diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index 3c6935780..8b537cd34 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -32,7 +32,7 @@ just run-tags import-postgres \ - `SERVER_PATH_TO_POSTGRES_DUMP_FILE` must be a file path to a Postgres dump file on the server (not on your local machine!) - `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly - +- after importing a large database, it's a good idea to run [an `ANALYZE` operation](https://www.postgresql.org/docs/current/sql-analyze.html) to make Postgres rebuild its database statistics and optimize its query planner. You can easily do this via the playbook by running `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze` (see [Vacuuming PostgreSQL](maintenance-postgres.md#vacuuming-postgresql) for more details). ## Troubleshooting diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index cc8898a2a..7c52b3139 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -34,17 +34,22 @@ When in doubt, consider [making a backup](#backing-up-postgresql). ## Vacuuming PostgreSQL -Deleting lots data from Postgres does not make it release disk space, until you perform a `VACUUM` operation. +Deleting lots data from Postgres does not make it release disk space, until you perform a [`VACUUM` operation](https://www.postgresql.org/docs/current/sql-vacuum.html). -To perform a `FULL` Postgres [VACUUM](https://www.postgresql.org/docs/current/sql-vacuum.html), run the playbook with `--tags=run-postgres-vacuum`. +You can run different `VACUUM` operations via the playbook, with the default preset being `vacuum-complete`: -Example: +- (default) `vacuum-complete`: stops all services temporarily and runs `VACUUM FULL VERBOSE ANALYZE`. +- `vacuum-full`: stops all services temporarily and runs `VACUUM FULL VERBOSE` +- `vacuum`: runs `VACUUM VERBOSE` without stopping any services +- `vacuum-analyze` runs `VACUUM VERBOSE ANALYZE` without stopping any services +- `analyze` runs `ANALYZE VERBOSE` without stopping any services (this is just [ANALYZE](https://www.postgresql.org/docs/current/sql-analyze.html) without doing a vacuum, so it's faster) -```bash -just run-tags run-postgres-vacuum,start -``` +**Note**: for the `vacuum-complete` and `vacuum-full` presets, you'll need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). These presets also stop all services (e.g. Synapse, etc.) while the vacuum operation is running. + +Example playbook invocations: -**Note**: this will automatically stop Synapse temporarily and restart it later. You'll also need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). +- `just run-tags run-postgres-vacuum`: runs the default `vacuum-complete` preset and restarts all services +- `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze`: runs the `analyze` preset with all services remaining operational at all times ## Backing up PostgreSQL diff --git a/requirements.yml b/requirements.yml index 791a19436..14bc66249 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-1 + version: v1.2.6-1.8.2-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-2 + version: v16.0-5 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git @@ -30,12 +30,12 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.2-1 + version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 6.2.0 + version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.2-0 + version: v10.1.4-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 index 6995bcc39..d36aebdd0 100644 --- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Draupnir bot -{% for service in matrix_bot_draupnir_systemd_required_services_list %} +{% for service in matrix_bot_draupnir_systemd_wanted_services_list %} Requires={{ service }} After={{ service }} {% endfor %} diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index 41143566a..2ccef001e 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" -matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" +matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" matrix_bot_matrix_registration_bot_version: 1.3.0 diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 5b35b9d95..b78dc1f1b 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" -matrix_bot_maubot_version: v0.4.1 +matrix_bot_maubot_version: v0.4.2 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 8ac872b72..23561c3c4 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mjolnir bot -{% for service in matrix_bot_mjolnir_systemd_required_services_list %} +{% for service in matrix_bot_mjolnir_systemd_wanted_services_list %} Requires={{ service }} After={{ service }} {% endfor %} diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 556da53b9..2b9fa6eb6 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.15 +matrix_bot_postmoogle_version: v0.9.16 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 491bf3188..d75992d48 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.4.1 +matrix_hookshot_version: 4.5.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml index 6ea936397..725296e6c 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -14,6 +14,18 @@ - ansible.builtin.set_fact: matrix_mautrix_wsproxy_syncproxy_requires_restart: false +- name: Ensure Mautrix wsproxy paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_mautrix_wsproxy_base_path }}" + when: true + when: item.when | bool + - name: Ensure Mautrix wsproxy support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index d1e17b4e7..f80dea84a 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.43 +matrix_client_element_version: v1.11.45 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index f66f3403a..d1989540c 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_dendrite_docker_image_tag: "v0.13.2" +matrix_dendrite_docker_image_tag: "v0.13.3" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 727dfd5bb..ca50813d2 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls131 +matrix_dynamic_dns_version: v3.10.0-ls135 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml index 1d99b4062..20e98a6e4 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ block: - name: Ensure matrix-matrix_ldap_registration_proxy is stopped ansible.builtin.service: - name: matrix-matrix_ldap_registration_proxy + name: matrix-ldap-registration-proxy state: stopped enabled: false daemon_reload: true diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 73e794c25..73afcaf3f 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -77,7 +77,7 @@ matrix_sliding_sync_systemd_required_services_list: ["docker.service"] matrix_sliding_sync_systemd_wanted_services_list: [] # Controls the SYNCV3_SERVER environment variable -matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_url }}" +matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}" # Controls the SYNCV3_SECRET environment variable matrix_sliding_sync_environment_variable_syncv3_secret: '' diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 1798934f4..32ae30f44 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.92.3 +matrix_synapse_version: v1.93.0 matrix_synapse_username: '' matrix_synapse_uid: '' @@ -425,6 +425,11 @@ matrix_synapse_federation_port_openid_resource_required: false # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`. matrix_synapse_federation_domain_whitelist: ~ +# Enable/disable OpenID Connect +matrix_synapse_oidc_enabled: false +# List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs +matrix_synapse_oidc_providers: [] + # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} @@ -1005,6 +1010,11 @@ matrix_synapse_trusted_key_servers: matrix_synapse_redaction_retention_period: 7d +# Controls how long to keep locally forgotten rooms before purging them from the DB. +# Defaults to `null`, meaning it's disabled. +# Example value: 28d +matrix_synapse_forgotten_room_retention_period: ~ + matrix_synapse_user_ips_max_age: 28d diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 7b1c1dfd1..b3a4aa796 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -509,7 +509,12 @@ limit_remote_rooms: # #redaction_retention_period: 28d -redaction_retention_period: {{ matrix_synapse_redaction_retention_period }} +redaction_retention_period: {{ matrix_synapse_redaction_retention_period | to_json }} + +# How long to keep locally forgotten rooms before purging them from the DB. +# +#forgotten_room_retention_period: 28d +forgotten_room_retention_period: {{ matrix_synapse_forgotten_room_retention_period | to_json }} # How long to track users' last seen time and IPs in the database. # @@ -517,7 +522,7 @@ redaction_retention_period: {{ matrix_synapse_redaction_retention_period }} # #user_ips_max_age: 14d -user_ips_max_age: {{ matrix_synapse_user_ips_max_age }} +user_ips_max_age: {{ matrix_synapse_user_ips_max_age | to_json }} # Inhibits the /requestToken endpoints from returning an error that might leak # information about whether an e-mail address is in use or not on this @@ -2085,9 +2090,9 @@ saml2_config: # use 'oidc' for the idp_id to ensure that existing users continue to be # recognised.) # -oidc_providers: +{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %} # Generic example - # + #matrix_synapse_oidc_providers: #- idp_id: my_idp # idp_name: "My OpenID provider" # idp_icon: "mxc://example.com/mediaid" @@ -2111,6 +2116,9 @@ oidc_providers: # attribute_requirements: # - attribute: userGroup # value: "synapseUsers" +oidc_providers: + {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }} +{% endif %} # Enable Central Authentication Service (CAS) for registration and login. diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml index ff93a4633..2d9cc1c38 100644 --- a/roles/custom/matrix-user-creator/tasks/main.yml +++ b/roles/custom/matrix-user-creator/tasks/main.yml @@ -5,6 +5,7 @@ # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data, # which would make importing a database dump problematic. - ensure-matrix-users-created + - ensure-users-created block: - when: matrix_user_creator_users | length > 0 ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml" diff --git a/setup.yml b/setup.yml index 8c58b74ed..d729c106a 100644 --- a/setup.yml +++ b/setup.yml @@ -15,6 +15,7 @@ role: galaxy/geerlingguy.docker vars: docker_install_compose: false + docker_install_compose_plugin: false tags: - setup-docker - setup-all