From cbb924dec7d54f738077b45b749add2135a13155 Mon Sep 17 00:00:00 2001 From: Devin Dooley Date: Mon, 25 Apr 2022 19:17:40 -0700 Subject: [PATCH 001/144] Support ansible vault strings for homeserver secret key --- group_vars/matrix_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 24ecc5f28..67a9339ae 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -533,14 +533,14 @@ matrix_mautrix_twitter_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_twitter_appservice_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}" +matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}" -matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}" +matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}" matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # @@ -2357,9 +2357,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}" -matrix_dendrite_registration_shared_secret: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}" +matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}" -matrix_dendrite_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.db') | to_uuid }}" +matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. From e41fcf27464f7175e6b43b093d4115cd24ee2243 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Apr 2022 15:44:02 +0300 Subject: [PATCH 002/144] Fix file name (vars.yaml -> vars.yml) to prevent confusion --- docs/alternative-architectures.md | 4 ++-- roles/matrix-dendrite/defaults/main.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index a6c2a02a3..c8097b60b 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -2,7 +2,7 @@ As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. -To that end add the following variable to your `vars.yaml` file: +To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)): ```yaml matrix_architecture: @@ -13,7 +13,7 @@ Currently supported architectures are the following: - `arm64` - `arm32` -so for the Raspberry Pi, the following should be in your `vars.yaml` file: +so for the Raspberry Pi, the following should be in your `vars.yml` file: ```yaml matrix_architecture: "arm32" diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 7f2e629a8..f3876875e 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -61,7 +61,7 @@ matrix_dendrite_systemd_wanted_services_list: [] # Specifies which template files to use when configuring Dendrite. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 44b82e954..db61cb724 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -74,7 +74,7 @@ matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars//homeserver.yaml.j2" matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" From 4f1f3555f2c5f54658da9419e3733a72957f8671 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Apr 2022 16:10:36 +0000 Subject: [PATCH 003/144] Update element 1.10.10 -> 1.10.11 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 205f3480a..e45458754 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.10 +matrix_client_element_version: v1.10.11 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 1ee118bd49e87181640991bc2e528bc6871f9e21 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Apr 2022 17:48:28 +0000 Subject: [PATCH 004/144] matrix-change-user-admin-status: do not allocate tty --- .../templates/usr-local-bin/matrix-change-user-admin-status.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 index 6c3082ef4..f378a10f5 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -9,7 +9,7 @@ if [ $# -ne 2 ]; then fi docker run \ - -it \ + -i \ --rm \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ From 7776c2e0bb8e216fa0b733768a2555a331d2491a Mon Sep 17 00:00:00 2001 From: Brandon Kraft Date: Mon, 2 May 2022 12:37:56 -0500 Subject: [PATCH 005/144] Upgrade to Grafana 8.5.1 https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-1/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-0/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-7/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-6/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-5/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-4/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-3/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-2/ --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 0ee7a86a9..ee184e1d4 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.4.1 +matrix_grafana_version: 8.5.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 7adc167412b95917ff04012ff5a01577211ef41c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 May 2022 08:10:16 +0300 Subject: [PATCH 006/144] Fail if trying to use Jitsi on an architecture other than amd64 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1797 --- roles/matrix-jitsi/tasks/init.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index efab8745b..c4ed61a6c 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -3,3 +3,8 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool + +- name: Fail if on an unsupported architecture + fail: + msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" + when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' From 03674e1a36e8a7591a506333038ff4ec5b341b2c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 May 2022 14:32:32 +0300 Subject: [PATCH 007/144] Upgrade Synapse (1.57.1 -> 1.58.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index db61cb724..77694dba7 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.57.1 +matrix_synapse_version: v1.58.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 1439be2743cfb0659aeb506b83aa2f91606125a4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 4 May 2022 11:10:00 +0300 Subject: [PATCH 008/144] Upgrade matrix-appservice-irc (0.33 -> 0.34) Related to https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 5dfe3623f..d0843836d 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.33.0 +matrix_appservice_irc_version: release-0.34.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 549e4418b9d107e9b7a0c4dd1873bd7ab5d88168 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 May 2022 08:56:06 +0200 Subject: [PATCH 009/144] Upgrade Synapse (1.58.0 -> 1.58.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 77694dba7..ad1d863f5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.58.0 +matrix_synapse_version: v1.58.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 058fedff9124ee3bcfdcf2c6d67d26555e968a83 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 May 2022 09:02:24 +0200 Subject: [PATCH 010/144] Fix "endpoint seems conditional" determination in workers-doc-to-yaml.awk" This prevented us from keeping our workers reverse-proxying definitions updated since Synapse v1.54.0. The last `workers.md` file we could parse is at commit 02632b3504ad4512c5f5a4f859b3fe326b19c788. Parsing regressed at commit c56bfb08bc071368db23f3b1c593724eb4f205f0, because the introduction message for `synapse.app.generic_worker` said "If": > If a worker is set up to handle a.. .. which made the AWK script think that definitions below were conditional (which they're not in this case). This patch fixes up the regex for determining if a line is conditional or not, so that it doesn't trip up. Hopefully, it doesn't miss something important. --- .../files/workers-doc-to-yaml.awk | 2 +- roles/matrix-synapse/vars/workers.yml | 155 ++++++++++++++---- 2 files changed, 122 insertions(+), 35 deletions(-) diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.awk b/roles/matrix-synapse/files/workers-doc-to-yaml.awk index ca58b4862..5b99d3964 100755 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.awk +++ b/roles/matrix-synapse/files/workers-doc-to-yaml.awk @@ -120,7 +120,7 @@ enable_parsing { worker_stanza_append(" # " line linefeed) # and take note of words hinting at additional conditions to be met - if (line ~ /(^| )[Ii]f |(^| )[Ff]or /) { + if (line ~ /(^[Ii]f|care must be taken|can be handled for)/) { endpoints_seem_conditional = 1 } } diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 48530312c..f1dfb9406 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -1,12 +1,15 @@ --- matrix_synapse_workers_generic_worker_endpoints: - # This worker can handle API requests matching the following regular - # expressions: + # This worker can handle API requests matching the following regular expressions. + # These endpoints can be routed to any worker. If a worker is set up to handle a + # stream then, for maximum efficiency, additional endpoints should be routed to that + # worker: refer to the [stream writers](#stream-writers) section below for further + # information. # Sync requests - - ^/_matrix/client/(v2_alpha|r0|v3)/sync$ - - ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ + - ^/_matrix/client/(r0|v3)/sync$ + - ^/_matrix/client/(api/v1|r0|v3)/events$ - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ @@ -20,19 +23,14 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/query/ - ^/_matrix/federation/v1/make_join/ - ^/_matrix/federation/v1/make_leave/ - - ^/_matrix/federation/v1/send_join/ - - ^/_matrix/federation/v2/send_join/ - - ^/_matrix/federation/v1/send_leave/ - - ^/_matrix/federation/v2/send_leave/ - - ^/_matrix/federation/v1/invite/ - - ^/_matrix/federation/v2/invite/ - - ^/_matrix/federation/v1/query_auth/ + - ^/_matrix/federation/(v1|v2)/send_join/ + - ^/_matrix/federation/(v1|v2)/send_leave/ + - ^/_matrix/federation/(v1|v2)/invite/ - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/ - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ # Inbound federation transaction request @@ -45,22 +43,25 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/devices$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ + - ^/_matrix/client/(r0|v3|unstable)/joined_groups$ + - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ + - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ + # Encryption requests + - ^/_matrix/client/(r0|v3|unstable)/keys/query$ + - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ + - ^/_matrix/client/(r0|v3|unstable)/room_keys/ + # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ @@ -74,11 +75,27 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ + # Device requests + - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # Account data requests + - ^/_matrix/client/(r0|v3|unstable)/.*/tags + - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # Receipts requests + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # Presence requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # Additionally, the following REST endpoints can be handled for GET requests: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually # ^/_matrix/federation/v1/groups/ + # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ + # ^/_matrix/client/(r0|v3|unstable)/groups/ # Pagination requests can also be handled, but all requests for a given # room must be routed to the same instance. Additionally, care must be taken to @@ -155,16 +172,17 @@ matrix_synapse_workers_generic_worker_endpoints: # #### Stream writers - # Additionally, there is *experimental* support for moving writing of specific - # streams (such as events) off of the main process to a particular worker. (This - # is only supported with Redis-based replication.) - - # Currently supported streams are `events` and `typing`. + # Additionally, the writing of specific streams (such as events) can be moved off + # of the main process to a particular worker. + # (This is only supported with Redis-based replication.) # To enable this, the worker must have a HTTP replication listener configured, - # have a `worker_name` and be listed in the `instance_map` config. For example to - # move event persistence off to a dedicated worker, the shared configuration would - # include: + # have a `worker_name` and be listed in the `instance_map` config. The same worker + # can handle multiple streams, but unless otherwise documented, each stream can only + # have a single writer. + + # For example, to move event persistence off to a dedicated worker, the shared + # configuration would include: # ```yaml # instance_map: @@ -176,8 +194,20 @@ matrix_synapse_workers_generic_worker_endpoints: # events: event_persister1 # ``` - # The `events` stream also experimentally supports having multiple writers, where - # work is sharded between them by room ID. Note that you *must* restart all worker + # An example for a stream writer instance: + + # ```yaml + # {{#include systemd-with-workers/workers/event_persister.yaml}} + # ``` + + # Some of the streams have associated endpoints which, for maximum efficiency, should + # be routed to the workers handling that stream. See below for the currently supported + # streams and the endpoints associated with them: + + # ##### The `events` stream + + # The `events` stream experimentally supports having multiple writers, where work + # is sharded between them by room ID. Note that you *must* restart all worker # instances when adding or removing event persisters. An example `stream_writers` # configuration with multiple writers: @@ -188,9 +218,51 @@ matrix_synapse_workers_generic_worker_endpoints: # - event_persister2 # ``` + # ##### The `typing` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `typing` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing + + # ##### The `to_device` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `to_device` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # ##### The `account_data` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `account_data` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/.*/tags + # ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # ##### The `receipts` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `receipts` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # ##### The `presence` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `presence` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # #### Background tasks - # There is also *experimental* support for moving background tasks to a separate + # There is also support for moving background tasks to a separate # worker. Background tasks are run periodically or started via replication. Exactly # which tasks are configured to run depends on your Synapse configuration (e.g. if # stats is enabled). @@ -206,6 +278,12 @@ matrix_synapse_workers_generic_worker_endpoints: # You might also wish to investigate the `update_user_directory` and # `media_instance_running_background_jobs` settings. + # An example for a dedicated background worker instance: + + # ```yaml + # {{#include systemd-with-workers/workers/background_worker.yaml}} + # ``` + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the @@ -292,18 +370,27 @@ matrix_synapse_workers_user_dir_endpoints: # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$ + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - # When using this worker you must also set `update_user_directory: False` in the + # When using this worker you must also set `update_user_directory: false` in the # shared configuration file to stop the main synapse running background # jobs related to updating the user directory. + # Above endpoint is not *required* to be routed to this worker. By default, + # `update_user_directory` is set to `true`, which means the main process + # will handle updates. All workers configured with `client` can handle the above + # endpoint as long as either this worker or the main process are configured to + # handle it, and are online. + + # If `update_user_directory` is set to `false`, and this worker is not running, + # the above endpoint may give outdated results. + matrix_synapse_workers_frontend_proxy_endpoints: # Proxies some frequently-requested client endpoints to add caching and remove # load from the main synapse. It can handle REST endpoints matching the following # regular expressions: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload + - ^/_matrix/client/(r0|v3|unstable)/keys/upload # If `use_presence` is False in the homeserver config, it can also handle REST # endpoints matching the following regular expressions: From be95918a2f28ee516c844dc7d5b335dd06221cdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20T=C3=B6tterman?= Date: Fri, 6 May 2022 11:37:40 +0300 Subject: [PATCH 011/144] typo --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 38e13a8a9..208ce4e6b 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From 83b7fcee453f39388456f0bccc8f2783905f75ae Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 7 May 2022 09:36:40 +0200 Subject: [PATCH 012/144] Do not proxy some endpoints to the generic Synapse worker These endpoints should not be proxied to a generic Synapse worker without other preparation (setting up stream writers, sending traffic to a specific stream writer, etc.). Disabling them for now. In the future, we'd like to fix up our awk script to disable them automatically. This is a fix up for 058fedff9124ee3bcf --- roles/matrix-synapse/vars/workers.yml | 30 +++++++++++++++------------ 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index f1dfb9406..33bf585b3 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -75,19 +75,23 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - # Device requests - - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # Account data requests - - ^/_matrix/client/(r0|v3|unstable)/.*/tags - - ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # Receipts requests - - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # Presence requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # These appear to be conditional and should not be enabled by default. + # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. + # For now, they've been commented out manually. + # + # # Device requests + # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # # Account data requests + # - ^/_matrix/client/(r0|v3|unstable)/.*/tags + # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # # Receipts requests + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # # Presence requests + # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ # Additionally, the following REST endpoints can be handled for GET requests: From 3f45805fd2b3b05cd1f3893767d9f25b0760ad3a Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Sat, 7 May 2022 12:40:17 +0200 Subject: [PATCH 013/144] Change back to original mx-puppet-discord Closes: #1801 --- .../defaults/main.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 522576897..d6e6f859c 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,27 +1,21 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord) -# -# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See: -# - https://github.com/matrix-discord/mx-puppet-discord/issues/201 -# - https://github.com/matrix-discord/mx-puppet-discord/issues/202 -# - https://github.com/matrix-discord/mx-puppet-discord/issues/203 -# - (other similar issues in the past) +# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" -matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" +matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_version: v0.1.1 +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" From 84ea5f6eccf1d5c8962f265e7dfab1384334763e Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Sat, 7 May 2022 14:34:33 +0200 Subject: [PATCH 014/144] Upgrade Hookshot (1.5.0 -> 1.6.1) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 45807ba9c..181bc2cc5 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.5.0 +matrix_hookshot_version: 1.6.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 7390646cd5d2879b7928c28701c0cddf42b0bf03 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 7 May 2022 18:42:15 +0200 Subject: [PATCH 015/144] add hookshot feeds support --- roles/matrix-bridge-hookshot/defaults/main.yml | 5 +++++ roles/matrix-bridge-hookshot/templates/config.yml.j2 | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 45807ba9c..74ac714ac 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -121,6 +121,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: '_webhooks_' +matrix_hookshot_feeds_enabled: false +# polling interval in seconds +matrix_hookshot_feeds_interval: 600 + + # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index c17715097..6fbce7709 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -78,6 +78,13 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} +{% if matrix_hookshot_feeds_enabled %} +feeds: + # (Optional) Configure this to enable RSS/Atom feed support + # + enabled: {{ matrix_hookshot_feeds_enabled }} + pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }} +{% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers From 04aa609ae51dcc7eb8cdeff478ed651249fe8892 Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:20:36 +0200 Subject: [PATCH 016/144] clarifying reverse proxying of well-known files --- docs/configuring-well-known.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 27a4001cf..9a6da547d 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -116,8 +116,22 @@ server { **For Caddy 2**, it would be something like this: ```caddy -reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN { - header_up Host {http.reverse_proxy.upstream.hostport} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/*:x + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } } ``` From 6abdb6e6f086a77b0b4a3b4dccce3e04794de7ad Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:20:36 +0200 Subject: [PATCH 017/144] clarifying reverse proxying of well-known files --- docs/configuring-well-known.md | 18 ++++++++++++++++-- examples/caddy2/Caddyfile | 17 +++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 27a4001cf..9a6da547d 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -116,8 +116,22 @@ server { **For Caddy 2**, it would be something like this: ```caddy -reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN { - header_up Host {http.reverse_proxy.upstream.hostport} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/*:x + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } } ``` diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 6370cb015..7d8c193db 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -214,3 +214,20 @@ element.DOMAIN.tld { # } # } #} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/* + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } +} From 527f5bc46973b368101488d1b1b56f9cee9bbbc1 Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:56:14 +0200 Subject: [PATCH 018/144] clarifying where well-known files are created --- docs/configuring-well-known.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a6da547d..4a68047be 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS. -To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them. +To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them. You have 3 options when it comes to installing the files on the base domain's server: From fcfd00bcb4e71f7a20d3717650842d1431e93260 Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Mon, 9 May 2022 23:38:01 +0200 Subject: [PATCH 019/144] Change back to original mx-puppet-slack Closes: #1808 --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index d6e6f859c..2a2ecd58a 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8c..0560128fe 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) +# See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: v0.1.0 +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 9fc60d8c868158af533b7c7ea6e70c926f1be181 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 May 2022 16:20:34 +0300 Subject: [PATCH 020/144] Revert "Change back to original mx-puppet-slack" This reverts commit fcfd00bcb4e71f7a20d3717650842d1431e93260. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1808 Reverts https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1809 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1810 --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 2a2ecd58a..d6e6f859c 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 0560128fe..bb92c1d8c 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: v0.1.0 -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 62cb801878dd448025e604560ee180d8da099789 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 10 May 2022 13:57:12 +0000 Subject: [PATCH 021/144] Update cinny v1.8.2 -> v2.0.0 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 2ded40482..32e173113 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.8.2 +matrix_client_cinny_version: v2.0.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 02d4a841c4f96ab6b1d9ec617b6d3033debd613a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 10 May 2022 14:31:41 +0000 Subject: [PATCH 022/144] Update Element 1.10.11 -> 1.10.12 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index e45458754..ef89bca35 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.11 +matrix_client_element_version: v1.10.12 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 3dfda42f3d0e5fcb402e41711e8b859fd0d9ac5a Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 10 May 2022 16:50:46 +0200 Subject: [PATCH 023/144] Update configuring-playbook-bridge-hookshot.md --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 208ce4e6b..ef6bc0ab1 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -26,7 +26,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | listener | default path | variable | used as | |---|---|---|---| -| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | From 8c505e8a2cab0036541b87163cd7febd09fab3c1 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 10 May 2022 18:38:57 +0300 Subject: [PATCH 024/144] matrix-bot-buscarron v1.1.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 17 ++++++++++++++++- roles/matrix-bot-buscarron/templates/env.j2 | 7 +++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 96e8ef91a..1e6faec00 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.0.0 +matrix_bot_buscarron_version: v1.1.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -88,6 +88,21 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# Ban duration in hours +matrix_bot_buscarron_ban_duration: + +# Banlist size +matrix_bot_buscarron_ban_size: + +# Postmark token (confirmation emails) +matrix_bot_buscarron_pm_token: + +# Postmark sender signature +matrix_bot_buscarron_pm_from: + +# Postmark confirmation email's reply-to +matrix_bot_buscarron_pm_replyto: + # Additional environment variables to pass to the buscarron container # # Example: diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index c833f27be..876072e17 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -7,12 +7,19 @@ BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} +BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} +BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} +BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} +BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} +BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }} {% endfor %} BUSCARRON_LIST={{ forms|join(" ") }} From d09934c79c270a674cc8d77d1bad8a20d1503712 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 10 May 2022 18:44:20 +0300 Subject: [PATCH 025/144] matrix-bot-buscarron - set defaults --- roles/matrix-bot-buscarron/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 1e6faec00..c2b44fa11 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -89,10 +89,10 @@ matrix_bot_buscarron_spam_hosts: [] matrix_bot_buscarron_spam_emails: [] # Ban duration in hours -matrix_bot_buscarron_ban_duration: +matrix_bot_buscarron_ban_duration: 24 # Banlist size -matrix_bot_buscarron_ban_size: +matrix_bot_buscarron_ban_size: 10000 # Postmark token (confirmation emails) matrix_bot_buscarron_pm_token: From eda75e6492e42d63c6ee1c3a28fb2838cf11c5b8 Mon Sep 17 00:00:00 2001 From: Didier 'OdyX' Raboud Date: Wed, 11 May 2022 10:43:57 +0200 Subject: [PATCH 026/144] Bump Slack Appservice to 1.11.0 --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index e303f8340..ae3f55df6 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git" matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src" -matrix_appservice_slack_version: release-1.10.0 +matrix_appservice_slack_version: release-1.11.0 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" From 34de6c9c664d3299a82b7fcf6dee541a191a0c73 Mon Sep 17 00:00:00 2001 From: brush Date: Fri, 13 May 2022 03:44:16 -0700 Subject: [PATCH 027/144] Update configuring-well-known.md --- docs/configuring-well-known.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 4a68047be..c27635a58 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -98,16 +98,15 @@ server { } ``` -**For Apache**, it would be something like this: +**For Apache2**, it would be something like this: ```apache ServerName DOMAIN SSLProxyEngine on - - ProxyPass "https://matrix.DOMAIN/.well-known/matrix" - + ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon # other configuration From 3499b9cd0314746404a9fcd350ea15d967df3c51 Mon Sep 17 00:00:00 2001 From: brush Date: Fri, 13 May 2022 03:45:08 -0700 Subject: [PATCH 028/144] Update configuring-well-known.md --- docs/configuring-well-known.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index c27635a58..9a519343b 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -105,8 +105,8 @@ server { ServerName DOMAIN SSLProxyEngine on - ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon - ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon # other configuration From 1431a351ab325a905c47491f787146b6f2e80fb4 Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 13 May 2022 11:57:59 -0300 Subject: [PATCH 029/144] Update configuring-playbook-bridge-hookshot.md fix Hookshot instructions link --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index ef6bc0ab1..ea7d80c05 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From 8ec1f4bee01d9eed0ad569708804563a68f934ca Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 13 May 2022 16:20:04 +0000 Subject: [PATCH 030/144] Update Cinny v2.0.0 -> v2.0.1 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 32e173113..dd9c4dc75 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.0 +matrix_client_cinny_version: v2.0.1 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From dca593cf7a8fd5898f1a04fba212258d21f571bb Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 14 May 2022 11:33:19 +0000 Subject: [PATCH 031/144] Update Cinny v2.0.1 -> v2.0.2 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index dd9c4dc75..20d6a8704 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.1 +matrix_client_cinny_version: v2.0.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 894669eca2092351e6105ef7beba981d96419b5e Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Sat, 14 May 2022 21:07:57 +0200 Subject: [PATCH 032/144] Change back to working original mx-puppet-slack Now that v0.1.1 is out, which depends on the functional matrix-slack-parser it works again. --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index d6e6f859c..2a2ecd58a 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8c..3b069ea24 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) +# See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: v0.1.1 +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From c58c7dc643f2984daa82ef28202dc959a01ff7df Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 15 May 2022 05:45:07 +0000 Subject: [PATCH 033/144] Update Cinny v2.0.2 -> v2.0.3 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 20d6a8704..5b0991cd6 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.2 +matrix_client_cinny_version: v2.0.3 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 2a9b52a1c2757fcb2093198245cf51581f29847f Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 16 May 2022 04:29:29 +0000 Subject: [PATCH 034/144] Update Element self build repo URL It forwards to the correct place but might as well just update it to the current URL. --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index ef89bca35..7abaf50ca 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" +matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git" # Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM): # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357 # - https://github.com/vector-im/element-web/issues/19544 From 311f44a19cdfd805ba851d601aa0513c3801ae07 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 16 May 2022 04:36:18 +0000 Subject: [PATCH 035/144] Document `git` as a potential prereq Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1792 --- docs/prerequisites.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 0da1c7157..1ed4befea 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. +- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components. + - An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). From 8ecdfc3ed6818cf77ed42a0f6d5976753635c080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 16 May 2022 09:26:15 +0200 Subject: [PATCH 036/144] Automatically enable admin api access via nginx (#1830) --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 67a9339ae..8788ba10c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1495,7 +1495,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |- }[matrix_homeserver_implementation]|int }} -matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" +matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}" matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}" From f21269f4418ebe707dac079a505cb4fcecd6b267 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 16 May 2022 21:40:31 +0300 Subject: [PATCH 037/144] Upgrade mx-puppet-slack (v0.1.1 -> v0.1.2) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1829 --- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 3b069ea24..b77614f70 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: v0.1.1 +matrix_mx_puppet_slack_version: v0.1.2 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 4109dc3bcd784865b6a71d8be3567260595635af Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 May 2022 19:56:54 +0000 Subject: [PATCH 038/144] Update Postgres (CVE-2022-1552 + last 9.x update) CVE: https://security-tracker.debian.org/tracker/CVE-2022-1552 Source: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ Postgres 9.6 upgrade (**not a CVE fix, 9.x still vulnerable**): https://www.postgresql.org/docs/release/9.6.24/ --- roles/matrix-postgres/defaults/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 8593bb83b..bb8202173 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -22,12 +22,12 @@ matrix_postgres_architecture: amd64 # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From bab1ee22335c3437f227ee4168c9b57174a58e72 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 May 2022 11:31:25 +0300 Subject: [PATCH 039/144] Work around mx-puppet-discord failing with "No relay found" after reboot Related to https://gitlab.com/mx-puppet/discord/mx-puppet-discord/-/issues/117 Looks like the bridge is too quick to start and fails to initialize itself by connecting to Synapse. It's mostly observed after a system reboot, because Synapse (and everything else) is slower to start. Once mx-puppet-discord fails to initialize itself, a "No relay found" error will be observed any time you try to relay a Matrix message to Discord. Relaying messages in the other direction (Discord to Matrix) also fails. With this workaround (longer delay on mx-puppet-discord startup), I observe mx-puppet-discord working well, even after a full reboot. Of course, a proper fix is preferable, instead of delaying by a magic number of seconds. --- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 7a4c4a383..52b12c3d0 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 +ExecStartPre={{ matrix_host_command_sleep }} 15 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ --log-driver=none \ From f972a80224bb6ba8b6338188a6ef031dc525d56e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 May 2022 13:08:17 +0300 Subject: [PATCH 040/144] Upgrade Synapse (1.58.1 -> 1.59.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 21 ++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ad1d863f5..bf2a765d0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.58.1 +matrix_synapse_version: v1.59.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 37cad10fe..97f73c34e 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -432,6 +432,11 @@ manhole_settings: # sign up in a short space of time never to return after their initial # session. # +# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but +# applies a different trial number if the user was registered by an appservice. +# A value of 0 means no trial days are applied. Appservices not listed in this +# dictionary use the value of `mau_trial_days` instead. +# # 'mau_limit_alerting' is a means of limiting client side alerting # should the mau limit be reached. This is useful for small instances # where the admin has 5 mau seats (say) for 5 specific people and no @@ -442,6 +447,8 @@ manhole_settings: #max_mau_value: 50 #mau_trial_days: 2 #mau_limit_alerting: false +#mau_appservice_trial_days: +# "appservice-id": 1 # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -742,11 +749,11 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js # #allow_profile_lookup_over_federation: false -# Uncomment to disable device display name lookup over federation. By default, the -# Federation API allows other homeservers to obtain device display names of any user -# on this homeserver. Defaults to 'true'. +# Uncomment to allow device display name lookup over federation. By default, the +# Federation API prevents other homeservers from obtaining the display names of +# user devices on this homeserver. Defaults to 'false'. # -#allow_device_name_lookup_over_federation: false +#allow_device_name_lookup_over_federation: true ## Caching ## @@ -1375,7 +1382,11 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} # registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }} - +# Allow users to submit a token during registration to bypass any required 3pid +# steps configured in `registrations_require_3pid`. +# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow. +# +#enable_registration_token_3pid_bypass: false # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. From 2cce91fe1d33f6ca1130a7067260ab3440dcd78c Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Wed, 18 May 2022 12:38:07 +0300 Subject: [PATCH 041/144] Upgrade Heisenbridge (1.12.0 -> 1.13.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 96ab33821..dfbddd426 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.12.0 +matrix_heisenbridge_version: 1.13.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 4297af5c51f34439590c1e450394cc15baef49e0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 May 2022 10:19:43 +0000 Subject: [PATCH 042/144] Update mautrix-whatsapp v0.3.1 -> v0.4.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index d920be51c..0bea0536c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.3.1 +matrix_mautrix_whatsapp_version: v0.4.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 99de38280df9ca928f9825375c882db100e31933 Mon Sep 17 00:00:00 2001 From: Paul B Date: Thu, 12 May 2022 12:24:35 +0200 Subject: [PATCH 043/144] bridge-signal: add variable to enable encryption --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 14a2c35fa..ce89a381b 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -127,3 +127,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}" matrix_mautrix_signal_log_level: 'DEBUG' + +matrix_mautrix_signal_bridge_encryption_allow: false +matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" +matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2f427b907..b831fe9a1 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -152,15 +152,15 @@ bridge: # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false + default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. - allow: false + allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }} # Require the requesting device to have a valid cross-signing signature? # This doesn't require that the bridge has verified the device, only that the user has verified it. # Not yet implemented. From e1e83353b400033a07d3d259bfdd5d96c4a8f9fb Mon Sep 17 00:00:00 2001 From: Paul B Date: Thu, 12 May 2022 12:57:29 +0200 Subject: [PATCH 044/144] bridge-whatsapp: add variable to enable end-to-bridge encryption --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 5 +++++ .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index d920be51c..f2523fa8e 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -123,3 +123,8 @@ matrix_mautrix_whatsapp_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_whatsapp_bridge_encryption_allow: false +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 0e3b855cb..c8318f961 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -158,16 +158,16 @@ bridge: # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. - default: false + default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. - allow: false + allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} # Require the requesting device to have a valid cross-signing signature? # This doesn't require that the bridge has verified the device, only that the user has verified it. # Not yet implemented. From de8d6f8d6c14bed13370bec40c622115ce82660a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 May 2022 11:37:34 +0000 Subject: [PATCH 045/144] Update Synapse v1.59.0 -> v.1.59.1 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index bf2a765d0..23dfebf75 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.59.0 +matrix_synapse_version: v1.59.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From a1e5ecf5513f804cd099724266e7c7d0b7a7259d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 May 2022 14:43:16 +0300 Subject: [PATCH 046/144] Upgrade hookshot (1.6.1 -> 1.7.0) This new version should be buildable on arm64. See: https://github.com/matrix-org/matrix-hookshot/releases/tag/1.7.0 There's still no prebuild arm64 image, so we continue relying on self-building there. --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 61f689a55..ecc997708 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.6.1 +matrix_hookshot_version: 1.7.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 677a2fc50310aa15126dec7edb5c21b70b61bf58 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 May 2022 15:43:39 +0300 Subject: [PATCH 047/144] Fix compatibility with ansible=6 / ansible-core=2.13 Details here: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_6.html#id36 Basically: ```yaml - name: Prior to 2.13 debug: msg: '[1] + {{ [2] }}' - name: 2.13 and forward debug: msg: '{{ [1] + [2] }}' ``` Interestingly, we had been using the new/safe syntax in lofs of places. We were using the broken one in many others though. Hopefully all instances were fixed by this patch. --- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../matrix-bridge-heisenbridge/tasks/init.yml | 16 ++++++---- roles/matrix-bridge-hookshot/tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- roles/matrix-bridge-sms/tasks/init.yml | 16 ++++++---- .../ext/encryption-disabler/setup_install.yml | 16 ++++++---- .../tasks/ext/ldap-auth/setup.yml | 8 +++-- .../ext/mjolnir-antispam/setup_install.yml | 32 +++++++++++-------- .../tasks/ext/rest-auth/setup_install.yml | 16 ++++++---- .../ext/shared-secret-auth/setup_install.yml | 16 ++++++---- .../synapse-simple-antispam/setup_install.yml | 26 ++++++++------- 29 files changed, 298 insertions(+), 184 deletions(-) diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index e16a69796..a53112ad7 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -14,12 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-discord-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-discord-registration.yaml"] + }} when: matrix_appservice_discord_enabled|bool diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index 5e1814121..a35144f05 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -21,12 +21,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-irc-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-irc-registration.yaml"] + }} when: matrix_appservice_irc_enabled|bool diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 8cbc71821..c83318171 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -21,14 +21,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-slack-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-slack-registration.yaml"] + }} when: matrix_appservice_slack_enabled|bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index b888c51f1..370b835d6 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -14,14 +14,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-webhooks-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-webhooks-registration.yaml"] + }} when: matrix_appservice_webhooks_enabled|bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 977db9252..64057301f 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -7,12 +7,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-beeper-linkedin-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-beeper-linkedin-registration.yaml"] + }} when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index a66d7199d..ef3efb761 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -14,12 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/heisenbridge-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/heisenbridge-registration.yaml"] + }} when: matrix_heisenbridge_enabled|bool diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 384f6d3be..14bbcbb32 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -14,14 +14,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/hookshot-registration.yml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/hookshot-registration.yml"] + }} when: matrix_hookshot_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 200e98463..f2cd59632 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-facebook-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-facebook-registration.yaml"] + }} when: matrix_mautrix_facebook_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index f458df1bf..27845148e 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-googlechat-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-googlechat-registration.yaml"] + }} when: matrix_mautrix_googlechat_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 680dcd88b..d00e52528 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-hangouts-registration.yaml"] + }} when: matrix_mautrix_hangouts_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index d33acd09d..867133809 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-instagram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-instagram-registration.yaml"] + }} when: matrix_mautrix_instagram_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 21d52066f..b9b698c57 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -7,12 +7,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-signal-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-signal-registration.yaml"] + }} when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index a97dcd8e0..93b4d9f85 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-telegram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-telegram-registration.yaml"] + }} when: matrix_mautrix_telegram_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 5b526bbde..34f4ebde2 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -7,14 +7,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-twitter-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-twitter-registration.yaml"] + }} when: matrix_mautrix_twitter_enabled|bool # ansible lower than 2.8, does not support docker_image build parameters diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index 57166386b..d4fb82218 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -6,12 +6,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-whatsapp-registration.yaml"] + }} when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 69458093d..115ccf353 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-discord-registration.yaml"] + }} when: matrix_mx_puppet_discord_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index db28f324c..9bada5d87 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-groupme-registration.yaml"] + }} when: matrix_mx_puppet_groupme_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index d16e6be0f..ae6302b30 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-instagram-registration.yaml"] + }} when: matrix_mx_puppet_instagram_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index d28f6ca1a..699ad6f69 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-skype-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-skype-registration.yaml"] + }} when: matrix_mx_puppet_skype_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 66d51784e..ed6753a2f 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-slack-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-slack-registration.yaml"] + }} when: matrix_mx_puppet_slack_enabled|bool - block: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index efca41103..9a171af79 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-steam-registration.yaml"] + }} when: matrix_mx_puppet_steam_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 757f1f414..d774de159 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-twitter-registration.yaml"] + }} when: matrix_mx_puppet_twitter_enabled|bool - block: diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index b8af8e604..9ee96b3eb 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -15,12 +15,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-sms-bridge-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-sms-bridge-registration.yaml"] + }} when: matrix_sms_bridge_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 90411a34b..cdcdd0828 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -27,11 +27,15 @@ }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index 374c9e55d..b483f688a 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -4,7 +4,9 @@ matrix_synapse_password_providers_enabled: true matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] + }} when: matrix_synapse_ext_password_provider_ldap_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index ec298ccd2..1d224bc92 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -34,19 +34,23 @@ - set_fact: matrix_synapse_spam_checker: > - {{ matrix_synapse_spam_checker }} - + - [{ - "module": "mjolnir.AntiSpam", - "config": { - "block_invites": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }}, - "block_messages": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }}, - "block_usernames": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }}, - "ban_lists": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }} - } - }] + {{ + matrix_synapse_spam_checker + + + [{ + "module": "mjolnir.AntiSpam", + "config": { + "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites, + "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages, + "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames, + "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists, + } + }] + }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] + }} diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 13a64c58c..22ad318de 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -22,11 +22,15 @@ matrix_synapse_password_providers_enabled: true matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'rest_auth_provider', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index 843f03703..091b0eb2f 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -37,11 +37,15 @@ }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 740d9474c..579a707c6 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -39,16 +39,20 @@ - set_fact: matrix_synapse_modules: > - {{ matrix_synapse_modules }} - + - [{ - "module": "synapse_simple_antispam.AntiSpamInvites", - "config": { - "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }} - } - }] + {{ + matrix_synapse_modules + + + [{ + "module": "synapse_simple_antispam.AntiSpamInvites", + "config": { + "blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers + } + }] + }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] + }} From a906fad12ebfb24cdea35da404ca9f4465f29081 Mon Sep 17 00:00:00 2001 From: Vicx Date: Fri, 20 May 2022 19:09:16 +0200 Subject: [PATCH 048/144] Fix synapse LDAP simple bind config When using LDAP simple bind, the `bind_dn` and `bind_password` configuration values must not be present. --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 37cad10fe..266c3243f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2521,8 +2521,10 @@ password_providers: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }} name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }} +{% if matrix_synapse_ext_password_provider_ldap_bind_dn %} bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }} bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }} +{% endif %} filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }} {% endif %} {% endif %} From 0c741e8d166bcc73792cbb44810be59e7031c330 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 19:58:22 +0200 Subject: [PATCH 049/144] Set version to v1.1.5 --- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 40538478e..99e6e3a95 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: latest +matrix_bot_matrix_registration_bot_version: v1.1.5 matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" From 275943c0f8cee716ca70b53e35da451dca2e4df7 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:03:59 +0200 Subject: [PATCH 050/144] Updated: mjolnir v1.4.2 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 0093576cc..dd2483794 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.4.1" +matrix_bot_mjolnir_version: "v1.4.2" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 751a8f8a5d9532447f6d92b9681ac6d062fcb7f2 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:16:04 +0200 Subject: [PATCH 051/144] Updated: mautrix-googlechat to v0.3.2 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index e334e8d6b..bdedef07c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: v0.3.1 +matrix_mautrix_googlechat_version: v0.3.2 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From d804e97ff6bcc682ba91af64599680fcab3f2543 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:19:58 +0200 Subject: [PATCH 052/144] Updated: mautrix-twitter to v0.1.4 --- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 3dd4667cf..b2e292ffc 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_twitter_enabled: true matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" -matrix_mautrix_twitter_version: v0.1.3 +matrix_mautrix_twitter_version: v0.1.4 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}" From e779ec45f4e9d52b66e21c188e79922ba176df89 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:24:38 +0200 Subject: [PATCH 053/144] Updated: hydrogen-web to v0.2.29 --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 905e50863..27b6c0d0b 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-skype +# See: https://github.com/Sorunome/mx-puppet-instagram matrix_mx_puppet_skype_enabled: true From 8a65e3a0db33f08e989f010eac924125c843ebd4 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:24:56 +0200 Subject: [PATCH 054/144] Updated: hydrogen to v0.2.29 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 4b91eb2bc..88d52ba5c 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.26 +matrix_client_hydrogen_version: v0.2.29 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From 2c312435c63b129cba07982bf512f0529ab32633 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:25:41 +0200 Subject: [PATCH 055/144] Reverted URL change --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 27b6c0d0b..905e50863 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-instagram +# See: https://github.com/Sorunome/mx-puppet-skype matrix_mx_puppet_skype_enabled: true From 554615d72712ec61536b9915b2f214fb1b082318 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:28:01 +0200 Subject: [PATCH 056/144] Updated: ddclient to v3.9.1-ls89 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 5d733eb3d..95a1188b4 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls79 +matrix_dynamic_dns_version: v3.9.1-ls89 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 64850531baf73b73809597856aea6c2ddfa212e5 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:30:06 +0200 Subject: [PATCH 057/144] Updated: etherpad to 1.8.18 --- roles/matrix-etherpad/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 0daf24a35..8a0248606 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -4,7 +4,7 @@ matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" -matrix_etherpad_version: 1.8.16 +matrix_etherpad_version: 1.8.18 matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}" matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}" From 9c24167b8de0286ac28a6cdc032d8df2cd48db88 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:32:19 +0200 Subject: [PATCH 058/144] Updated: grafana to 8.5.3 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index ee184e1d4..991cb19d6 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.1 +matrix_grafana_version: 8.5.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 271a8d0a738c621d0748a854eb1a28834fefb2b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 21 May 2022 10:20:56 +0300 Subject: [PATCH 059/144] Upgrade certbot (v1.23.0 -> v1.27.0) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index dfbac32e7..64e2e06bf 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From 3b40d8b0a09036af58fce0a39c7df5c1ec23acb6 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Sat, 21 May 2022 10:24:27 -0500 Subject: [PATCH 060/144] Update Matrix-Registration-Bot main.yml Line 10, which sets the tag to which docker version to pull was reverted from `v1.1.15` to latest. This gets the playbook working again --- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 99e6e3a95..40538478e 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: v1.1.5 +matrix_bot_matrix_registration_bot_version: latest matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" From f448cca73254c7a94920ece4c766f1d53116a9d9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 May 2022 11:26:01 +0000 Subject: [PATCH 061/144] Update coturn 4.5.2-r11 -> 4.5.2-r12 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 46492e21d..bf3564cd0 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r11 +matrix_coturn_version: 4.5.2-r12 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From e37bcd1dafb2f07316022161b331e69ec9ef163c Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 May 2022 14:14:41 +0000 Subject: [PATCH 062/144] Updated Element 1.10.12 -> 1.10.13 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 7abaf50ca..b0625dba8 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.12 +matrix_client_element_version: v1.10.13 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From f60eb7232948c1d222de7c27c9ec33418a653bd4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 25 May 2022 09:00:32 +0000 Subject: [PATCH 063/144] Updated signal daemon 0.18.1 -> 0.18.5 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ce89a381b..ad0752e34 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.1 +matrix_mautrix_signal_daemon_version: 0.18.5 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 883317ac2fdb74cf3bb250fa71e2b2a2684692a3 Mon Sep 17 00:00:00 2001 From: shukon Date: Wed, 25 May 2022 17:29:43 +0200 Subject: [PATCH 064/144] Update configuring-playbook-bridge-hookshot.md --- docs/configuring-playbook-bridge-hookshot.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index ea7d80c05..f47f24c0e 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -4,13 +4,13 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. -See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. +See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you. Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions -Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do. +Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). From 2e527338d3fe1952a6295bb1ecf5fb4d22f25ea0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 29 May 2022 08:23:17 +0000 Subject: [PATCH 065/144] Update Cinny 2.0.3 -> 2.0.4 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 5b0991cd6..891058009 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.3 +matrix_client_cinny_version: v2.0.4 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From fd3a9b2fbb9eaabff3300e73c4dcc1f9234978ef Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 May 2022 09:20:49 +0000 Subject: [PATCH 066/144] Update Honoroit 0.9.7 -> 0.9.8 * add `NOENCRYPTION` option * fix race condition on thread start * fix greetings messages * updated deps --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 9e7cf2b5c..709cd472b 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.7 +matrix_bot_honoroit_version: v0.9.8 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From 78204619ea8a68615448f91e81e7932deea823da Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 16:28:33 +0300 Subject: [PATCH 067/144] Stop using deprecated (in Synapse v1.59) user_dir and appservice workers Source: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types As an alternative, we should probably find a way to run one or a few more generic workers (which will handle appservice and user_dir stuff) and update `homeserver.yaml` so that it would point to the name of these workers using `notify_appservices_from_worker` and `update_user_directory_from_worker` options. For now, this solves the deprecation, so we can have a peace of mind going forward. We're force-setting these worker counts to 0, so that we can clean up existing homeservers which use these worker types. In the future, these options will either be removed or repurposed (so that they transparently create more generic workers that handle user_dir/appservice loads). --- roles/matrix-synapse/defaults/main.yml | 13 ++++-- .../matrix-synapse/tasks/validate_config.yml | 13 +++++- .../templates/synapse/homeserver.yaml.j2 | 6 --- roles/matrix-synapse/vars/workers.yml | 42 ++++++++++++++++++- 4 files changed, 63 insertions(+), 11 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 23dfebf75..67c28b499 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -358,10 +358,13 @@ matrix_synapse_workers_presets: one-of-each: generic_workers_count: 1 pusher_workers_count: 1 - appservice_workers_count: 1 + # appservice workers are deprecated since Synapse v1.59. This will be removed. + appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 1 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. + # user_dir workers are deprecated since Synapse v1.59. This will be removed. + # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types user_dir_workers_count: 0 frontend_proxy_workers_count: 1 @@ -383,7 +386,9 @@ matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. -matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" +# appservice workers are deprecated since Synapse v1.59. This will be removed. +# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types +matrix_synapse_workers_appservice_workers_count: 0 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 # matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now. @@ -397,7 +402,9 @@ matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. -matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" +# user_dir workers are deprecated since Synapse v1.59. This will be removed. +# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types +matrix_synapse_workers_user_dir_workers_count: 0 matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 89107c0a6..bb8a2bcd0 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -12,13 +12,24 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" +- name: Fail if asking to configure deprecaed workers (appservice, userdir) + fail: + msg: >- + `{{ item }}` cannot be more than 0. + This type of worker has been deprecated since Synapse v1.59. + Please remove your `{{ item }}` configuration to solve this problem. + See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types + when: "vars[item]|int != 0" + with_items: + - "matrix_synapse_workers_appservice_workers_count" + - "matrix_synapse_workers_user_dir_workers_count" + - name: Fail if asking for more than 1 instance of single-instance workers fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item]|int > 1" with_items: - - "matrix_synapse_workers_appservice_workers_count" - "matrix_synapse_workers_pusher_workers_count" - "matrix_synapse_workers_federation_sender_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8ab985275..cce713300 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -352,9 +352,6 @@ worker_app: synapse.app.homeserver # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ # reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'appservice')|list %} -notify_appservices: false -{% endif %} {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'federation_sender')|list %} send_federation: false {% endif %} @@ -364,9 +361,6 @@ enable_media_repo: false {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'pusher')|list %} start_pushers: false {% endif %} -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'user_dir')|list %} -update_user_directory: false -{% endif %} daemonize: false {% endif %} diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 33bf585b3..91b289c7b 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -279,7 +279,7 @@ matrix_synapse_workers_generic_worker_endpoints: # run_background_tasks_on: background_worker # ``` - # You might also wish to investigate the `update_user_directory` and + # You might also wish to investigate the `update_user_directory_from_worker` and # `media_instance_running_background_jobs` settings. # An example for a dedicated background worker instance: @@ -288,6 +288,40 @@ matrix_synapse_workers_generic_worker_endpoints: # {{#include systemd-with-workers/workers/background_worker.yaml}} # ``` + # #### Updating the User Directory + + # You can designate one generic worker to update the user directory. + + # Specify its name in the shared configuration as follows: + + # ```yaml + # update_user_directory_from_worker: worker_name + # ``` + + # This work cannot be load-balanced; please ensure the main process is restarted + # after setting this option in the shared configuration! + + # This style of configuration supersedes the legacy `synapse.app.user_dir` + # worker application type. + + + # #### Notifying Application Services + + # You can designate one generic worker to send output traffic to Application Services. + + # Specify its name in the shared configuration as follows: + + # ```yaml + # notify_appservices_from_worker: worker_name + # ``` + + # This work cannot be load-balanced; please ensure the main process is restarted + # after setting this option in the shared configuration! + + # This style of configuration supersedes the legacy `synapse.app.appservice` + # worker application type. + + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the @@ -305,6 +339,9 @@ matrix_synapse_workers_generic_worker_endpoints: # ] # appservice worker (no API endpoints) [ + # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the + # `notify_appservices_from_worker` option instead.](#notifying-application-services) + # Handles sending output traffic to Application Services. Doesn't handle any # REST endpoints itself, but you should set `notify_appservices: False` in the # shared configuration file to stop the main synapse sending appservice notifications. @@ -371,6 +408,9 @@ matrix_synapse_workers_media_repository_endpoints: # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately). matrix_synapse_workers_user_dir_endpoints: + # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the + # `update_user_directory_from_worker` option instead.](#updating-the-user-directory) + # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: From 246c43be1ea4e353eeaa3f97b45c0f265b4d6491 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 17:24:38 +0300 Subject: [PATCH 068/144] Upgrade Synapse (v1.59.1 -> v1.60.0) --- CHANGELOG.md | 35 ++++++++++++++++++++++++++ roles/matrix-synapse/defaults/main.yml | 6 +++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03ce5c7b5..4a56f6fc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +# 2022-05-31 + +## Synapse v1.60 upgrade may cause trouble and require manual intervention + +Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted. + +We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky. + +**If Synapse fails to start** after your next playbook run, you'll need to: + +- SSH into the Matrix server +- launch `/usr/local/bin/matrix-postgres-cli` +- switch to the `synapse` database: `\c synapse` +- run the following SQL query: + +```sql +BEGIN; +DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN ( + SELECT row_id, state_group, prev_state_group + FROM ( + SELECT + ctid AS row_id, + MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id, + state_group, + prev_state_group + FROM state_group_edges + ) AS t1 + WHERE row_id <> min_row_id +); +COMMIT; +``` + +You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` + + # 2022-04-25 ## buscarron bot support diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 67c28b499..a39235aeb 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.59.1 +matrix_synapse_version: v1.60.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -559,7 +559,9 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py" +# Using a fork for this until this gets merged to make it compatible with Synapse v1.60: https://github.com/digitalentity/matrix_encryption_disabler/pull/9 +# See: https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#new-signature-for-the-spam-checker-callback-check_event_for_spam +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/spantaleev/matrix_encryption_disabler/60b0e211281954f70f8202636cea8d6e27b83148/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 2c1da0ac2a3b2b72773b247a4272d45ab95607c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 17:35:22 +0300 Subject: [PATCH 069/144] Switch matrix_encryption_disabler back to upstream repository Now that https://github.com/digitalentity/matrix_encryption_disabler/pull/9 has been merged, we can get the module from there. Continuation of 246c43be1ea4e3 --- roles/matrix-synapse/defaults/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a39235aeb..d0debe85f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -559,9 +559,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -# Using a fork for this until this gets merged to make it compatible with Synapse v1.60: https://github.com/digitalentity/matrix_encryption_disabler/pull/9 -# See: https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#new-signature-for-the-spam-checker-callback-check_event_for_spam -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/spantaleev/matrix_encryption_disabler/60b0e211281954f70f8202636cea8d6e27b83148/matrix_e2ee_filter.py" +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/cdc37a07441acb7c2a3288bcb29b376658d5e766/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 25fd7f0cff116c60e25692174531a1d316358afb Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 31 May 2022 20:32:10 +0300 Subject: [PATCH 070/144] update Honoroit 0.9.8 -> 0.9.9 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 709cd472b..292de0bf4 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.8 +matrix_bot_honoroit_version: v0.9.9 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Disable encryption +matrix_bot_honoroit_noencryption: false + # Max items in cache matrix_bot_honoroit_cachesize: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 7f1eef5b8..de8b9d848 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -8,6 +8,7 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} +HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} From 8ea7cd73cf12428acd80f4e575c6020050ed8930 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Jun 2022 09:36:48 +0300 Subject: [PATCH 071/144] Fix self-building for matrix-registration Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 Related to https://github.com/zeratax/matrix-registration/issues/93 This is a poor way to do things though. It may break again in the future. matrix-registration is a poorly maintained project and should likely be removed from the playbook. --- docs/configuring-playbook-matrix-registration.md | 2 ++ roles/matrix-registration/defaults/main.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/docs/configuring-playbook-matrix-registration.md b/docs/configuring-playbook-matrix-registration.md index b0240d3f9..2b4b07ff2 100644 --- a/docs/configuring-playbook-matrix-registration.md +++ b/docs/configuring-playbook-matrix-registration.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you. +**WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it. + > matrix-registration is a simple python application to have a token based matrix registration. Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account. diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index d924551a1..a5db3022d 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -7,6 +7,10 @@ matrix_registration_enabled: true matrix_registration_container_image_self_build: false matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration" matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}" +# Controls whether we'll be patching the dependencies in `setup.py` when self-building. +# Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`). +# This is an attempt to get matrix-registration in its current (outdated) version to build. +matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration" matrix_registration_config_path: "{{ matrix_registration_base_path }}/config" diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 6ff2de302..36cd0fd4a 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -68,6 +68,14 @@ register: matrix_registration_git_pull_results when: "matrix_registration_container_image_self_build|bool" +# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 +- name: Patch setup.py to allow self-built version to work + lineinfile: + path: "{{ matrix_registration_docker_src_files_path }}/setup.py" + regexp: 'flask-limiter' + line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",' + when: "matrix_registration_container_image_self_build|bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled|bool" + - name: Ensure matrix-registration Docker image is built docker_image: name: "{{ matrix_registration_docker_image }}" From c05e78fc9a6cf2db54575c831d831b25ff367e1b Mon Sep 17 00:00:00 2001 From: roughnecks Date: Thu, 2 Jun 2022 16:52:15 +0200 Subject: [PATCH 072/144] Fix string null in status_endpoint --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index c8318f961..fbd41be73 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -10,7 +10,7 @@ homeserver: # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. - status_endpoint: "null" + status_endpoint: null appservice: # The address that the homeserver can use to connect to this appservice. From fc38f4a6a90541f8d610ce1b2d3444266e0a50df Mon Sep 17 00:00:00 2001 From: Ruben Hias Date: Mon, 6 Jun 2022 11:27:10 +0200 Subject: [PATCH 073/144] Updated mautrix-googlechat to v0.3.3 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index bdedef07c..dd5b83689 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: v0.3.2 +matrix_mautrix_googlechat_version: v0.3.3 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From 4a72c90a6b1286f9e2206c7b07b0338cc61f4f14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 7 Jun 2022 14:34:02 +0300 Subject: [PATCH 074/144] Upgrade Element (v1.10.13 -> v1.10.14) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index b0625dba8..86b0ee6ad 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.13 +matrix_client_element_version: v1.10.14 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 12b28a47494f4b3b09dc625f5581ea05cdb66e8a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:13:53 +0300 Subject: [PATCH 075/144] Upgrade Hookshot (1.7.0 -> 1.7.2) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index ecc997708..cdfde23dc 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.0 +matrix_hookshot_version: 1.7.2 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 959a6ac0b1a7aedf97d775788d2e9feabebd1f9c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:42:04 +0300 Subject: [PATCH 076/144] Upgrade devture/ansible version and documen nsenter usage Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1772 --- docs/ansible.md | 51 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 50cf83ed3..5802e8cb1 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting ## Using Ansible via Docker -Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). +Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). -Here's a sample command to get you started (run this from the playbook's directory): +This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook. + +There are 2 ways to go about it: + +- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) +- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server) + + +### Running Ansible in a container on the Matrix server itself + +To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. +Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it: + +- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker +- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around + +Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md). + +You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH. +Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...` + +Run this from the playbook's directory: + +```bash +docker run -it --rm \ +--privileged \ +--pid=host \ +-w /work \ +-v `pwd`:/work \ +--entrypoint=/bin/sh \ +docker.io/devture/ansible:2.13.0-r0 +``` + +Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. +The `/work` directory contains the playbook's code. + +You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. + + +### Running Ansible in a container on another computer (not the Matrix server) + +Run this from the playbook's directory: ```bash docker run -it --rm \ @@ -51,7 +92,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.11.6-r1 +docker.io/devture/ansible:2.13.0-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook` commands as per normal now. +You can execute `ansible-playbook ...` commands as per normal now. -### If you don't use SSH keys for authentication +#### If you don't use SSH keys for authentication If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`). To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run: From c05f47666f3544a5410d3e5e1c9882755700ebdb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:47:04 +0300 Subject: [PATCH 077/144] Announce the ability to run Ansible in a container on the Matrix server Continuation of 959a6ac0b1a7a --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a56f6fc8..6f9fe2aaa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# 2022-06-09 + +## Running Ansible in a container can now happen on the Matrix server itself + +If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself). + + # 2022-05-31 ## Synapse v1.60 upgrade may cause trouble and require manual intervention From 8cc39c5eb5b6d238496d100886c9085d2c8edc15 Mon Sep 17 00:00:00 2001 From: Kai Biebel <38378574+seclution@users.noreply.github.com> Date: Thu, 9 Jun 2022 14:09:47 +0200 Subject: [PATCH 078/144] update PIP install-link --- docs/ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ansible.md b/docs/ansible.md index 5802e8cb1..bd1fe9273 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff - by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website. -- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`). +- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`). If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path. From 99c24ef0e84c9a773a2377a94f06969a6c5c5144 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 20:52:46 +0300 Subject: [PATCH 079/144] Upgrade Hookshot (1.7.2 -> 1.7.3) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index cdfde23dc..3a2d5bc94 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.2 +matrix_hookshot_version: 1.7.3 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 39914881a7cd997d6c01578a33ee99e073479d57 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 07:55:44 +0200 Subject: [PATCH 080/144] whatsapp bridge: disable logging to external files The same logs still go to the systemd journal. --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index fbd41be73..cfecc2cf0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -211,7 +211,8 @@ logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. - file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" + # empy/null = journal logging only + file_name_format: # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" # Log file permissions. From 6b94ccbcff3b133688c5d461781e3f7634f90742 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 08:05:11 +0200 Subject: [PATCH 081/144] whatsapp bridge: add matrix_mautrix_whatsapp_log_level Fixes #1873 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e7b5e6f6d..4ffca69fe 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -128,3 +128,7 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_whatsapp_log_level: 'debug' diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index cfecc2cf0..d73718eaa 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -221,4 +221,4 @@ logging: timestamp_format: "Jan _2, 2006 15:04:05" # Minimum severity for log messages. # Options: debug, info, warn, error, fatal - print_level: debug + print_level: {{ matrix_mautrix_whatsapp_log_level }} From cebbe0beecd0e225c5bf2df62df2dd243c34d80e Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 08:11:28 +0200 Subject: [PATCH 082/144] whatsapp bridge: set the default log level to warning Debug logs are inappropriate for production use. --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 4ffca69fe..5be700516 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -131,4 +131,4 @@ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_ # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal -matrix_mautrix_whatsapp_log_level: 'debug' +matrix_mautrix_whatsapp_log_level: 'warn' From a3d19ad31815e97fa7027408093cf03fe2434bed Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Sun, 12 Jun 2022 21:29:43 +0000 Subject: [PATCH 083/144] Add Go Skype Bridge Based on mautrix-whatsapp, as that's what the bridge software is based on. --- ...iguring-playbook-bridge-go-skype-bridge.md | 23 ++ docs/configuring-playbook.md | 2 + group_vars/matrix_servers | 44 ++++ .../defaults/main.yml | 132 ++++++++++ .../tasks/init.yml | 21 ++ .../tasks/main.yml | 23 ++ .../tasks/setup_install.yml | 147 +++++++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 10 + .../templates/config.yaml.j2 | 238 ++++++++++++++++++ .../systemd/matrix-go-skype-bridge.service.j2 | 43 ++++ setup.yml | 1 + 12 files changed, 709 insertions(+) create mode 100644 docs/configuring-playbook-bridge-go-skype-bridge.md create mode 100644 roles/matrix-bridge-go-skype-bridge/defaults/main.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/init.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/main.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 diff --git a/docs/configuring-playbook-bridge-go-skype-bridge.md b/docs/configuring-playbook-bridge-go-skype-bridge.md new file mode 100644 index 000000000..1eec9e723 --- /dev/null +++ b/docs/configuring-playbook-bridge-go-skype-bridge.md @@ -0,0 +1,23 @@ +# Setting up Go Skype Bridge (optional) + +The playbook can install and configure +[go-skype-bridge](https://github.com/Sorunome/go-skype-bridge) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Skype](https://www.skype.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_go_skype_bridge_enabled: true +``` + + +## Usage + +Once the bot is enabled, you need to start a chat with `Skype Puppet Bridge` +with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Send `help` to the bot to see the commands available. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 16a7aeeb6..774e54d12 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -134,6 +134,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional) +- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8788ba10c..f727da55f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -252,6 +252,44 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge # ###################################################################### +###################################################################### +# +# matrix-bridge-go-skype-bridge +# +###################################################################### + +# We don't enable bridges by default. +matrix_go_skype_bridge_enabled: false + +matrix_go_skype_bridge_container_image_self_build: true + +matrix_go_skype_bridge_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}" + +matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}" + +matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-go-skype-bridge +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -1770,6 +1808,12 @@ matrix_postgres_additional_databases: | 'password': matrix_beeper_linkedin_database_password, }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_go_skype_bridge_database_name, + 'username': matrix_go_skype_bridge_database_username, + 'password': matrix_go_skype_bridge_database_password, + }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml new file mode 100644 index 000000000..95213a00d --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -0,0 +1,132 @@ +--- +# Go Skype Bridge is a Matrix <-> Skype bridge +# See: https://github.com/kelaresg/go-skype-bridge + +matrix_go_skype_bridge_enabled: true + +matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" +matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" + +matrix_go_skype_bridge_version: latest +matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" +matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" +matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" + +matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge" +matrix_go_skype_bridge_config_path: "{{ matrix_go_skype_bridge_base_path }}/config" +matrix_go_skype_bridge_data_path: "{{ matrix_go_skype_bridge_base_path }}/data" +matrix_go_skype_bridge_docker_src_files_path: "{{ matrix_go_skype_bridge_base_path }}/docker-src" + +matrix_go_skype_bridge_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_go_skype_bridge_homeserver_domain: "{{ matrix_domain }}" +matrix_go_skype_bridge_appservice_address: 'http://matrix-go-skype-bridge:8080' + +# A list of extra arguments to pass to the container +matrix_go_skype_bridge_container_extra_arguments: [] + +# List of systemd services that matrix-go-skype-bridge.service depends on. +matrix_go_skype_bridge_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-go-skype-bridge.service wants +matrix_go_skype_bridge_systemd_wanted_services_list: [] + +matrix_go_skype_bridge_appservice_token: '' +matrix_go_skype_bridge_homeserver_token: '' + +matrix_go_skype_bridge_appservice_bot_username: skypebridgebot + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_go_skype_bridge_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_go_skype_bridge_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_go_skype_bridge_database_*` variables +matrix_go_skype_bridge_database_engine: 'sqlite' + +matrix_go_skype_bridge_sqlite_database_path_local: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" +matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge.db" + +matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge' +matrix_go_skype_bridge_database_password: 'some-password' +matrix_go_skype_bridge_database_hostname: 'matrix-postgres' +matrix_go_skype_bridge_database_port: 5432 +matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' + +matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable' + +matrix_go_skype_bridge_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_go_skype_bridge_database_engine] +}}" + +matrix_go_skype_bridge_appservice_database_uri: "{{ + { + 'sqlite': matrix_go_skype_bridge_sqlite_database_path_in_container, + 'postgres': matrix_go_skype_bridge_database_connection_string, + }[matrix_go_skype_bridge_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_go_skype_bridge_login_shared_secret: '' +matrix_go_skype_bridge_bridge_login_shared_secret_map: + "{{ {matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_login_shared_secret} if matrix_go_skype_bridge_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_go_skype_bridge_bridge_double_puppet_server_map: + "{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}" + +# Default go-skype-bridge configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_go_skype_bridge_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_go_skype_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_go_skype_bridge_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_go_skype_bridge_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_go_skype_bridge_configuration_yaml`. + +matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml|from_yaml if matrix_go_skype_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`. +matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml|from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" + +matrix_go_skype_bridge_registration_yaml: | + id: skype + url: {{ matrix_go_skype_bridge_appservice_address }} + as_token: "{{ matrix_go_skype_bridge_appservice_token }}" + hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_go_skype_bridge_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml|from_yaml }}" + +# Enable End-to-bridge encryption +matrix_go_skype_bridge_bridge_encryption_allow: false +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_go_skype_bridge_log_level: 'warn' diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml new file mode 100644 index 000000000..452d835b7 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}" + when: matrix_go_skype_bridge_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-go-skype-bridge-registration.yaml"] + }} + when: matrix_go_skype_bridge_enabled|bool diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml new file mode 100644 index 000000000..456ea53cd --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml new file mode 100644 index 000000000..c884625ba --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -0,0 +1,147 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_go_skype_bridge_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" + register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" + dst: "{{ matrix_go_skype_bridge_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_go_skype_bridge_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-go-skype-bridge.service'] + pgloader_options: ['--with "quote identifiers"'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_go_skype_bridge_requires_restart: true + when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_go_skype_bridge_database_engine == 'postgres'" + + +- name: Ensure Go Skype Bridge paths exists + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_go_skype_bridge_base_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_data_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"} + when: item.when|bool + +- name: Ensure Go Skype Bridge image is pulled + docker_image: + name: "{{ matrix_go_skype_bridge_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}" + when: not matrix_go_skype_bridge_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure Go Skype Bridge repository is present on self-build + git: + repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}" + dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}" + version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_go_skype_bridge_git_pull_results + when: "matrix_go_skype_bridge_container_image_self_build|bool" + +- name: Ensure Go Skype Bridge Docker image is built + docker_image: + name: "{{ matrix_go_skype_bridge_docker_image }}" + source: build + force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_go_skype_bridge_docker_src_files_path }}" + pull: true + when: "matrix_go_skype_bridge_container_image_self_build|bool" + +- name: Check if an old database file exists + stat: + path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db" + register: matrix_go_skype_bridge_stat_database + +- name: Check if an old matrix state file exists + stat: + path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json" + register: matrix_go_skype_bridge_stat_mx_state + +- name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped + service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true + failed_when: false + when: "matrix_go_skype_bridge_stat_database.stat.exists" + +- name: (Data relocation) Move go-skype-bridge database file to ./data directory + command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" + when: "matrix_go_skype_bridge_stat_database.stat.exists" + +- name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory + command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json" + when: "matrix_go_skype_bridge_stat_mx_state.stat.exists" + +- name: Ensure go-skype-bridge config.yaml installed + copy: + content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure go-skype-bridge registration.yaml installed + copy: + content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-go-skype-bridge.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service" + mode: 0644 + register: matrix_go_skype_bridge_systemd_service_result + +- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation + service: + daemon_reload: true + when: "matrix_go_skype_bridge_systemd_service_result.changed" + +- name: Ensure matrix-go-skype-bridge.service restarted, if necessary + service: + name: "matrix-go-skype-bridge.service" + state: restarted + when: "matrix_go_skype_bridge_requires_restart|bool" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml new file mode 100644 index 000000000..19acff857 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-go-skype-bridge service + stat: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + register: matrix_go_skype_bridge_service_stat + +- name: Ensure matrix-go-skype-bridge is stopped + service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true + when: "matrix_go_skype_bridge_service_stat.stat.exists" + +- name: Ensure matrix-go-skype-bridge.service doesn't exist + file: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + state: absent + when: "matrix_go_skype_bridge_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal + service: + daemon_reload: true + when: "matrix_go_skype_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml new file mode 100644 index 000000000..7e9f3dafb --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_go_skype_bridge_appservice_token" + - "matrix_go_skype_bridge_homeserver_token" diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 new file mode 100644 index 000000000..fb50b0dd4 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -0,0 +1,238 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_go_skype_bridge_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_go_skype_bridge_homeserver_domain }} + # If you don’t know what this is, no need to modify(for parse "mention user/reply message, etc") + server_name: matrix.to + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_go_skype_bridge_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_go_skype_bridge_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + uri: {{ matrix_go_skype_bridge_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision/v1 + # Shared secret for authentication. If set to "disable", the provisioning API will be disabled. + shared_secret: disable + + # The unique ID of this appservice. + id: skype + # Appservice bot details. + bot: + # Username of the appservice bot. + username: skypebridgebot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Skype bridge bot + avatar: mxc://matrix.org/kGQUDQyPiwbRXPFkjoBrPyhC + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_go_skype_bridge_appservice_token }}" + hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Skype users. + # {{ '{{.}}' }} is replaced with the phone number of the Skype user. + username_template: {{ 'skype-{{.}}' }} + # Displayname template for Skype users. + # {{ '{{.Notify}}' }} - nickname set by the Skype user + # {{ '{{.Jid}}' }} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{ '{{.Name}}' }} - display name from contact list + # {{ '{{.Short}}' }} - short display name from contact list + # To use multiple if's, you need to use: {{ '{{else if .Name}}' }}, for example: + # "{{ '{{if .Notify}}' }}{{ '{{.Notify}}' }}{{ '{{else if .Name}}' }}{{ '{{.Name}}' }}{{ '{{else}}' }}{{ '{{.Jid}}' }}{{ '{{end}}' }} (WA)" + displayname_template: "{{ '{{if .DisplayName}}' }}{{ '{{.DisplayName}}' }}{{ '{{else}}' }}{{ '{{.PersonId}}' }}{{ '{{end}}' }} (Skype)" + # Localpart template for per-user room grouping community IDs. + # On startup, the bridge will try to create these communities, add all of the specific user's + # portals to the community, and invite the Matrix user to it. + # (Note that, by default, non-admins might not have your homeserver's permission to create + # communities.) + # {{ '{{.Localpart}}' }} is the MXID localpart and {{ '{{.Server}}' }} is the MXID server part of the user. + community_template: skype-{{ '{{.Localpart}}' }}={{ '{{.Server}}' }} + + # Skype connection timeout in seconds. + connection_timeout: 20 + # If Skype doesn't respond within connection_timeout, should the bridge try to fetch the message + # to see if it was actually bridged? Use this if you have problems with sends timing out but actually + # succeeding. + fetch_message_on_timeout: false + # Whether or not the bridge should send a read receipt from the bridge bot when a message has been + # sent to Skype. If fetch_message_on_timeout is enabled, a successful post-timeout fetch will + # trigger a read receipt too. + delivery_receipts: false + # Number of times to regenerate QR code when logging in. + # The regenerated QR code is sent as an edit and essentially multiplies the login timeout (20 seconds) + login_qr_regen_count: 2 + # Maximum number of times to retry connecting on connection error. + max_connection_attempts: 3 + # Number of seconds to wait between connection attempts. + # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts + connection_retry_delay: -1 + # Whether or not the bridge should send a notice to the user's management room when it retries connecting. + # If false, it will only report when it stops retrying. + report_connection_retry: true + # Maximum number of seconds to wait for chats to be sent at startup. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + chat_list_wait: 30 + # Maximum number of seconds to wait to sync portals before force unlocking message processing. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + portal_sync_wait: 600 + + # Whether or not to send call start/end notices to Matrix. + call_notices: + start: true + end: true + + # Number of chats to sync for new users. + # Since some of the obtained conversations are not the conversations that the user needs to see, + # the actual number of conversations displayed on the matrix client will be slightly less than the set value + initial_chat_sync_count: 10 + # Number of old messages to fill when creating new portal rooms. + initial_history_fill_count: 20 + # Whether or not notifications should be turned off while filling initial history. + # Only applicable when using double puppeting. + initial_history_disable_notifications: false + # Maximum number of chats to sync when recovering from downtime. + # Set to -1 to sync all new chats during downtime. + recovery_chat_sync_limit: -1 + # Whether or not to sync history when recovering from downtime. + recovery_history_backfill: true + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # sync contact, Non-martix-standard parameter, defaults to false + sync_contact: false + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_go_skype_bridge_homeserver_domain }}": {{ matrix_go_skype_bridge_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_go_skype_bridge_bridge_login_shared_secret_map|to_json }} + + # Whether or not to invite own Skype user's Matrix puppet into private + # chat portals when backfilling if needed. + # This always uses the default puppet instead of custom puppets due to + # rate limits and timestamp massaging. + invite_own_puppet_for_backfilling: true + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This can be useful if the previous field works fine, + # but causes room avatar/name bugs. + private_chat_portal_meta: true + + # Whether or not thumbnails from Skype should be sent. + # They're disabled by default due to very low resolution. + Skype_thumbnail: false + + # Allow invite permission for user. User can invite any bots to room with Skype + # users (private chat and groups) + allow_user_invite: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!wa" + + # End-to-bridge encryption support options. This requires login_shared_secret to be configured + # in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_go_skype_bridge_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + # It is recommended to also set private_chat_portal_meta to true when using this. + default: {{ matrix_go_skype_bridge_bridge_encryption_default|to_json }} + + puppet_id: + # when set to true, the matrixid of the contact (puppet) from the bridge to the matrix will be encrypted into another string + allow: false + # 8 characters + key: '12dsf323' + # Use the username_template prefix. (Warning: At present, username_template cannot be too complicated, otherwise this function may cause unknown errors) + username_template_prefix: 'skype-' + + # Permissions for using the bridge. + # Permitted values: + # relaybot - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Skype account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_go_skype_bridge_homeserver_domain }}": user + + relaybot: + # Whether or not relaybot support is enabled. + enabled: false + # The management room for the bot. This is where all status notifications are posted and + # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting + # the command prefix completely like in user management rooms is not possible. + management: '!foo:example.com' + # List of users to invite to all created rooms that include the relaybot. + invites: [] + # The formats to use when sending messages to Skype via the relaybot. + message_formats: + m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.notice: "{{ '{{ .Sender.Displayname }}' }}:: {{ '{{ .Message }}' }}" + m.emote: "* {{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.file: "{{ '{{ .Sender.Displayname }}' }}: sent a file" + m.image: "{{ '{{ .Sender.Displayname }}' }}: sent an image" + m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" + m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" + m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" + +# Logging config. +logging: + # The directory for log files. Will be created if not found. + directory: ./logs + # Available variables: .Date for the file date and .Index for different log files on the same day. + # empy/null = journal logging only + file_name_format: + # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants + file_date_format: "2006-01-02" + # Log file permissions. + file_mode: 0600 + # Timestamp format for log entries in the Go time format. + timestamp_format: "Jan _2, 2006 15:04:05" + # Minimum severity for log messages. + # Options: debug, info, warn, error, fatal + print_level: {{ matrix_go_skype_bridge_log_level }} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 new file mode 100644 index 000000000..fe5ab2d6f --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Go Skype Bridge bridge +{% for service in matrix_go_skype_bridge_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_go_skype_bridge_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_go_skype_bridge_config_path }}:/config:z \ + -v {{ matrix_go_skype_bridge_data_path }}:/data:z \ + --workdir=/data \ + {% for arg in matrix_go_skype_bridge_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_go_skype_bridge_docker_image }} \ + /usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-go-skype-bridge + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index ce36d1cec..5ea7e5a7e 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc - matrix-bridge-beeper-linkedin + - matrix-bridge-go-skype-bridge - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-twitter - matrix-bridge-mautrix-hangouts From 5e9e8f9e29e2d3afc567a73ea933ad71c5094444 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Jun 2022 08:02:31 +0300 Subject: [PATCH 084/144] Announce go-skype-bridge support --- CHANGELOG.md | 11 +++++++++++ docs/configuring-playbook-bridge-mx-puppet-skype.md | 2 ++ docs/configuring-playbook.md | 2 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f9fe2aaa..0e90accaf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2022-06-13 + +## go-skype-bridge bridging support + +Thanks to [CyberShadow](https://github.com/CyberShadow), the playbook can now install the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) bridge for bridging Matrix to [Skype](https://www.skype.com/). + +See our [Setting up Go Skype Bridge](docs/configuring-playbook-bridge-go-skype-bridge.md) documentation to get started. + +The playbook has supported [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridging (see [Setting up MX Puppet Skype bridging](docs/configuring-playbook-bridge-mx-puppet-skype.md)) since [2020-04-09](#2020-04-09), but `mx-puppet-skype` is reportedly broken. + + # 2022-06-09 ## Running Ansible in a container can now happen on the Matrix server itself diff --git a/docs/configuring-playbook-bridge-mx-puppet-skype.md b/docs/configuring-playbook-bridge-mx-puppet-skype.md index cca5e3059..ff4e636ee 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-skype.md +++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md @@ -1,5 +1,7 @@ # Setting up MX Puppet Skype (optional) +**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this. + The playbook can install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 774e54d12..3bfb01bdc 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) +- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) From d6a38810924b3f92a23fe75d2cb3381d37bbcc50 Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Mon, 13 Jun 2022 06:40:15 +0000 Subject: [PATCH 085/144] docs/configuring-playbook-bridge-go-skype-bridge: Fixups Fixup for #1877. --- docs/configuring-playbook-bridge-go-skype-bridge.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-go-skype-bridge.md b/docs/configuring-playbook-bridge-go-skype-bridge.md index 1eec9e723..a7a4fbc80 100644 --- a/docs/configuring-playbook-bridge-go-skype-bridge.md +++ b/docs/configuring-playbook-bridge-go-skype-bridge.md @@ -1,7 +1,7 @@ # Setting up Go Skype Bridge (optional) The playbook can install and configure -[go-skype-bridge](https://github.com/Sorunome/go-skype-bridge) for you. +[go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you. See the project page to learn what it does and why it might be useful to you. @@ -16,7 +16,7 @@ matrix_go_skype_bridge_enabled: true ## Usage -Once the bot is enabled, you need to start a chat with `Skype Puppet Bridge` +Once the bot is enabled, you need to start a chat with `Skype bridge bot` with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). From b2f9ede87c6cf1d5b43f0b36c129cdbfe62bfcc8 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 14 Jun 2022 13:45:46 +0000 Subject: [PATCH 086/144] Update Element v1.10.14 -> v1.10.15 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 86b0ee6ad..083621f2f 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.14 +matrix_client_element_version: v1.10.15 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 37b584ef5825fd7b435f7c542fe2d53b47ef83f9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jun 2022 16:44:25 +0300 Subject: [PATCH 087/144] Upgrade matrix-corporal (2.2.3 -> 2.3.0) matrix-corporal 2.3.0 supports Synapse v1.61.0 (which removed communities/groups support). --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 66896e0e5..bd91564ab 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.3 +matrix_corporal_version: 2.3.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 6a573399aea8e0236d6807a4e784f4a0ef4a7f3b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jun 2022 16:45:21 +0300 Subject: [PATCH 088/144] Upgrade Synapse (v1.60.0 -> v1.61.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- roles/matrix-synapse/vars/workers.yml | 55 ++++++++++++++------------ 2 files changed, 30 insertions(+), 27 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d0debe85f..29cf00b55 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.60.0 +matrix_synapse_version: v1.61.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 91b289c7b..e535d2ccc 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -29,9 +29,8 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ + - ^/_matrix/federation/v1/hierarchy/ # Inbound federation transaction request - ^/_matrix/federation/v1/send/ @@ -43,15 +42,14 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ + - ^/_matrix/client/v1/rooms/.*/hierarchy$ + - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ - ^/_matrix/client/(r0|v3|unstable)/devices$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(r0|v3|unstable)/joined_groups$ - - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ - - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ @@ -75,31 +73,27 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - # These appear to be conditional and should not be enabled by default. - # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. - # For now, they've been commented out manually. - # - # # Device requests - # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # # Account data requests - # - ^/_matrix/client/(r0|v3|unstable)/.*/tags - # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # # Receipts requests - # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # # Presence requests - # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ - +# These appear to be conditional and should not be enabled by default. +# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. +# For now, they've been commented out manually. +# # Account data requests +# - ^/_matrix/client/(r0|v3|unstable)/.*/tags +# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data +# +# # Receipts requests +# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt +# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers +# +# # Presence requests +# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + + # User directory search requests + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ # Additionally, the following REST endpoints can be handled for GET requests: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/federation/v1/groups/ # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ - # ^/_matrix/client/(r0|v3|unstable)/groups/ # Pagination requests can also be handled, but all requests for a given # room must be routed to the same instance. Additionally, care must be taken to @@ -301,6 +295,15 @@ matrix_synapse_workers_generic_worker_endpoints: # This work cannot be load-balanced; please ensure the main process is restarted # after setting this option in the shared configuration! + # User directory updates allow REST endpoints matching the following regular + # expressions to work: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + + # The above endpoints can be routed to any worker, though you may choose to route + # it to the chosen user directory worker. + # This style of configuration supersedes the legacy `synapse.app.user_dir` # worker application type. From 7b0e5ef9955cc82802cd97bcefefc4fcd64abd91 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:55:11 +0000 Subject: [PATCH 089/144] Update mautrix-whatsapp 0.4.0 -> 0.5.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 5be700516..6e95eeb7c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.4.0 +matrix_mautrix_whatsapp_version: v0.5.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 5eff67371da7f49fcad0da570371374c674ebe9a Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 17 Jun 2022 14:32:17 +0300 Subject: [PATCH 090/144] add synapse media_retention --- roles/matrix-synapse/defaults/main.yml | 8 ++++++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b55..b7ea94f3c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -86,6 +86,14 @@ matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" matrix_synapse_max_upload_size_mb: 50 +# Controls whether local media should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_local_media_lifetime: +# Controls whether remote media cache (media that is downloaded from other homeservers) +# should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_remote_media_lifetime: + # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce713300..1b4edb291 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1048,6 +1048,14 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" +media_retention: +{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} + local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" +{% endif %} +{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} + remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" +{% endif %} + # Maximum number of pixels that will be thumbnailed # #max_image_pixels: 32M From 323f5aa60d3be35bb8cf21813b0ab299a19a5fd9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:25:49 +0300 Subject: [PATCH 091/144] Synchronize homeserver.yaml config with the one from Synapse 1.61.0 --- roles/matrix-synapse/defaults/main.yml | 3 --- roles/matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 10 ---------- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b55..5cf82ef1c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -215,9 +215,6 @@ matrix_synapse_recaptcha_private_key: '' # Disabling this option will not delete any tokens previously generated. matrix_synapse_registration_requires_token: false -# Allows non-server-admin users to create groups on this server -matrix_synapse_enable_group_creation: false - # A list of 3PID types which users must supply when registering (possible values: email, msisdn). matrix_synapse_registrations_require_3pid: [] diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index bb8a2bcd0..ab0ca3a7e 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -60,6 +60,7 @@ - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} + - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce713300..d9a2974f4 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2600,16 +2600,6 @@ spam_checker: {{ matrix_synapse_spam_checker|to_json }} encryption_enabled_by_default_for_room_type: {{ matrix_synapse_encryption_enabled_by_default_for_room_type|to_json }} -# Uncomment to allow non-server-admin users to create groups on this server -# -enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }} - -# If enabled, non server admins can only create groups with local parts -# starting with this prefix -# -#group_creation_prefix: "unofficial_" - - # User Directory configuration # From 5987589436c7ed86897140f53eb8e1b1528c1317 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:30:22 +0300 Subject: [PATCH 092/144] Use |to_json --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1b4edb291..20b8135ab 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1050,10 +1050,10 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: {% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} - local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" + local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} {% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} - remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" + remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} # Maximum number of pixels that will be thumbnailed From 38027e72f6d541f46991eec4ea4ff6d40ae4aa90 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:45:25 +0300 Subject: [PATCH 093/144] Fix "object of type 'NoneType' has no len()" error Fixup for 5eff67371da7f49fc - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1884 --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d1f134079..c2364650d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1049,10 +1049,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: -{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_local_media_lifetime %} local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} -{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_remote_media_lifetime %} remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} From f6a73231ab64629a11aea445c854819cff06db75 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 18 Jun 2022 16:13:08 +0200 Subject: [PATCH 094/144] Synapse workers should respect X-Forwarded headers Currently, Synapse workers ignore the X-Forwarded headers, which leads to internal Docker IP addresses randomly appearing in the users' device list. This adds the `x_forwarded: true` option to the worker config, fixing the issue. --- roles/matrix-synapse/templates/synapse/worker.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 40714f442..239de1f21 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -26,6 +26,7 @@ worker_listeners: {% if http_resources|length > 0 %} - type: http bind_addresses: ['::'] + x_forwarded: true port: {{ matrix_synapse_worker_details.port }} resources: - names: {{ http_resources|to_json }} From 970afa4578b78951af7fded07fd9495990b2260c Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 21 Jun 2022 00:02:17 +0300 Subject: [PATCH 095/144] Update Buscarron 1.1.0 -> 1.2.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 8 +++++++- roles/matrix-bot-buscarron/templates/env.j2 | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index c2b44fa11..56686f42f 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.1.0 +matrix_bot_buscarron_version: v1.2.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -76,6 +76,9 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" # forms configuration matrix_bot_buscarron_forms: [] +# Disable encryption +matrix_bot_buscarron_noencryption: + # Sentry DSN matrix_bot_buscarron_sentry: @@ -88,6 +91,9 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# spam email localparts +matrix_bot_buscarron_spam_localparts: [] + # Ban duration in hours matrix_bot_buscarron_ban_duration: 24 diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index 876072e17..42da0d349 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -5,6 +5,7 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} @@ -12,10 +13,12 @@ BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} +BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} From fff4b9116c8fdf608669c543af3a5fa279a2751e Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Wed, 22 Jun 2022 10:10:41 +0200 Subject: [PATCH 096/144] Use prebuilt ARM images for coturn / synapse-admin * synapse-admin arm64 builds available since 2021-12-17 v.0.8.4 [awesometechnologies/synapse-admin:0.8.5](https://hub.docker.com/layers/synapse-admin/awesometechnologies/synapse-admin/0.8.5/images/sha256-eb54b8660c4641641b8acd08fd2dfc94ecc3fc604860f9e8b286a38008e3f3b6?context=explore) * coturn arm32/arm64 builds available since 2021-04-15 v.4.5.2-r0-alpine [coturn/coturn:4.5.2-r12](https://hub.docker.com/layers/coturn/coturn/coturn/4.5.2-r12/images/sha256-94887581bb1093085033be0494c3a651bd40034afba1867ddc78b8ba32dc2faf?context=explore) --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f727da55f..19cde0af0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1260,7 +1260,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -2196,7 +2196,7 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" -matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" ###################################################################### # From 5963a387f06cf11eefa17b2e49f53a8b9c10169c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:43:55 +0300 Subject: [PATCH 097/144] Upgrade Postgres (14.3 -> 14.4) --- roles/matrix-postgres/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index bb8202173..b6cbc2055 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -27,7 +27,7 @@ matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }} matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.4{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From f943e82384c2707f0ec45618352884901e819a21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:44:12 +0300 Subject: [PATCH 098/144] Upgrade Certbot (1.27 -> 1.28) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 64e2e06bf..466825c96 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From f4cf7b9cc190e00b4b7188659a0d24e856b20cfa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:17:51 +0300 Subject: [PATCH 099/144] Remove unused variable (matrix_nginx_proxy_synapse_workers_enabled_list) definition --- roles/matrix-nginx-proxy/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 466825c96..f3ec27baa 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -218,7 +218,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_synapse_workers_enabled_list: [] matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. # Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. From 2e68c9963ba4ab8b1e7d644a9185717012edfe06 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:50:43 +0300 Subject: [PATCH 100/144] Fix matrix-prometheus-postgres-exporter port number in some comments --- roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index c96a6ea84..9ad60405f 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -29,14 +29,14 @@ matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). +# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) +# - or listens on a loopback interface only (--net=host and 127.0.0.1:9187), which is not reachable from another container (like `matrix-prometheus`) # # Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, # but that's trickier to accomplish and won't necessarily work (hasn't been tested). From a3a6e14f7b730bdf0534f8821966b68d2c49cb1d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 23:04:27 +0300 Subject: [PATCH 101/144] Add matrix_nginx_proxy_proxy_synapse_metrics_addr_{with,sans}_container variables to defaults We redefine these variables in `group_vars/matrix_servers`, but it's better to have some defaults in the role as well. --- roles/matrix-nginx-proxy/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f3ec27baa..6fb7217e3 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -225,6 +225,8 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" +matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From ba51997f7b0c72755b19aeafc2db51ce90fc2112 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:44:11 +0300 Subject: [PATCH 102/144] (BC Break) Redo how metrics are exposed to external Prometheus servers --- CHANGELOG.md | 29 +++++++ docs/configuring-playbook-bridge-hookshot.md | 15 +++- ...configuring-playbook-prometheus-grafana.md | 85 +++++++++---------- ...onfiguring-playbook-prometheus-postgres.md | 8 +- group_vars/matrix_servers | 18 ++-- .../matrix-bridge-hookshot/defaults/main.yml | 13 ++- roles/matrix-bridge-hookshot/tasks/init.yml | 25 ++---- .../tasks/validate_config.yml | 13 +++ roles/matrix-nginx-proxy/defaults/main.yml | 66 +++++++++++--- .../tasks/nginx-proxy/setup_metrics_auth.yml | 53 ++++++++++++ .../tasks/setup_nginx_proxy.yml | 31 +++---- .../tasks/validate_config.yml | 23 +++++ .../nginx/conf.d/matrix-domain.conf.j2 | 13 +++ .../nginx/conf.d/matrix-synapse.conf.j2 | 39 --------- .../nginx/matrix-synapse-metrics-htpasswd.j2 | 3 - .../defaults/main.yml | 7 ++ .../tasks/init.yml | 36 ++++++++ .../defaults/main.yml | 6 ++ .../tasks/init.yml | 36 ++++++++ roles/matrix-synapse/defaults/main.yml | 8 ++ roles/matrix-synapse/tasks/init.yml | 60 +++++++++++++ .../tasks/synapse/setup_install.yml | 9 ++ .../tasks/synapse/setup_uninstall.yml | 6 ++ .../external_prometheus.yml.example.j2 | 18 ++-- setup.yml | 2 +- 25 files changed, 453 insertions(+), 169 deletions(-) create mode 100644 roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml delete mode 100644 roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 rename roles/{matrix-nginx-proxy/templates => matrix-synapse/templates/synapse}/prometheus/external_prometheus.yml.example.j2 (51%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e90accaf..3c5fdac53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,32 @@ +# 2022-06-23 + +## (Potential Backward Compatibility Break) Changes around metrics collection + +**TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below. + +**Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all). + +**The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. + +**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that: +1. **Metrics may not be enabled by default anymore**: + - If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network. + - **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below. +2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. +3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`. + +**If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`. + +**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`. + +**If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that: + +1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them. +2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation +3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` +4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). + + # 2022-06-13 ## go-skype-bridge bridging support diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index f47f24c0e..3e8a54a20 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -14,7 +14,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. @@ -32,8 +32,8 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | -| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). @@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics -If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). +Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them. + +To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however. + +**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to: + +- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature) +- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true` ### Collision with matrix-appservice-webhooks diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index f178def20..e1b826430 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -9,8 +9,12 @@ Remember to add `stats.` to DNS as described in [Configuring DNS](c ```yaml matrix_prometheus_enabled: true +# You can remove this, if unnecessary. matrix_prometheus_node_exporter_enabled: true +# You can remove this, if unnecessary. +matrix_prometheus_postgres_exporter_enabled: true + matrix_grafana_enabled: true matrix_grafana_anonymous_access: false @@ -34,6 +38,7 @@ Name | Description -----|---------- `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures +`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. `matrix_grafana_default_admin_user`
`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here @@ -48,28 +53,54 @@ Most of our docker containers run with limited system access, but the `prometheu ## Collecting metrics to an external Prometheus server -If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation. +**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly". + +When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network. + +The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below. -To do this, you may be interested in the following variables: +The following variables may be of interest: Name | Description -----|---------- +`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead. `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) -`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics` -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`) -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx. -`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`) +`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). +`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) +`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) +`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` +`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below) + +Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations: +```nginx +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: + - 'location /metrics/another-service { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-another-service:9100/metrics; + }' +``` + +Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). + -### Collecting worker metrics to an external Prometheus server +### Collecting Synapse worker metrics to an external Prometheus server -If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. -The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. +The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: ```yaml scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics + metrics_path: /metrics/synapse/main-process scheme: https basic_auth: username: prometheus @@ -80,7 +111,7 @@ scrape_configs: job: "master" index: 1 - job_name: 'synapse-generic_worker-1' - metrics_path: /_synapse-worker-generic_worker-18111/metrics + metrics_path: /metrics/synapse/worker/generic_worker-18111 scheme: https basic_auth: username: prometheus @@ -92,38 +123,6 @@ scrape_configs: index: 18111 ``` -### Collecting system and Postgres metrics to an external Prometheus server (advanced) - -When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats. - -It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network. - -Use the following variables in addition to the ones mentioned above: - -Name | Description ------|---------- -`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy -`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain -`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter -`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter -`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below) - -```nginx -matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: - - 'location /node-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-node-exporter:9100/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' - - 'location /postgres-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-postgres-exporter:9187/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' -``` -You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187. ## More information diff --git a/docs/configuring-playbook-prometheus-postgres.md b/docs/configuring-playbook-prometheus-postgres.md index 34407aaed..6fd13a9e9 100644 --- a/docs/configuring-playbook-prometheus-postgres.md +++ b/docs/configuring-playbook-prometheus-postgres.md @@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv ```yaml matrix_prometheus_postgres_exporter_enabled: true - -# the role creates a postgres user as credential. You can configure these if required: -matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' -matrix_prometheus_postgres_exporter_database_password: 'some-password' - ``` ## What does it do? @@ -20,7 +15,8 @@ Name | Description -----|---------- `matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' `matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' -`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. +`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) ## More information diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 19cde0af0..394e26dc9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -711,8 +711,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" -matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" -matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled. +# +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_hookshot_metrics_enabled` +# - `matrix_hookshot_metrics_proxying_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}" matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" @@ -1586,13 +1591,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" -# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore. -# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public. -# A local Prometheus can consume them over the container network. -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" - matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" @@ -1614,8 +1612,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" -matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}" - matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 3a2d5bc94..5d618a6ea 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -29,13 +29,20 @@ matrix_hookshot_public_endpoint: /hookshot matrix_hookshot_appservice_port: 9993 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" -# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc -matrix_hookshot_metrics_enabled: true +# Controls whether metrics are enabled in the bridge configuration. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`. +matrix_hookshot_metrics_enabled: false + +# Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_hookshot_metrics_proxying_enabled: false + # There is no need to edit ports. # Read the documentation to learn about using hookshot metrics with external Prometheus # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 -matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_webhook_port: 9000 diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 14bbcbb32..96d5740a7 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -103,11 +103,10 @@ [matrix_hookshot_matrix_nginx_proxy_configuration] }} - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | - {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} - location {{ matrix_hookshot_metrics_endpoint }} { + matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/hookshot { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; @@ -117,24 +116,18 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; {% endif %} - proxy_set_header Host $host; - {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - {% endif %} } - {% endif %} + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} - tags: - - always + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool when: matrix_hookshot_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml index 5da8809ee..b96223323 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -57,3 +57,16 @@ when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" with_items: - "matrix_hookshot_provisioning_secret" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot, + which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`. + + We now recommend exposing Hookshot metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_hookshot_proxy_metrics + - matrix_hookshot_metrics_endpoint + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6fb7217e3..f19eb4ab0 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,58 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) +# If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. +# This is only useful when an external Prometheus will be collecting metrics. +# +# To control what kind of metrics are exposed under `/metrics/` (e.g `/metrics/node-exporter`, `/metrics/postgres-exporter`, etc.), +# use `matrix_SERVICE_metrics_proxying_enabled` variables in each respective role. +# Roles inject themselves into the matrix-nginx-proxy configuration. +# +# To protect the metrics endpoints, see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` +matrix_nginx_proxy_proxy_matrix_metrics_enabled: false + +# Controls whether Basic Auth is enabled for all `/metrics/*` endpoints. +# +# You can provide the Basic Auth credentials in 2 ways: +# 1. A single username/password pair using `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` +# 2. Using raw content (`htpasswd`-generated file) provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled: false + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` specify +# the Basic Auth username/password for protecting `/metrics/*` endpoints. +# Alternatively, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username: "" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password: "" + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` value will be written verbatim to the htpasswd file protecting `/metrics/*` endpoints. +# Use this when a single username/password is not enough and you'd like to get more control over credentials. +# +# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. +# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` +# The whole thing is needed here. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "" + +# Specifies the path to the htpasswd file holding the htpasswd credentials for protecting `/metrics/*` endpoints +# This is not meant to be modified. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + +# Specifies the Apache container image to use +# when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. +# This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. +# To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. +# Learn more in: `roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" + +# A list of strings containing additional configuration blocks to add to the `location /metrics` configuration (matrix-domain.conf). +# Do not modify `matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks` and `matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks`. +# If you'd like to inject your own configuration blocks, use `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`. +matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks: "{{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks + matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks }}" +matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: [] +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: [] + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -216,18 +268,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" -# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false -# The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. -# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. -# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` -# The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" - # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-proxy:12080" @@ -260,8 +300,6 @@ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: | (['/_synapse/oidc'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled else []) + (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else []) - + - (['/_synapse.*/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else []) }} # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml new file mode 100644 index 000000000..55163c945 --- /dev/null +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -0,0 +1,53 @@ +# When we're dealing with raw htpasswd content, we just store it in the file directly. +- name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content }}" + dest: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + when: not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username + +# Alternatively, we need to use the `htpasswd` tool to generate the htpasswd file. +# There's an Ansible module that helps with that, but it requires passlib (a Python module) to be installed on the server. +# See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module +# We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. +# As a workaround, we run `htpasswd` from an Apache container image. +- block: + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" + + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent + when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a559e1090..0da9e52c7 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -31,23 +31,9 @@ mode: 0644 when: matrix_nginx_proxy_enabled|bool -- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI) - template: - src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2" - dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0400 - when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool" - -- name: Generate sample prometheus.yml for external scraping - template: - src: "{{ role_path }}/templates/prometheus/external_prometheus.yml.example.j2" - dest: "{{ matrix_base_data_path }}/external_prometheus.yml.example" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0644 - when: matrix_nginx_proxy_proxy_synapse_metrics|bool +- name: Setup metrics + include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" + when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool - name: Ensure Matrix nginx-proxy configured (generic) template: @@ -324,10 +310,15 @@ file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool" -- name: Ensure sample prometheus.yml for external scraping is deleted +# This file is now generated by the matrix-synapse role and saved in the Synapse directory +- name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted file: path: "{{ matrix_base_data_path }}/external_prometheus.yml.example" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics|bool" + +- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs) + file: + path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + state: absent + when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 0de93873f..c6697e935 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -27,6 +27,14 @@ `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" +- name: Fail if Basic Auth enabled for metrics, but no credentials supplied + fail: + msg: | + Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: + - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) + - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) + when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" + - block: - name: (Deprecation) Catch and report renamed settings fail: @@ -36,6 +44,7 @@ with_items: - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} + - {'old': 'matrix_nginx_proxy_proxy_synapse_workers_enabled_list', 'new': ''} when: "item.old in vars" - name: Fail if required variables are undefined @@ -49,3 +58,17 @@ - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse, + which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`. + + We now recommend exposing Synapse metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_nginx_proxy_proxy_synapse_metrics + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 4abcd40a0..2895ba14a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,6 +45,19 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} + location /metrics { + {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path }}; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 9a1576d48..69f13a1aa 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -145,45 +145,6 @@ server { {{- configuration_block }} {% endfor %} - {% if matrix_nginx_proxy_proxy_synapse_metrics %} - location /_synapse/metrics { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - - {% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_proxy_synapse_metrics %} - {% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} - {% if worker.metrics_port != 0 %} - location /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; - proxy_pass http://$backend/_synapse/metrics; - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - {% endfor %} - {% endif %} - {# Everything else just goes to the API server ##} location / { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 b/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 deleted file mode 100644 index 1a7247ace..000000000 --- a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# User and password for protecting /_synapse/metrics URI -prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }} diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 5e50a1d77..1a086b311 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -17,10 +17,17 @@ matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service # List of systemd services that matrix-prometheus.service wants matrix_prometheus_node_exporter_systemd_wanted_services_list: [] +# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_node_exporter_metrics_proxying_enabled: false + # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index db44a7ab9..d08340a83 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + location /metrics/node-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-node-exporter:9100"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 9ad60405f..8c3f435e6 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -28,11 +28,17 @@ matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres' matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' +# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index ddea23ab1..996cc975d 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + location /metrics/postgres-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-postgres-exporter:9187"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 50e843027..848d8beb6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -334,6 +334,14 @@ matrix_url_preview_accept_language: ['en-US', 'en'] matrix_synapse_metrics_enabled: false matrix_synapse_metrics_port: 9100 +# Controls whether Synapse metrics should be proxied (exposed) on: +# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process +# - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process +# +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_synapse_metrics_proxying_enabled: false + # Enable the Synapse manhole # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md matrix_synapse_manhole_enabled: false diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 880650492..ffaec05fd 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -25,3 +25,63 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_synapse_nginx_metrics_configuration_block: | + location /metrics/synapse/main-process { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse:{{ matrix_synapse_metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_synapse_metrics_port }}/_synapse/metrics; + {% endif %} + } + + - name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_nginx_metrics_configuration_block] + }} + + - name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_synapse_worker_nginx_metrics_configuration_block: | + {% for worker in matrix_synapse_workers_enabled_list %} + {% if worker.metrics_port != 0 %} + location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + proxy_set_header Host $host; + } + {% endif %} + {% endfor %} + when: matrix_synapse_workers_enabled_list|length > 0 + + - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_worker_nginx_metrics_configuration_block] + }} + when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_enabled|bool and matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 2302a6f23..1aaaf7b3f 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -119,3 +119,12 @@ src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0755 + +- name: Generate sample prometheus.yml for external scraping + template: + src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2" + dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + when: matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 911d12851..1d4fe7ad2 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -29,3 +29,9 @@ docker_image: name: "{{ matrix_synapse_docker_image }}" state: absent + +- name: Ensure sample prometheus.yml for external scraping is deleted + file: + path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + state: absent + when: "not matrix_synapse_metrics_proxying_enabled|bool" diff --git a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 similarity index 51% rename from roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 rename to roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index cbb2e6f33..b194c3c2d 100644 --- a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -11,29 +11,29 @@ rule_files: scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/main-process + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "master" index: "0" -{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} +{% for worker in matrix_synapse_workers_enabled_list %} - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "{{ worker.type }}" index: "{{ worker.instanceId }}" diff --git a/setup.yml b/setup.yml index 5ea7e5a7e..27aac7a72 100755 --- a/setup.yml +++ b/setup.yml @@ -47,6 +47,7 @@ - matrix-dendrite - matrix-synapse-admin - matrix-prometheus-node-exporter + - matrix-prometheus-postgres-exporter - matrix-prometheus - matrix-grafana - matrix-registration @@ -63,6 +64,5 @@ - matrix-coturn - matrix-aux - matrix-postgres-backup - - matrix-prometheus-postgres-exporter - matrix-backup-borg - matrix-common-after From 9aab7f9c37f546a22a7b54c1a34bc6a3e519834a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:57:53 +0300 Subject: [PATCH 103/144] Make yamllint happy Fixup for ba51997f7b0 --- .../matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 55163c945..1d39b8d6c 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -1,3 +1,5 @@ +--- + # When we're dealing with raw htpasswd content, we just store it in the file directly. - name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) copy: From 1727ecd888317db71f7e35f4e022ef728bdf854c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 18:00:32 +0300 Subject: [PATCH 104/144] Make yamllint happy (take 2) > Error: 19:3 error wrong indentation: expected 4 but found 2 (indentation) --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 1d39b8d6c..35dabefa7 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -16,40 +16,40 @@ # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. # As a workaround, we run `htpasswd` from an Apache container image. - block: - - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - docker_image: - name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" - # We store the password in a file and make the `htpasswd` tool read it from there, - # as opposed to passing it directly on stdin (which will expose it to other processes on the server). - - name: Store metrics password in a temporary file - copy: - content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" - dest: "/tmp/matrix-nginx-proxy-metrics-password" - mode: 0400 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" - - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - command: - cmd: >- - {{ matrix_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network=none - --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data - --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro - --entrypoint=/bin/sh - {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} - -c - 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' - - name: Delete temporary metrics password file - file: - path: /tmp/matrix-nginx-proxy-metrics-password - state: absent + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' From 37d7e75e9bf2499e64ef8c7847b99c4ae44e081b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 20:37:56 +0300 Subject: [PATCH 105/144] Add support for passing extra arguments to prometheus-node-exporter --- .../defaults/main.yml | 12 ++++++++++++ .../matrix-prometheus-node-exporter.service.j2 | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 1a086b311..a7f25c210 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -11,6 +11,18 @@ matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_n # A list of extra arguments to pass to the container matrix_prometheus_node_exporter_container_extra_arguments: [] +# A list of extra arguments to pass to the node_exporter process +# +# Example: +# matrix_prometheus_node_exporter_process_extra_arguments: +# - "--collector.systemd" +# - "--collector.logind" +# +# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. +# In fact, the systemd collector is exhibiting issues: +# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +matrix_prometheus_node_exporter_process_extra_arguments: [] + # List of systemd services that matrix-prometheus.service depends on matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service'] diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index e38b42e31..d0bfa4cce 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -32,7 +32,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod --pid=host \ --mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ {{ matrix_prometheus_node_exporter_docker_image }} \ - --path.rootfs=/host + --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' From 569b52f0c1818d988aa0ebf0eb93a7ff9e37b503 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Jun 2022 08:33:17 +0300 Subject: [PATCH 106/144] Document how the systemd node-exporter collector can be made to work --- roles/matrix-prometheus-node-exporter/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index a7f25c210..d061d59cd 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -18,9 +18,10 @@ matrix_prometheus_node_exporter_container_extra_arguments: [] # - "--collector.systemd" # - "--collector.logind" # -# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. -# In fact, the systemd collector is exhibiting issues: -# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +# Note: the above is just an example. Various collectors may require various tweaks to be able to run. +# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`: +# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`) +# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`) matrix_prometheus_node_exporter_process_extra_arguments: [] # List of systemd services that matrix-prometheus.service depends on From 5f6ad0f603693d4ea8b31298fe4b8c42d004c724 Mon Sep 17 00:00:00 2001 From: nono-lqdn Date: Fri, 24 Jun 2022 17:45:52 +0200 Subject: [PATCH 107/144] Added a note on managing the basic_auth password on external prometheus servers --- CHANGELOG.md | 1 + docs/configuring-playbook-prometheus-grafana.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c5fdac53..2779b3698 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index e1b826430..b2878c12b 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,6 +90,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server @@ -130,4 +131,3 @@ scrape_configs: - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2) - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) - From 83f1574a085831ac58d22de6cffb5d4f1569e5fc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 Jun 2022 18:59:28 +0300 Subject: [PATCH 108/144] Upgrade exim-relay (4.95-r0-2 -> 4.95-r0-4) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 682126d28..6d3bb2e24 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0-2 +matrix_mailer_version: 4.95-r0-4 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From b784f88af5cb8f3883ade58fee175cb76f892f66 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:06:35 +0000 Subject: [PATCH 109/144] Update Grafana (8.5.3 -> 9.0.1) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 991cb19d6..618eaef73 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.3 +matrix_grafana_version: 9.0.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From c793fc5ff0a47d078022751fd2be588a2782187f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:07:30 +0000 Subject: [PATCH 110/144] Update Prometheus (v2.33.3 -> v2.36.2) --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 843a90e8a..cb1e6c014 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.33.3 +matrix_prometheus_version: v2.36.2 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 574f57c82cb44a6dce204fbdfda197753d8752de Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 08:41:22 +0300 Subject: [PATCH 111/144] expose prometheus process args --- roles/matrix-prometheus/defaults/main.yml | 7 +++++++ .../templates/systemd/matrix-prometheus.service.j2 | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index cb1e6c014..ffe2ddc0e 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,6 +26,13 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 8de57201c..296a3adf0 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} + {{ matrix_prometheus_docker_image }} \ + {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 1542e8bca036360c6eb3d2cdaa5415e7eacb805f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 26 Jun 2022 06:59:46 +0000 Subject: [PATCH 112/144] Update roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 Co-authored-by: Slavi Pantaleev --- .../templates/systemd/matrix-prometheus.service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 296a3adf0..57969f8a6 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,8 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} \ - {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From c71fea70d334506571dd268824e09f05b5f80acf Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 12:01:57 +0300 Subject: [PATCH 113/144] matrix-prometheus feedback --- roles/matrix-prometheus/defaults/main.yml | 10 ++++++++-- .../templates/systemd/matrix-prometheus.service.j2 | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index ffe2ddc0e..28395bd9d 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,13 +26,19 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' -# A list of extra arguments to pass to the prometheus process -matrix_prometheus_process_extra_arguments: +# A list of default arguments to pass to the prometheus process +matrix_prometheus_process_default_arguments: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: [] + +# holds the final list of process arguments +matrix_prometheus_process_arguments: "{{ matrix_prometheus_process_default_arguments + matrix_prometheus_process_extra_arguments }}" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 57969f8a6..56e13c134 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 5801017df0b1005c6513bce4bfa2a3c11e36309c Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:16:09 +0300 Subject: [PATCH 114/144] mx-puppet-bridges - set log level = warn, set presence interval = 5s --- .../matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 | 4 ++-- .../matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 | 2 +- .../templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 index edb0c280b..a1c0cc486 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -25,7 +25,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -117,7 +117,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 index a9ab77012..357baec74 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 index 1c4bb1bd0..57c5b0f0e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -18,7 +18,7 @@ presence: # Bridge Instagram online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -61,7 +61,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 index 1d6d48280..647f8fc78 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 @@ -29,7 +29,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Optionally, you can apply filters to the console logging #console: # level: info @@ -80,7 +80,7 @@ presence: # Bridge online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 # if the im.vector.user_status state setting should be diabled #disableStatusState: false # A blacklist of remote user IDs for the im.vector.user_status state setting diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index c7497a84c..b84fe221b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -32,7 +32,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -75,7 +75,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 index fd59471d4..0919907dc 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 index 1d269057e..5418ccaf4 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -28,7 +28,7 @@ presence: # Bridge Twitter online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -71,7 +71,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files From 2689a0981a820138b05218b27cf4e5178d08d64b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:31:51 +0300 Subject: [PATCH 115/144] mautrix-based bridges - set log level = warn(ing) --- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 10 +++++----- .../templates/config.yaml.j2 | 6 +++--- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 6 +++--- 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 4fb6b055a..77a73a96f 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -256,12 +256,12 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [ console] diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index c3cb1932e..d4823c424 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -250,11 +250,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index e2af88308..657323437 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 7ff7d539d..a8a52b7c9 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -135,11 +135,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index cb74d5c11..a4ba96d6f 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -216,13 +216,13 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING mauigpapi: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index b831fe9a1..47671af5e 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 6569ce87a..177c5f0a7 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -401,11 +401,11 @@ logging: formatter: precise loggers: mau: - level: DEBUG + level: WARNING telethon: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f0ae69b25..d0aec60f6 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -195,9 +195,9 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] From d426dbbc32614aa9e2c65c2ceb2d0fbbf9f29737 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:41:23 +0300 Subject: [PATCH 116/144] missing var --- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index e622522de..5b84643c4 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -25,6 +25,8 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url } matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" +matrix_beeper_linkedin_bridge_presence: true + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] From 55d8e3dfddb6a8c66ac65ad5923e35d32b1ab102 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:03:21 +0300 Subject: [PATCH 117/144] mautrix-based bridges: add matrix_admin --- roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 3 +++ .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 +++ 10 files changed, 30 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 77a73a96f..7310676d8 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,6 +238,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index fb50b0dd4..f3dd7c29a 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,6 +199,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index d4823c424..7dca6aff1 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,6 +203,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 657323437..b7b908322 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,6 +119,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index a8a52b7c9..5b7bd8be4 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,6 +116,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index a4ba96d6f..c0965ad29 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 47671af5e..2c49c833d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,6 +225,9 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 177c5f0a7..40549721f 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,6 +291,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index d0aec60f6..debddc4b6 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,6 +175,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d73718eaa..d3b26ba61 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Settings for relay mode relay: From ed8ef0d1f871b2b671a75a1af8786d2c27f7bc8b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:09:31 +0300 Subject: [PATCH 118/144] mautrix-telegram: update defaults --- .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 40549721f..b22882578 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -105,11 +105,11 @@ bridge: # synced when they send messages. The maximum is 10000, after which the Telegram server # will not send any more members. # Defaults to no local limit (-> limited to 10000 by server) - max_initial_member_sync: -1 + max_initial_member_sync: 10 # Whether or not to sync the member list in channels. # If no channel admins have logged into the bridge, the bridge won't be able to sync the member # list regardless of this setting. - sync_channel_members: true + sync_channel_members: false # Whether or not to skip deleted members when syncing members. skip_deleted_members: true # Whether or not to automatically synchronize contacts and chats of Matrix users logged into @@ -204,7 +204,7 @@ bridge: # been sent to Telegram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From cd88c06994c881f9be24bf700ae55c535ffe7d5a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:16:43 +0300 Subject: [PATCH 119/144] mautrix-twitter: update defaults --- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index debddc4b6..2b3b41407 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -149,7 +149,7 @@ bridge: # been sent to Twitter. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Whether or not non-fatal polling errors should send notices to the notice room. temporary_disconnect_notices: true # Number of seconds to sleep more than the previous error when a polling error occurs. From 00192f6e94b349750545861f0c251ac6821f606a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:19:56 +0300 Subject: [PATCH 120/144] mautrix-instagram, mautrix-signal: set delivery_error_reports: true --- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index c0965ad29..9ac7e2e37 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -166,7 +166,7 @@ bridge: # been sent to Instagram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2c49c833d..3ca35b2f9 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -177,7 +177,7 @@ bridge: # Note that this is not related to Signal delivery receipts. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From 44f2234c9947549bd88066b03ba36d350dfffbee Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 27 Jun 2022 10:34:04 +0300 Subject: [PATCH 121/144] define matrix_admin in matrix-base --- roles/matrix-base/defaults/main.yml | 3 +++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 11 files changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 645563781..d303bf15b 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -8,6 +8,9 @@ # Example value: example.com matrix_domain: ~ +# The optional matrix admin MXID, used in bridges' configs to set bridge admin user +matrix_admin: '' + # This will contain the homeserver implementation that is in use. # Valid values: synapse, dendrite # diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 7310676d8..6b33ffeac 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,7 +238,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index f3dd7c29a..6f7277fea 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,7 +199,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 7dca6aff1..2555e9855 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,7 +203,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index b7b908322..db4394b7f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,7 +119,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 5b7bd8be4..07f5b2d78 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,7 +116,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 9ac7e2e37..994a39a74 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 3ca35b2f9..53aa550d6 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,7 +225,7 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index b22882578..20055ab7d 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,7 +291,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 2b3b41407..6b32d47bf 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,7 +175,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d3b26ba61..b9862e948 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} From e27ecd6e76f0044f2a94d1e05cf3e5cc2d0accbb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 27 Jun 2022 11:02:10 +0300 Subject: [PATCH 122/144] Add matrix_admin example --- roles/matrix-base/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index d303bf15b..4d63fc56f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,6 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user +# Example value: "@someone:{{ matrix_admin }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 23ed70a6bb02f371e57989c85de7594eeb40b002 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 27 Jun 2022 11:38:21 +0000 Subject: [PATCH 123/144] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 4d63fc56f..6b717f80f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,7 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user -# Example value: "@someone:{{ matrix_admin }}" +# Example value: "@someone:{{ matrix_domain }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 5b38ee537144f32721a6a43153341cc5c93172c0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:27:57 +0000 Subject: [PATCH 124/144] add missing retry to the apache docker image pull --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 35dabefa7..046746df2 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # We store the password in a file and make the `htpasswd` tool read it from there, # as opposed to passing it directly on stdin (which will expose it to other processes on the server). From e36894f93b808a7219424605d9ecd79ac0b173a7 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 03:35:12 -0800 Subject: [PATCH 125/144] Update configuring-playbook-bridge-mautrix-facebook.md Logging in from the IP address is no longer always enough, but 2FA seems to work eventually --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 1845682f2..bb8d1430c 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -91,3 +91,5 @@ Once connected, you should be able to verify that you're browsing the web throug Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/). Once logged in, proceed to [set up bridging](#usage). + +If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change From bff35926dc24704e1eed7acea83c803fb865dcdc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:13:14 +0300 Subject: [PATCH 126/144] Upgrade Synapse (v1.61.0 -> v1.61.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 848d8beb6..43ee9e579 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.0 +matrix_synapse_version: v1.61.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 75746943be412a7197bdf7be0550273d925e22db Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 28 Jun 2022 17:51:06 +0300 Subject: [PATCH 127/144] Update README.md to include Go Skype Bridge Update README.md to include Go Skype Bridge, added in #1877 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 26f109404..1d58eed01 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation +- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation + - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation From c614b61e01e1ec1de5b86cd265b3b36e9c5b3b4d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:53:57 +0300 Subject: [PATCH 128/144] Fix mautrix-signal permissions configuration Fixup for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ad0752e34..61f8695d9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -99,6 +99,9 @@ matrix_mautrix_signal_relaybot_enabled: false matrix_mautrix_signal_bridge_permissions: | '*': relay '{{ matrix_mautrix_signal_homeserver_domain }}': user + {% if matrix_admin %} + "{{ matrix_admin }}": admin + {% endif %} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 53aa550d6..c5fbba8eb 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,11 +223,8 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: + permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From c15bf2e0194e63f30df700b2465960d91120f811 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Jun 2022 08:42:13 +0300 Subject: [PATCH 129/144] Upgrade Grafana (9.0.1 -> 9.0.2) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 618eaef73..7765ae48c 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.1 +matrix_grafana_version: 9.0.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 523a7b4a6e428eb21efb343463d576152ade1cc9 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 23:38:08 -0800 Subject: [PATCH 130/144] Update configuring-playbook-own-webserver.md Adding a bit on how to bind the synapse ports if the webserver isn't in the same docker network, or on a different machine. --- docs/configuring-playbook-own-webserver.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index c7e56f146..155b5995e 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. +If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) +'''yaml +# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. +matrix_synapse_container_client_api_host_bind_port: '' +matrix_synapse_container_federation_api_plain_host_bind_port: '' +''' + + ### Using your own external Apache webserver From 6a99b3d5323a25b3f9a289b2b0d90675ff1d180b Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 29 Jun 2022 15:09:29 +0000 Subject: [PATCH 131/144] Fix Hydrogen self check Thanks to Julian for pointing this out --- roles/matrix-client-hydrogen/tasks/main.yml | 7 +++++++ roles/matrix-client-hydrogen/tasks/self_check.yml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 13d157ccf..d027fe660 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -21,3 +21,10 @@ tags: - setup-all - setup-client-hydrogen + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index 28af9c789..0c6642318 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}" + matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json" - name: Check Hydrogen uri: From 9cf2b37352f940bdfeb4208be88d67c5b245ee62 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 00:43:01 -0800 Subject: [PATCH 132/144] Update configuring-playbook-bridge-mautrix-instagram.md Copy/Pasting from docs/configuring-playbook-bridge-mautrix-facebook.md but with the relevant variable names changed to add turning on encryption and a puppet admin. --- ...uring-playbook-bridge-mautrix-instagram.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 38d107d0e..08b35d1d2 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -7,6 +7,27 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i ```yaml matrix_mautrix_instagram_enabled: true ``` +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. + ## Usage From 3fbff1a78909170426ce15ad9b81a3fdc5b3b9e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 11:57:01 +0300 Subject: [PATCH 133/144] Mention matrix_admin Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- docs/configuring-playbook-bridge-mautrix-instagram.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 08b35d1d2..cbfdcb0b5 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -20,13 +20,18 @@ matrix_mautrix_instagram_configuration_extension_yaml: | If you would like to be able to administrate the bridge from your account it can be configured like this: ```yaml +# The easy way. The specified Matrix user ID will be made an admin of all bridges +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" + +# OR: +# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins. matrix_mautrix_instagram_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage From 95ca182ab50bc3cf04e56d7ae1cc57cb49e59265 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 12:08:37 +0300 Subject: [PATCH 134/144] Remove outdated logging configuration from Dimension Related to https://github.com/turt2live/matrix-dimension/commit/123a45bb217126875a5a9aaabbe22c5f8f66727a Provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1879 Not sure how bot-sdk's logging level can be adjusted. Seems like Dimension now hardcodes `LogService.setLevel(LogLevel.DEBUG);` in its startup code. --- roles/matrix-dimension/templates/config.yaml.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 index 39721d71f..592c65ac8 100644 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -73,13 +73,3 @@ dimension: # This is where Dimension is accessible from clients. Be sure to set this # to your own Dimension instance. publicUrl: "https://{{ matrix_server_fqn_dimension }}" - -# Settings for controlling how logging works -logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 From 60c14c3550b41174dae723048b48ac011541cc45 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 03:46:24 -0800 Subject: [PATCH 135/144] Update configuring-playbook-own-webserver.md Fixing code block formatting --- docs/configuring-playbook-own-webserver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 155b5995e..76fa2d8b3 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -58,11 +58,11 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -'''yaml +```yaml # Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' matrix_synapse_container_federation_api_plain_host_bind_port: '' -''' +``` From 84346cae9cb4f2633a3acee3b1425900cc32fa67 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 21:28:38 -0800 Subject: [PATCH 136/144] Update configuring-playbook-bridge-mautrix-facebook.md Adding the defaults in addition to template, switching YOUR_DOMAIN to {{ matrix_domain }}, and giving example of the two combined, as the playbook gives a warning about things being defined twice, so only using the last one in the vars.yml --- ...nfiguring-playbook-bridge-mautrix-facebook.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index bb8d1430c..926c6f024 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can matrix_mautrix_facebook_configuration_extension_yaml: | bridge: permissions: - '@YOUR_USERNAME:YOUR_DOMAIN': admin + '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure. +Using both would look like + +```yaml +matrix_mautrix_facebook_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. ## Set up Double Puppeting From 4ca0d23b813e1f8f6123bd9cd5db233869f5e8be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 08:42:23 +0300 Subject: [PATCH 137/144] FIx code blocks --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 926c6f024..4429f0042 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting From 02cc201f14afb6480b55d86eac918474db0875e7 Mon Sep 17 00:00:00 2001 From: freiit Date: Fri, 1 Jul 2022 12:28:10 +0200 Subject: [PATCH 138/144] Add configuration instruction for AWS CloundFront --- docs/configuring-well-known.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a519343b..36e53996b 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -168,6 +168,11 @@ backend matrix-backend /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! ``` +**For AWS CloudFront** + + 1. Add a custom origin with matrix. to your distribution + 1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin. + Make sure to: - **replace `DOMAIN`** in the server configuration with your actual domain name From 06e51b06f1b6d442a78d0a3343df521d75637596 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 03:22:02 -0800 Subject: [PATCH 139/144] Adding logging variable for facebook and setting it's default (#1909) Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index d14698631..06bde727e 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -128,3 +128,6 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" + +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: DEBUG diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 2555e9855..f1d59b1ad 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -253,11 +253,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} handlers: [console] From 71006393e0a2c9e62213f8849eed7349c4f3bc94 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:31:28 +0300 Subject: [PATCH 140/144] Default mautrix-facebook to WARNING loggers by default Overlooked in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 06bde727e..778f31fca 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -130,4 +130,4 @@ matrix_mautrix_facebook_registration_yaml: | matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" # Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: DEBUG +matrix_mautrix_facebook_logging_level: WARNING From a6a5f79a6fe5509fd1dd620079b61b9dd9011b14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:32:42 +0300 Subject: [PATCH 141/144] Relocate matrix_mautrix_facebook_logging_level in defaults/main.yml Improvement to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 778f31fca..5acc1ec7c 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -89,6 +89,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -128,6 +131,3 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" - -# Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: WARNING From 1c8f21c738d33e17da277cdbac7e3710d568fbd8 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 04:05:28 -0800 Subject: [PATCH 142/144] Adding logging configuration and default to the rest of the mautrixes that don't have them --- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-hangouts/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 12 ++++++------ roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- .../matrix-bridge-mautrix-telegram/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- 12 files changed, 42 insertions(+), 24 deletions(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index dd5b83689..d0d90614b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_googlechat_login_shared_secret: '' matrix_mautrix_googlechat_appservice_bot_username: googlechatbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_googlechat_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index db4394b7f..864e3e1b1 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -141,11 +141,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 911c81c6d..f4f67a587 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -75,6 +75,9 @@ matrix_mautrix_hangouts_login_shared_secret: '' matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_hangouts_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 07f5b2d78..d207681e8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 4ae2d374d..a227b0856 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -68,6 +68,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_instagram_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 994a39a74..99ceee0e0 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -135,7 +135,7 @@ bridge: # Whether or not the bridge should backfill chats when reconnecting. resync: true # Should even disconnected users be reconnected? - always: false + always: false # End-to-bridge encryption support options. These require matrix-nio to be installed with pip # and login_shared_secret to be configured in order to get a device for the bridge bot. # @@ -219,13 +219,13 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} mauigpapi: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 61f8695d9..d35e12afe 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -57,6 +57,9 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_signal_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_signal_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index c5fbba8eb..0044a0fc8 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 65a446e00..4708266a8 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -43,6 +43,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_telegram_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_telegram_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 20055ab7d..276bd4619 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -404,11 +404,11 @@ logging: formatter: precise loggers: mau: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} telethon: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b2e292ffc..b32f57ef0 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -66,6 +66,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt matrix_mautrix_twitter_appservice_bot_username: twitterbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_twitter_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 6b32d47bf..f9bc89417 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -198,9 +198,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} handlers: [console] From c3f85ae827af0e942b5e9dc68e30649316050de4 Mon Sep 17 00:00:00 2001 From: Kabir Kwatra Date: Fri, 1 Jul 2022 07:56:09 -0700 Subject: [PATCH 143/144] feat(jitsi+arm64): Enable Jitsi on arm64 fixes spantaleev/matrix-docker-ansible-deploy#1889 Support for arm64 images tracked in jitsi/docker-jitsi-meet#1214 and added in jitsi/docker-jitsi-meet#1269 --- roles/matrix-jitsi/defaults/main.yml | 2 +- roles/matrix-jitsi/tasks/init.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index c32682678..70dc035d8 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7001 +matrix_jitsi_version: stable-7439-2 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index c4ed61a6c..58567d925 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -7,4 +7,4 @@ - name: Fail if on an unsupported architecture fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' + when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] From 2e4fad61944a7d2f5082c9f4e19e23cf30c23f67 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 2 Jul 2022 15:02:35 +0300 Subject: [PATCH 144/144] Use 127.0.0.1 instead of localhost for federation API when nginx disabled `localhost` may resolve to `::1` on some IPv6-enabled systems, which will not work, because we only potentially expose container ports on `127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`), not on `::1`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914 --- group_vars/matrix_servers | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 394e26dc9..8d3922764 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1578,7 +1578,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f19eb4ab0..195b16fd9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -311,7 +311,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "" # Controls whether proxying for the Matrix Federation API should be done. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088" -matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088" +matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088" matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem"