", when: true } + - { path: "{{ matrix_dendrite_nats_storage_path }}", when: true } + - { + path: "{{ matrix_dendrite_docker_src_files_path }}", + when: "{{ matrix_dendrite_container_image_self_build }}", + } + when: "item.when | bool" # This will throw a Permission Denied error if already mounted using fuse - name: Check Dendrite media store path @@ -37,11 +41,23 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + when: "not matrix_dendrite_container_image_self_build | bool" register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed +- name: Ensure Dendrite repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_dendrite_container_image_self_build_repo }}" + dest: "{{ matrix_dendrite_docker_src_files_path }}" + version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_dendrite_git_pull_results + when: "matrix_dendrite_container_image_self_build | bool" + # We do this so that the signing key would get generated. # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. @@ -72,6 +88,11 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure Dendrite Docker image is built + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" + when: "matrix_dendrite_container_image_self_build | bool" + - name: Ensure Dendrite container network is created community.general.docker_network: name: "{{ matrix_dendrite_container_network }}" From c1462c627728967a77ab1dc0ff03da22b3ca1654 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 May 2023 20:59:24 +0300 Subject: [PATCH 03/10] Upgrade Synapse (v1.82.0 -> v1.83.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index b7858fde5..a1719461d 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.82.0 +matrix_synapse_version: v1.83.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 8c0def5dfef589043e58d034cabd5d01c8a7a294 Mon Sep 17 00:00:00 2001 From: darsh12 Date: Tue, 9 May 2023 14:20:27 -0700 Subject: [PATCH 04/10] Update main.yml update matrix_bot_chatgpt_version to 3.1.0 --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 16ad8588a..36cc60c0e 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_chatgpt_enabled: true -matrix_bot_chatgpt_version: 3.0.0 +matrix_bot_chatgpt_version: 3.1.0 matrix_bot_chatgpt_container_image_self_build: false matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot" From 20a04a026139e0c78ce6173ba49413130adb7896 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 10 May 2023 13:54:51 +0000 Subject: [PATCH 05/10] Update element v1.11.30 -> v1.11.31 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3d57b235b..109b42e87 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.30 +matrix_client_element_version: v1.11.31 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From d448cade3ae98c8c231d046b3d083d7b5af06183 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 10 May 2023 09:36:11 -0700 Subject: [PATCH 06/10] Moves matrix_dendrite_container_image_self_build to a conditional block, similar to synapse. Also adds the DOCKER_BUILDKIT=1 explicitly to ensure buildkit is used. --- .../matrix-dendrite/tasks/setup_install.yml | 41 ++++++++++++------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index d96ddaeb6..70ee45b90 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -47,17 +47,6 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- name: Ensure Dendrite repository is present on self-build - ansible.builtin.git: - repo: "{{ matrix_dendrite_container_image_self_build_repo }}" - dest: "{{ matrix_dendrite_docker_src_files_path }}" - version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_dendrite_git_pull_results - when: "matrix_dendrite_container_image_self_build | bool" - # We do this so that the signing key would get generated. # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. @@ -88,10 +77,32 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure Dendrite Docker image is built - ansible.builtin.command: - cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" - when: "matrix_dendrite_container_image_self_build | bool" +- when: "matrix_dendrite_container_image_self_build | bool" + block: + - name: Ensure Dendrite repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_dendrite_container_image_self_build_repo }}" + dest: "{{ matrix_dendrite_docker_src_files_path }}" + version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_dendrite_git_pull_results + + - name: Check if Dendrite Docker image exists + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_dendrite_docker_image }}'" + register: matrix_dendrite_docker_image_check_result + changed_when: false + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Dendrite Docker image is built + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" + environment: + DOCKER_BUILDKIT: 1 + when: "matrix_dendrite_git_pull_results.changed | bool or matrix_dendrite_docker_image_check_result.stdout == ''" - name: Ensure Dendrite container network is created community.general.docker_network: From f102d75e13f2c63f8a0f782d311b747c58e44817 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 09:42:13 +0300 Subject: [PATCH 07/10] Upgrade backup-borg (v1.2.4-1.7.12-1 -> v1.2.4-1.7.12-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index fc06393f7..330a9cd4d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-0 name: aux - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.12-1 + version: v1.2.4-1.7.12-2 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 1b9a29fba60aede12d7db8fe0f90f6a0486f9add Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 09:42:19 +0300 Subject: [PATCH 08/10] Upgrade Grafana (v9.5.1-0 -> v9.5.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 330a9cd4d..20f286d88 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v9.5.1-0 + version: v9.5.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 name: jitsi From 1649065a4d00b191a66b7ef16f0aa7675f03dfff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 09:54:22 +0300 Subject: [PATCH 09/10] Fix yamllint-reported errors in matrix-dendrite Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2674 --- .../matrix-dendrite/tasks/setup_install.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 70ee45b90..2606dfea3 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -7,14 +7,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } - - { path: "{{ matrix_dendrite_bin_path }}", when: true } - - { path: "{{ matrix_dendrite_ext_path }}", when: true } - - { path: "{{ matrix_dendrite_nats_storage_path }}", when: true } - - { - path: "{{ matrix_dendrite_docker_src_files_path }}", - when: "{{ matrix_dendrite_container_image_self_build }}", - } + - path: "{{ matrix_dendrite_config_dir_path }}" + when: true + - path: "{{ matrix_dendrite_bin_path }}" + when: true + - path: "{{ matrix_dendrite_ext_path }}" + when: true + - path: "{{ matrix_dendrite_nats_storage_path }}" + when: true + - path: "{{ matrix_dendrite_docker_src_files_path }}" + when: "{{ matrix_dendrite_container_image_self_build }}" when: "item.when | bool" # This will throw a Permission Denied error if already mounted using fuse From a6a32f24f72bea3b384a2b5046bf83469f1b9774 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 11:23:09 +0300 Subject: [PATCH 10/10] Add changed_when to Dendrite self-building task to make ansible-lint happy Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2674 --- roles/custom/matrix-dendrite/tasks/setup_install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 2606dfea3..64c047d1c 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -104,6 +104,7 @@ cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" environment: DOCKER_BUILDKIT: 1 + changed_when: true when: "matrix_dendrite_git_pull_results.changed | bool or matrix_dendrite_docker_image_check_result.stdout == ''" - name: Ensure Dendrite container network is created