Merge branch 'master' of github.com:spantaleev/matrix-docker-ansible-deploy

docs/importing-postgres.md

@@ -32,7 +32,7 @@ just run-tags import-postgres \
 
 - `SERVER_PATH_TO_POSTGRES_DUMP_FILE` must be a file path to a Postgres dump file on the server (not on your local machine!)
 - `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly
-
+- after importing a large database, it's a good idea to run [an `ANALYZE` operation](https://www.postgresql.org/docs/current/sql-analyze.html) to make Postgres rebuild its database statistics and optimize its query planner. You can easily do this via the playbook by running `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze` (see [Vacuuming PostgreSQL](maintenance-postgres.md#vacuuming-postgresql) for more details).
 
 ## Troubleshooting
 

docs/maintenance-postgres.md

@@ -34,17 +34,22 @@ When in doubt, consider [making a backup](#backing-up-postgresql).
 
 ## Vacuuming PostgreSQL
 
-Deleting lots data from Postgres does not make it release disk space, until you perform a `VACUUM` operation.
+Deleting lots data from Postgres does not make it release disk space, until you perform a [`VACUUM` operation](https://www.postgresql.org/docs/current/sql-vacuum.html).
 
-To perform a `FULL` Postgres [VACUUM](https://www.postgresql.org/docs/current/sql-vacuum.html), run the playbook with `--tags=run-postgres-vacuum`.
+You can run different `VACUUM` operations via the playbook, with the default preset being `vacuum-complete`:
 
-Example:
+- (default) `vacuum-complete`: stops all services temporarily and runs `VACUUM FULL VERBOSE ANALYZE`.
+- `vacuum-full`: stops all services temporarily and runs `VACUUM FULL VERBOSE`
+- `vacuum`: runs `VACUUM VERBOSE` without stopping any services
+- `vacuum-analyze` runs `VACUUM VERBOSE ANALYZE` without stopping any services
+- `analyze` runs `ANALYZE VERBOSE` without stopping any services (this is just [ANALYZE](https://www.postgresql.org/docs/current/sql-analyze.html) without doing a vacuum, so it's faster)
 
-```bash
-just run-tags run-postgres-vacuum,start
-```
+**Note**: for the `vacuum-complete` and `vacuum-full` presets, you'll need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). These presets also stop all services (e.g. Synapse, etc.) while the vacuum operation is running.
+
+Example playbook invocations:
 
-**Note**: this will automatically stop Synapse temporarily and restart it later. You'll also need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`).
+- `just run-tags run-postgres-vacuum`: runs the default `vacuum-complete` preset and restarts all services
+- `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze`: runs the `analyze` preset with all services remaining operational at all times
 
 
 ## Backing up PostgreSQL

requirements.yml

@@ -4,7 +4,7 @@
   version: v1.0.0-1
   name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
-  version: v1.2.5-1.8.2-1
+  version: v1.2.6-1.8.2-0
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
   version: v0.1.1-2
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
@@ -16,7 +16,7 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: v16.0-2
+  version: v16.0-5
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
   version: a0cc7c1c696872ba8880d9c5e5a54098de825030
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
@@ -30,12 +30,12 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
   version: v2.8.1-0
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v1.9.2-1
+  version: v1.9.3-0
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 6.2.0
+  version: 7.0.1
   name: geerlingguy.docker
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v10.1.2-0
+  version: v10.1.4-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
   version: v8960-1
   name: jitsi

roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2

@@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Draupnir bot
-{% for service in matrix_bot_draupnir_systemd_required_services_list %}
+{% for service in matrix_bot_draupnir_systemd_wanted_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}

roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -5,7 +5,7 @@
 matrix_bot_matrix_registration_bot_enabled: true
 matrix_bot_matrix_registration_bot_container_image_self_build: false
 matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
-matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
+matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
 matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
 
 matrix_bot_matrix_registration_bot_version: 1.3.0

roles/custom/matrix-bot-maubot/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock
 matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
 
 
-matrix_bot_maubot_version: v0.4.1
+matrix_bot_maubot_version: v0.4.2
 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
 matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"

roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2

@@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mjolnir bot
-{% for service in matrix_bot_mjolnir_systemd_required_services_list %}
+{% for service in matrix_bot_mjolnir_systemd_wanted_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}

roles/custom/matrix-bot-postmoogle/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-matrix_bot_postmoogle_version: v0.9.15
+matrix_bot_postmoogle_version: v0.9.16
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

roles/custom/matrix-bridge-hookshot/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 
-matrix_hookshot_version: 4.4.1
+matrix_hookshot_version: 4.5.1
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml

@@ -14,6 +14,18 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_wsproxy_syncproxy_requires_restart: false
 
+- name: Ensure Mautrix wsproxy paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - path: "{{ matrix_mautrix_wsproxy_base_path }}"
+      when: true
+  when: item.when | bool
+
 - name: Ensure Mautrix wsproxy support files installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/{{ item }}.j2"

roles/custom/matrix-client-element/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.11.43
+matrix_client_element_version: v1.11.45
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/custom/matrix-dendrite/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/
 matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_dendrite_docker_image_tag: "v0.13.2"
+matrix_dendrite_docker_image_tag: "v0.13.3"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

roles/custom/matrix-dynamic-dns/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.10.0-ls131
+matrix_dynamic_dns_version: v3.10.0-ls135
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml

@@ -9,7 +9,7 @@
   block:
     - name: Ensure matrix-matrix_ldap_registration_proxy is stopped
       ansible.builtin.service:
-        name: matrix-matrix_ldap_registration_proxy
+        name: matrix-ldap-registration-proxy
         state: stopped
         enabled: false
         daemon_reload: true

roles/custom/matrix-sliding-sync/defaults/main.yml

@@ -77,7 +77,7 @@ matrix_sliding_sync_systemd_required_services_list: ["docker.service"]
 matrix_sliding_sync_systemd_wanted_services_list: []
 
 # Controls the SYNCV3_SERVER environment variable
-matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_url }}"
+matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}"
 
 # Controls the SYNCV3_SECRET environment variable
 matrix_sliding_sync_environment_variable_syncv3_secret: ''

roles/custom/matrix-synapse/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_synapse_enabled: true
 
-matrix_synapse_version: v1.92.3
+matrix_synapse_version: v1.93.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -425,6 +425,11 @@ matrix_synapse_federation_port_openid_resource_required: false
 # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
 matrix_synapse_federation_domain_whitelist: ~
 
+# Enable/disable OpenID Connect
+matrix_synapse_oidc_enabled: false
+# List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs
+matrix_synapse_oidc_providers: []
+
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
@@ -1005,6 +1010,11 @@ matrix_synapse_trusted_key_servers:
 
 matrix_synapse_redaction_retention_period: 7d
 
+# Controls how long to keep locally forgotten rooms before purging them from the DB.
+# Defaults to `null`, meaning it's disabled.
+# Example value: 28d
+matrix_synapse_forgotten_room_retention_period: ~
+
 matrix_synapse_user_ips_max_age: 28d
 
 

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -509,7 +509,12 @@ limit_remote_rooms:
 #
 #redaction_retention_period: 28d
 
-redaction_retention_period: {{ matrix_synapse_redaction_retention_period }}
+redaction_retention_period: {{ matrix_synapse_redaction_retention_period | to_json }}
+
+# How long to keep locally forgotten rooms before purging them from the DB.
+#
+#forgotten_room_retention_period: 28d
+forgotten_room_retention_period: {{ matrix_synapse_forgotten_room_retention_period | to_json }}
 
 # How long to track users' last seen time and IPs in the database.
 #
@@ -517,7 +522,7 @@ redaction_retention_period: {{ matrix_synapse_redaction_retention_period }}
 #
 #user_ips_max_age: 14d
 
-user_ips_max_age: {{ matrix_synapse_user_ips_max_age }}
+user_ips_max_age: {{ matrix_synapse_user_ips_max_age | to_json }}
 
 # Inhibits the /requestToken endpoints from returning an error that might leak
 # information about whether an e-mail address is in use or not on this
@@ -2085,9 +2090,9 @@ saml2_config:
 # use 'oidc' for the idp_id to ensure that existing users continue to be
 # recognised.)
 #
-oidc_providers:
+{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %}
   # Generic example
-  #
+  #matrix_synapse_oidc_providers:
   #- idp_id: my_idp
   #  idp_name: "My OpenID provider"
   #  idp_icon: "mxc://example.com/mediaid"
@@ -2111,6 +2116,9 @@ oidc_providers:
   #  attribute_requirements:
   #    - attribute: userGroup
   #      value: "synapseUsers"
+oidc_providers:
+  {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }}
+{% endif %}
 
 
 # Enable Central Authentication Service (CAS) for registration and login.

roles/custom/matrix-user-creator/tasks/main.yml

@@ -5,6 +5,7 @@
     # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data,
     # which would make importing a database dump problematic.
     - ensure-matrix-users-created
+    - ensure-users-created
   block:
     - when: matrix_user_creator_users | length > 0
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"

setup.yml

@@ -15,6 +15,7 @@
       role: galaxy/geerlingguy.docker
       vars:
         docker_install_compose: false
+        docker_install_compose_plugin: false
       tags:
         - setup-docker
         - setup-all