From 8f269a1c20a33fac8b5027ce1fe4a2e316439391 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 12:00:28 +0300 Subject: [PATCH 01/27] Update etherpad 1.9.2 -> 1.9.3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 791a19436..79d475d35 100644 --- a/requirements.yml +++ b/requirements.yml @@ -30,7 +30,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.2-1 + version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker version: 6.2.0 name: geerlingguy.docker From 250a7845e940deddfbea3ce5d6eeb6e20c6be7b9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 15:35:42 +0300 Subject: [PATCH 02/27] Update hookshot 4.4.1 -> 4.5.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 491bf3188..3f481f78d 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.4.1 +matrix_hookshot_version: 4.5.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 421e5f7792adbc7e1c23901b0a4cd2024fed1611 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 16:49:08 +0300 Subject: [PATCH 03/27] Update element 1.11.43 -> 1.11.44 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index d1e17b4e7..586b2ba9b 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.43 +matrix_client_element_version: v1.11.44 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 363c0254e7c325ab0b47837a4acc1125a53397ab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Sep 2023 17:11:43 +0300 Subject: [PATCH 04/27] Upgrade Postgres (v16.0-2 -> v16.0-5) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 79d475d35..e93ce9801 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.0-2 + version: v16.0-5 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git From 8c4234d52a93eaf224d6371e13b74ab93fbc8fac Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Sep 2023 17:26:10 +0300 Subject: [PATCH 05/27] Add note about ANALYZE after Postgres database importing --- docs/importing-postgres.md | 2 +- docs/maintenance-postgres.md | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index 3c6935780..8b537cd34 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -32,7 +32,7 @@ just run-tags import-postgres \ - `SERVER_PATH_TO_POSTGRES_DUMP_FILE` must be a file path to a Postgres dump file on the server (not on your local machine!) - `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly - +- after importing a large database, it's a good idea to run [an `ANALYZE` operation](https://www.postgresql.org/docs/current/sql-analyze.html) to make Postgres rebuild its database statistics and optimize its query planner. You can easily do this via the playbook by running `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze` (see [Vacuuming PostgreSQL](maintenance-postgres.md#vacuuming-postgresql) for more details). ## Troubleshooting diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index cc8898a2a..7c52b3139 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -34,17 +34,22 @@ When in doubt, consider [making a backup](#backing-up-postgresql). ## Vacuuming PostgreSQL -Deleting lots data from Postgres does not make it release disk space, until you perform a `VACUUM` operation. +Deleting lots data from Postgres does not make it release disk space, until you perform a [`VACUUM` operation](https://www.postgresql.org/docs/current/sql-vacuum.html). -To perform a `FULL` Postgres [VACUUM](https://www.postgresql.org/docs/current/sql-vacuum.html), run the playbook with `--tags=run-postgres-vacuum`. +You can run different `VACUUM` operations via the playbook, with the default preset being `vacuum-complete`: -Example: +- (default) `vacuum-complete`: stops all services temporarily and runs `VACUUM FULL VERBOSE ANALYZE`. +- `vacuum-full`: stops all services temporarily and runs `VACUUM FULL VERBOSE` +- `vacuum`: runs `VACUUM VERBOSE` without stopping any services +- `vacuum-analyze` runs `VACUUM VERBOSE ANALYZE` without stopping any services +- `analyze` runs `ANALYZE VERBOSE` without stopping any services (this is just [ANALYZE](https://www.postgresql.org/docs/current/sql-analyze.html) without doing a vacuum, so it's faster) -```bash -just run-tags run-postgres-vacuum,start -``` +**Note**: for the `vacuum-complete` and `vacuum-full` presets, you'll need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). These presets also stop all services (e.g. Synapse, etc.) while the vacuum operation is running. + +Example playbook invocations: -**Note**: this will automatically stop Synapse temporarily and restart it later. You'll also need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). +- `just run-tags run-postgres-vacuum`: runs the default `vacuum-complete` preset and restarts all services +- `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze`: runs the `analyze` preset with all services remaining operational at all times ## Backing up PostgreSQL From 676c3804777b75b2c2578a7d1370a4fe0cebe47f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Sep 2023 18:45:32 +0300 Subject: [PATCH 06/27] Update hookshot 4.5.0 -> 4.5.1 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 3f481f78d..d75992d48 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.5.0 +matrix_hookshot_version: 4.5.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From e53b4424f119e693bc8ca169adf5bac219e811ec Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Sep 2023 20:16:23 +0300 Subject: [PATCH 07/27] Upgrade Synapse (v1.92.3 -> v1.93.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 1798934f4..1aa41999e 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.92.3 +matrix_synapse_version: v1.93.0 matrix_synapse_username: '' matrix_synapse_uid: '' From fd6daf3d249fa28eb2d003048fd267cc620e5372 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Sep 2023 14:09:02 +0300 Subject: [PATCH 08/27] Upgrade backup-borg (v1.2.5-1.8.2-1 -> v1.2.5-1.8.2-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e93ce9801..1450c485a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-1 + version: v1.2.5-1.8.2-2 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 860a1442836e0c5a64c62bc1b66c7f554ac302ae Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Sep 2023 14:14:50 +0300 Subject: [PATCH 09/27] Revert "Upgrade backup-borg (v1.2.5-1.8.2-1 -> v1.2.5-1.8.2-2)" This reverts commit fd6daf3d249fa28eb2d003048fd267cc620e5372. Looks like v1.2.5-1.8.2-2 supposedly offers Postgres v16 support, but does not work well with it and will need additional work. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1450c485a..e93ce9801 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-2 + version: v1.2.5-1.8.2-1 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From af39de915485012adebf5adab03390ce8a6ecce0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Sep 2023 16:22:24 +0300 Subject: [PATCH 10/27] Fix matrix-ldap-registration-proxy service stopping when uninstalling --- .../matrix-ldap-registration-proxy/tasks/setup_uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml index 1d99b4062..20e98a6e4 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ block: - name: Ensure matrix-matrix_ldap_registration_proxy is stopped ansible.builtin.service: - name: matrix-matrix_ldap_registration_proxy + name: matrix-ldap-registration-proxy state: stopped enabled: false daemon_reload: true From 217ddad2def2b6ee13a3f5288fff1ef9b902e3a2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 Sep 2023 12:54:41 +0300 Subject: [PATCH 11/27] Add support for configuring forgotten_room_retention_period Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2918 Related to https://github.com/matrix-org/synapse/pull/15488 --- roles/custom/matrix-synapse/defaults/main.yml | 5 +++++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 1aa41999e..97c5d48ae 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -1005,6 +1005,11 @@ matrix_synapse_trusted_key_servers: matrix_synapse_redaction_retention_period: 7d +# Controls how long to keep locally forgotten rooms before purging them from the DB. +# Defaults to `null`, meaning it's disabled. +# Example value: 28d +matrix_synapse_forgotten_room_retention_period: ~ + matrix_synapse_user_ips_max_age: 28d diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 7b1c1dfd1..dd4e6325d 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -509,7 +509,12 @@ limit_remote_rooms: # #redaction_retention_period: 28d -redaction_retention_period: {{ matrix_synapse_redaction_retention_period }} +redaction_retention_period: {{ matrix_synapse_redaction_retention_period | to_json }} + +# How long to keep locally forgotten rooms before purging them from the DB. +# +#forgotten_room_retention_period: 28d +forgotten_room_retention_period: {{ matrix_synapse_forgotten_room_retention_period | to_json }} # How long to track users' last seen time and IPs in the database. # @@ -517,7 +522,7 @@ redaction_retention_period: {{ matrix_synapse_redaction_retention_period }} # #user_ips_max_age: 14d -user_ips_max_age: {{ matrix_synapse_user_ips_max_age }} +user_ips_max_age: {{ matrix_synapse_user_ips_max_age | to_json }} # Inhibits the /requestToken endpoints from returning an error that might leak # information about whether an e-mail address is in use or not on this From 71deacfe55876b860e740f2ea1081d61f18b02b6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 Sep 2023 13:55:34 +0300 Subject: [PATCH 12/27] Upgrade Dendrite (v0.13.2 -> v0.13.3) --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index f66f3403a..d1989540c 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_dendrite_docker_image_tag: "v0.13.2" +matrix_dendrite_docker_image_tag: "v0.13.3" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 1769910c5d30efe8cd9c8b9239717a592c4271f7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 28 Sep 2023 22:40:28 +0300 Subject: [PATCH 13/27] Update postmoogle 0.9.15 -> 0.9.16 --- roles/custom/matrix-bot-postmoogle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 556da53b9..2b9fa6eb6 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.15 +matrix_bot_postmoogle_version: v0.9.16 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" From d51a67a01afa15cd761a8449f2286c3f4c47cafd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Sep 2023 10:11:23 +0300 Subject: [PATCH 14/27] Fix self-building for matrix-registration-bot Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2919 --- .../custom/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index 41143566a..2ccef001e 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" -matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" +matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" matrix_bot_matrix_registration_bot_version: 1.3.0 From 366902f30a09634869f70dd1c20aed62f9c7e2b1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Sep 2023 14:03:54 +0300 Subject: [PATCH 15/27] Upgrade Element (v1.11.44 -> v1.11.45) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 586b2ba9b..f80dea84a 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.44 +matrix_client_element_version: v1.11.45 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From a5d7f1bb2534438411bcbd234eb6ec828c985e6b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 30 Sep 2023 00:48:38 +0300 Subject: [PATCH 16/27] Update grafana v10.1.2 -> v10.1.4 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e93ce9801..b66722ade 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.2-0 + version: v10.1.4-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi From 515e8273918e9ab1b7244fb2dc489a1242d53dd0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 30 Sep 2023 00:51:44 +0300 Subject: [PATCH 17/27] Update docker role (sic!) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e93ce9801..397254de4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,7 +32,7 @@ - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.3-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 6.2.0 + version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.2-0 From f988f02e02763f81588189349cc29fc8118f5a57 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 1 Oct 2023 10:42:37 +0300 Subject: [PATCH 18/27] Upgrade maubot (v0.4.1 -> v0.4.2) --- roles/custom/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 5b35b9d95..b78dc1f1b 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" -matrix_bot_maubot_version: v0.4.1 +matrix_bot_maubot_version: v0.4.2 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" From a40cb963a9254b138af7d7f796002efae884bc59 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 07:02:45 +0300 Subject: [PATCH 19/27] Do not install docker compose plugin Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2924 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2922 --- setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.yml b/setup.yml index 8c58b74ed..d729c106a 100644 --- a/setup.yml +++ b/setup.yml @@ -15,6 +15,7 @@ role: galaxy/geerlingguy.docker vars: docker_install_compose: false + docker_install_compose_plugin: false tags: - setup-docker - setup-all From 5d6ad42751f5b840c956f2a6797f767e906b047d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 07:37:30 +0300 Subject: [PATCH 20/27] Make sure mautrix-wsproxy paths are created Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2923 --- .../tasks/setup_install.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml index 6ea936397..725296e6c 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -14,6 +14,18 @@ - ansible.builtin.set_fact: matrix_mautrix_wsproxy_syncproxy_requires_restart: false +- name: Ensure Mautrix wsproxy paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - path: "{{ matrix_mautrix_wsproxy_base_path }}" + when: true + when: item.when | bool + - name: Ensure Mautrix wsproxy support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" From 0a4cff56fb798af055f2e64e0b9d9737e0c415b4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 07:41:57 +0300 Subject: [PATCH 21/27] Make sliding-sync communicate with the homeserver over the container network Seems like we don't necessarily need to use a public URL for `SYNCV3_SERVER`. This possibly helps setups that were having trouble when `SYNCV3_SERVER` was a public URL (e.g. `https://matrix.DOMAIN`), as described in: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2912 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 73e794c25..73afcaf3f 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -77,7 +77,7 @@ matrix_sliding_sync_systemd_required_services_list: ["docker.service"] matrix_sliding_sync_systemd_wanted_services_list: [] # Controls the SYNCV3_SERVER environment variable -matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_url }}" +matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}" # Controls the SYNCV3_SECRET environment variable matrix_sliding_sync_environment_variable_syncv3_secret: '' From 54babc5de0664622edb13e2a07ad099e68b95c80 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 2 Oct 2023 18:33:21 +0300 Subject: [PATCH 22/27] add `ensure-users-created` tag alongside with `ensure-matrix-users-created` --- roles/custom/matrix-user-creator/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml index ff93a4633..2d9cc1c38 100644 --- a/roles/custom/matrix-user-creator/tasks/main.yml +++ b/roles/custom/matrix-user-creator/tasks/main.yml @@ -5,6 +5,7 @@ # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data, # which would make importing a database dump problematic. - ensure-matrix-users-created + - ensure-users-created block: - when: matrix_user_creator_users | length > 0 ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml" From 9167a7734e34d20f077376fdba99f3ed50493070 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 2 Oct 2023 18:40:15 +0300 Subject: [PATCH 23/27] add matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers vars --- roles/custom/matrix-synapse/defaults/main.yml | 5 +++++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 97c5d48ae..32ae30f44 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -425,6 +425,11 @@ matrix_synapse_federation_port_openid_resource_required: false # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`. matrix_synapse_federation_domain_whitelist: ~ +# Enable/disable OpenID Connect +matrix_synapse_oidc_enabled: false +# List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs +matrix_synapse_oidc_providers: [] + # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index dd4e6325d..9c2c9bd87 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2090,9 +2090,9 @@ saml2_config: # use 'oidc' for the idp_id to ensure that existing users continue to be # recognised.) # -oidc_providers: +{% if matrix_synapse_oidc_enabled %} # Generic example - # + #matrix_synapse_oidc_providers: #- idp_id: my_idp # idp_name: "My OpenID provider" # idp_icon: "mxc://example.com/mediaid" @@ -2116,6 +2116,9 @@ oidc_providers: # attribute_requirements: # - attribute: userGroup # value: "synapseUsers" +oidc_providers: + {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }} +{% endif %} # Enable Central Authentication Service (CAS) for registration and login. From e3149afe0bc274ac4dedccb23a40f6ffede13747 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 2 Oct 2023 19:31:34 +0300 Subject: [PATCH 24/27] Update borg 1.2.5 -> 1.2.6 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 29b1c9f8c..14bc66249 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.5-1.8.2-1 + version: v1.2.6-1.8.2-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From c0e56ac1c46b75c6d538d1cf46da1ccc2dc52078 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 2 Oct 2023 19:32:09 +0300 Subject: [PATCH 25/27] Make OIDC providers if check safer --- .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9c2c9bd87..b3a4aa796 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2090,7 +2090,7 @@ saml2_config: # use 'oidc' for the idp_id to ensure that existing users continue to be # recognised.) # -{% if matrix_synapse_oidc_enabled %} +{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %} # Generic example #matrix_synapse_oidc_providers: #- idp_id: my_idp From 3a32fe71fb42ad624f97278a5986c150f61174c7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 Oct 2023 11:06:00 +0300 Subject: [PATCH 26/27] Upgrade ddclient (v3.10.0-ls131 -> v3.10.0-ls135) --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 727dfd5bb..ca50813d2 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls131 +matrix_dynamic_dns_version: v3.10.0-ls135 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 593b3157b9e98829bf2c81fa76acd94d74f1ba0e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 Oct 2023 15:05:30 +0300 Subject: [PATCH 27/27] Fix systemd service Wants for mjolnir and draupnir Patch contributed by JulianF. --- .../templates/systemd/matrix-bot-draupnir.service.j2 | 2 +- .../templates/systemd/matrix-bot-mjolnir.service.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 index 6995bcc39..d36aebdd0 100644 --- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Draupnir bot -{% for service in matrix_bot_draupnir_systemd_required_services_list %} +{% for service in matrix_bot_draupnir_systemd_wanted_services_list %} Requires={{ service }} After={{ service }} {% endfor %} diff --git a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 8ac872b72..23561c3c4 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mjolnir bot -{% for service in matrix_bot_mjolnir_systemd_required_services_list %} +{% for service in matrix_bot_mjolnir_systemd_wanted_services_list %} Requires={{ service }} After={{ service }} {% endfor %}