overmind
/
matrix-docker-ansible-deploy
espelho de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Derivar 0
Código Questões 0 Lançamentos 0 Wiki Trabalho
Matrix Docker Ansible eploy
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
10303 Cometimentos
13 Ramos
36 MiB
 
 
Árvore: a396e32151
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de 'a396e32151'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-synapse/tasks/validate_config.yml

198 linhas
17 KiB
Em bruto Responsabilidade Histórico 

  1. # SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev

  2. # SPDX-FileCopyrightText: 2024 Charles Wright

  3. # SPDX-FileCopyrightText: 2024 MDAD project contributors

  4. #

  5. # SPDX-License-Identifier: AGPL-3.0-or-later

  6. 

  7. ---

  8. 

  9. - name: Fail if required Synapse settings not defined

  10.   ansible.builtin.fail:

  11.     msg: >-

  12.       You need to define a required configuration setting (`{{ item.name }}`).

  13.   when: "item.when | bool and vars[item.name] | string | length == 0"

  14.   with_items:

  15.     - {'name': 'matrix_synapse_username', when: true}

  16.     - {'name': 'matrix_synapse_uid', when: true}

  17.     - {'name': 'matrix_synapse_gid', when: true}

  18.     - {'name': 'matrix_synapse_container_network', when: true}

  19.     - {'name': 'matrix_synapse_macaroon_secret_key', when: true}

  20.     - {'name': 'matrix_synapse_database_host', when: true}

  21.     - {'name': 'matrix_synapse_database_user', when: true}

  22.     - {'name': 'matrix_synapse_database_password', when: true}

  23.     - {'name': 'matrix_synapse_database_database', when: true}

  24. 

  25.     - {'name': 'matrix_synapse_container_labels_public_client_root_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_root_enabled }}"}

  26.     - {'name': 'matrix_synapse_container_labels_public_client_root_redirection_url', when: "{{ matrix_synapse_container_labels_public_client_root_redirection_enabled }}"}

  27. 

  28.     - {'name': 'matrix_synapse_container_labels_public_client_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_api_enabled }}"}

  29. 

  30.     - {'name': 'matrix_synapse_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_internal_client_api_enabled }}"}

  31.     - {'name': 'matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled }}"}

  32. 

  33.     - {'name': 'matrix_synapse_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"}

  34.     - {'name': 'matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"}

  35. 

  36.     - {'name': 'matrix_synapse_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_federation_api_enabled }}"}

  37.     - {'name': 'matrix_synapse_container_labels_public_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_public_federation_api_enabled }}"}

  38. 

  39.     - {'name': 'matrix_synapse_metrics_proxying_hostname', when: "{{ matrix_synapse_metrics_proxying_enabled }}"}

  40.     - {'name': 'matrix_synapse_metrics_proxying_path_prefix', when: "{{ matrix_synapse_metrics_proxying_enabled }}"}

  41. 

  42.     - {'name': 'matrix_synapse_matrix_authentication_service_endpoint', when: "{{ matrix_synapse_matrix_authentication_service_enabled }}"}

  43.     - {'name': 'matrix_synapse_matrix_authentication_service_secret', when: "{{ matrix_synapse_matrix_authentication_service_enabled }}"}

  44. 

  45.     - {'name': 'matrix_synapse_container_labels_traefik_compression_middleware_name', when: "{{ matrix_synapse_container_labels_traefik_compression_middleware_enabled }}"}

  46. 

  47. - name: Fail if asking for more than 1 instance of single-instance workers

  48.   ansible.builtin.fail:

  49.     msg: >-

  50.       `{{ item }}` cannot be more than 1. This is a single-instance worker.

  51.   when: "vars[item] | int > 1"

  52.   with_items:

  53.     - "matrix_synapse_workers_appservice_workers_count"

  54.     - "matrix_synapse_workers_user_dir_workers_count"

  55.     - "matrix_synapse_workers_background_workers_count"

  56.     - "matrix_synapse_workers_stream_writer_typing_stream_workers_count"

  57.     - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count"

  58.     - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count"

  59.     - "matrix_synapse_workers_stream_writer_receipts_stream_workers_count"

  60.     - "matrix_synapse_workers_stream_writer_presence_stream_workers_count"

  61. 

  62. - name: Fail when mixing generic workers with new specialized workers

  63.   ansible.builtin.fail:

  64.     msg: >-

  65.       Generic workers should not be mixed with the new specialized worker types (room workers, sync workers, client readers, and federation readers)

  66.   when: matrix_synapse_workers_generic_workers_count | int > 0 and ((matrix_synapse_workers_room_workers_count | int + matrix_synapse_workers_sync_workers_count | int + matrix_synapse_workers_client_reader_workers_count | int + matrix_synapse_workers_federation_reader_workers_count | int) > 0)

  67. 

  68. - name: (Deprecation) Catch and report renamed settings

  69.   ansible.builtin.fail:

  70.     msg: >-

  71.       Your configuration contains a variable, which now has a different name.

  72.       Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).

  73.   when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"

  74.   with_items:

  75.     - {'old': 'matrix_synapse_email_riot_base_url', 'new': '<superseded by client_base_url>'}

  76.     - {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}

  77.     - {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}

  78.     - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}

  79.     - {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'}

  80.     - {'old': 'matrix_room_list_publication_rules', 'new': 'matrix_synapse_room_list_publication_rules'}

  81.     - {'old': 'matrix_synapse_rc_messages_per_second', 'new': '<per_second subkey of matrix_synapse_rc_message>'}

  82.     - {'old': 'matrix_synapse_rc_message_burst_count', 'new': '<burst_count subkey of matrix_synapse_rc_message>'}

  83.     - {'old': 'matrix_synapse_federation_rc_window_size', 'new': '<window_size subkey of matrix_synapse_rc_federation>'}

  84.     - {'old': 'matrix_synapse_federation_rc_sleep_limit', 'new': '<sleep_limit subkey of matrix_synapse_rc_federation>'}

  85.     - {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': '<sleep_delay subkey of matrix_synapse_rc_federation>'}

  86.     - {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': '<reject_limit subkey of matrix_synapse_rc_federation>'}

  87.     - {'old': 'matrix_synapse_federation_rc_concurrent', 'new': '<concurrent subkey of matrix_synapse_rc_federation>'}

  88.     - {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}

  89.     - {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}

  90.     - {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}

  91.     - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'}

  92.     - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': '<deprecated in Synapse v0.99.4 and removed in Synapse v1.19.0>'}

  93.     - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'}

  94.     - {'old': 'matrix_synapse_version_arm64', 'new': '<superseded by matrix_synapse_version - see https://github.com/matrix-org/synapse/pull/11810>'}

  95.     - {'old': 'matrix_synapse_enable_group_creation', 'new': '<removed in Synapse v1.61.0 - use the new Spaces feature instead>'}

  96.     - {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': '<removed in Synapse v1.66.0 - make sure to configure email settings for Synapse - see https://matrix-org.github.io/synapse/v1.66/upgrade.html#delegation-of-email-validation-no-longer-supported>'}

  97.     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}

  98.     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}

  99.     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}

  100.     - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'}

  101.     - {'old': 'matrix_synapse_send_federation', 'new': '<unnecessary - Synapse relies on federation_sender_instances now>'}

  102.     - {'old': 'matrix_synapse_start_pushers', 'new': '<unnecessary - Synapse relies on pusher_instances now>'}

  103.     - {'old': 'matrix_synapse_spam_checker', 'new': '<superseded by matrix_synapse_modules>'}

  104.     - {'old': 'matrix_synapse_caches_autotuning_max_cache_memory_usage', 'new': 'matrix_synapse_cache_autotuning_max_cache_memory_usage'}

  105.     - {'old': 'matrix_synapse_caches_autotuning_target_cache_memory_usage', 'new': 'matrix_synapse_cache_autotuning_target_cache_memory_usage'}

  106.     - {'old': 'matrix_synapse_caches_autotuning_min_cache_ttl', 'new': 'matrix_synapse_cache_autotuning_min_cache_ttl'}

  107.     - {'old': 'matrix_synapse_memtotal_kb', 'new': '<superseded by matrix_synapse_cache_size_calculations_memtotal_bytes>'}

  108.     - {'old': 'matrix_synapse_docker_image_name_prefix', 'new': 'matrix_synapse_docker_image_registry_prefix'}

  109.     - {'old': 'matrix_s3_goofys_docker_image_name_prefix', 'new': 'matrix_s3_goofys_docker_image_registry_prefix'}

  110.     - {'old': 'matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix', 'new': 'matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix'}

  111. 

  112.     - {'old': 'matrix_synapse_experimental_features_msc3861_enabled', 'new': 'matrix_synapse_matrix_authentication_service_enabled'}

  113.     - {'old': 'matrix_synapse_experimental_features_msc3861_issuer', 'new': '<superseded by matrix_synapse_matrix_authentication_service_endpoint>'}

  114.     - {'old': 'matrix_synapse_experimental_features_msc3861_client_id', 'new': '<removed>'}

  115.     - {'old': 'matrix_synapse_experimental_features_msc3861_client_auth_method', 'new': '<removed>'}

  116.     - {'old': 'matrix_synapse_experimental_features_msc3861_client_secret', 'new': '<removed>'}

  117.     - {'old': 'matrix_synapse_experimental_features_msc3861_admin_token', 'new': '<removed>'}

  118.     - {'old': 'matrix_synapse_experimental_features_msc3861_account_management_url', 'new': '<removed>'}

  119. 

  120. - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml

  121.   ansible.builtin.fail:

  122.     msg: >-

  123.       Your matrix_synapse_configuration_extension_yaml configuration contains a variable, which now has a different name.

  124.       Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).

  125.   when: "item.old in matrix_synapse_configuration_extension"

  126.   with_items:

  127.     - {'old': 'federation_ip_range_blacklist', 'new': 'ip_range_blacklist'}

  128. 

  129. - when: matrix_synapse_container_image_customizations_templates_enabled | bool

  130.   block:

  131.     - name: Fail if required `matrix_synapse_container_image_customizations_templates_*` settings not defined

  132.       ansible.builtin.fail:

  133.         msg: >-

  134.           You need to define a required configuration setting (`{{ item }}`) when enabling `matrix_synapse_container_image_customizations_templates_enabled`.

  135.       when: "vars[item] == ''"

  136.       with_items:

  137.         - matrix_synapse_container_image_customizations_templates_git_repository_url

  138.         - matrix_synapse_container_image_customizations_templates_git_repository_branch

  139. 

  140.     - name: Fail if required `matrix_synapse_container_image_customizations_templates_git_repository_keyscan_*` settings not defined

  141.       ansible.builtin.fail:

  142.         msg: >-

  143.           You need to define a required configuration setting (`{{ item }}`) when enabling `matrix_synapse_container_image_customizations_templates_git_repository_keyscan`.

  144.       when: "matrix_synapse_container_image_customizations_templates_git_repository_keyscan_enabled | bool and vars[item] == ''"

  145.       with_items:

  146.         - matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname

  147. 

  148. 

  149. - name: Fail when auto-accept-invite enabled as a native feature and a module at the same time

  150.   ansible.builtin.fail:

  151.     msg: >-

  152.       Your configuration enables the auto-accept invites feature both as a native Synapse feature (`matrix_synapse_auto_accept_invites_enabled`) and a 3rd party module (`matrix_synapse_ext_synapse_auto_accept_invite_enabled`).

  153.       This is unnecessary, since they both do the same and the native feature is built on top of the 3rd party module anyway.

  154.       Enabling both at the same time will lead to issues.

  155.       We recommend leaving `matrix_synapse_auto_accept_invites_enabled` in your configuration and removing `matrix_synapse_ext_synapse_auto_accept_invite_enabled`.

  156.   when:

  157.     - matrix_synapse_auto_accept_invites_enabled

  158.     - matrix_synapse_ext_synapse_auto_accept_invite_enabled

  159. 

  160. - name: Fail if known Synapse password provider modules are enabled when auth is delegated to Matrix Authentication Service

  161.   ansible.builtin.fail:

  162.     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it does not make sense to enable password provider modules, because it is not Synapse that is handling authentication. Please disable {{ item }} before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise."

  163.   when: matrix_synapse_matrix_authentication_service_enabled and vars[item] | bool

  164.   with_items:

  165.     - matrix_synapse_ext_password_provider_rest_auth_enabled

  166.     - matrix_synapse_ext_password_provider_shared_secret_auth_enabled

  167.     - matrix_synapse_ext_password_provider_ldap_enabled

  168. 

  169. - name: Fail if password config is enabled for Synapse when auth is delegated to Matrix Authentication Service

  170.   ansible.builtin.fail:

  171.     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable the password config (`matrix_synapse_password_config_enabled: true`), because it is not Synapse that is handling authentication. Please remove your `matrix_synapse_password_config_enabled: true` setting before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise."

  172.   when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_password_config_enabled

  173. 

  174. - name: Fail if registration is enabled for Synapse when auth is delegated to Matrix Authentication Service

  175.   ansible.builtin.fail:

  176.     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable registration (`matrix_synapse_enable_registration: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."

  177.   when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_enable_registration

  178. 

  179. - name: Fail if registration CAPTCHA is enabled for Synapse when auth is delegated to Matrix Authentication Service

  180.   ansible.builtin.fail:

  181.     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable registration CAPTCHA (`matrix_synapse_enable_registration_captcha: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."

  182.   when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_enable_registration_captcha

  183. 

  184. - name: Fail if OpenID Connect is enabled for Synapse when auth is delegated to Matrix Authentication Service

  185.   ansible.builtin.fail:

  186.     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable OpenID Connect (`matrix_synapse_oidc_enabled: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."

  187.   when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_oidc_enabled

  188. 

  189. - name: Fail if CAS config is enabled for Synapse when auth is delegated to Matrix Authentication Service

  190.   ansible.builtin.fail:

  191.     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable CAS config (`matrix_synapse_cas_config_enabled: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."

  192.   when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_cas_config_enabled

  193. 

  194. - name: Fail if QR code login (MSC4108) is enabled while Matrix Authentication Service is not

  195.   ansible.builtin.fail:

  196.     msg: "When Synapse QR code login is enabled (MSC4108 via `matrix_synapse_experimental_features_msc4108_enabled`), Matrix Authentication Service integration (`matrix_synapse_matrix_authentication_service_enabled`) must also be enabled."

  197.   when: matrix_synapse_experimental_features_msc4108_enabled and not matrix_synapse_matrix_authentication_service_enabled