From 7b0e5ef9955cc82802cd97bcefefc4fcd64abd91 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:55:11 +0000 Subject: [PATCH 01/96] Update mautrix-whatsapp 0.4.0 -> 0.5.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 5be700516..6e95eeb7c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.4.0 +matrix_mautrix_whatsapp_version: v0.5.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 5eff67371da7f49fcad0da570371374c674ebe9a Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 17 Jun 2022 14:32:17 +0300 Subject: [PATCH 02/96] add synapse media_retention --- roles/matrix-synapse/defaults/main.yml | 8 ++++++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b55..b7ea94f3c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -86,6 +86,14 @@ matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" matrix_synapse_max_upload_size_mb: 50 +# Controls whether local media should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_local_media_lifetime: +# Controls whether remote media cache (media that is downloaded from other homeservers) +# should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_remote_media_lifetime: + # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce713300..1b4edb291 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1048,6 +1048,14 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" +media_retention: +{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} + local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" +{% endif %} +{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} + remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" +{% endif %} + # Maximum number of pixels that will be thumbnailed # #max_image_pixels: 32M From 323f5aa60d3be35bb8cf21813b0ab299a19a5fd9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:25:49 +0300 Subject: [PATCH 03/96] Synchronize homeserver.yaml config with the one from Synapse 1.61.0 --- roles/matrix-synapse/defaults/main.yml | 3 --- roles/matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 10 ---------- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b55..5cf82ef1c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -215,9 +215,6 @@ matrix_synapse_recaptcha_private_key: '' # Disabling this option will not delete any tokens previously generated. matrix_synapse_registration_requires_token: false -# Allows non-server-admin users to create groups on this server -matrix_synapse_enable_group_creation: false - # A list of 3PID types which users must supply when registering (possible values: email, msisdn). matrix_synapse_registrations_require_3pid: [] diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index bb8a2bcd0..ab0ca3a7e 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -60,6 +60,7 @@ - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} + - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce713300..d9a2974f4 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2600,16 +2600,6 @@ spam_checker: {{ matrix_synapse_spam_checker|to_json }} encryption_enabled_by_default_for_room_type: {{ matrix_synapse_encryption_enabled_by_default_for_room_type|to_json }} -# Uncomment to allow non-server-admin users to create groups on this server -# -enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }} - -# If enabled, non server admins can only create groups with local parts -# starting with this prefix -# -#group_creation_prefix: "unofficial_" - - # User Directory configuration # From 5987589436c7ed86897140f53eb8e1b1528c1317 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:30:22 +0300 Subject: [PATCH 04/96] Use |to_json --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1b4edb291..20b8135ab 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1050,10 +1050,10 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: {% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} - local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" + local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} {% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} - remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" + remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} # Maximum number of pixels that will be thumbnailed From 38027e72f6d541f46991eec4ea4ff6d40ae4aa90 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:45:25 +0300 Subject: [PATCH 05/96] Fix "object of type 'NoneType' has no len()" error Fixup for 5eff67371da7f49fc - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1884 --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d1f134079..c2364650d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1049,10 +1049,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: -{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_local_media_lifetime %} local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} -{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_remote_media_lifetime %} remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} From f6a73231ab64629a11aea445c854819cff06db75 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 18 Jun 2022 16:13:08 +0200 Subject: [PATCH 06/96] Synapse workers should respect X-Forwarded headers Currently, Synapse workers ignore the X-Forwarded headers, which leads to internal Docker IP addresses randomly appearing in the users' device list. This adds the `x_forwarded: true` option to the worker config, fixing the issue. --- roles/matrix-synapse/templates/synapse/worker.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 40714f442..239de1f21 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -26,6 +26,7 @@ worker_listeners: {% if http_resources|length > 0 %} - type: http bind_addresses: ['::'] + x_forwarded: true port: {{ matrix_synapse_worker_details.port }} resources: - names: {{ http_resources|to_json }} From 970afa4578b78951af7fded07fd9495990b2260c Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 21 Jun 2022 00:02:17 +0300 Subject: [PATCH 07/96] Update Buscarron 1.1.0 -> 1.2.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 8 +++++++- roles/matrix-bot-buscarron/templates/env.j2 | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index c2b44fa11..56686f42f 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.1.0 +matrix_bot_buscarron_version: v1.2.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -76,6 +76,9 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" # forms configuration matrix_bot_buscarron_forms: [] +# Disable encryption +matrix_bot_buscarron_noencryption: + # Sentry DSN matrix_bot_buscarron_sentry: @@ -88,6 +91,9 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# spam email localparts +matrix_bot_buscarron_spam_localparts: [] + # Ban duration in hours matrix_bot_buscarron_ban_duration: 24 diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index 876072e17..42da0d349 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -5,6 +5,7 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} @@ -12,10 +13,12 @@ BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} +BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} From fff4b9116c8fdf608669c543af3a5fa279a2751e Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Wed, 22 Jun 2022 10:10:41 +0200 Subject: [PATCH 08/96] Use prebuilt ARM images for coturn / synapse-admin * synapse-admin arm64 builds available since 2021-12-17 v.0.8.4 [awesometechnologies/synapse-admin:0.8.5](https://hub.docker.com/layers/synapse-admin/awesometechnologies/synapse-admin/0.8.5/images/sha256-eb54b8660c4641641b8acd08fd2dfc94ecc3fc604860f9e8b286a38008e3f3b6?context=explore) * coturn arm32/arm64 builds available since 2021-04-15 v.4.5.2-r0-alpine [coturn/coturn:4.5.2-r12](https://hub.docker.com/layers/coturn/coturn/coturn/4.5.2-r12/images/sha256-94887581bb1093085033be0494c3a651bd40034afba1867ddc78b8ba32dc2faf?context=explore) --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f727da55f..19cde0af0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1260,7 +1260,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -2196,7 +2196,7 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" -matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" ###################################################################### # From 5963a387f06cf11eefa17b2e49f53a8b9c10169c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:43:55 +0300 Subject: [PATCH 09/96] Upgrade Postgres (14.3 -> 14.4) --- roles/matrix-postgres/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index bb8202173..b6cbc2055 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -27,7 +27,7 @@ matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }} matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.4{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From f943e82384c2707f0ec45618352884901e819a21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:44:12 +0300 Subject: [PATCH 10/96] Upgrade Certbot (1.27 -> 1.28) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 64e2e06bf..466825c96 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From f4cf7b9cc190e00b4b7188659a0d24e856b20cfa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:17:51 +0300 Subject: [PATCH 11/96] Remove unused variable (matrix_nginx_proxy_synapse_workers_enabled_list) definition --- roles/matrix-nginx-proxy/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 466825c96..f3ec27baa 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -218,7 +218,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_synapse_workers_enabled_list: [] matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. # Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. From 2e68c9963ba4ab8b1e7d644a9185717012edfe06 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:50:43 +0300 Subject: [PATCH 12/96] Fix matrix-prometheus-postgres-exporter port number in some comments --- roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index c96a6ea84..9ad60405f 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -29,14 +29,14 @@ matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). +# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) +# - or listens on a loopback interface only (--net=host and 127.0.0.1:9187), which is not reachable from another container (like `matrix-prometheus`) # # Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, # but that's trickier to accomplish and won't necessarily work (hasn't been tested). From a3a6e14f7b730bdf0534f8821966b68d2c49cb1d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 23:04:27 +0300 Subject: [PATCH 13/96] Add matrix_nginx_proxy_proxy_synapse_metrics_addr_{with,sans}_container variables to defaults We redefine these variables in `group_vars/matrix_servers`, but it's better to have some defaults in the role as well. --- roles/matrix-nginx-proxy/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f3ec27baa..6fb7217e3 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -225,6 +225,8 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" +matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From ba51997f7b0c72755b19aeafc2db51ce90fc2112 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:44:11 +0300 Subject: [PATCH 14/96] (BC Break) Redo how metrics are exposed to external Prometheus servers --- CHANGELOG.md | 29 +++++++ docs/configuring-playbook-bridge-hookshot.md | 15 +++- ...configuring-playbook-prometheus-grafana.md | 85 +++++++++---------- ...onfiguring-playbook-prometheus-postgres.md | 8 +- group_vars/matrix_servers | 18 ++-- .../matrix-bridge-hookshot/defaults/main.yml | 13 ++- roles/matrix-bridge-hookshot/tasks/init.yml | 25 ++---- .../tasks/validate_config.yml | 13 +++ roles/matrix-nginx-proxy/defaults/main.yml | 66 +++++++++++--- .../tasks/nginx-proxy/setup_metrics_auth.yml | 53 ++++++++++++ .../tasks/setup_nginx_proxy.yml | 31 +++---- .../tasks/validate_config.yml | 23 +++++ .../nginx/conf.d/matrix-domain.conf.j2 | 13 +++ .../nginx/conf.d/matrix-synapse.conf.j2 | 39 --------- .../nginx/matrix-synapse-metrics-htpasswd.j2 | 3 - .../defaults/main.yml | 7 ++ .../tasks/init.yml | 36 ++++++++ .../defaults/main.yml | 6 ++ .../tasks/init.yml | 36 ++++++++ roles/matrix-synapse/defaults/main.yml | 8 ++ roles/matrix-synapse/tasks/init.yml | 60 +++++++++++++ .../tasks/synapse/setup_install.yml | 9 ++ .../tasks/synapse/setup_uninstall.yml | 6 ++ .../external_prometheus.yml.example.j2 | 18 ++-- setup.yml | 2 +- 25 files changed, 453 insertions(+), 169 deletions(-) create mode 100644 roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml delete mode 100644 roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 rename roles/{matrix-nginx-proxy/templates => matrix-synapse/templates/synapse}/prometheus/external_prometheus.yml.example.j2 (51%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e90accaf..3c5fdac53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,32 @@ +# 2022-06-23 + +## (Potential Backward Compatibility Break) Changes around metrics collection + +**TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below. + +**Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all). + +**The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. + +**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that: +1. **Metrics may not be enabled by default anymore**: + - If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network. + - **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below. +2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. +3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`. + +**If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`. + +**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`. + +**If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that: + +1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them. +2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation +3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` +4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). + + # 2022-06-13 ## go-skype-bridge bridging support diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index f47f24c0e..3e8a54a20 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -14,7 +14,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. @@ -32,8 +32,8 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | -| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). @@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics -If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). +Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them. + +To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however. + +**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to: + +- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature) +- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true` ### Collision with matrix-appservice-webhooks diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index f178def20..e1b826430 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -9,8 +9,12 @@ Remember to add `stats.` to DNS as described in [Configuring DNS](c ```yaml matrix_prometheus_enabled: true +# You can remove this, if unnecessary. matrix_prometheus_node_exporter_enabled: true +# You can remove this, if unnecessary. +matrix_prometheus_postgres_exporter_enabled: true + matrix_grafana_enabled: true matrix_grafana_anonymous_access: false @@ -34,6 +38,7 @@ Name | Description -----|---------- `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures +`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. `matrix_grafana_default_admin_user`
`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here @@ -48,28 +53,54 @@ Most of our docker containers run with limited system access, but the `prometheu ## Collecting metrics to an external Prometheus server -If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation. +**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly". + +When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network. + +The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below. -To do this, you may be interested in the following variables: +The following variables may be of interest: Name | Description -----|---------- +`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead. `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) -`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics` -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`) -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx. -`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`) +`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). +`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) +`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) +`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` +`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below) + +Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations: +```nginx +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: + - 'location /metrics/another-service { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-another-service:9100/metrics; + }' +``` + +Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). + -### Collecting worker metrics to an external Prometheus server +### Collecting Synapse worker metrics to an external Prometheus server -If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. -The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. +The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: ```yaml scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics + metrics_path: /metrics/synapse/main-process scheme: https basic_auth: username: prometheus @@ -80,7 +111,7 @@ scrape_configs: job: "master" index: 1 - job_name: 'synapse-generic_worker-1' - metrics_path: /_synapse-worker-generic_worker-18111/metrics + metrics_path: /metrics/synapse/worker/generic_worker-18111 scheme: https basic_auth: username: prometheus @@ -92,38 +123,6 @@ scrape_configs: index: 18111 ``` -### Collecting system and Postgres metrics to an external Prometheus server (advanced) - -When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats. - -It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network. - -Use the following variables in addition to the ones mentioned above: - -Name | Description ------|---------- -`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy -`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain -`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter -`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter -`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below) - -```nginx -matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: - - 'location /node-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-node-exporter:9100/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' - - 'location /postgres-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-postgres-exporter:9187/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' -``` -You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187. ## More information diff --git a/docs/configuring-playbook-prometheus-postgres.md b/docs/configuring-playbook-prometheus-postgres.md index 34407aaed..6fd13a9e9 100644 --- a/docs/configuring-playbook-prometheus-postgres.md +++ b/docs/configuring-playbook-prometheus-postgres.md @@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv ```yaml matrix_prometheus_postgres_exporter_enabled: true - -# the role creates a postgres user as credential. You can configure these if required: -matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' -matrix_prometheus_postgres_exporter_database_password: 'some-password' - ``` ## What does it do? @@ -20,7 +15,8 @@ Name | Description -----|---------- `matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' `matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' -`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. +`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) ## More information diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 19cde0af0..394e26dc9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -711,8 +711,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" -matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" -matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled. +# +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_hookshot_metrics_enabled` +# - `matrix_hookshot_metrics_proxying_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}" matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" @@ -1586,13 +1591,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" -# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore. -# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public. -# A local Prometheus can consume them over the container network. -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" - matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" @@ -1614,8 +1612,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" -matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}" - matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 3a2d5bc94..5d618a6ea 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -29,13 +29,20 @@ matrix_hookshot_public_endpoint: /hookshot matrix_hookshot_appservice_port: 9993 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" -# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc -matrix_hookshot_metrics_enabled: true +# Controls whether metrics are enabled in the bridge configuration. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`. +matrix_hookshot_metrics_enabled: false + +# Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_hookshot_metrics_proxying_enabled: false + # There is no need to edit ports. # Read the documentation to learn about using hookshot metrics with external Prometheus # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 -matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_webhook_port: 9000 diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 14bbcbb32..96d5740a7 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -103,11 +103,10 @@ [matrix_hookshot_matrix_nginx_proxy_configuration] }} - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | - {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} - location {{ matrix_hookshot_metrics_endpoint }} { + matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/hookshot { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; @@ -117,24 +116,18 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; {% endif %} - proxy_set_header Host $host; - {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - {% endif %} } - {% endif %} + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} - tags: - - always + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool when: matrix_hookshot_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml index 5da8809ee..b96223323 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -57,3 +57,16 @@ when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" with_items: - "matrix_hookshot_provisioning_secret" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot, + which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`. + + We now recommend exposing Hookshot metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_hookshot_proxy_metrics + - matrix_hookshot_metrics_endpoint + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6fb7217e3..f19eb4ab0 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,58 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) +# If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. +# This is only useful when an external Prometheus will be collecting metrics. +# +# To control what kind of metrics are exposed under `/metrics/` (e.g `/metrics/node-exporter`, `/metrics/postgres-exporter`, etc.), +# use `matrix_SERVICE_metrics_proxying_enabled` variables in each respective role. +# Roles inject themselves into the matrix-nginx-proxy configuration. +# +# To protect the metrics endpoints, see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` +matrix_nginx_proxy_proxy_matrix_metrics_enabled: false + +# Controls whether Basic Auth is enabled for all `/metrics/*` endpoints. +# +# You can provide the Basic Auth credentials in 2 ways: +# 1. A single username/password pair using `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` +# 2. Using raw content (`htpasswd`-generated file) provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled: false + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` specify +# the Basic Auth username/password for protecting `/metrics/*` endpoints. +# Alternatively, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username: "" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password: "" + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` value will be written verbatim to the htpasswd file protecting `/metrics/*` endpoints. +# Use this when a single username/password is not enough and you'd like to get more control over credentials. +# +# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. +# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` +# The whole thing is needed here. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "" + +# Specifies the path to the htpasswd file holding the htpasswd credentials for protecting `/metrics/*` endpoints +# This is not meant to be modified. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + +# Specifies the Apache container image to use +# when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. +# This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. +# To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. +# Learn more in: `roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" + +# A list of strings containing additional configuration blocks to add to the `location /metrics` configuration (matrix-domain.conf). +# Do not modify `matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks` and `matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks`. +# If you'd like to inject your own configuration blocks, use `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`. +matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks: "{{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks + matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks }}" +matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: [] +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: [] + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -216,18 +268,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" -# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false -# The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. -# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. -# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` -# The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" - # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-proxy:12080" @@ -260,8 +300,6 @@ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: | (['/_synapse/oidc'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled else []) + (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else []) - + - (['/_synapse.*/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else []) }} # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml new file mode 100644 index 000000000..55163c945 --- /dev/null +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -0,0 +1,53 @@ +# When we're dealing with raw htpasswd content, we just store it in the file directly. +- name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content }}" + dest: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + when: not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username + +# Alternatively, we need to use the `htpasswd` tool to generate the htpasswd file. +# There's an Ansible module that helps with that, but it requires passlib (a Python module) to be installed on the server. +# See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module +# We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. +# As a workaround, we run `htpasswd` from an Apache container image. +- block: + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" + + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent + when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a559e1090..0da9e52c7 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -31,23 +31,9 @@ mode: 0644 when: matrix_nginx_proxy_enabled|bool -- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI) - template: - src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2" - dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0400 - when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool" - -- name: Generate sample prometheus.yml for external scraping - template: - src: "{{ role_path }}/templates/prometheus/external_prometheus.yml.example.j2" - dest: "{{ matrix_base_data_path }}/external_prometheus.yml.example" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0644 - when: matrix_nginx_proxy_proxy_synapse_metrics|bool +- name: Setup metrics + include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" + when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool - name: Ensure Matrix nginx-proxy configured (generic) template: @@ -324,10 +310,15 @@ file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool" -- name: Ensure sample prometheus.yml for external scraping is deleted +# This file is now generated by the matrix-synapse role and saved in the Synapse directory +- name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted file: path: "{{ matrix_base_data_path }}/external_prometheus.yml.example" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics|bool" + +- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs) + file: + path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + state: absent + when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 0de93873f..c6697e935 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -27,6 +27,14 @@ `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" +- name: Fail if Basic Auth enabled for metrics, but no credentials supplied + fail: + msg: | + Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: + - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) + - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) + when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" + - block: - name: (Deprecation) Catch and report renamed settings fail: @@ -36,6 +44,7 @@ with_items: - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} + - {'old': 'matrix_nginx_proxy_proxy_synapse_workers_enabled_list', 'new': ''} when: "item.old in vars" - name: Fail if required variables are undefined @@ -49,3 +58,17 @@ - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse, + which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`. + + We now recommend exposing Synapse metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_nginx_proxy_proxy_synapse_metrics + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 4abcd40a0..2895ba14a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,6 +45,19 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} + location /metrics { + {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path }}; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 9a1576d48..69f13a1aa 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -145,45 +145,6 @@ server { {{- configuration_block }} {% endfor %} - {% if matrix_nginx_proxy_proxy_synapse_metrics %} - location /_synapse/metrics { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - - {% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_proxy_synapse_metrics %} - {% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} - {% if worker.metrics_port != 0 %} - location /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; - proxy_pass http://$backend/_synapse/metrics; - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - {% endfor %} - {% endif %} - {# Everything else just goes to the API server ##} location / { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 b/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 deleted file mode 100644 index 1a7247ace..000000000 --- a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# User and password for protecting /_synapse/metrics URI -prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }} diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 5e50a1d77..1a086b311 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -17,10 +17,17 @@ matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service # List of systemd services that matrix-prometheus.service wants matrix_prometheus_node_exporter_systemd_wanted_services_list: [] +# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_node_exporter_metrics_proxying_enabled: false + # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index db44a7ab9..d08340a83 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + location /metrics/node-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-node-exporter:9100"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 9ad60405f..8c3f435e6 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -28,11 +28,17 @@ matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres' matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' +# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index ddea23ab1..996cc975d 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + location /metrics/postgres-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-postgres-exporter:9187"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 50e843027..848d8beb6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -334,6 +334,14 @@ matrix_url_preview_accept_language: ['en-US', 'en'] matrix_synapse_metrics_enabled: false matrix_synapse_metrics_port: 9100 +# Controls whether Synapse metrics should be proxied (exposed) on: +# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process +# - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process +# +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_synapse_metrics_proxying_enabled: false + # Enable the Synapse manhole # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md matrix_synapse_manhole_enabled: false diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 880650492..ffaec05fd 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -25,3 +25,63 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_synapse_nginx_metrics_configuration_block: | + location /metrics/synapse/main-process { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse:{{ matrix_synapse_metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_synapse_metrics_port }}/_synapse/metrics; + {% endif %} + } + + - name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_nginx_metrics_configuration_block] + }} + + - name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_synapse_worker_nginx_metrics_configuration_block: | + {% for worker in matrix_synapse_workers_enabled_list %} + {% if worker.metrics_port != 0 %} + location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + proxy_set_header Host $host; + } + {% endif %} + {% endfor %} + when: matrix_synapse_workers_enabled_list|length > 0 + + - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_worker_nginx_metrics_configuration_block] + }} + when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_enabled|bool and matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 2302a6f23..1aaaf7b3f 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -119,3 +119,12 @@ src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0755 + +- name: Generate sample prometheus.yml for external scraping + template: + src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2" + dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + when: matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 911d12851..1d4fe7ad2 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -29,3 +29,9 @@ docker_image: name: "{{ matrix_synapse_docker_image }}" state: absent + +- name: Ensure sample prometheus.yml for external scraping is deleted + file: + path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + state: absent + when: "not matrix_synapse_metrics_proxying_enabled|bool" diff --git a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 similarity index 51% rename from roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 rename to roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index cbb2e6f33..b194c3c2d 100644 --- a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -11,29 +11,29 @@ rule_files: scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/main-process + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "master" index: "0" -{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} +{% for worker in matrix_synapse_workers_enabled_list %} - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "{{ worker.type }}" index: "{{ worker.instanceId }}" diff --git a/setup.yml b/setup.yml index 5ea7e5a7e..27aac7a72 100755 --- a/setup.yml +++ b/setup.yml @@ -47,6 +47,7 @@ - matrix-dendrite - matrix-synapse-admin - matrix-prometheus-node-exporter + - matrix-prometheus-postgres-exporter - matrix-prometheus - matrix-grafana - matrix-registration @@ -63,6 +64,5 @@ - matrix-coturn - matrix-aux - matrix-postgres-backup - - matrix-prometheus-postgres-exporter - matrix-backup-borg - matrix-common-after From 9aab7f9c37f546a22a7b54c1a34bc6a3e519834a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:57:53 +0300 Subject: [PATCH 15/96] Make yamllint happy Fixup for ba51997f7b0 --- .../matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 55163c945..1d39b8d6c 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -1,3 +1,5 @@ +--- + # When we're dealing with raw htpasswd content, we just store it in the file directly. - name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) copy: From 1727ecd888317db71f7e35f4e022ef728bdf854c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 18:00:32 +0300 Subject: [PATCH 16/96] Make yamllint happy (take 2) > Error: 19:3 error wrong indentation: expected 4 but found 2 (indentation) --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 1d39b8d6c..35dabefa7 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -16,40 +16,40 @@ # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. # As a workaround, we run `htpasswd` from an Apache container image. - block: - - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - docker_image: - name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" - # We store the password in a file and make the `htpasswd` tool read it from there, - # as opposed to passing it directly on stdin (which will expose it to other processes on the server). - - name: Store metrics password in a temporary file - copy: - content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" - dest: "/tmp/matrix-nginx-proxy-metrics-password" - mode: 0400 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" - - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - command: - cmd: >- - {{ matrix_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network=none - --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data - --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro - --entrypoint=/bin/sh - {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} - -c - 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' - - name: Delete temporary metrics password file - file: - path: /tmp/matrix-nginx-proxy-metrics-password - state: absent + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' From 37d7e75e9bf2499e64ef8c7847b99c4ae44e081b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 20:37:56 +0300 Subject: [PATCH 17/96] Add support for passing extra arguments to prometheus-node-exporter --- .../defaults/main.yml | 12 ++++++++++++ .../matrix-prometheus-node-exporter.service.j2 | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 1a086b311..a7f25c210 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -11,6 +11,18 @@ matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_n # A list of extra arguments to pass to the container matrix_prometheus_node_exporter_container_extra_arguments: [] +# A list of extra arguments to pass to the node_exporter process +# +# Example: +# matrix_prometheus_node_exporter_process_extra_arguments: +# - "--collector.systemd" +# - "--collector.logind" +# +# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. +# In fact, the systemd collector is exhibiting issues: +# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +matrix_prometheus_node_exporter_process_extra_arguments: [] + # List of systemd services that matrix-prometheus.service depends on matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service'] diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index e38b42e31..d0bfa4cce 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -32,7 +32,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod --pid=host \ --mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ {{ matrix_prometheus_node_exporter_docker_image }} \ - --path.rootfs=/host + --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' From 569b52f0c1818d988aa0ebf0eb93a7ff9e37b503 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Jun 2022 08:33:17 +0300 Subject: [PATCH 18/96] Document how the systemd node-exporter collector can be made to work --- roles/matrix-prometheus-node-exporter/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index a7f25c210..d061d59cd 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -18,9 +18,10 @@ matrix_prometheus_node_exporter_container_extra_arguments: [] # - "--collector.systemd" # - "--collector.logind" # -# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. -# In fact, the systemd collector is exhibiting issues: -# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +# Note: the above is just an example. Various collectors may require various tweaks to be able to run. +# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`: +# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`) +# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`) matrix_prometheus_node_exporter_process_extra_arguments: [] # List of systemd services that matrix-prometheus.service depends on From 5f6ad0f603693d4ea8b31298fe4b8c42d004c724 Mon Sep 17 00:00:00 2001 From: nono-lqdn Date: Fri, 24 Jun 2022 17:45:52 +0200 Subject: [PATCH 19/96] Added a note on managing the basic_auth password on external prometheus servers --- CHANGELOG.md | 1 + docs/configuring-playbook-prometheus-grafana.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c5fdac53..2779b3698 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index e1b826430..b2878c12b 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,6 +90,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server @@ -130,4 +131,3 @@ scrape_configs: - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2) - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) - From 83f1574a085831ac58d22de6cffb5d4f1569e5fc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 Jun 2022 18:59:28 +0300 Subject: [PATCH 20/96] Upgrade exim-relay (4.95-r0-2 -> 4.95-r0-4) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 682126d28..6d3bb2e24 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0-2 +matrix_mailer_version: 4.95-r0-4 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From b784f88af5cb8f3883ade58fee175cb76f892f66 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:06:35 +0000 Subject: [PATCH 21/96] Update Grafana (8.5.3 -> 9.0.1) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 991cb19d6..618eaef73 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.3 +matrix_grafana_version: 9.0.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From c793fc5ff0a47d078022751fd2be588a2782187f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:07:30 +0000 Subject: [PATCH 22/96] Update Prometheus (v2.33.3 -> v2.36.2) --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 843a90e8a..cb1e6c014 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.33.3 +matrix_prometheus_version: v2.36.2 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 574f57c82cb44a6dce204fbdfda197753d8752de Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 08:41:22 +0300 Subject: [PATCH 23/96] expose prometheus process args --- roles/matrix-prometheus/defaults/main.yml | 7 +++++++ .../templates/systemd/matrix-prometheus.service.j2 | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index cb1e6c014..ffe2ddc0e 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,6 +26,13 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 8de57201c..296a3adf0 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} + {{ matrix_prometheus_docker_image }} \ + {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 1542e8bca036360c6eb3d2cdaa5415e7eacb805f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 26 Jun 2022 06:59:46 +0000 Subject: [PATCH 24/96] Update roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 Co-authored-by: Slavi Pantaleev --- .../templates/systemd/matrix-prometheus.service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 296a3adf0..57969f8a6 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,8 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} \ - {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From c71fea70d334506571dd268824e09f05b5f80acf Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 12:01:57 +0300 Subject: [PATCH 25/96] matrix-prometheus feedback --- roles/matrix-prometheus/defaults/main.yml | 10 ++++++++-- .../templates/systemd/matrix-prometheus.service.j2 | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index ffe2ddc0e..28395bd9d 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,13 +26,19 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' -# A list of extra arguments to pass to the prometheus process -matrix_prometheus_process_extra_arguments: +# A list of default arguments to pass to the prometheus process +matrix_prometheus_process_default_arguments: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: [] + +# holds the final list of process arguments +matrix_prometheus_process_arguments: "{{ matrix_prometheus_process_default_arguments + matrix_prometheus_process_extra_arguments }}" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 57969f8a6..56e13c134 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 5801017df0b1005c6513bce4bfa2a3c11e36309c Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:16:09 +0300 Subject: [PATCH 26/96] mx-puppet-bridges - set log level = warn, set presence interval = 5s --- .../matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 | 4 ++-- .../matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 | 2 +- .../templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 index edb0c280b..a1c0cc486 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -25,7 +25,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -117,7 +117,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 index a9ab77012..357baec74 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 index 1c4bb1bd0..57c5b0f0e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -18,7 +18,7 @@ presence: # Bridge Instagram online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -61,7 +61,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 index 1d6d48280..647f8fc78 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 @@ -29,7 +29,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Optionally, you can apply filters to the console logging #console: # level: info @@ -80,7 +80,7 @@ presence: # Bridge online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 # if the im.vector.user_status state setting should be diabled #disableStatusState: false # A blacklist of remote user IDs for the im.vector.user_status state setting diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index c7497a84c..b84fe221b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -32,7 +32,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -75,7 +75,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 index fd59471d4..0919907dc 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 index 1d269057e..5418ccaf4 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -28,7 +28,7 @@ presence: # Bridge Twitter online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -71,7 +71,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files From 2689a0981a820138b05218b27cf4e5178d08d64b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:31:51 +0300 Subject: [PATCH 27/96] mautrix-based bridges - set log level = warn(ing) --- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 10 +++++----- .../templates/config.yaml.j2 | 6 +++--- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 6 +++--- 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 4fb6b055a..77a73a96f 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -256,12 +256,12 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [ console] diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index c3cb1932e..d4823c424 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -250,11 +250,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index e2af88308..657323437 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 7ff7d539d..a8a52b7c9 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -135,11 +135,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index cb74d5c11..a4ba96d6f 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -216,13 +216,13 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING mauigpapi: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index b831fe9a1..47671af5e 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 6569ce87a..177c5f0a7 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -401,11 +401,11 @@ logging: formatter: precise loggers: mau: - level: DEBUG + level: WARNING telethon: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f0ae69b25..d0aec60f6 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -195,9 +195,9 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] From d426dbbc32614aa9e2c65c2ceb2d0fbbf9f29737 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:41:23 +0300 Subject: [PATCH 28/96] missing var --- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index e622522de..5b84643c4 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -25,6 +25,8 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url } matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" +matrix_beeper_linkedin_bridge_presence: true + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] From 55d8e3dfddb6a8c66ac65ad5923e35d32b1ab102 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:03:21 +0300 Subject: [PATCH 29/96] mautrix-based bridges: add matrix_admin --- roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 3 +++ .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 +++ 10 files changed, 30 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 77a73a96f..7310676d8 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,6 +238,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index fb50b0dd4..f3dd7c29a 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,6 +199,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index d4823c424..7dca6aff1 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,6 +203,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 657323437..b7b908322 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,6 +119,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index a8a52b7c9..5b7bd8be4 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,6 +116,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index a4ba96d6f..c0965ad29 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 47671af5e..2c49c833d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,6 +225,9 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 177c5f0a7..40549721f 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,6 +291,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index d0aec60f6..debddc4b6 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,6 +175,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d73718eaa..d3b26ba61 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Settings for relay mode relay: From ed8ef0d1f871b2b671a75a1af8786d2c27f7bc8b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:09:31 +0300 Subject: [PATCH 30/96] mautrix-telegram: update defaults --- .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 40549721f..b22882578 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -105,11 +105,11 @@ bridge: # synced when they send messages. The maximum is 10000, after which the Telegram server # will not send any more members. # Defaults to no local limit (-> limited to 10000 by server) - max_initial_member_sync: -1 + max_initial_member_sync: 10 # Whether or not to sync the member list in channels. # If no channel admins have logged into the bridge, the bridge won't be able to sync the member # list regardless of this setting. - sync_channel_members: true + sync_channel_members: false # Whether or not to skip deleted members when syncing members. skip_deleted_members: true # Whether or not to automatically synchronize contacts and chats of Matrix users logged into @@ -204,7 +204,7 @@ bridge: # been sent to Telegram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From cd88c06994c881f9be24bf700ae55c535ffe7d5a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:16:43 +0300 Subject: [PATCH 31/96] mautrix-twitter: update defaults --- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index debddc4b6..2b3b41407 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -149,7 +149,7 @@ bridge: # been sent to Twitter. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Whether or not non-fatal polling errors should send notices to the notice room. temporary_disconnect_notices: true # Number of seconds to sleep more than the previous error when a polling error occurs. From 00192f6e94b349750545861f0c251ac6821f606a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:19:56 +0300 Subject: [PATCH 32/96] mautrix-instagram, mautrix-signal: set delivery_error_reports: true --- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index c0965ad29..9ac7e2e37 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -166,7 +166,7 @@ bridge: # been sent to Instagram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2c49c833d..3ca35b2f9 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -177,7 +177,7 @@ bridge: # Note that this is not related to Signal delivery receipts. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From 44f2234c9947549bd88066b03ba36d350dfffbee Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 27 Jun 2022 10:34:04 +0300 Subject: [PATCH 33/96] define matrix_admin in matrix-base --- roles/matrix-base/defaults/main.yml | 3 +++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 11 files changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 645563781..d303bf15b 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -8,6 +8,9 @@ # Example value: example.com matrix_domain: ~ +# The optional matrix admin MXID, used in bridges' configs to set bridge admin user +matrix_admin: '' + # This will contain the homeserver implementation that is in use. # Valid values: synapse, dendrite # diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 7310676d8..6b33ffeac 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,7 +238,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index f3dd7c29a..6f7277fea 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,7 +199,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 7dca6aff1..2555e9855 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,7 +203,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index b7b908322..db4394b7f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,7 +119,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 5b7bd8be4..07f5b2d78 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,7 +116,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 9ac7e2e37..994a39a74 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 3ca35b2f9..53aa550d6 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,7 +225,7 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index b22882578..20055ab7d 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,7 +291,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 2b3b41407..6b32d47bf 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,7 +175,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d3b26ba61..b9862e948 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} From e27ecd6e76f0044f2a94d1e05cf3e5cc2d0accbb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 27 Jun 2022 11:02:10 +0300 Subject: [PATCH 34/96] Add matrix_admin example --- roles/matrix-base/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index d303bf15b..4d63fc56f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,6 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user +# Example value: "@someone:{{ matrix_admin }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 23ed70a6bb02f371e57989c85de7594eeb40b002 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 27 Jun 2022 11:38:21 +0000 Subject: [PATCH 35/96] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 4d63fc56f..6b717f80f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,7 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user -# Example value: "@someone:{{ matrix_admin }}" +# Example value: "@someone:{{ matrix_domain }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 5b38ee537144f32721a6a43153341cc5c93172c0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:27:57 +0000 Subject: [PATCH 36/96] add missing retry to the apache docker image pull --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 35dabefa7..046746df2 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # We store the password in a file and make the `htpasswd` tool read it from there, # as opposed to passing it directly on stdin (which will expose it to other processes on the server). From e36894f93b808a7219424605d9ecd79ac0b173a7 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 03:35:12 -0800 Subject: [PATCH 37/96] Update configuring-playbook-bridge-mautrix-facebook.md Logging in from the IP address is no longer always enough, but 2FA seems to work eventually --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 1845682f2..bb8d1430c 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -91,3 +91,5 @@ Once connected, you should be able to verify that you're browsing the web throug Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/). Once logged in, proceed to [set up bridging](#usage). + +If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change From bff35926dc24704e1eed7acea83c803fb865dcdc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:13:14 +0300 Subject: [PATCH 38/96] Upgrade Synapse (v1.61.0 -> v1.61.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 848d8beb6..43ee9e579 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.0 +matrix_synapse_version: v1.61.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 75746943be412a7197bdf7be0550273d925e22db Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 28 Jun 2022 17:51:06 +0300 Subject: [PATCH 39/96] Update README.md to include Go Skype Bridge Update README.md to include Go Skype Bridge, added in #1877 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 26f109404..1d58eed01 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation +- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation + - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation From c614b61e01e1ec1de5b86cd265b3b36e9c5b3b4d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:53:57 +0300 Subject: [PATCH 40/96] Fix mautrix-signal permissions configuration Fixup for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ad0752e34..61f8695d9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -99,6 +99,9 @@ matrix_mautrix_signal_relaybot_enabled: false matrix_mautrix_signal_bridge_permissions: | '*': relay '{{ matrix_mautrix_signal_homeserver_domain }}': user + {% if matrix_admin %} + "{{ matrix_admin }}": admin + {% endif %} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 53aa550d6..c5fbba8eb 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,11 +223,8 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: + permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From c15bf2e0194e63f30df700b2465960d91120f811 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Jun 2022 08:42:13 +0300 Subject: [PATCH 41/96] Upgrade Grafana (9.0.1 -> 9.0.2) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 618eaef73..7765ae48c 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.1 +matrix_grafana_version: 9.0.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 523a7b4a6e428eb21efb343463d576152ade1cc9 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 23:38:08 -0800 Subject: [PATCH 42/96] Update configuring-playbook-own-webserver.md Adding a bit on how to bind the synapse ports if the webserver isn't in the same docker network, or on a different machine. --- docs/configuring-playbook-own-webserver.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index c7e56f146..155b5995e 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. +If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) +'''yaml +# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. +matrix_synapse_container_client_api_host_bind_port: '' +matrix_synapse_container_federation_api_plain_host_bind_port: '' +''' + + ### Using your own external Apache webserver From 6a99b3d5323a25b3f9a289b2b0d90675ff1d180b Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 29 Jun 2022 15:09:29 +0000 Subject: [PATCH 43/96] Fix Hydrogen self check Thanks to Julian for pointing this out --- roles/matrix-client-hydrogen/tasks/main.yml | 7 +++++++ roles/matrix-client-hydrogen/tasks/self_check.yml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 13d157ccf..d027fe660 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -21,3 +21,10 @@ tags: - setup-all - setup-client-hydrogen + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index 28af9c789..0c6642318 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}" + matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json" - name: Check Hydrogen uri: From 9cf2b37352f940bdfeb4208be88d67c5b245ee62 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 00:43:01 -0800 Subject: [PATCH 44/96] Update configuring-playbook-bridge-mautrix-instagram.md Copy/Pasting from docs/configuring-playbook-bridge-mautrix-facebook.md but with the relevant variable names changed to add turning on encryption and a puppet admin. --- ...uring-playbook-bridge-mautrix-instagram.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 38d107d0e..08b35d1d2 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -7,6 +7,27 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i ```yaml matrix_mautrix_instagram_enabled: true ``` +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. + ## Usage From 3fbff1a78909170426ce15ad9b81a3fdc5b3b9e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 11:57:01 +0300 Subject: [PATCH 45/96] Mention matrix_admin Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- docs/configuring-playbook-bridge-mautrix-instagram.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 08b35d1d2..cbfdcb0b5 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -20,13 +20,18 @@ matrix_mautrix_instagram_configuration_extension_yaml: | If you would like to be able to administrate the bridge from your account it can be configured like this: ```yaml +# The easy way. The specified Matrix user ID will be made an admin of all bridges +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" + +# OR: +# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins. matrix_mautrix_instagram_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage From 95ca182ab50bc3cf04e56d7ae1cc57cb49e59265 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 12:08:37 +0300 Subject: [PATCH 46/96] Remove outdated logging configuration from Dimension Related to https://github.com/turt2live/matrix-dimension/commit/123a45bb217126875a5a9aaabbe22c5f8f66727a Provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1879 Not sure how bot-sdk's logging level can be adjusted. Seems like Dimension now hardcodes `LogService.setLevel(LogLevel.DEBUG);` in its startup code. --- roles/matrix-dimension/templates/config.yaml.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 index 39721d71f..592c65ac8 100644 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -73,13 +73,3 @@ dimension: # This is where Dimension is accessible from clients. Be sure to set this # to your own Dimension instance. publicUrl: "https://{{ matrix_server_fqn_dimension }}" - -# Settings for controlling how logging works -logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 From 60c14c3550b41174dae723048b48ac011541cc45 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 03:46:24 -0800 Subject: [PATCH 47/96] Update configuring-playbook-own-webserver.md Fixing code block formatting --- docs/configuring-playbook-own-webserver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 155b5995e..76fa2d8b3 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -58,11 +58,11 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -'''yaml +```yaml # Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' matrix_synapse_container_federation_api_plain_host_bind_port: '' -''' +``` From 84346cae9cb4f2633a3acee3b1425900cc32fa67 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 21:28:38 -0800 Subject: [PATCH 48/96] Update configuring-playbook-bridge-mautrix-facebook.md Adding the defaults in addition to template, switching YOUR_DOMAIN to {{ matrix_domain }}, and giving example of the two combined, as the playbook gives a warning about things being defined twice, so only using the last one in the vars.yml --- ...nfiguring-playbook-bridge-mautrix-facebook.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index bb8d1430c..926c6f024 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can matrix_mautrix_facebook_configuration_extension_yaml: | bridge: permissions: - '@YOUR_USERNAME:YOUR_DOMAIN': admin + '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure. +Using both would look like + +```yaml +matrix_mautrix_facebook_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. ## Set up Double Puppeting From 4ca0d23b813e1f8f6123bd9cd5db233869f5e8be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 08:42:23 +0300 Subject: [PATCH 49/96] FIx code blocks --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 926c6f024..4429f0042 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting From 02cc201f14afb6480b55d86eac918474db0875e7 Mon Sep 17 00:00:00 2001 From: freiit Date: Fri, 1 Jul 2022 12:28:10 +0200 Subject: [PATCH 50/96] Add configuration instruction for AWS CloundFront --- docs/configuring-well-known.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a519343b..36e53996b 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -168,6 +168,11 @@ backend matrix-backend /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! ``` +**For AWS CloudFront** + + 1. Add a custom origin with matrix. to your distribution + 1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin. + Make sure to: - **replace `DOMAIN`** in the server configuration with your actual domain name From 06e51b06f1b6d442a78d0a3343df521d75637596 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 03:22:02 -0800 Subject: [PATCH 51/96] Adding logging variable for facebook and setting it's default (#1909) Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index d14698631..06bde727e 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -128,3 +128,6 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" + +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: DEBUG diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 2555e9855..f1d59b1ad 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -253,11 +253,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} handlers: [console] From 71006393e0a2c9e62213f8849eed7349c4f3bc94 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:31:28 +0300 Subject: [PATCH 52/96] Default mautrix-facebook to WARNING loggers by default Overlooked in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 06bde727e..778f31fca 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -130,4 +130,4 @@ matrix_mautrix_facebook_registration_yaml: | matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" # Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: DEBUG +matrix_mautrix_facebook_logging_level: WARNING From a6a5f79a6fe5509fd1dd620079b61b9dd9011b14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:32:42 +0300 Subject: [PATCH 53/96] Relocate matrix_mautrix_facebook_logging_level in defaults/main.yml Improvement to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 778f31fca..5acc1ec7c 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -89,6 +89,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -128,6 +131,3 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" - -# Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: WARNING From 1c8f21c738d33e17da277cdbac7e3710d568fbd8 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 04:05:28 -0800 Subject: [PATCH 54/96] Adding logging configuration and default to the rest of the mautrixes that don't have them --- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-hangouts/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 12 ++++++------ roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- .../matrix-bridge-mautrix-telegram/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- 12 files changed, 42 insertions(+), 24 deletions(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index dd5b83689..d0d90614b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_googlechat_login_shared_secret: '' matrix_mautrix_googlechat_appservice_bot_username: googlechatbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_googlechat_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index db4394b7f..864e3e1b1 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -141,11 +141,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 911c81c6d..f4f67a587 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -75,6 +75,9 @@ matrix_mautrix_hangouts_login_shared_secret: '' matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_hangouts_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 07f5b2d78..d207681e8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 4ae2d374d..a227b0856 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -68,6 +68,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_instagram_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 994a39a74..99ceee0e0 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -135,7 +135,7 @@ bridge: # Whether or not the bridge should backfill chats when reconnecting. resync: true # Should even disconnected users be reconnected? - always: false + always: false # End-to-bridge encryption support options. These require matrix-nio to be installed with pip # and login_shared_secret to be configured in order to get a device for the bridge bot. # @@ -219,13 +219,13 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} mauigpapi: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 61f8695d9..d35e12afe 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -57,6 +57,9 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_signal_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_signal_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index c5fbba8eb..0044a0fc8 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 65a446e00..4708266a8 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -43,6 +43,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_telegram_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_telegram_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 20055ab7d..276bd4619 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -404,11 +404,11 @@ logging: formatter: precise loggers: mau: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} telethon: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b2e292ffc..b32f57ef0 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -66,6 +66,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt matrix_mautrix_twitter_appservice_bot_username: twitterbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_twitter_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 6b32d47bf..f9bc89417 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -198,9 +198,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} handlers: [console] From c3f85ae827af0e942b5e9dc68e30649316050de4 Mon Sep 17 00:00:00 2001 From: Kabir Kwatra Date: Fri, 1 Jul 2022 07:56:09 -0700 Subject: [PATCH 55/96] feat(jitsi+arm64): Enable Jitsi on arm64 fixes spantaleev/matrix-docker-ansible-deploy#1889 Support for arm64 images tracked in jitsi/docker-jitsi-meet#1214 and added in jitsi/docker-jitsi-meet#1269 --- roles/matrix-jitsi/defaults/main.yml | 2 +- roles/matrix-jitsi/tasks/init.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index c32682678..70dc035d8 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7001 +matrix_jitsi_version: stable-7439-2 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index c4ed61a6c..58567d925 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -7,4 +7,4 @@ - name: Fail if on an unsupported architecture fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' + when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] From 2e4fad61944a7d2f5082c9f4e19e23cf30c23f67 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 2 Jul 2022 15:02:35 +0300 Subject: [PATCH 56/96] Use 127.0.0.1 instead of localhost for federation API when nginx disabled `localhost` may resolve to `::1` on some IPv6-enabled systems, which will not work, because we only potentially expose container ports on `127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`), not on `::1`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914 --- group_vars/matrix_servers | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 394e26dc9..8d3922764 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1578,7 +1578,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f19eb4ab0..195b16fd9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -311,7 +311,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "" # Controls whether proxying for the Matrix Federation API should be done. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088" -matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088" +matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088" matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem" From ec9f8e29319e6150eb6daa6417fa1afab7078b70 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 21 Jun 2022 14:31:21 +0100 Subject: [PATCH 57/96] Add a role to install 'ntfy' push-notification server. This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with simple configuration, and plumbing to add the role to the playbook. TODO: documentation, self-check, database persistence. --- group_vars/matrix_servers | 19 ++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-ntfy.conf.j2 | 100 ++++++++++++++++++ roles/matrix-ntfy/README.md | 40 +++++++ roles/matrix-ntfy/defaults/main.yml | 16 +++ roles/matrix-ntfy/tasks/init.yml | 5 + roles/matrix-ntfy/tasks/main.yml | 10 ++ roles/matrix-ntfy/tasks/setup.yml | 58 ++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 37 +++++++ setup.yml | 1 + 12 files changed, 309 insertions(+) create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 create mode 100644 roles/matrix-ntfy/README.md create mode 100644 roles/matrix-ntfy/defaults/main.yml create mode 100644 roles/matrix-ntfy/tasks/init.yml create mode 100644 roles/matrix-ntfy/tasks/main.yml create mode 100644 roles/matrix-ntfy/tasks/setup.yml create mode 100644 roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d3922764..1c30405dd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,6 +1552,7 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}" +matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -1634,6 +1635,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-sygnal.service'] if matrix_sygnal_enabled else []) + + (['matrix-ntfy.service'] if matrix_ntfy_enabled else []) + + (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) @@ -1667,6 +1670,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for @@ -1960,6 +1965,20 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### +###################################################################### +# +# matrix-ntfy +# +###################################################################### + +matrix_ntfy_enabled: false + +###################################################################### +# +# /matrix-ntfy +# +###################################################################### + ###################################################################### # # matrix-redis diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 6b717f80f..9b6d45f84 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,6 +59,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}" # This is where you access the Sygnal push gateway. matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" +# This is where you access the ntfy push notification service. +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" + matrix_federation_public_port: 8448 # The architecture that your server runs. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 195b16fd9..f9b7a019f 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying the ntfy domain should be done. +matrix_nginx_proxy_proxy_ntfy_enabled: false +matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" + # Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) # If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. # This is only useful when an external Prometheus will be collecting metrics. @@ -365,6 +369,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf). matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf). +matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 0da9e52c7..70541fdc1 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -138,6 +138,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_sygnal_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_ntfy_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" @@ -288,6 +295,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 new file mode 100644 index 000000000..39818c1a7 --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -0,0 +1,100 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + +{% for configuration_block in matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-ntfy:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:80; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md new file mode 100644 index 000000000..8b4f760a1 --- /dev/null +++ b/roles/matrix-ntfy/README.md @@ -0,0 +1,40 @@ +# A role to install the [ntfy](https://ntfy.sh) push-notification server. + +The ntfy server and clients implement self-hosted support push notifications +from Matrix (and other) servers to Android (and other) clients, using the +[UnifiedPush](https://unifiedpush.org) standard. + +This role installs ntfy server in Docker. It is intended to support push +notifications, via UnifiedPush, from the Matrix and Matrix-related services +that are installed alongside it to any clients that support UnifiedPush. + +This role is not intended to support other features of the ntfy server and +clients. + + +# Using the ntfy role + +Configure the role by adding settings in your Ansible inventory. + +The only required setting is to enable ntfy: + + matrix_ntfy_enabled: true + +The default domain for ntfy is `ntfy.`. This can be changed +with the `matrix_server_fqn_ntfy` variable: + + matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" + +Other ntfy settings can be configured by adding extra arguments to the +docker run command, e.g.: + + matrix_ntfy_container_extra_arguments: + - '--env=NTFY_LOG_LEVEL=DEBUG' + + +# TODO + +- Documentation. +- Self-check. +- Mount the ntfy database to disk so subscriptions persist across restarts. +- Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml new file mode 100644 index 000000000..19e8af8f7 --- /dev/null +++ b/roles/matrix-ntfy/defaults/main.yml @@ -0,0 +1,16 @@ +--- +matrix_ntfy_enabled: true + +matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" + +matrix_ntfy_version: v1.27.2 +matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" +matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" + +# Controls whether the container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. +matrix_ntfy_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_ntfy_container_extra_arguments: [] diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/matrix-ntfy/tasks/init.yml new file mode 100644 index 000000000..e2622655e --- /dev/null +++ b/roles/matrix-ntfy/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" + when: matrix_ntfy_enabled|bool diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml new file mode 100644 index 000000000..3f3975f58 --- /dev/null +++ b/roles/matrix-ntfy/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup.yml" + tags: + - setup-all + - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml new file mode 100644 index 000000000..c06195ec9 --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -0,0 +1,58 @@ +--- +# +# Tasks related to setting up matrix-ntfy +# + +- name: Ensure matrix-ntfy image is pulled + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" + when: "matrix_ntfy_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-ntfy.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" + mode: 0644 + register: matrix_ntfy_systemd_service_result + when: matrix_ntfy_enabled|bool + +- name: Ensure systemd reloaded after matrix-ntfy.service installation + service: + daemon_reload: true + when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" + +# +# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) +# + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 new file mode 100644 index 000000000..85d032778 --- /dev/null +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-ntfy +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + {% for arg in matrix_ntfy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_ntfy_container_http_host_bind_port %} + -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ + {% endif %} + --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + {{ matrix_ntfy_docker_image }} \ + serve --behind-proxy + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ntfy + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 27aac7a72..c99da4d16 100755 --- a/setup.yml +++ b/setup.yml @@ -60,6 +60,7 @@ - matrix-etherpad - matrix-email2matrix - matrix-sygnal + - matrix-ntfy - matrix-nginx-proxy - matrix-coturn - matrix-aux From 2a516a16fbfd71339609df855ac48dc44cfd8af3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 24 Jun 2022 22:20:51 +0100 Subject: [PATCH 58/96] matrix-ntfy: enable WebSocket proxying --- .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 39818c1a7..e095e7213 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -27,6 +27,8 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:80; {% endif %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; From 85b12b74a75d2e4360948843325238edac16cffd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 27 Jun 2022 22:20:02 +0100 Subject: [PATCH 59/96] matrix-ntfy: documentation --- docs/configuring-dns.md | 3 + docs/configuring-playbook-ntfy.md | 62 +++++++++++++++++++ docs/configuring-playbook-ssl-certificates.md | 1 + docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + roles/matrix-ntfy/README.md | 35 ----------- roles/matrix-ntfy/defaults/main.yml | 2 +- 7 files changed, 71 insertions(+), 36 deletions(-) create mode 100644 docs/configuring-playbook-ntfy.md diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 666f8a63d..aec3c2539 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -36,6 +36,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `stats` | - | - | - | `matrix.` | | CNAME | `goneb` | - | - | - | `matrix.` | | CNAME | `sygnal` | - | - | - | `matrix.` | +| CNAME | `ntfy` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | | CNAME | `buscarron` | - | - | - | `matrix.` | @@ -57,6 +58,8 @@ The `goneb.` subdomain may be necessary, because this playbook coul The `sygnal.` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.` DNS record. +The `ntfy.` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.` DNS record. + The `hydrogen.` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.` DNS record. The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md new file mode 100644 index 000000000..03684b9c8 --- /dev/null +++ b/docs/configuring-playbook-ntfy.md @@ -0,0 +1,62 @@ +# Setting up ntfy (optional) + +The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you. + +Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices. + +This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features. + +**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enabling it is the only required setting +matrix_ntfy_enabled: true + +# Some other options +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" +matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +``` + +For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. + +For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). + + +## Installing + +Don't forget to add `ntfy.` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook. + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.) + +Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app. + +If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". + +If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below. + + +## Troubleshooting + +First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app. + +Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`. + +To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL. + +If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app. + +The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device. diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index eae584e72..30a8f0b87 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -74,6 +74,7 @@ By default, it obtains certificates for: - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). - possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). - possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). +- possibly for `ntfy.`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3bfb01bdc..f71a23f5c 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -168,3 +168,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Other specialized services - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) + +- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index bf5885e06..25005d5ac 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -109,3 +109,5 @@ These services are not part of our default installation, but can be enabled by [ - [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards) - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix + +- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 8b4f760a1..2a5301f7f 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,40 +1,5 @@ -# A role to install the [ntfy](https://ntfy.sh) push-notification server. - -The ntfy server and clients implement self-hosted support push notifications -from Matrix (and other) servers to Android (and other) clients, using the -[UnifiedPush](https://unifiedpush.org) standard. - -This role installs ntfy server in Docker. It is intended to support push -notifications, via UnifiedPush, from the Matrix and Matrix-related services -that are installed alongside it to any clients that support UnifiedPush. - -This role is not intended to support other features of the ntfy server and -clients. - - -# Using the ntfy role - -Configure the role by adding settings in your Ansible inventory. - -The only required setting is to enable ntfy: - - matrix_ntfy_enabled: true - -The default domain for ntfy is `ntfy.`. This can be changed -with the `matrix_server_fqn_ntfy` variable: - - matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" - -Other ntfy settings can be configured by adding extra arguments to the -docker run command, e.g.: - - matrix_ntfy_container_extra_arguments: - - '--env=NTFY_LOG_LEVEL=DEBUG' - - # TODO -- Documentation. - Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 19e8af8f7..2df796742 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -12,5 +12,5 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. matrix_ntfy_container_http_host_bind_port: '' -# A list of extra arguments to pass to the container +# A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] From 763586e878fbf78b07ea3ef0fa31199bab0e4235 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Wed, 29 Jun 2022 10:48:40 +0100 Subject: [PATCH 60/96] matrix-ntfy: add self-check --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/main.yml | 7 +++++++ roles/matrix-ntfy/tasks/self_check.yml | 25 +++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-ntfy/tasks/self_check.yml diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 2a5301f7f..41f83f662 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,5 +1,4 @@ # TODO -- Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 2df796742..916591e7b 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -14,3 +14,6 @@ matrix_ntfy_container_http_host_bind_port: '' # A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] + +# Controls whether the self-check feature should validate SSL certificates. +matrix_ntfy_self_check_validate_certificates: true diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index 3f3975f58..b2abac665 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -8,3 +8,10 @@ tags: - setup-all - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_ntfy_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml new file mode 100644 index 000000000..324a2d952 --- /dev/null +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -0,0 +1,25 @@ +--- + +# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax. +# Expect an empty response (because we query 'since=1s'). + +- set_fact: + matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + +- name: Check ntfy + uri: + url: "{{ matrix_ntfy_url_endpoint_public }}" + follow_redirects: none + validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}" + register: matrix_ntfy_self_check_result + check_mode: false + ignore_errors: true + +- name: Fail if ntfy not working + fail: + msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}" + when: "matrix_ntfy_self_check_result.failed" + +- name: Report working ntfy + debug: + msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)" From 3866fff5a830d75575ae959dd28a2374ffad31b1 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:35:53 +0100 Subject: [PATCH 61/96] matrix-ntfy: persist cache on disk --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 1 + roles/matrix-ntfy/tasks/setup.yml | 11 +++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 41f83f662..26da0a42b 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,4 +1,3 @@ # TODO -- Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 916591e7b..5dff2ec3b 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml index c06195ec9..9a2c15596 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -15,6 +15,17 @@ delay: "{{ matrix_container_retries_delay }}" until: result is not failed +- name: Ensure matrix-ntfy paths exists + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_data_path }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 85d032778..78963a082 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,6 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ + --env NTFY_CACHE_FILE=/data/cache.db \ --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From 408e2e9b4ee97802422a67405f28a3ac14c271cd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:37:45 +0100 Subject: [PATCH 62/96] matrix-ntfy: remove almost-empty README.md --- roles/matrix-ntfy/README.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 roles/matrix-ntfy/README.md diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md deleted file mode 100644 index 26da0a42b..000000000 --- a/roles/matrix-ntfy/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# TODO - -- Authentication? From efe1f21f05c483aa785a707eea454ecaed4c8daf Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 14:51:55 +0100 Subject: [PATCH 63/96] matrix-ntfy: fix and separate out uninstall tasks --- roles/matrix-ntfy/tasks/main.yml | 9 ++++- .../tasks/{setup.yml => setup_install.yml} | 36 +------------------ roles/matrix-ntfy/tasks/setup_uninstall.yml | 36 +++++++++++++++++++ 3 files changed, 45 insertions(+), 36 deletions(-) rename roles/matrix-ntfy/tasks/{setup.yml => setup_install.yml} (53%) create mode 100644 roles/matrix-ntfy/tasks/setup_uninstall.yml diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index b2abac665..5dd0d172a 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -4,7 +4,14 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_ntfy_enabled|bool" + tags: + - setup-all + - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_ntfy_enabled|bool" tags: - setup-all - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup_install.yml similarity index 53% rename from roles/matrix-ntfy/tasks/setup.yml rename to roles/matrix-ntfy/tasks/setup_install.yml index 9a2c15596..b674d3208 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -1,7 +1,4 @@ --- -# -# Tasks related to setting up matrix-ntfy -# - name: Ensure matrix-ntfy image is pulled docker_image: @@ -9,7 +6,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" - when: "matrix_ntfy_enabled|bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -32,38 +28,8 @@ dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result - when: matrix_ntfy_enabled|bool - name: Ensure systemd reloaded after matrix-ntfy.service installation service: daemon_reload: true - when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) -# - -- name: Check existence of matrix-ntfy service - stat: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - register: matrix_ntfy_service_stat - -- name: Ensure matrix-ntfy is stopped - service: - name: matrix-ntfy - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure matrix-ntfy.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - state: absent - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-ntfy.service removal - service: - daemon_reload: true - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + when: "matrix_ntfy_systemd_service_result.changed" diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/matrix-ntfy/tasks/setup_uninstall.yml new file mode 100644 index 000000000..e63caa9a7 --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy path doesn't exist + file: + path: "{{ matrix_ntfy_base_path }}" + state: absent + +- name: Ensure ntfy Docker image doesn't exist + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + state: absent From e119512c5928ded244ef629fbf8ef37f7694c4b3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 15:27:23 +0100 Subject: [PATCH 64/96] matrix-ntfy: add variable 'matrix_ntfy_base_url' --- roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/self_check.yml | 2 +- roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 5dff2ec3b..6c540beba 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -8,6 +8,9 @@ matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" +# Public facing base URL of the ntfy service +matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" + # Controls whether the container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml index 324a2d952..e91047341 100644 --- a/roles/matrix-ntfy/tasks/self_check.yml +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -4,7 +4,7 @@ # Expect an empty response (because we query 'since=1s'). - set_fact: - matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s" - name: Check ntfy uri: diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 78963a082..5bb28470a 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -25,7 +25,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% endif %} --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From e60d20dc6a6ca11efb58ba8993e307e0912a164e Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 21:30:29 +0100 Subject: [PATCH 65/96] matrix-ntfy: store settings in a config file --- docs/configuring-playbook-ntfy.md | 5 ++-- roles/matrix-ntfy/defaults/main.yml | 23 +++++++++++++++++++ roles/matrix-ntfy/tasks/setup_install.yml | 9 ++++++++ .../matrix-ntfy/templates/ntfy/server.yml.j2 | 3 +++ .../templates/systemd/matrix-ntfy.service.j2 | 5 ++-- 5 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 roles/matrix-ntfy/templates/ntfy/server.yml.j2 diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 03684b9c8..56c859f30 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -19,12 +19,13 @@ matrix_ntfy_enabled: true # Some other options matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" -matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +matrix_ntfy_configuration_extension_yaml: | + log_level: DEBUG ``` For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. -For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). +For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). ## Installing diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 6c540beba..4f0e2e55d 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 @@ -21,3 +22,25 @@ matrix_ntfy_container_extra_arguments: [] # Controls whether the self-check feature should validate SSL certificates. matrix_ntfy_self_check_validate_certificates: true + +# Default ntfy configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}" + +matrix_ntfy_configuration_extension_yaml: | + # Your custom YAML configuration for ntfy goes here. + # This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_ntfy_configuration_yaml`. + +matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml|from_yaml if matrix_ntfy_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final ntfy configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. +matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml|from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/matrix-ntfy/tasks/setup_install.yml index b674d3208..461d31763 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -20,8 +20,17 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_config_dir_path }}" - "{{ matrix_ntfy_data_path }}" +- name: Ensure matrix-ntfy config installed + copy: + content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 new file mode 100644 index 000000000..4cafcd62a --- /dev/null +++ b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -0,0 +1,3 @@ +base_url: {{ matrix_ntfy_base_url }} +behind_proxy: true +cache_file: /data/cache.db diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 5bb28470a..da292e5ce 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,11 +23,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ - serve --behind-proxy + serve ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' From 097c23c0b626b4e75e3096b4dcd5ae977141a038 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Mon, 4 Jul 2022 22:53:43 +0200 Subject: [PATCH 66/96] bots: make command_prefix configurable --- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 ++ roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 ++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 22 files changed, 33 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 76b153e75..0fdf8a415 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -17,6 +17,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data" matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store" +matrix_bot_matrix_reminder_bot_command_prefix: "!" + # A list of extra arguments to pass to the container matrix_bot_matrix_reminder_bot_container_extra_arguments: [] diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 index 596439584..338bffba0 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 @@ -1,5 +1,5 @@ # The string to prefix bot commands with -command_prefix: "!" +command_prefix: "{{ matrix_bot_matrix_reminder_bot_command_prefix }}" # Options for connecting to the bot's Matrix account matrix: diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 5b84643c4..514cfb142 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true +matrix_beeper_linkedin_command_prefix: "!li" + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 6b33ffeac..e07295497 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -226,7 +226,7 @@ bridge: # The prefix for commands. Only required in non-management rooms. - command_prefix: "!li" + command_prefix: "{{ matrix_beeper_linkedin_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 95213a00d..b6b4db346 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -36,6 +36,8 @@ matrix_go_skype_bridge_homeserver_token: '' matrix_go_skype_bridge_appservice_bot_username: skypebridgebot +matrix_go_skype_bridge_command_prefix: "!skype" + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_go_skype_bridge_federate_rooms: true diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 6f7277fea..56e37f84c 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -165,7 +165,7 @@ bridge: allow_user_invite: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}" # End-to-bridge encryption support options. This requires login_shared_secret to be configured # in order to get a device for the bridge bot. diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5acc1ec7c..22d7fda67 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -17,6 +17,8 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" +matrix_mautrix_facebook_command_prefix: "!fb" + # Whether or not the public-facing endpoints should be enabled (web-based login) matrix_mautrix_facebook_appservice_public_enabled: true diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index f1d59b1ad..4b27e66a4 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -86,7 +86,7 @@ bridge: - first_name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" + command_prefix: "{{ matrix_mautrix_facebook_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index d0d90614b..2077d210d 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_ur matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080' +matrix_mautrix_googlechat_command_prefix: "!gc" + # Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 864e3e1b1..ad86219cb 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_googlechat_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index f4f67a587..31fec1005 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' +matrix_mautrix_hangouts_command_prefix: "!HO" + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index d207681e8..6dca06ff5 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_hangouts_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a227b0856..79ff1bf0f 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330' +matrix_mautrix_instagram_command_prefix: "!ig" + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 99ceee0e0..11b1d9977 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -176,7 +176,7 @@ bridge: unimportant_bridge_notices: true # The prefix for commands. Only required in non-management rooms. - command_prefix: "!ig" + command_prefix: "{{ matrix_mautrix_instagram_command_prefix }}" # Permissions for using the bridge. # Permitted values: # user - Use the bridge with puppeting. diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index d35e12afe..4375c422e 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -30,6 +30,8 @@ matrix_mautrix_signal_homeserver_address: '' matrix_mautrix_signal_homeserver_domain: '' matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' +matrix_mautrix_signal_command_prefix: "!signal" + # Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0044a0fc8..f0644ee26 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -197,7 +197,7 @@ bridge: shared_secret: generate # The prefix for commands. Only required in non-management rooms. - command_prefix: "!signal" + command_prefix: "{{ matrix_mautrix_signal_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 4708266a8..e3ee2fe95 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config" matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data" +matrix_mautrix_telegram_command_prefix: "!tg" + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 276bd4619..19bacbde8 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -276,7 +276,7 @@ bridge: list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tg" + command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b32f57ef0..291bd6a55 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url } matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' +matrix_mautrix_twitter_command_prefix: "!tw" + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f9bc89417..b59864f11 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -163,7 +163,7 @@ bridge: resend_bridge_info: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tw" + command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6e95eeb7c..ef5d10656 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" +matrix_mautrix_whatsapp_command_prefix: "!wa" + # A list of extra arguments to pass to the container matrix_mautrix_whatsapp_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b9862e948..544e10ad2 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -139,7 +139,7 @@ bridge: federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. From 5a0e977df84064d6c91b9fa308f5df6d6e1f7187 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Jul 2022 09:46:26 +0300 Subject: [PATCH 67/96] Announce ntfy role --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2779b3698..65e57a7f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-05 + +## Ntfy push notifications support + +Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you. + +See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started. + + # 2022-06-23 ## (Potential Backward Compatibility Break) Changes around metrics collection @@ -26,7 +35,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). -**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 From 95fd21552118093585fa9284801aa14d30be439b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:11:52 +0000 Subject: [PATCH 68/96] Update element 1.10.15 -> 1.11.0 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 083621f2f..aacc2f11f 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.15 +matrix_client_element_version: v1.11.0 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From fe347c85d9a4f6396c391a92ba0e181610a58321 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:20:48 +0000 Subject: [PATCH 69/96] Update Synapse 1.61.1 -> 1.62.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 43ee9e579..1925ffc29 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.1 +matrix_synapse_version: v1.62.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 90269092bf47604dce572c42bc7ea0fe1e06e982 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 6 Jul 2022 11:57:24 +0200 Subject: [PATCH 70/96] signald: 0.18.5 -> 0.20.0 https://gitlab.com/signald/signald/-/blob/main/releases/0.19.0.md https://gitlab.com/signald/signald/-/blob/main/releases/0.19.1.md https://gitlab.com/signald/signald/-/blob/main/releases/0.20.0.md --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 4375c422e..6b0f41d72 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.5 +matrix_mautrix_signal_daemon_version: 0.20.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 95959ff20b6d0062f7f29c0b3992dad963aee2b2 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Wed, 6 Jul 2022 20:54:03 -0800 Subject: [PATCH 71/96] Changed whatsapp logging variable name to match (#1920) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1912 Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 8 ++++---- .../tasks/validate_config.yml | 10 ++++++++++ .../templates/config.yaml.j2 | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index ef5d10656..e0af254d0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -39,6 +39,10 @@ matrix_mautrix_whatsapp_homeserver_token: '' matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_whatsapp_logging_level: 'warn' + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_whatsapp_federate_rooms: true @@ -130,7 +134,3 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" - -# Minimum severity of journal log messages. -# Options: debug, info, warn, error, fatal -matrix_mautrix_whatsapp_log_level: 'warn' diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index c983c4cce..9b0a725c9 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -8,3 +8,13 @@ with_items: - "matrix_mautrix_whatsapp_appservice_token" - "matrix_mautrix_whatsapp_homeserver_token" + + +- name: (Deprecation) Catch and report renamed settings + fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_mautrix_whatsapp_log_level', 'new': 'matrix_mautrix_whatsapp_logging_level'} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 544e10ad2..81be5d80f 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -224,4 +224,4 @@ logging: timestamp_format: "Jan _2, 2006 15:04:05" # Minimum severity for log messages. # Options: debug, info, warn, error, fatal - print_level: {{ matrix_mautrix_whatsapp_log_level }} + print_level: {{ matrix_mautrix_whatsapp_logging_level }} From b6223a792648ad999d8569558b92226aa703950f Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 5 Jul 2022 21:00:55 +0100 Subject: [PATCH 72/96] matrix-ntfy: list in playbook's README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1d58eed01..4347b1280 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation +- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation + - (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation From 25b343c8c8da5aa695bb0dc7c197fe866e27b65e Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 5 Jul 2022 21:11:15 +0100 Subject: [PATCH 73/96] matrix-ntfy: without nginx, bind to 127.0.0.1:2586 --- group_vars/matrix_servers | 2 ++ .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 +- roles/matrix-ntfy/defaults/main.yml | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1c30405dd..25d0a0e13 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1973,6 +1973,8 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable matrix_ntfy_enabled: false +matrix_ntfy_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:2586' }}" + ###################################################################### # # /matrix-ntfy diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index e095e7213..988b3b355 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -25,7 +25,7 @@ proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:80; + proxy_pass http://127.0.0.1:2586; {% endif %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 4f0e2e55d..d5fc3fbad 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -12,9 +12,9 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Public facing base URL of the ntfy service matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" -# Controls whether the container exposes its HTTP port (tcp/8080 in the container). +# Controls whether the container exposes its HTTP port (tcp/80 in the container). # -# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. +# Takes an ":" or "" value (e.g. "127.0.0.1:2586"), or empty string to not expose. matrix_ntfy_container_http_host_bind_port: '' # A list of extra arguments to pass to the container (`docker run` command) From 9ea0879a637a761d5c8c77656204c0d0d536d1be Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Wed, 6 Jul 2022 14:03:43 +0100 Subject: [PATCH 74/96] matrix-ntfy: document ntfy & schildichat app settings --- docs/configuring-playbook-ntfy.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 56c859f30..fb23ee693 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -41,9 +41,28 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.) +To make use of your ntfy installation, on Android for example, you need two things: -Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app. +* the `ntfy` app +* a UnifiedPush-compatible matrix app + +You need to install the `ntfy` app on each device on which you want to receive push notifications through your ntfy server. The `ntfy` app will provide UnifiedPush notifications to any number of UnifiedPush-compatible messaging apps installed on the same device. + +### Setting up the `ntfy` Android app + +1. Install the [ntfy Android app](https://ntfy.sh/docs/subscribe/phone/) from F-droid or Google Play. +2. In its Settings -> `General: Default server`, enter your ntfy server URL, such as `https://ntfy.DOMAIN`. +3. In its Settings -> `Advanced: Connection protocol`, choose `WebSockets`. + +That is all you need to do in the ntfy app. It has many other features, but for our purposes you can ignore them. In particular you do not need to follow any instructions about subscribing to a notification topic as UnifiedPush will do that automatically. + +### Setting up a UnifiedPush-compatible matrix app + +Install any UnifiedPush-enabled matrix app on that same device. The matrix app will learn from the `ntfy` app that you have configured UnifiedPush on this device, and then it will tell your matrix server to use it. + +Steps needed for specific matrix apps: + +* SchildiChat: enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`. If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". From 5bcf83628368a1f94407a3bda33e1088a43a920b Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 8 Jul 2022 13:18:30 +0100 Subject: [PATCH 75/96] matrix-ntfy: more detailed usage docs for SchildiChat --- docs/configuring-playbook-ntfy.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index fb23ee693..57dfb3b28 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -62,7 +62,16 @@ Install any UnifiedPush-enabled matrix app on that same device. The matrix app w Steps needed for specific matrix apps: -* SchildiChat: enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`. +* FluffyChat-android: + - Should auto-detect and use it. No manual settings. + +* SchildiChat-android: + 1. enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`. + 2. choose `Settings` -> `Notifications` -> `UnifiedPush: Re-register push distributor`. *(For info, a more complex alternative to achieve the same is: delete the relevant unifiedpush registration in `ntfy` app, force-close SchildiChat, re-open it.)* + 3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section. + +* Element-android v1.4.26+: + - [not yet documented; should auto-detect and use it?] If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". @@ -75,7 +84,9 @@ First check that the matrix client app you are using supports UnifiedPush. There Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`. -To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL. +To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. + +In the "Notification Targets" screen in Element-Android or SchildiChat, two relevant URLs are shown, "push\_key" and "Url", and both should begin with your ntfy server's URL. If "push\_key" shows your server but "Url" shows an external server such as `up.schildi.chat` then push notifications will still work but are being routed through that external server before they reach your ntfy server. To rectify that, in SchildiChat (at least around version 1.4.20.sc55) you must enable the `Force custom push gateway` setting as described in the "Usage" section above. If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app. From b5c7fd6051a2d109725d52352841efbdda2d3647 Mon Sep 17 00:00:00 2001 From: Chirayu Desai <952062+chirayudesai@users.noreply.github.com> Date: Fri, 8 Jul 2022 19:26:35 +0530 Subject: [PATCH 76/96] mjolnir: v1.5.0 https://github.com/matrix-org/mjolnir/releases/tag/v1.5.0 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index dd2483794..714cd0d36 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.4.2" +matrix_bot_mjolnir_version: "v1.5.0" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 87f437968d87d94e32ff8df1552a274172076b51 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 8 Jul 2022 07:06:37 -0800 Subject: [PATCH 77/96] Creating generic mautrix bridge doc (#1912) * Creating generic mautrix bridge doc Not a huge fan of how it turned out at all, not sure how to make it better. * Rename configuring-playbook-bridge-mautrix-Generic.md to configuring-playbook-bridges.md * accepting suggested edits after rename mess * Adding log level configuration * Update docs/configuring-playbook-bridges.md Co-authored-by: Slavi Pantaleev * Rename configuring-playbook-bridges.md to configuring-playbook-mautrix-bridges.md Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- docs/configuring-playbook-mautrix-bridges.md | 111 +++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 docs/configuring-playbook-mautrix-bridges.md diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md new file mode 100644 index 000000000..1cd76f963 --- /dev/null +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -0,0 +1,111 @@ +# Setting up a Generic Mautrix Bridge (optional) + +The playbook can install and configure various [mautrix](https://github.com/mautrix) bridges (twitter, facebook, instagram, signal, hangouts, googlechat, etc.), as well as many other (non-mautrix) bridges. +This is a common guide for configuring mautrix bridges. + +You can see each bridge's features at in the `ROADMAP.md` file in its corresponding [mautrix](https://github.com/mautrix) repository. + +To enable a bridge add: + + +```yaml +# Replace SERVICENAME with one of: twitter, facebook, instagram, .. +matrix_mautrix_SERVICENAME_enabled: true +``` + +to your `vars.yml` + +There are some additional things you may wish to configure about the bridge before you continue. Each bridge may have additional requirements besides `_enabled: true`. For example, the mautrix-telegram bridge (our documentation page about it is [here](configuring-playbook-bridge-mautrix-telegram.md)) requires the `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash` variables to be defined. Refer to each bridge's individual documentation page for details about enabling bridges. + +You can add + +```yaml +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" +``` +to `vars.yml` to **configure a user as an administrator for all bridges**. +**Alternatively** (more verbose, but allows multiple admins to be configured), you can do the same on a per-bridge basis with: + +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin +``` + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + + +You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this: + +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +## Setting the bot's username + +```yaml +matrix_mautrix_SERVICENAME_appservice_bot_username: "BOTNAME" +``` + +Can be used to set the username for the bridge. + +## Discovering additional configuration options + +You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure. + + +## Set up Double Puppeting + +To set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) + +please do so automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook by adding + +```yaml +matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true +matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE +``` + +You should generate a strong shared secret with a command like this: pwgen -s 64 1 + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +## Controlling the logging level + +```yaml +matrix_mautrix_SERVICENAME_logging_level: WARN +``` + +to `vars.yml` to control the logging level, where you may replace WARN with one of the following to control the verbosity of the logs generated: TRACE, DEBUG, INFO, WARN, ERROR, or FATAL. + +If you have issues with a service, and are requesting support, the higher levels of logging will generally be more helpful. + + +## Usage + +You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html . + +If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. + + + +## Troubleshooting + +For troubleshooting information with a specific bridge, please see the playbook documentation about it (some other document in in `docs/`) and the upstream ([mautrix](https://github.com/mautrix)) bridge documentation for that specific bridge. +Reporting bridge bugs should happen upstream, in the corresponding mautrix repository, not to us. From da24f8ec8551811b287c5855a0c20aaaa02e59d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Jul 2022 16:37:46 +0000 Subject: [PATCH 78/96] Bump frenck/action-yamllint from 1.1.2 to 1.2.0 Bumps [frenck/action-yamllint](https://github.com/frenck/action-yamllint) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/frenck/action-yamllint/releases) - [Commits](https://github.com/frenck/action-yamllint/compare/v1.1.2...v1.2.0) --- updated-dependencies: - dependency-name: frenck/action-yamllint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index f58fe75f9..2d9cd667c 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,4 +13,4 @@ jobs: - name: ⤵️ Check out configuration from GitHub uses: actions/checkout@v3 - name: 🚀 Run yamllint - uses: frenck/action-yamllint@v1.1.2 + uses: frenck/action-yamllint@v1.2.0 From 3b85a9a9943c9e0d846c1ecaaf3c35caf407a468 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 Jul 2022 20:25:32 +0300 Subject: [PATCH 79/96] Upgrade hookshot (1.7.3 -> 1.8.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 5d618a6ea..abe266682 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.3 +matrix_hookshot_version: 1.8.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From e4caf3fa814c361f6e018b139a577b1238e97c0b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Jul 2022 11:35:38 +0300 Subject: [PATCH 80/96] Add note about signald (0.19.0+) upgrade Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921 --- CHANGELOG.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65e57a7f6..184476fe2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,37 @@ +# 2022-07-14 + +## mautrix-signal upgrade requires manual data migration + +In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`. + +Back in the `v0.19.0` released of signald (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem). + +If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded using a `--migrate-data` command when you're upgrading mautrix-signal and signald. + +We don't have a test setup running signald with actual data in it, so we're not sure what the best way to upgrade is. You could try the following steps: + +1. Update the playbook's source code +2. Do a full install (update), but tell Ansible to stop all services (note the `stop` tag): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,stop` +3. Start Postgres manually by running this **on the server**: `systemctl start matrix-postgres` +4. Run the following migration command **on the server**: + +```sh +/usr/bin/env docker run --rm --name matrix-mautrix-signal-daemon \ +--log-driver=none \ +--user=997:1002 \ +--cap-drop=ALL \ +--network=matrix \ +-v /matrix/mautrix-signal/signald:/signald:z \ +docker.io/signald/signald:0.20.0 \ +--migrate-data +``` + +If you're doing this upgrade in the future, you may need to adjust the Signald version in the command above to match the up-to-date value of `matrix_mautrix_signal_daemon_version`, as seen in `roles/matrix-bridge-mautrix-signal/defaults/main.yml`. As of 2022-07-14, the signald version is `v0.20.0` + +5. Start all services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` +6. Tell us how this upgrade went in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) + + # 2022-07-05 ## Ntfy push notifications support From a1d0b584710934df10a6d68f5545f6a47f29a610 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Jul 2022 11:50:18 +0300 Subject: [PATCH 81/96] Try to do the signald (0.19.0) data migration automatically Improvement over e4caf3fa814c361f6. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921 --- CHANGELOG.md | 29 ++++--------------- .../matrix-mautrix-signal-daemon.service.j2 | 10 +++++++ 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 184476fe2..6e528bcf0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,35 +1,16 @@ # 2022-07-14 -## mautrix-signal upgrade requires manual data migration +## signald (0.19.0+) upgrade requires data migration In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`. -Back in the `v0.19.0` released of signald (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem). +Back in the [`v0.19.0` released of signald](https://gitlab.com/signald/signald/-/blob/main/releases/0.19.0.md) (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem). -If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded using a `--migrate-data` command when you're upgrading mautrix-signal and signald. +If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded. -We don't have a test setup running signald with actual data in it, so we're not sure what the best way to upgrade is. You could try the following steps: +We attempt to do this data migration automatically every time Signald starts (`matrix-mautrix-signal-daemon.service`) using a `ExecStartPre` systemd unit definition. -1. Update the playbook's source code -2. Do a full install (update), but tell Ansible to stop all services (note the `stop` tag): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,stop` -3. Start Postgres manually by running this **on the server**: `systemctl start matrix-postgres` -4. Run the following migration command **on the server**: - -```sh -/usr/bin/env docker run --rm --name matrix-mautrix-signal-daemon \ ---log-driver=none \ ---user=997:1002 \ ---cap-drop=ALL \ ---network=matrix \ --v /matrix/mautrix-signal/signald:/signald:z \ -docker.io/signald/signald:0.20.0 \ ---migrate-data -``` - -If you're doing this upgrade in the future, you may need to adjust the Signald version in the command above to match the up-to-date value of `matrix_mautrix_signal_daemon_version`, as seen in `roles/matrix-bridge-mautrix-signal/defaults/main.yml`. As of 2022-07-14, the signald version is `v0.20.0` - -5. Start all services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` -6. Tell us how this upgrade went in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) +Keep an eye on your Signal bridge and let us know (in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921)) if you experience any trouble! # 2022-07-05 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 0ee05d7d7..d6be37e98 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -21,6 +21,16 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 +# Migration task required by the 0.19.0 upgrade +ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ + {{ matrix_mautrix_signal_daemon_docker_image }} \ + --migrate-data + # We can't use `--read-only` for this bridge. ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ From e94ec75e1a38db92a7437dda0b05d9bff1aa2efb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Jul 2022 16:57:59 +0300 Subject: [PATCH 82/96] Remove matrix-bridge-mx-puppet-skype role --- CHANGELOG.md | 17 +++ README.md | 2 - ...iguring-playbook-bridge-mx-puppet-skype.md | 31 +--- docs/configuring-playbook.md | 2 +- docs/container-images.md | 2 - docs/self-building.md | 1 - group_vars/matrix_servers | 44 ------ roles/matrix-base/tasks/sanity_check.yml | 10 ++ .../defaults/main.yml | 112 --------------- .../tasks/init.yml | 28 ---- .../tasks/main.yml | 23 --- .../tasks/setup_install.yml | 135 ------------------ .../tasks/setup_uninstall.yml | 25 ---- .../tasks/validate_config.yml | 10 -- .../templates/config.yaml.j2 | 118 --------------- .../systemd/matrix-mx-puppet-skype.service.j2 | 43 ------ setup.yml | 1 - 17 files changed, 30 insertions(+), 574 deletions(-) delete mode 100644 roles/matrix-bridge-mx-puppet-skype/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e528bcf0..c8d31abae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # 2022-07-14 +## mx-puppet-skype removal + +The playbook no longer includes the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge, because it has been broken and unmaintaned for a long time. Users that have `matrix_mx_puppet_skype_enabled` in their configuration files will encounter an error when running the playbook until they remove references to this bridge from their configuration. + +To completely clean up your server from `mx-puppet-skype`'s presence on it: + +- ensure your Ansible configuration (`vars.yml` file) no longer contains `matrix_mx_puppet_skype_*` references +- stop and disable the systemd service (run `systemctl disable --now matrix-mx-puppet-skype` on the server) +- delete the systemd service (run `rm /etc/systemd/system/matrix-mx-puppet-skype.service` on the server) +- delete `/matrix/mx-puppet-skype` (run `rm -rf /matrix/mx-puppet-skype` on the server) +- drop the `matrix_mx_puppet_skype` database (run `/usr/local/bin/matrix-postgres-cli` on the server, and execute the `DROP DATABASE matrix_mx_puppet_skype;` query there) + +If you still need bridging to [Skype](https://www.skype.com/), consider switching to [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) instead. See [Setting up Go Skype Bridge bridging](docs/configuring-playbook-bridge-go-skype-bridge.md). + +If you think this is a mistake and `mx-puppet-skype` works for you (or you get it to work somehow), let us know and we may reconsider this removal. + + ## signald (0.19.0+) upgrade requires data migration In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`. diff --git a/README.md b/README.md index 4347b1280..251df0436 100644 --- a/README.md +++ b/README.md @@ -79,8 +79,6 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation -- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation - - (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation diff --git a/docs/configuring-playbook-bridge-mx-puppet-skype.md b/docs/configuring-playbook-bridge-mx-puppet-skype.md index ff4e636ee..c80b1af82 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-skype.md +++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md @@ -1,32 +1,5 @@ # Setting up MX Puppet Skype (optional) -**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this. +The playbook used to be able to install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype), but no longer includes this component, because it has been broken and unmaintaned for a long time. -The playbook can install and configure -[mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you. - -See the project page to learn what it does and why it might be useful to you. - -To enable the [Skype](https://www.skype.com/) bridge just use the following -playbook configuration: - - -```yaml -matrix_mx_puppet_skype_enabled: true -``` - - -## Usage - -Once the bot is enabled you need to start a chat with `Skype Puppet Bridge` with -the handle `@_skypepuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base -domain, not the `matrix.` domain). - -Send `link ` to the bridge bot to link your skype account. - -Once logged in, send `list` to the bot user to list the available rooms. - -Clicking rooms in the list will result in you receiving an invitation to the -bridged room. - -Also send `help` to the bot to see the commands available. +Bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index f71a23f5c..c7804d395 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative +- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) instead - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index 25005d5ac..a587d932f 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -68,8 +68,6 @@ These services are not part of our default installation, but can be enabled by [ - [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) (optional) -- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional) - - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional) - [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional) diff --git a/docs/self-building.md b/docs/self-building.md index 9cb5bf2a5..ab6e17d3a 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -33,7 +33,6 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-telegram` - `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-whatsapp` -- `matrix-bridge-mx-puppet-skype` - `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` - `matrix-bot-honoroit` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 25d0a0e13..221662c5d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -729,44 +729,6 @@ matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else # ###################################################################### -###################################################################### -# -# matrix-bridge-mx-puppet-skype -# -###################################################################### - -# We don't enable bridges by default. -matrix_mx_puppet_skype_enabled: false - -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" - -matrix_mx_puppet_skype_systemd_required_services_list: | - {{ - ['docker.service'] - + - ['matrix-' + matrix_homeserver_implementation + '.service'] - + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) - + - (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) - }} - -matrix_mx_puppet_skype_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.tok') | to_uuid }}" - -matrix_mx_puppet_skype_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.tok') | to_uuid }}" - -matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" - -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}" - -###################################################################### -# -# /matrix-bridge-mx-puppet-skype -# -###################################################################### - ###################################################################### # @@ -1863,12 +1825,6 @@ matrix_postgres_additional_databases: | 'password': matrix_mautrix_whatsapp_database_password, }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else []) + - ([{ - 'name': matrix_mx_puppet_skype_database_name, - 'username': matrix_mx_puppet_skype_database_username, - 'password': matrix_mx_puppet_skype_database_password, - }] if (matrix_mx_puppet_skype_enabled and matrix_mx_puppet_skype_database_engine == 'postgres' and matrix_mx_puppet_skype_database_hostname == 'matrix-postgres') else []) - + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index f78510d77..98fa2738f 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -79,3 +79,13 @@ when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or (ansible_architecture.startswith("armv") and matrix_architecture != "arm32") + +- name: Fail if encountering usage of removed role (mx-puppet-skype) + fail: + msg: >- + Your configuration seems to include a reference to `matrix_mx_puppet_skype_enabled`. Are you trying to install the mx-puppet-skype bridge? + The playbook no longer includes a role for installing mx-puppet-skype, because the mx-puppet-bridge is unmaintained and has been reported as broken for a long time. + To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration. + To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal. + If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`. + when: "'matrix_mx_puppet_skype_enabled' in vars" diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml deleted file mode 100644 index 905e50863..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -# Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-skype - -matrix_mx_puppet_skype_enabled: true - -matrix_mx_puppet_skype_container_image_self_build: false -matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git" - -matrix_mx_puppet_skype_version: latest -matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:{{ matrix_mx_puppet_skype_version }}" -matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_skype_base_path: "{{ matrix_base_data_path }}/mx-puppet-skype" -matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/config" -matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data" -matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src" - -matrix_mx_puppet_skype_appservice_port: "8438" - -matrix_mx_puppet_skype_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_skype_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_skype_provisioning_blacklist: [] - -# Same as provisioning -matrix_mx_puppet_skype_relay_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Same as provisioning -matrix_mx_puppet_skype_relay_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_skype_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-skype.service depends on. -matrix_mx_puppet_skype_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-skype.service wants -matrix_mx_puppet_skype_systemd_wanted_services_list: [] - -matrix_mx_puppet_skype_appservice_token: '' -matrix_mx_puppet_skype_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_skype_login_shared_secret: '' - -# Database configuration, role default is `sqlite` but playbook default is `postgres` -matrix_mx_puppet_skype_database_engine: sqlite - -matrix_mx_puppet_skype_sqlite_database_path_local: "{{ matrix_mx_puppet_skype_data_path }}/database.db" -matrix_mx_puppet_skype_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_skype_database_username: matrix_mx_puppet_skype -matrix_mx_puppet_skype_database_password: ~ -matrix_mx_puppet_skype_database_hostname: 'matrix-postgres' -matrix_mx_puppet_skype_database_port: 5432 -matrix_mx_puppet_skype_database_name: matrix_mx_puppet_skype - -matrix_mx_puppet_skype_database_connection_string: 'postgresql://{{ matrix_mx_puppet_skype_database_username }}:{{ matrix_mx_puppet_skype_database_password }}@{{ matrix_mx_puppet_skype_database_hostname }}:{{ matrix_mx_puppet_skype_database_port }}/{{ matrix_mx_puppet_skype_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_skype_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_skype_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_skype_configuration_yaml`. - -matrix_mx_puppet_skype_configuration_extension: "{{ matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml if matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_skype_configuration_yaml`. -matrix_mx_puppet_skype_configuration: "{{ matrix_mx_puppet_skype_configuration_yaml|from_yaml|combine(matrix_mx_puppet_skype_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_skype_registration_yaml: | - as_token: "{{ matrix_mx_puppet_skype_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_skype_homeserver_token }}" - id: skype-puppet - namespaces: - users: - - exclusive: true - regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _skypepuppet_bot - url: {{ matrix_mx_puppet_skype_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_skype_registration: "{{ matrix_mx_puppet_skype_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml deleted file mode 100644 index 699ad6f69..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}" - when: matrix_mx_puppet_skype_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ - matrix_synapse_container_extra_arguments|default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] - }} - - matrix_synapse_app_service_config_files: > - {{ - matrix_synapse_app_service_config_files|default([]) - + - ["/matrix-mx-puppet-skype-registration.yaml"] - }} - when: matrix_mx_puppet_skype_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml deleted file mode 100644 index 0793e994b..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml deleted file mode 100644 index 96ae82e61..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ /dev/null @@ -1,135 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-skype role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Skype paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {path: "{{ matrix_mx_puppet_skype_base_path }}", when: true} - - {path: "{{ matrix_mx_puppet_skype_config_path }}", when: true} - - {path: "{{ matrix_mx_puppet_skype_data_path }}", when: true} - - {path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}"} - when: matrix_mx_puppet_skype_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_skype_base_path }}/database.db" - register: matrix_mx_puppet_skype_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-skype.service is stopped - service: - name: matrix-mx-puppet-skype - state: stopped - enabled: false - daemon_reload: true - failed_when: false - when: "matrix_mx_puppet_skype_stat_database.stat.exists" - -- name: (Data relocation) Move mx-puppet-skype database file to ./data directory - command: "mv {{ matrix_mx_puppet_skype_base_path }}/database.db {{ matrix_mx_puppet_skype_data_path }}/database.db" - when: "matrix_mx_puppet_skype_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_skype_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}" - register: matrix_mx_puppet_skype_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_skype_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_skype_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-skype.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_skype_requires_restart: true - when: "matrix_mx_puppet_skype_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_skype_database_engine == 'postgres'" - -- name: Ensure MX Puppet Skype image is pulled - docker_image: - name: "{{ matrix_mx_puppet_skype_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" - when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build - register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" - until: result is not failed - -- name: Ensure MX Puppet Skype repository is present on self build - git: - repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_mx_puppet_skype_git_pull_results - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - -- name: Ensure MX Puppet Skype Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_skype_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_skype_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - pull: true - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - -- name: Ensure mx-puppet-skype config.yaml installed - copy: - content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml(indent=2, width=999999) }}" - dest: "{{ matrix_mx_puppet_skype_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-skype skype-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml(indent=2, width=999999) }}" - dest: "{{ matrix_mx_puppet_skype_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-skype.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-skype.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-skype.service" - mode: 0644 - register: matrix_mx_puppet_skype_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation - service: - daemon_reload: true - when: "matrix_mx_puppet_skype_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-skype.service restarted, if necessary - service: - name: "matrix-mx-puppet-skype.service" - state: restarted - when: "matrix_mx_puppet_skype_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml deleted file mode 100644 index 838c3be5f..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-skype service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-skype.service" - register: matrix_mx_puppet_skype_service_stat - -- name: Ensure matrix-mx-puppet-skype is stopped - service: - name: matrix-mx-puppet-skype - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_skype_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-skype.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-skype.service" - state: absent - when: "matrix_mx_puppet_skype_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal - service: - daemon_reload: true - when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml deleted file mode 100644 index 7ed433b12..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_skype_appservice_token" - - "matrix_mx_puppet_skype_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 deleted file mode 100644 index 647f8fc78..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ /dev/null @@ -1,118 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Address for the bridge to bind to; if running as a Docker container, you - # probably want 0.0.0.0 here - bindAddress: 0.0.0.0 - # Port to host the bridge on which your homeserver will connect to - port: {{ matrix_mx_puppet_skype_appservice_port }} - # Name of your homeserver - domain: {{ matrix_domain }} - # URL where the bridge can connect to your homeserver - homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} - # Optionally specify a different media URL used for the media store - mediaURL: https://{{ matrix_server_fqn_matrix }} - # This enabled automatic double-puppeting: - # A map for shared secrets of the homeserver URL to the shared secret - # See https://github.com/devture/matrix-synapse-shared-secret-auth - #loginSharedSecretMap: - # yourserver.com: supersecretsharedsecret - {% if matrix_mx_puppet_skype_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} - {% endif %} - # optionally override the display name of the bridge bot - #displayname: Protocol Bot - # optionally set the avatar of the bridge bot - #avatarUrl: mxc://yourserver.com/somefile - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: warn - # Optionally, you can apply filters to the console logging - #console: - # level: info - # enabled: - # - Store - # disabled: - # - PresenceHandler - - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] - -database: -{% if matrix_mx_puppet_skype_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_skype_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_skype_sqlite_database_path_in_container|to_json }} -{% endif %} - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} - -presence: - # Bridge online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 5000 - # if the im.vector.user_status state setting should be diabled - #disableStatusState: false - # A blacklist of remote user IDs for the im.vector.user_status state setting - #statusStateBlacklist: - # - baduser - -relay: - # Regex of Matrix IDs to allow to use the relay mode - # Same format as in provisioning - #whitelist: - #- "@.*:yourserver\\.com" - whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} - - #blacklist: - #- "@user:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} - -# Map certain homeserver URLs to the C-S API endpoint -# Useful for double-puppeting if .well-known is unavailable for some reason -#homeserverUrlMap: -# yourserver.com: http://localhost:1234 - -namePatterns: - # Override the protocols set default name patterns - # Which variables are available depends on protocol implementation - user: :name - room: :name - -limits: - # Up to how many users should be auto-joined on room creation? -1 to disable - # Defaults to 200 - maxAutojoinUsers: 200 - # How long the delay between two autojoin users should be, in millisectonds. - # Defaults to 5000 - roomUserAutojoinDelay: 5000 diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 deleted file mode 100644 index ec06485a8..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Skype bridge -{% for service in matrix_mx_puppet_skype_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_skype_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_skype_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_skype_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_skype_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_skype_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-skype - -[Install] -WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index c99da4d16..64e0d90d6 100755 --- a/setup.yml +++ b/setup.yml @@ -30,7 +30,6 @@ - matrix-bridge-mx-puppet-discord - matrix-bridge-mx-puppet-groupme - matrix-bridge-mx-puppet-steam - - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack - matrix-bridge-mx-puppet-twitter - matrix-bridge-mx-puppet-instagram From 015952b37d5d995c1f21cae56f3777d6d31c305d Mon Sep 17 00:00:00 2001 From: alexhartley Date: Fri, 15 Jul 2022 17:49:47 +0100 Subject: [PATCH 83/96] Update recommended Skype bridge --- docs/configuring-playbook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index c7804d395..f2ce0cfd6 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) instead +- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) From 5a1a1126a27e249e44d143fd0e91103241c40982 Mon Sep 17 00:00:00 2001 From: marinmo Date: Sat, 16 Jul 2022 15:33:30 +0000 Subject: [PATCH 84/96] update buscarron from github -> gitlab project doesn't exist on github anymore --- docs/configuring-dns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index aec3c2539..ca7c08b08 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -64,7 +64,7 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. -The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. +The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://gitlab.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. ## `_matrix-identity._tcp` SRV record setup From 91cbc8b2ff9ff9cf883eff2e01310c58d428c318 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 16 Jul 2022 22:28:53 +0300 Subject: [PATCH 85/96] Update mautrix whatsapp 0.5.0 -> 0.6.0 --- .../defaults/main.yml | 2 +- .../templates/config.yaml.j2 | 243 +++++++++++++++--- 2 files changed, 214 insertions(+), 31 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e0af254d0..04184abec 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.5.0 +matrix_mautrix_whatsapp_version: v0.6.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 81be5d80f..6e07ce72a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -5,13 +5,17 @@ homeserver: address: {{ matrix_mautrix_whatsapp_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} -# Application service host/registration related details. -# Changing these values requires regeneration of the registration. # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. address: {{ matrix_mautrix_whatsapp_appservice_address }} @@ -24,11 +28,16 @@ appservice: type: {{ matrix_mautrix_whatsapp_appservice_database_type|to_json }} # The database URI. # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql uri: {{ matrix_mautrix_whatsapp_appservice_database_uri|to_json }} # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null # The unique ID of this appservice. id: whatsapp # Appservice bot details. @@ -39,37 +48,71 @@ appservice: # to leave display name/avatar as-is. displayname: WhatsApp bridge bot avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" +# Segment API key to track some events, like provisioning API login and encryption errors. +segment_key: null + +# Prometheus config. +metrics: + # Enable prometheus metrics? + enabled: false + # IP and port where the metrics listener should be. The path is always /metrics + listen: 127.0.0.1:8001 + +# Config for things that are directly sent to WhatsApp. +whatsapp: + # Device name that's shown in the "WhatsApp Web" section in the mobile app. + os_name: Mautrix-WhatsApp bridge + # Browser name that determines the logo shown in the mobile app. + # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon. + # List of valid browser names: https://github.com/tulir/whatsmeow/blob/8b34d886d543b72e5f4699cf5b2797f68d598f78/binary/proto/def.proto#L38-L51 + browser_name: unknown + # Bridge config bridge: # Localpart template of MXIDs for WhatsApp users. - # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. + # {{.}} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" - displayname_template: "{{ '{{if .PushName}}{{.PushName}}{{else if .BusinessName}}{{.BusinessName}}{{else}}{{.JID}}{{end}} (WA)' }}" + # Displayname template for WhatsApp users. + # {{.PushName}} - nickname set by the WhatsApp user + # {{.BusinessName}} - validated WhatsApp business name + # {{.Phone}} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{.FullName}} - full name from contact list + # {{.FirstName}} - first name from contact list + displayname_template: "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)" + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. + personal_filtering_spaces: false # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true # Should incoming calls send a message to the Matrix room? call_start_notices: true # Should another user's cryptographic identity changing send a message to Matrix? identity_change_notices: false - # Should a "reactions not yet supported" warning be sent to the Matrix room when a user reacts to a message? - reaction_notices: true portal_message_buffer: 128 - # Settings for handling history sync payloads. These settings only apply right after login, - # because the phone only sends the history sync data once, and there's no way to re-request it - # (other than logging out and back in again). + # Settings for handling history sync payloads. history_sync: # Should the bridge create portals for chats in the history sync payload? create_portals: true - # Maximum age of chats in seconds to create portals for. Set to 0 to create portals for all chats in sync payload. - max_age: 604800 # Enable backfilling history sync payloads from WhatsApp using batch sending? # This requires a server with MSC2716 support, which is currently an experimental feature in synapse. # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml. - # Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. + # Note that prior to Synapse 1.49, there were some bugs with the implementation, especially if using event persistence workers. + # There are also still some issues in Synapse's federation implementation. backfill: false # Use double puppets for backfilling? # In order to use this, the double puppets must be in the appservice's user ID namespace @@ -80,6 +123,67 @@ bridge: # Should the bridge request a full sync from the phone when logging in? # This bumps the size of history syncs from 3 months to 1 year. request_full_sync: false + # Settings for media requests. If the media expired, then it will not + # be on the WA servers. + # Media can always be requested by reacting with the ♻️ (recycle) emoji. + # These settings determine if the media requests should be done + # automatically during or after backfill. + media_requests: + # Should expired media be automatically requested from the server as + # part of the backfill process? + auto_request_media: true + # Whether to request the media immediately after the media message + # is backfilled ("immediate") or at a specific time of the day + # ("local_time"). + request_method: immediate + # If request_method is "local_time", what time should the requests + # be sent (in minutes after midnight)? + request_local_time: 120 + # The maximum number of initial conversations that should be synced. + # Other conversations will be backfilled on demand when the start PM + # provisioning endpoint is used or when a message comes in from that + # chat. + max_initial_conversations: -1 + # Settings for immediate backfills. These backfills should generally be + # small and their main purpose is to populate each of the initial chats + # (as configured by max_initial_conversations) with a few messages so + # that you can continue conversations without loosing context. + immediate: + # The number of concurrent backfill workers to create for immediate + # backfills. Note that using more than one worker could cause the + # room list to jump around since there are no guarantees about the + # order in which the backfills will complete. + worker_count: 1 + # The maximum number of events to backfill initially. + max_events: 10 + # Settings for deferred backfills. The purpose of these backfills are + # to fill in the rest of the chat history that was not covered by the + # immediate backfills. These backfills generally should happen at a + # slower pace so as not to overload the homeserver. + # Each deferred backfill config should define a "stage" of backfill + # (i.e. the last week of messages). The fields are as follows: + # - start_days_ago: the number of days ago to start backfilling from. + # To indicate the start of time, use -1. For example, for a week ago, use 7. + # - max_batch_events: the number of events to send per batch. + # - batch_delay: the number of seconds to wait before backfilling each batch. + deferred: + # Last Week + - start_days_ago: 7 + max_batch_events: 20 + batch_delay: 5 + # Last Month + - start_days_ago: 30 + max_batch_events: 50 + batch_delay: 10 + # Last 3 months + - start_days_ago: 90 + max_batch_events: 100 + batch_delay: 10 + # The start of time + - start_days_ago: -1 + max_batch_events: 500 + batch_delay: 10 + # Should puppet avatars be fetched from the server even if an avatar is already set? user_avatar_sync: true # Should Matrix users leaving groups be bridged to WhatsApp? bridge_matrix_leave: true @@ -89,11 +193,26 @@ bridge: # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. sync_direct_chat_list: false + # Should the bridge use MSC2867 to bridge manual "mark as unread"s from + # WhatsApp and set the unread status on initial backfill? + # This will only work on clients that support the m.marked_unread or + # com.famedly.marked_unread room account data. + sync_manual_marked_unread: true # When double puppeting is enabled, users can use `!wa toggle` to change whether # presence and read receipts are bridged. These settings set the default values. # Existing users won't be affected when these are changed. default_bridge_receipts: true default_bridge_presence: true + # Send the presence as "available" to whatsapp when users start typing on a portal. + # This works as a workaround for homeservers that do not support presence, and allows + # users to see when the whatsapp user on the other side is typing during a conversation. + send_presence_on_typing: false + # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp) + # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)? + # + # By default, the bridge acts like WhatsApp web, which only sends active delivery + # receipts when it's in the foreground. + force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_homeserver_address }} @@ -125,9 +244,14 @@ bridge: # Should WhatsApp status messages be bridged into a Matrix room? # Disabling this won't affect already created status broadcast rooms. enable_status_broadcast: true + # Should sending WhatsApp status messages be allowed? + # This can cause issues if the user has lots of contacts, so it's disabled by default. + disable_status_broadcast_send: true # Should the status broadcast room be muted and moved into low priority by default? - # This is only applied when creating the room, the user can unmute/untag it later. + # This is only applied when creating the room, the user can unmute it later. mute_status_broadcast: true + # Tag to apply to the status broadcast room. + status_broadcast_tag: m.lowpriority # Should the bridge use thumbnails from WhatsApp? # They're disabled by default due to very low resolution. whatsapp_thumbnail: false @@ -137,6 +261,30 @@ bridge: # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} + # Whether to enable disappearing messages in groups. If enabled, then the expiration time of + # the messages will be determined by the first user to read the message, rather than individually. + # If the bridge only has a single user, this can be turned on safely. + disappearing_messages_in_groups: false + # Should the bridge never send alerts to the bridge management room? + # These are mostly things like the user being logged out. + disable_bridge_alerts: false + # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, + # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` + # key in the event content even if this is disabled. + url_previews: false + # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. + # This is currently not supported in most clients. + caption_in_message: false + # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration + # Null means there's no enforced timeout. + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: null + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 120s # The prefix for commands. Only required in non-management rooms. command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}" @@ -163,18 +311,53 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} - # Options for automatic key sharing. - key_sharing: - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} - # Require the requesting device to have a valid cross-signing signature? - # This doesn't require that the bridge has verified the device, only that the user has verified it. - # Not yet implemented. - require_cross_signing: false - # Require devices to be verified by the bridge? - # Verification by the bridge is not yet implemented. - require_verification: true + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate # Permissions for using the bridge. # Permitted values: @@ -214,14 +397,14 @@ logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. - # empy/null = journal logging only - file_name_format: + # Set this to null to disable logging to file. + file_name_format: null # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" # Log file permissions. - file_mode: 0600 + file_mode: 0o600 # Timestamp format for log entries in the Go time format. timestamp_format: "Jan _2, 2006 15:04:05" - # Minimum severity for log messages. + # Minimum severity for log messages printed to stdout/stderr. This doesn't affect the log file. # Options: debug, info, warn, error, fatal print_level: {{ matrix_mautrix_whatsapp_logging_level }} From fa9b34b983595e22799ae6d6ca70f2bcf261cf48 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Jul 2022 23:25:05 +0300 Subject: [PATCH 86/96] Try to make Jinja not trip up over syntax --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 6e07ce72a..b0b2491e6 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -80,7 +80,7 @@ whatsapp: # Bridge config bridge: # Localpart template of MXIDs for WhatsApp users. - # {{.}} is replaced with the phone number of the WhatsApp user. + # {% raw %}{{.}}{% endraw %} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" # Displayname template for WhatsApp users. # {{.PushName}} - nickname set by the WhatsApp user From e149f331406f843aab71777fdc9f6168ea885139 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 16 Jul 2022 23:59:21 +0300 Subject: [PATCH 87/96] add/unify 'Project source code URL' link across all roles --- roles/matrix-backup-borg/defaults/main.yml | 2 ++ roles/matrix-bot-buscarron/defaults/main.yml | 2 +- roles/matrix-bot-go-neb/defaults/main.yml | 2 +- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 +- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-discord/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-webhooks/defaults/main.yml | 2 +- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 +- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 +- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-steam/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml | 2 +- roles/matrix-bridge-sms/defaults/main.yml | 2 +- roles/matrix-client-cinny/defaults/main.yml | 1 + roles/matrix-client-element/defaults/main.yml | 1 + roles/matrix-client-hydrogen/defaults/main.yml | 1 + roles/matrix-corporal/defaults/main.yml | 2 +- roles/matrix-coturn/defaults/main.yml | 1 + roles/matrix-dendrite/defaults/main.yml | 2 +- roles/matrix-dimension/defaults/main.yml | 1 + roles/matrix-dynamic-dns/defaults/main.yml | 2 ++ roles/matrix-email2matrix/defaults/main.yml | 1 + roles/matrix-etherpad/defaults/main.yml | 1 + roles/matrix-grafana/defaults/main.yml | 1 + roles/matrix-jitsi/defaults/main.yml | 1 + roles/matrix-ma1sd/defaults/main.yml | 2 +- roles/matrix-mailer/defaults/main.yml | 1 + roles/matrix-nginx-proxy/defaults/main.yml | 1 + roles/matrix-ntfy/defaults/main.yml | 2 ++ roles/matrix-postgres-backup/defaults/main.yml | 1 + roles/matrix-postgres/defaults/main.yml | 1 + roles/matrix-prometheus-node-exporter/defaults/main.yml | 1 + roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 2 +- roles/matrix-prometheus/defaults/main.yml | 1 + roles/matrix-redis/defaults/main.yml | 1 + roles/matrix-registration/defaults/main.yml | 1 + roles/matrix-sygnal/defaults/main.yml | 2 +- roles/matrix-synapse-admin/defaults/main.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 2 +- 56 files changed, 60 insertions(+), 37 deletions(-) diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 906522c24..5003c26c6 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Project source code URL: https://gitlab.com/etke.cc/borgmatic + matrix_backup_borg_enabled: true matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 56686f42f..aff54ceb0 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -1,6 +1,6 @@ --- # buscarron is a helpdesk bot -# See: https://gitlab.com/etke.cc/buscarron +# Project source code URL: https://gitlab.com/etke.cc/buscarron matrix_bot_buscarron_enabled: true diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index fa57b1095..31cb27d67 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -1,6 +1,6 @@ --- # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. -# See: https://github.com/matrix-org/go-neb +# Project source code URL: https://github.com/matrix-org/go-neb matrix_bot_go_neb_enabled: true matrix_bot_go_neb_version: latest diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 292de0bf4..665c64e9c 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -1,6 +1,6 @@ --- # honoroit is a helpdesk bot -# See: https://gitlab.com/etke.cc/honoroit +# Project source code URL: https://gitlab.com/etke.cc/honoroit matrix_bot_honoroit_enabled: true diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 40538478e..6cd0d15ae 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-registration-bot creates and manages registration tokens for a matrix server -# See: https://github.com/moan0s/matrix-registration-bot +# Project source code URL: https://github.com/moan0s/matrix-registration-bot matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_container_image_self_build: false diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 0fdf8a415..48e6f07b4 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-reminder-bot is a bot for one-off and recurring reminders -# See: https://github.com/anoadragon453/matrix-reminder-bot +# Project source code URL: https://github.com/anoadragon453/matrix-reminder-bot matrix_bot_matrix_reminder_bot_enabled: true diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 714cd0d36..94d04e782 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -1,6 +1,6 @@ --- # A moderation tool for Matrix -# See: https://github.com/matrix-org/mjolnir +# Project source code URL: https://github.com/matrix-org/mjolnir matrix_bot_mjolnir_enabled: true diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index b2ef2cdf5..f3e39f24f 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-appservice-discord is a Matrix <-> Discord bridge -# See: https://github.com/Half-Shot/matrix-appservice-discord +# Project source code URL: https://github.com/Half-Shot/matrix-appservice-discord matrix_appservice_discord_enabled: true diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index d0843836d..52554f61b 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -1,6 +1,6 @@ --- # Matrix Appservice IRC is a Matrix <-> IRC bridge -# See: https://github.com/matrix-org/matrix-appservice-irc +# Project source code URL: https://github.com/matrix-org/matrix-appservice-irc matrix_appservice_irc_enabled: true diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index ae3f55df6..91a00d3db 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-appservice-slack is a Matrix <-> Slack bridge -# See: https://github.com/matrix-org/matrix-appservice-slack +# Project source code URL: https://github.com/matrix-org/matrix-appservice-slack matrix_appservice_slack_enabled: true diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 223b9c0b3..e7ea26ed3 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-appservice-webhooks is a Matrix <-> webhook bridge -# See: https://github.com/redoonetworks/matrix-appservice-webhooks +# Project source code URL: https://github.com/redoonetworks/matrix-appservice-webhooks matrix_appservice_webhooks_enabled: true diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 514cfb142..498e4894d 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -1,6 +1,6 @@ --- # beeper-linkedin is a Matrix <-> LinkedIn bridge -# See: https://gitlab.com/beeper/linkedin +# Project source code URL: https://gitlab.com/beeper/linkedin matrix_beeper_linkedin_enabled: true diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index b6b4db346..5e31b0450 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -1,6 +1,6 @@ --- # Go Skype Bridge is a Matrix <-> Skype bridge -# See: https://github.com/kelaresg/go-skype-bridge +# Project source code URL: https://github.com/kelaresg/go-skype-bridge matrix_go_skype_bridge_enabled: true diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index dfbddd426..e8d2c7907 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -1,6 +1,6 @@ --- # heisenbridge is a bouncer-style Matrix IRC bridge -# See: https://github.com/hifi/heisenbridge +# Project source code URL: https://github.com/hifi/heisenbridge matrix_heisenbridge_enabled: true diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index abe266682..74f98bacd 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -1,7 +1,7 @@ --- # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. -# https://github.com/matrix-org/matrix-hookshot +# Project source code URL: https://github.com/matrix-org/matrix-hookshot matrix_hookshot_enabled: true diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 22d7fda67..7993550fa 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-facebook is a Matrix <-> Facebook bridge -# See: https://github.com/mautrix/facebook +# Project source code URL: https://github.com/mautrix/facebook matrix_mautrix_facebook_enabled: true diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 2077d210d..5b93741a9 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-googlechat is a Matrix <-> googlechat bridge -# See: https://github.com/mautrix/googlechat +# Project source code URL: https://github.com/mautrix/googlechat matrix_mautrix_googlechat_enabled: true diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 31fec1005..061fa56ab 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-hangouts is a Matrix <-> Hangouts bridge -# See: https://github.com/mautrix/hangouts +# Project source code URL: https://github.com/mautrix/hangouts matrix_mautrix_hangouts_enabled: true diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 79ff1bf0f..5c849cfc7 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-instagram is a Matrix <-> Instagram bridge -# See: https://github.com/mautrix/instagram +# Project source code URL: https://github.com/mautrix/instagram matrix_mautrix_instagram_enabled: true diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 6b0f41d72..3ed92dbcb 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-signal is a Matrix <-> Signal bridge -# See: https://github.com/mautrix/signal +# Project source code URL: https://github.com/mautrix/signal matrix_mautrix_signal_enabled: true diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index e3ee2fe95..97ba2bc97 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-telegram is a Matrix <-> Telegram bridge -# See: https://github.com/mautrix/telegram +# Project source code URL: https://github.com/mautrix/telegram matrix_mautrix_telegram_enabled: true diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 291bd6a55..150b5b4dc 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-twitter is a Matrix <-> Twitter bridge -# See: https://github.com/mautrix/twitter +# Project source code URL: https://github.com/mautrix/twitter matrix_mautrix_twitter_enabled: true diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 04184abec..e7f027091 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-whatsapp is a Matrix <-> Whatsapp bridge -# See: https://github.com/mautrix/whatsapp +# Project source code URL: https://github.com/mautrix/whatsapp matrix_mautrix_whatsapp_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 2a2ecd58a..4d297f25f 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord +# Project source code URL: https://gitlab.com/mx-puppet/discord/mx-puppet-discord matrix_mx_puppet_discord_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 0daf6dfc7..696380ed1 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge -# See: https://gitlab.com/robintown/mx-puppet-groupme +# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme matrix_mx_puppet_groupme_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 3a73e0fed..c7c86e3c5 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -1,6 +1,6 @@ --- # mx-puppet-instagram bridges instagram DMs -# See: https://github.com/Sorunome/mx-puppet-instagram +# Project source code URL: https://github.com/Sorunome/mx-puppet-instagram matrix_mx_puppet_instagram_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index b77614f70..294b18cf7 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# Project source code URL: https://gitlab.com/mx-puppet/slack/mx-puppet-slack matrix_mx_puppet_slack_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 4e3d6bc6e..430dc90f1 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -1,11 +1,11 @@ --- # Mx Puppet Steam is a Matrix <-> Steam bridge -# See: https://github.com/matrix-steam/mx-puppet-steam +# Project source code URL: https://github.com/icewind1991/mx-puppet-steam matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 37be2be28..c1b460713 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -1,7 +1,7 @@ --- # Mx Puppet Twitter is a Matrix <-> Twitter bridge -# See: https://github.com/Sorunome/mx-puppet-twitter +# Project source code URL: https://github.com/Sorunome/mx-puppet-twitter matrix_mx_puppet_twitter_enabled: true diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 82ffce6eb..8a640f862 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-sms-bridge is a Matrix <-> SMS bridge -# See: https://github.com/benkuly/matrix-sms-bridge +# Project source code URL: https://github.com/benkuly/matrix-sms-bridge matrix_sms_bridge_enabled: true diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 891058009..277f6e0cf 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/ajbura/cinny matrix_client_cinny_enabled: true diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index aacc2f11f..e93b2c7c5 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/vector-im/element-web matrix_client_element_enabled: true diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 88d52ba5c..5a28ef38a 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/vector-im/hydrogen-web matrix_client_hydrogen_enabled: true diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index bd91564ab..1aa512eec 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-corporal is a reconciliator and gateway for a managed Matrix server. -# See: https://github.com/devture/matrix-corporal +# Project source code URL: https://github.com/devture/matrix-corporal matrix_corporal_enabled: true diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index bf3564cd0..0b48616be 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/coturn/coturn matrix_coturn_enabled: true diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index f3876875e..450ae6324 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -1,6 +1,6 @@ --- # Dendrite is a second-generation Matrix homeserver currently in Beta -# See: https://github.com/matrix-org/dendrite +# Project source code URL: https://github.com/matrix-org/dendrite matrix_dendrite_enabled: true diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index c4da906de..68bd79089 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/turt2live/matrix-dimension matrix_dimension_enabled: false diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 95a1188b4..97629e15c 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Project source code URL: https://github.com/linuxserver/docker-ddclient + # Whether dynamic dns is enabled matrix_dynamic_dns_enabled: true diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index fe5d33995..3084506f1 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/devture/email2matrix matrix_email2matrix_enabled: true diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 8a0248606..656e43f9d 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/ether/etherpad-lite matrix_etherpad_enabled: false diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 7765ae48c..f411dc52d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-grafana is open source visualization and analytics software # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md +# Project source code URL: https://github.com/grafana/grafana matrix_grafana_enabled: false diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 70dc035d8..ef6a5735e 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/jitsi/docker-jitsi-meet matrix_jitsi_enabled: true diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index f1d570494..19aaf189a 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -1,6 +1,6 @@ --- # ma1sd is a Federated Matrix Identity Server -# See: https://github.com/ma1uta/ma1sd +# Project source code URL: https://github.com/ma1uta/ma1sd matrix_ma1sd_enabled: true diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 6d3bb2e24..48cd638ce 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/devture/exim-relay matrix_mailer_enabled: true diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f9b7a019f..8da1268d6 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true matrix_nginx_proxy_version: 1.21.6-alpine diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index d5fc3fbad..96e9e69df 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Project source code URL: https://github.com/binwiederhier/ntfy + matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index 59ae50766..ed42266f2 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/prodrigestivill/docker-postgres-backup-local matrix_postgres_backup_enabled: false diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index b6cbc2055..3a4d73be1 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/postgres/postgres # Controls if the Postgres server managed by the playbook is enabled. # You can turn it off and use an external Postgres server by setting this to `false`. diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index d061d59cd..d90776976 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics # See: https://prometheus.io/docs/guides/node-exporter/ +# Project source code URL: https://github.com/prometheus/node_exporter matrix_prometheus_node_exporter_enabled: false diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 8c3f435e6..b7cd08b9a 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics -# See: https://github.com/prometheus-community/postgres_exporter +# Project source code URL: https://github.com/prometheus-community/postgres_exporter matrix_prometheus_postgres_exporter_enabled: false diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 28395bd9d..b7b05bed8 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-prometheus is an open-source systems monitoring and alerting toolkit # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md +# Project source code URL: https://github.com/prometheus/prometheus matrix_prometheus_enabled: false diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 88d3d7397..4454355e3 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/redis/redis matrix_redis_enabled: true diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index a5db3022d..9f4c673cd 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-registration is a simple python application to have a token based matrix registration # See: https://zeratax.github.io/matrix-registration/ +# Project source code URL: https://github.com/ZerataX/matrix-registration matrix_registration_enabled: true diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 15bce68c1..15015a97e 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -1,7 +1,7 @@ --- # Sygnal is a reference Push Gateway for Matrix. # To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app. -# Learn more here: https://github.com/matrix-org/sygnal +# Project source code URL: https://github.com/matrix-org/sygnal matrix_sygnal_enabled: false matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index 0aa19e86b..9f4510b6a 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-synapse-admin is a web UI for mananging the Synapse Matrix server -# See: https://github.com/Awesome-Technologies/synapse-admin +# Project source code URL: https://github.com/Awesome-Technologies/synapse-admin matrix_synapse_admin_enabled: true diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 1925ffc29..de8bfdcac 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,6 +1,6 @@ --- # Synapse is a Matrix homeserver -# See: https://github.com/matrix-org/synapse +# Project source code URL: https://github.com/matrix-org/synapse matrix_synapse_enabled: true From 88cff139ed57fc28e12bccbe134be73f17498bff Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 10:29:45 +0300 Subject: [PATCH 88/96] fix mautrix-whatsapp config --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b0b2491e6..878fb1db0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -80,7 +80,7 @@ whatsapp: # Bridge config bridge: # Localpart template of MXIDs for WhatsApp users. - # {% raw %}{{.}}{% endraw %} is replaced with the phone number of the WhatsApp user. + # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" # Displayname template for WhatsApp users. # {{.PushName}} - nickname set by the WhatsApp user @@ -89,7 +89,7 @@ bridge: # The following variables are also available, but will cause problems on multi-user instances: # {{.FullName}} - full name from contact list # {{.FirstName}} - first name from contact list - displayname_template: "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)" + displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}" # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. personal_filtering_spaces: false From e3ff6ca01bbc8db98d55da45170723ba295ccd60 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 14:16:57 +0300 Subject: [PATCH 89/96] mautrix-whatsapp - fix more vars --- .../templates/config.yaml.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 878fb1db0..8e0e300b8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -83,12 +83,12 @@ bridge: # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" # Displayname template for WhatsApp users. - # {{.PushName}} - nickname set by the WhatsApp user - # {{.BusinessName}} - validated WhatsApp business name - # {{.Phone}} - phone number (international format) + # {{ '{{.PushName}}' }} - nickname set by the WhatsApp user + # {{ '{{.BusinessName}}' }} - validated WhatsApp business name + # {{ '{{.Phone}}' }} - phone number (international format) # The following variables are also available, but will cause problems on multi-user instances: - # {{.FullName}} - full name from contact list - # {{.FirstName}} - first name from contact list + # {{ '{{.FullName}}' }} - full name from contact list + # {{ '{{.FirstName}}' }} - first name from contact list displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}" # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. From 0453ccc71647432684302971a4491e94b55600d0 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:21:22 +0300 Subject: [PATCH 90/96] update hydrogen 0.2.29 -> 0.2.33; sync config --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- .../templates/config.json.j2 | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 5a28ef38a..8171fc120 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.29 +matrix_client_hydrogen_version: v0.2.33 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 index 62a849b0f..3e5563546 100644 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ b/roles/matrix-client-hydrogen/templates/config.json.j2 @@ -1,3 +1,16 @@ { - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }} + "push": { + "appId": "io.element.hydrogen.web", + "gatewayUrl": "https://matrix.org", + "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" + }, + "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }}, + "bugReportEndpointUrl": "https://element.io/bugreports/submit", + "themeManifests": [ + "assets/theme-Element.json" + ], + "defaultTheme": { + "light": "element-light", + "dark": "element-dark" + } } From 0ffac5bb45c6d10a9eca30b658181038489f7960 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:24:51 +0300 Subject: [PATCH 91/96] update dynamic dns 3.9.1-ls89 -> 3.9.1-ls92 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 97629e15c..1da87f38d 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls89 +matrix_dynamic_dns_version: v3.9.1-ls92 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From ca11763e862b3eb19f3872c0a2a0cf4bd8f2e0c8 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:26:33 +0300 Subject: [PATCH 92/96] update grafana 9.0.2 -> 9.0.3 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index f411dc52d..3765a0e4d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.2 +matrix_grafana_version: 9.0.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From a6506cf6ff56c5173a5e331093bae4c5c37b21a8 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:29:50 +0300 Subject: [PATCH 93/96] update nginx 1.21.6 -> 1.23.0 --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8da1268d6..3eb6d9499 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.6-alpine +matrix_nginx_proxy_version: 1.23.0-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but From 4bc12fd5602c85e719e7edfb7091f4cb406a3d78 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:31:41 +0300 Subject: [PATCH 94/96] update prometheus 2.36.2 -> 2.37.0 --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index b7b05bed8..547a868ff 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.36.2 +matrix_prometheus_version: v2.37.0 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 22a55f4fa7feb0a227cbf92aebb64239f09fe56e Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:33:43 +0300 Subject: [PATCH 95/96] update redis 6.2.6 -> 7.0.3 --- roles/matrix-redis/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 4454355e3..1534afdb2 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -8,7 +8,7 @@ matrix_redis_connection_password: "" matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" -matrix_redis_version: 6.2.6-alpine +matrix_redis_version: 7.0.3-alpine matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}" matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' From 405d07527f71dcae4c012af0103acf5596ad1e4d Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:38:05 +0300 Subject: [PATCH 96/96] update sygnal 0.11.0 -> 0.12.0 --- roles/matrix-sygnal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 15015a97e..b19ce6141 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -8,7 +8,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" -matrix_sygnal_version: v0.11.0 +matrix_sygnal_version: v0.12.0 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}" matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"