overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
Matrix Docker Ansible eploy
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
277 коммитов
13 Ветки
487 MiB
 
 
Дерево: cc9d3aef59
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'cc9d3aef59'
${ noResults }
matrix-docker-ansible-deploy/CHANGELOG.md

14 KiB
Исходник Вина История

2018-12-21

Synapse 0.34.0 and Python 3

Synapse has been upgraded to 0.34.0 and now uses Python 3. Based on feedback from others, running Synapse on Python 3 is supposed to decrease memory usage significantly (~2x).

2018-12-12

Riot homepage customization

You can now customize some parts of the Riot homepage (or even completely replace it with your own custom page). See the matrix_riot_web_homepage_ variables in roles/matrix-server/defaults/main.yml.

2018-12-04

mxisd extensibility

The LDAP identity store for mxisd can now be configured easily using playbook variables (see the matrix_mxisd_ldap_ variables in roles/matrix-server/defaults/main.yml).

2018-11-28

More scripts

  • matrix-remove-all allows to uninstall everything with a single command
  • matrix-make-user-admin allows to upgrade a user’s privileges

LDAP auth support via matrix-synapse-ldap3

The playbook can now install and configure LDAP auth support for you.

Additional details are available in Setting up the LDAP authentication password provider module.

2018-11-23

Support for controlling public registration and room auto-join

The playbook now lets you enable public registration for users (controlled via matrix_synapse_enable_registration). By default, public registration is forbidden.

You can also make people automatically get auto-joined to rooms (controlled via matrix_synapse_auto_join_rooms).

Support for changing the welcome user id (welcome bot)

By default, @riot-bot:matrix.org is used to welcome newly registered users. This can be changed to something else (or disabled) via the new matrix_riot_web_welcome_user_id variable.

2018-11-14

Ability to set Synapse log levels

The playbook now allows you to set the log levels used by Synapse. The default logging levels remain the same.

You can now override following variables with any of the supported log levels listed here: https://docs.python.org/3/library/logging.html#logging-levels

matrix_synapse_log_level: "INFO"
matrix_synapse_storage_sql_log_level: "INFO"
matrix_synapse_root_log_level: "INFO"

2018-11-03

Customize parts of Riot’s config

You can now customize some parts of Riot’s config.json. These playbook variables, with these default values, have been added:

matrix_riot_web_disable_custom_urls: true
matrix_riot_web_disable_guests: true
matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api"
matrix_riot_web_integrations_widgets_urls: "https://scalar.vector.im/api"
matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"

This now allows you use a custom integrations manager like Dimesion. For example, if you wish to use the Dimension instance hosted at dimension.t2bot.io, you can set the following in your vars.yml file:

matrix_riot_web_integrations_ui_url: "https://dimension.t2bot.io/riot"
matrix_riot_web_integrations_rest_url: "https://dimension.t2bot.io/api/v1/scalar"
matrix_riot_web_integrations_widgets_urls: "https://dimension.t2bot.io/widgets"
matrix_riot_web_integrations_jitsi_widget_url: "https://dimension.t2bot.io/widgets/jitsi"

SSL protocols used to serve Riot and Synapse

There’s now a new matrix_nginx_proxy_ssl_protocols playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is TLSv1.1 TLSv1.2. This playbook previously used TLSv1 TLSv1.1 TLSv1.2 to serve Riot and Synapse.

You may wish to reenable TLSv1 if you need to access Riot in older browsers.

Note: Currently the dockerized nginx doesn’t support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details.

2018-11-01

Postgres 11 support

The playbook now installs Postgres 11 by default.

If you have have an existing setup, it’s likely running on an older Postgres version (9.x or 10.x). You can easily upgrade by following the Maintenance / upgrading PostgreSQL guide.

(BC Break) Renaming playbook variables

Due to the large amount of features added to this playbook lately, to keep things manageable we’ve had to reorganize its configuration variables a bit.

The following playbook variables were renamed:

  • from matrix_docker_image_mxisd to matrix_mxisd_docker_image
  • from matrix_docker_image_mautrix_telegram to matrix_mautrix_telegram_docker_image
  • from matrix_docker_image_mautrix_whatsapp to matrix_mautrix_whatsapp_docker_image
  • from matrix_docker_image_mailer to matrix_mailer_docker_image
  • from matrix_docker_image_coturn to matrix_coturn_docker_image
  • from matrix_docker_image_goofys to matrix_s3_goofys_docker_image
  • from matrix_docker_image_riot to matrix_riot_web_docker_image
  • from matrix_docker_image_nginx to matrix_nginx_proxy_docker_image
  • from matrix_docker_image_synapse to matrix_synapse_docker_image
  • from matrix_docker_image_postgres_v9 to matrix_postgres_docker_image_v9
  • from matrix_docker_image_postgres_v10 to matrix_postgres_docker_image_v10
  • from matrix_docker_image_postgres_latest to matrix_postgres_docker_image_latest

2018-10-26

Mautrix Whatsapp bridging support

The playbook now supports bridging with Whatsapp by installing the mautrix-whatsapp bridge. This playbook functionality is available thanks to @izissise.

Additional details are available in Setting up Mautrix Whatsapp bridging.

2018-10-25

Support for controlling Matrix federation

The playbook can now help you with Controlling Matrix federation, should you wish to run a more private (isolated) server.

2018-10-24

Disabling riot-web guests

From now on, Riot’s configuration setting disable_guests would be set to true. The homeserver was rejecting guests anyway, so this is just a cosmetic change affecting Riot’s UI.

2018-10-21

Self-check maintenance command

The playbook can now check if services are configured correctly.

2018-10-05

Presence tracking made configurable

The playbook can now enable/disable user presence-status tracking in Synapse, through the playbook’s matrix_synapse_use_presence variable (having a default value of true - enabled).

If users participate in large rooms with many other servers, disabling presence will decrease server load significantly.

2018-09-27

Synapse Cache Factor made configurable

The playbook now makes the Synapse cache factor configurable, through the playbook’s matrix_synapse_cache_factor variable (having a default value of 0.5).

Changing that value allows you to potentially decrease RAM usage or to increase performance by caching more stuff. Some information on it is available here: https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram

2018-09-26

Disabling Docker container logging

--log-driver=none is used for all Docker containers now.

All these containers are started through systemd anyway and get logged in journald, so there’s no need for Docker to be logging the same thing using the default json-file driver. Doing that was growing /var/lib/docker/containers/.. infinitely until service/container restart.

As a result of this, things like docker logs matrix-synapse won’t work anymore. journalctl -u matrix-synapse is how one can see the logs.

2018-09-17

Service discovery support

The playbook now helps you set up service discovery using a /.well-known/matrix/client file.

Additional details are available in Configuring service discovery via .well-known.

(BC Break) Renaming playbook variables

The following playbook variables were renamed:

  • from matrix_nginx_riot_web_data_path to matrix_riot_web_data_path
  • from matrix_riot_web_default_identity_server_url to matrix_identity_server_url

2018-09-07

Mautrix Telegram bridging support

The playbook now supports bridging with Telegram by installing the mautrix-telegram bridge. This playbook functionality is available thanks to @izissise.

Additional details are available in Setting up Mautrix Telegram bridging.

Events cache size increase and configurability for Matrix Synapse

The playbook now lets you configure Matrix Synapse’s event_cache_size configuration via the matrix_synapse_event_cache_size playbook variable.

Previously, this value was hardcoded to "10K". From now on, a more reasonable default of "100K" is used.

Password-peppering support for Matrix Synapse

The playbook now supports enabling password-peppering for increased security in Matrix Synapse via the matrix_synapse_password_config_pepper playbook variable. Using a password pepper is disabled by default (just like it used to be before this playbook variable got introduced) and is not to be enabled/disabled after initial setup, as that would invalidate all existing passwords.

Statistics-reporting support for Matrix Synapse

There’s now a new matrix_synapse_report_stats playbook variable, which controls the report_stats configuration option for Matrix Synapse. It defaults to false, so no change is required to retain your privacy.

If you’d like to start reporting statistics about your homeserver (things like number of users, number of messages sent, uptime, load, etc.) to matrix.org, you can turn on stats reporting.

2018-08-29

Changing the way SSL certificates are retrieved

We’ve been using acmetool (with the willwill/acme-docker Docker image) until now.

Due to the Docker image being deprecated, and things looking bleak for acmetool’s support of the newer ACME v2 API endpoint, we’ve switched to using certbot (with the certbot/certbot Docker image).

Simply re-running the playbook will retrieve new certificates (via certbot) for you. To ensure you don’t leave any old files behind, though, you’d better do this:

  • systemctl stop 'matrix*'
  • stop your custom webserver, if you’re running one (only affects you if you’ve installed with matrix_nginx_proxy_enabled: false)
  • mv /matrix/ssl /matrix/ssl-acmetool-delete-later
  • re-run the playbook’s installation
  • possibly delete /matrix/ssl-acmetool-delete-later

2018-08-21

Matrix Corporal support

The playbook can now install and configure matrix-corporal for you.

Additional details are available in Setting up Matrix Corporal.

2018-08-20

Matrix Synapse rate limit control variables

The following new variables can now be configured to control Matrix Synapse’s rate-limiting (default values are shown below).

matrix_synapse_rc_messages_per_second: 0.2
matrix_synapse_rc_message_burst_count: 10.0

Shared Secret Auth support via matrix-synapse-shared-secret-auth

The playbook can now install and configure matrix-synapse-shared-secret-auth for you.

Additional details are available in Setting up the Shared Secret Auth password provider module.

2018-08-17

REST auth support via matrix-synapse-rest-auth

The playbook can now install and configure matrix-synapse-rest-auth for you.

Additional details are available in Setting up the REST authentication password provider module.

Compression improvements

Shifted Matrix Synapse compression from happening in the Matrix Synapse, to happening in the nginx proxy that’s in front of it.

Additionally, riot-web also gets compressed now (in the nginx proxy), which drops the initial page load’s size from 5.31MB to 1.86MB.

Disabling some unnecessary Synapse services

The following services are not necessary, so they have been disabled:

  • on the federation port (8448): the client service
  • on the http port (8008, exposed over 443): the old Angular webclient and the federation service

Federation runs only on the federation port (8448) now. The Client APIs run only on the http port (8008) now.

2018-08-15

mxisd Identity Server support

The playbook now sets up an mxisd Identity Server for you by default. Additional details are available in Adjusting mxisd Identity Server configuration.

2018-08-14

Email-sending support

The playbook now configures an email-sending service (postfix) by default. Additional details are available in Adjusting email-sending settings.

With this, Matrix Synapse is able to send email notifications for missed messages, etc.

2018-08-08

(BC Break) Renaming playbook variables

The following playbook variables were renamed:

  • from matrix_max_upload_size_mb to matrix_synapse_max_upload_size_mb
  • from matrix_max_log_file_size_mb to matrix_synapse_max_log_file_size_mb
  • from matrix_max_log_files_count to matrix_synapse_max_log_files_count
  • from docker_matrix_image to matrix_docker_image_synapse
  • from docker_nginx_image to matrix_docker_image_nginx
  • from docker_riot_image to matrix_docker_image_riot
  • from docker_goofys_image to matrix_docker_image_goofys
  • from docker_coturn_image to matrix_docker_image_coturn

If you’re overriding any of them in your vars.yml file, you’d need to change to the new names.

Renaming Ansible playbook tag

The command for executing the whole playbook has changed. The setup-main tag got renamed to setup-all.

Docker container linking

Changed the way the Docker containers are linked together. The ones that need to communicate with others operate in a matrix network now and not in the default bridge network.