Merge branch 'spantaleev:master' into cvwright/room-workers-v2

This commit is contained in:
Charles Wright 2024-01-17 08:02:47 -06:00 committed by GitHub
commit 025a7e5c66
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
42 changed files with 610 additions and 265 deletions

View File

@ -1,3 +1,44 @@
# 2024-01-17
## Switching to Element's AGPLv3-licensed Synapse release
A few months ago, the [Element](https://element.io/) company has [announced](https://element.io/blog/element-to-adopt-agplv3/) that their work on the Synapse homeserver would no longer be available under the permissive [Apache-2.0 license](https://www.apache.org/licenses/LICENSE-2.0), but only under:
- the [AGPLv3](https://www.gnu.org/licenses/agpl-3.0.en.html) free-software license - the same license that this Ansible playbook has always used
- a proprietary license, for those wishing for Element to [sell them an exception](https://gnu.org/philosophy/selling-exceptions.html) to the AGPLv3 license
You can also learn more in [this post](https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/) by the Matrix Foundation.
The change has [already happened](https://element.io/blog/synapse-now-lives-at-github-com-element-hq-synapse/) and the first Synapse release under the new license is here: [v1.99.0](https://github.com/element-hq/synapse/releases/tag/v1.99.0).
There is no up-to-date alternative Synapse fork right now and this free-software (AGPLv3-licensed) playbook is definitely not against free-software licenses, so we are now switching to the Element-maintained Synapse release.
**What does this mean to you?**
For most home users, it doesn't mean anything. Your installation will continue working as it should and you don't need to do anything.
For people building commercial products on top of Synapse, they may have to either buy a license exception from Element (from what we hear, the fee depends on the number of monthly-active users on your instance) or they may need to release all related code as free-software (which is what we've been doing at [etke.cc](https://etke.cc/) ([here](https://gitlab.com/etke.cc)) all along).
We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own!
If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by intruducing a new Ansible variable. You can do it like this:
```yaml
# Switch the organization that Synapse container images (or source code for self-building) are pulled from.
# Note: the new default value is `element-hq/synapse`.
matrix_synapse_github_org_and_repo: matrix-org/synapse
# Pin the Synapse version to the last one (v1.98.0) released by the Matrix Foundation
# under the old permissive Apache-2.0 license.
matrix_synapse_version: v1.98.0
```
Notes:
- if you had already upgraded Synapse to `v1.99.0` by running this playbook, you will still be able to downgrade to `v1.98.0`, because both releases use the same database schema version (`SCHEMA_COMPAT_VERSION = 83` - see [here for v1.98.0](https://github.com/element-hq/synapse/blob/v1.98.0/synapse/storage/schema/__init__.py#L131-L134) and [here for v1.99.0](https://github.com/element-hq/synapse/blob/v1.99.0/synapse/storage/schema/__init__.py#L137-L140)). More details on Synapse's database schema are available [here](https://element-hq.github.io/synapse/develop/development/database_schema.html). It appears that there are no new database migrations introduced in `v1.99.0`, so going back to the older release is possible. This is not guaranteed to hold true for future Synapse releases, so if you're seeing this early-enough, consider pinning the version and organization before re-running the playbook and getting upgraded to the latest version
- running an outdated homeserver exposes you to security issues and incompatibilities. Only consider doing this as a short-term solution.
# 2024-01-16 # 2024-01-16
## `Draupnir` has been relicensed to AFL-3.0 ## `Draupnir` has been relicensed to AFL-3.0
@ -310,7 +351,7 @@ The **historical reasoning** behind this change is as follows:
- `allow_public_rooms_over_federation` seems to have been enabled by default for Synapse until v1.7.0 (~2019), just like we believe it should be for a globally-federating network - rooms should be joinable and discoverable across federation. - `allow_public_rooms_over_federation` seems to have been enabled by default for Synapse until v1.7.0 (~2019), just like we believe it should be for a globally-federating network - rooms should be joinable and discoverable across federation.
- In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. - In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/element-hq/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense.
- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `1567` servers (7%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 93% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. - [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `1567` servers (7%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 93% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful.
@ -1113,7 +1154,7 @@ You can also control the `background` workers count with `matrix_synapse_workers
### Appservice worker support is back ### Appservice worker support is back
We previously had an `appservice` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. We previously had an `appservice` worker type, which [Synapse deprecated in v1.59.0](https://github.com/element-hq/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time.
The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of talking to Application Services. The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of talking to Application Services.
From now on, we have support for this. From now on, we have support for this.
@ -1123,7 +1164,7 @@ You can also control the `appservice` workers count with `matrix_synapse_workers
### User Directory worker support is back ### User Directory worker support is back
We previously had a `user_dir` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. We previously had a `user_dir` worker type, which [Synapse deprecated in v1.59.0](https://github.com/element-hq/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time.
The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of serving the user directory. The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of serving the user directory.
From now on, we have support for this. From now on, we have support for this.
@ -1319,7 +1360,7 @@ If you're tired of being on an old and problematic Ansible version, you can now
Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted. Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted.
We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky. We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/element-hq/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky.
**If Synapse fails to start** after your next playbook run, you'll need to: **If Synapse fails to start** after your next playbook run, you'll need to:
@ -1377,7 +1418,7 @@ See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) docum
## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action ## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action
If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading: If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/element-hq/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading:
> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs. > Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs.
@ -1458,7 +1499,7 @@ See our [Setting up matrix-hookshot](docs/configuring-playbook-bridge-hookshot.m
We believe that 2022 will be the year of the non-Synapse Matrix server! We believe that 2022 will be the year of the non-Synapse Matrix server!
The playbook was previously quite [Synapse](https://github.com/matrix-org/synapse)-centric, but can now accommodate multiple homeserver implementations. Only one homeserver implementation can be active (installed) at a given time. The playbook was previously quite [Synapse](https://github.com/element-hq/synapse)-centric, but can now accommodate multiple homeserver implementations. Only one homeserver implementation can be active (installed) at a given time.
**Synapse is still the default homeserver implementation** installed by the playbook. A new variable (`matrix_homeserver_implementation`) controls which server implementation is enabled (`synapse` or `dendrite` at the given moment). **Synapse is still the default homeserver implementation** installed by the playbook. A new variable (`matrix_homeserver_implementation`) controls which server implementation is enabled (`synapse` or `dendrite` at the given moment).
@ -2029,7 +2070,7 @@ To restore the old behavior of not redirecting anywhere and serving the Synapse
We used to expose the Synapse Admin APIs publicly (at `https://matrix.DOMAIN/_synapse/admin`). We used to expose the Synapse Admin APIs publicly (at `https://matrix.DOMAIN/_synapse/admin`).
These APIs require authentication with a valid access token, so it's not that big a deal to expose them. These APIs require authentication with a valid access token, so it's not that big a deal to expose them.
However, following [official Synapse's reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints), we're no longer exposing `/_synapse/admin` by default. However, following [official Synapse's reverse-proxying recommendations](https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints), we're no longer exposing `/_synapse/admin` by default.
If you'd like to restore restore the old behavior and expose `/_synapse/admin` publicly, you can use the following configuration (in your `vars.yml`): If you'd like to restore restore the old behavior and expose `/_synapse/admin` publicly, you can use the following configuration (in your `vars.yml`):
@ -2682,7 +2723,7 @@ To avoid doing it manually, run this:
## Synapse no longer required ## Synapse no longer required
The playbook no longer insists on installing [Synapse](https://github.com/matrix-org/synapse) via the `matrix-synapse` role. The playbook no longer insists on installing [Synapse](https://github.com/element-hq/synapse) via the `matrix-synapse` role.
If you would prefer to install Synapse another way and just use the playbook to install other services, it should be possible (`matrix_synapse_enabled: false`). If you would prefer to install Synapse another way and just use the playbook to install other services, it should be possible (`matrix_synapse_enabled: false`).
@ -3214,7 +3255,7 @@ If users participate in large rooms with many other servers, disabling presence
The playbook now makes the Synapse cache factor configurable, through the playbook's `matrix_synapse_cache_factor` variable (having a default value of `0.5`). The playbook now makes the Synapse cache factor configurable, through the playbook's `matrix_synapse_cache_factor` variable (having a default value of `0.5`).
Changing that value allows you to potentially decrease RAM usage or to increase performance by caching more stuff. Changing that value allows you to potentially decrease RAM usage or to increase performance by caching more stuff.
Some information on it is available here: https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram Some information on it is available here: https://github.com/element-hq/synapse#help-synapse-eats-all-my-ram
# 2018-09-26 # 2018-09-26

View File

@ -37,7 +37,7 @@ The homeserver is the backbone of your matrix system. Choose one from the follow
| Name | Default? | Description | Documentation | | Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- | | ---- | -------- | ----------- | ------------- |
| [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) | | [Synapse](https://github.com/element-hq/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
| [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) | | [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) | | [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |

View File

@ -63,7 +63,7 @@ We have **hundreds of contributors to thank for their hard work** on making Matr
# 2022 # 2022
For [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy/), 2022 started with **breaking the** [**Synapse**](https://github.com/matrix-org/synapse) **monopoly** by [adding support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#dendrite-support) for the [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver in early January. This required various internal changes so that the [Ansible](https://www.ansible.com/) playbook would not be Synapse-centric anymore. This groundwork paved the way for continuing in this direction and we [added support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#conduit-support) for [Conduit](https://conduit.rs/) in August. For [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy/), 2022 started with **breaking the** [**Synapse**](https://github.com/element-hq/synapse) **monopoly** by [adding support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#dendrite-support) for the [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver in early January. This required various internal changes so that the [Ansible](https://www.ansible.com/) playbook would not be Synapse-centric anymore. This groundwork paved the way for continuing in this direction and we [added support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#conduit-support) for [Conduit](https://conduit.rs/) in August.
When it comes to the `matrix-docker-ansible-deploy` Ansible playbook, 2022 was the year of the non-Synapse homeserver implementation. In practice, none of these homeserver implementations seem ready for prime-time yet and there is no migration path when coming from Synapse. Having done our job of adding support for these alternative homeserver implementations, we can say that we're not getting in the way of future progress. It's time for the Dendrite developers to push harder (development-wise) and for the Synapse developers to take a well-deserved long (infinite) break, and we may get to see more people migrating away from Synapse in the next year(s). When it comes to the `matrix-docker-ansible-deploy` Ansible playbook, 2022 was the year of the non-Synapse homeserver implementation. In practice, none of these homeserver implementations seem ready for prime-time yet and there is no migration path when coming from Synapse. Having done our job of adding support for these alternative homeserver implementations, we can say that we're not getting in the way of future progress. It's time for the Dendrite developers to push harder (development-wise) and for the Synapse developers to take a well-deserved long (infinite) break, and we may get to see more people migrating away from Synapse in the next year(s).

View File

@ -1,4 +1,4 @@
(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md)) (Adapted from the [upstream project](https://github.com/element-hq/synapse/blob/develop/docs/CAPTCHA_SETUP.md))
# Overview # Overview
Captcha can be enabled for this home server. This file explains how to do that. Captcha can be enabled for this home server. This file explains how to do that.

View File

@ -176,13 +176,13 @@ matrix_bot_go_neb_services:
Rooms: Rooms:
"!someroom:id": "!someroom:id":
Repos: Repos:
"matrix-org/synapse": "element-hq/synapse":
Events: ["push", "issues"] Events: ["push", "issues"]
"matrix-org/dendron": "matrix-org/dendron":
Events: ["pull_request"] Events: ["pull_request"]
"!anotherroom:id": "!anotherroom:id":
Repos: Repos:
"matrix-org/synapse": "element-hq/synapse":
Events: ["push", "issues"] Events: ["push", "issues"]
"matrix-org/dendron": "matrix-org/dendron":
Events: ["pull_request"] Events: ["pull_request"]

View File

@ -1,6 +1,6 @@
# Configuring Conduit (optional) # Configuring Conduit (optional)
By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Conduit](https://conduit.rs). By default, this playbook configures the [Synapse](https://github.com/element-hq/synapse) Matrix server, but you can also use [Conduit](https://conduit.rs).
**NOTES**: **NOTES**:

View File

@ -1,6 +1,6 @@
# Configuring Dendrite (optional) # Configuring Dendrite (optional)
By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Dendrite](https://github.com/matrix-org/dendrite). By default, this playbook configures the [Synapse](https://github.com/element-hq/synapse) Matrix server, but you can also use [Dendrite](https://github.com/matrix-org/dendrite).
**NOTES**: **NOTES**:

View File

@ -119,7 +119,7 @@ scrape_configs:
## More information ## More information
- [Understanding Synapse Performance Issues Through Grafana Graphs](https://github.com/matrix-org/synapse/wiki/Understanding-Synapse-Performance-Issues-Through-Grafana-Graphs) at the Synapse Github Wiki - [Understanding Synapse Performance Issues Through Grafana Graphs](https://github.com/element-hq/synapse/wiki/Understanding-Synapse-Performance-Issues-Through-Grafana-Graphs) at the Synapse Github Wiki
- [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2) - [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) - [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)
- [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)

View File

@ -15,7 +15,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
matrix_synapse_admin_enabled: true matrix_synapse_admin_enabled: true
``` ```
**Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, the playbook **automatically** exposes the Synapse Admin API publicly for you. Depending on the homeserver implementation you're using (Synapse, Dendrite), this is equivalent to: **Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, the playbook **automatically** exposes the Synapse Admin API publicly for you. Depending on the homeserver implementation you're using (Synapse, Dendrite), this is equivalent to:
- for Synapse (our default homeserver implementation): `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` - for Synapse (our default homeserver implementation): `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true`
- for [Dendrite](./configuring-playbook-dendrite.md): `matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: true` - for [Dendrite](./configuring-playbook-dendrite.md): `matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: true`

View File

@ -1,6 +1,6 @@
# Configuring Synapse (optional) # Configuring Synapse (optional)
By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, so that it works for the general case. By default, this playbook configures the [Synapse](https://github.com/element-hq/synapse) Matrix server, so that it works for the general case.
If that's enough for you, you can skip this document. If that's enough for you, you can skip this document.
The playbook provides lots of customization variables you could use to change Synapse's settings. The playbook provides lots of customization variables you could use to change Synapse's settings.
@ -20,7 +20,7 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you
## Load balancing with workers ## Load balancing with workers
To have Synapse gracefully handle thousands of users, worker support should be enabled. It factors out some homeserver tasks and spreads the load of incoming client and server-to-server traffic between multiple processes. More information can be found in the [official Synapse workers documentation](https://github.com/matrix-org/synapse/blob/master/docs/workers.md). To have Synapse gracefully handle thousands of users, worker support should be enabled. It factors out some homeserver tasks and spreads the load of incoming client and server-to-server traffic between multiple processes. More information can be found in the [official Synapse workers documentation](https://github.com/element-hq/synapse/blob/master/docs/workers.md).
To enable Synapse worker support, update your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: To enable Synapse worker support, update your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -50,7 +50,7 @@ If you'd like to use OpenID Connect authentication with Synapse, you'll need som
This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat. This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat.
For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#keycloak). For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/element-hq/synapse/blob/develop/docs/openid.md#keycloak).
In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ; In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
@ -73,14 +73,12 @@ matrix_synapse_oidc_providers:
backchannel_logout_enabled: true # Optional backchannel_logout_enabled: true # Optional
``` ```
**NOTE**: if you inject the OIDC configuration using `matrix_synapse_configuration_extension_yaml` (instead of `matrix_synapse_oidc_enabled: true` + `matrix_synapse_oidc_providers` as explained above), then the OIDC routes (`/_synapse/oidc`) will not be publicly exposed automatically. In such a case, you'd need to expose them manually by toggling: `matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled: true`.
## Customizing templates ## Customizing templates
[Templates](https://github.com/matrix-org/synapse/blob/develop/docs/templates.md) are used by Synapse for showing **certain web pages** handled by the server, as well as for **email notifications**. [Templates](https://github.com/element-hq/synapse/blob/develop/docs/templates.md) are used by Synapse for showing **certain web pages** handled by the server, as well as for **email notifications**.
This playbook allows you to customize the default templates (see the [`synapse/res/templates` directory](https://github.com/matrix-org/synapse/tree/develop/synapse/res/templates)). This playbook allows you to customize the default templates (see the [`synapse/res/templates` directory](https://github.com/element-hq/synapse/tree/develop/synapse/res/templates)).
If template customization is enabled, the playbook will build a custom container image based on the official one. If template customization is enabled, the playbook will build a custom container image based on the official one.

View File

@ -24,5 +24,5 @@ When enabled, your homeserver will regularly upload a few dozen statistics about
This data includes your homeserver's domain, the total number of users, the number of active This data includes your homeserver's domain, the total number of users, the number of active
users, the total number of rooms, and the number of messages sent per day on your homeserver. users, the total number of rooms, and the number of messages sent per day on your homeserver.
See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) or [Dendrite's documentation](https://github.com/matrix-org/dendrite/blob/main/docs/FAQ.md#what-is-being-reported-when-enabling-phone-home-statistics) See [Synapse's documentation](https://github.com/element-hq/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) or [Dendrite's documentation](https://github.com/matrix-org/dendrite/blob/main/docs/FAQ.md#what-is-being-reported-when-enabling-phone-home-statistics)
for the full list of statistics that are reported. for the full list of statistics that are reported.

View File

@ -9,7 +9,7 @@ We try to stick to official images (provided by their respective projects) as mu
These services are enabled and used by default, but you can turn them off, if you wish. These services are enabled and used by default, but you can turn them off, if you wish.
- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver (optional) - [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/element-hq/synapse) Matrix homeserver (optional)
- [coturn/coturn](https://hub.docker.com/r/coturn/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional) - [coturn/coturn](https://hub.docker.com/r/coturn/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
@ -114,7 +114,7 @@ These services are not part of our default installation, but can be enabled by [
- [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter/) - [Prometheus Node Exporter](https://github.com/prometheus/node_exporter/) is an addon for Prometheus that gathers standard system metrics - [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter/) - [Prometheus Node Exporter](https://github.com/prometheus/node_exporter/) is an addon for Prometheus that gathers standard system metrics
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards) - [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/element-hq/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
- [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix

View File

@ -61,7 +61,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee
### How do I set up my own Matrix server? ### How do I set up my own Matrix server?
Normally, you'd first choose the [Matrix](https://matrix.org/) server software you'd like to run. At the time of this writing (January/2021), there's only one fully-featured server program, so there's only one reasonable choice. That's [Synapse](https://github.com/matrix-org/synapse). Normally, you'd first choose the [Matrix](https://matrix.org/) server software you'd like to run. At the time of this writing (January/2021), there's only one fully-featured server program, so there's only one reasonable choice. That's [Synapse](https://github.com/element-hq/synapse).
There are [many guides about installing Synapse](https://matrix.org/docs/guides/#installing-synapse). Using this Ansible playbook is just one way of doing it. There are [many guides about installing Synapse](https://matrix.org/docs/guides/#installing-synapse). Using this Ansible playbook is just one way of doing it.
@ -82,13 +82,13 @@ To learn more, see our [dedicated Ansible documentation page](ansible.md).
### Why use this playbook and not install Synapse and other things manually? ### Why use this playbook and not install Synapse and other things manually?
There are various guides telling you how easy it is to install [Synapse](https://github.com/matrix-org/synapse). There are various guides telling you how easy it is to install [Synapse](https://github.com/element-hq/synapse).
Reading the documentation of this Ansible playbook, you may also be thinking: Reading the documentation of this Ansible playbook, you may also be thinking:
> I don't know what [Ansible](https://www.ansible.com/) is. I don't know what [Docker](https://www.docker.com/) is. This looks more complicated. > I don't know what [Ansible](https://www.ansible.com/) is. I don't know what [Docker](https://www.docker.com/) is. This looks more complicated.
.. so you may be leaning toward [installing Synapse manually](https://github.com/matrix-org/synapse/blob/master/INSTALL.md). .. so you may be leaning toward [installing Synapse manually](https://github.com/element-hq/synapse/blob/master/INSTALL.md).
The problem with a manual installation is: The problem with a manual installation is:

View File

@ -24,7 +24,7 @@ sudo journalctl -fu matrix-synapse
## Increasing Synapse logging ## Increasing Synapse logging
Because the [Synapse](https://github.com/matrix-org/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`. Because the [Synapse](https://github.com/element-hq/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`.
If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO`. If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO`.

View File

@ -14,13 +14,13 @@ Table of contents:
## Purging old data with the Purge History API ## Purging old data with the Purge History API
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**. You can use the **[Purge History API](https://github.com/element-hq/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
To make use of this Synapse Admin API, **you'll need an admin access token** first. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). To make use of this Synapse Admin API, **you'll need an admin access token** first. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
Synapse's Admin API is not exposed to the internet by default, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). To expose it you will need to add `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` to your `vars.yml` file. Synapse's Admin API is not exposed to the internet by default, following [official Synapse reverse-proxying recommendations](https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). To expose it you will need to add `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` to your `vars.yml` file.
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions. Follow the [Purge History API](https://github.com/element-hq/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions.
After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql). After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql).
@ -47,7 +47,7 @@ After state compression, you may wish to run a [`FULL` Postgres `VACUUM`](./main
## Browse and manipulate the database ## Browse and manipulate the database
When the [Synapse Admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs. When the [Synapse Admin API](https://github.com/element-hq/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs.
Editing the database manually is not recommended or supported by the Synapse developers. If you are going to do so you should [make a database backup](./maintenance-postgres.md#backing-up-postgresql). Editing the database manually is not recommended or supported by the Synapse developers. If you are going to do so you should [make a database backup](./maintenance-postgres.md#backing-up-postgresql).
@ -74,7 +74,7 @@ Synapse's presence feature which tracks which users are online and which are off
If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers). If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).
Tuning Synapse's cache factor can help reduce RAM usage. [See the upstream documentation](https://github.com/matrix-org/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu) for more information on what value to set the cache factor to. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor. Tuning Synapse's cache factor can help reduce RAM usage. [See the upstream documentation](https://github.com/element-hq/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu) for more information on what value to set the cache factor to. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor.
[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will aslo need to tune Postgres manually. [Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will aslo need to tune Postgres manually.

View File

@ -32,7 +32,7 @@ where `<password-hash>` is the hash returned by the docker command above.
## Option 3: ## Option 3:
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password Use the Synapse User Admin API as described here: https://github.com/element-hq/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*

View File

@ -4,7 +4,7 @@ This directory contains sample files that show you how to front the integrated [
## Prerequisite configuration ## Prerequisite configuration
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`). To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
## Using the Apache configuration ## Using the Apache configuration

View File

@ -5,7 +5,7 @@ This directory contains a sample config that shows you how to front the integrat
## Prerequisite configuration ## Prerequisite configuration
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`). To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
## Using the Caddyfile ## Using the Caddyfile

View File

@ -4,6 +4,6 @@ This directory contains sample files that show you how to do reverse-proxying us
This is for when you wish to have your own HAproxy instance sitting in front of Matrix services installed by this playbook. This is for when you wish to have your own HAproxy instance sitting in front of Matrix services installed by this playbook.
We recommend that you use HAProxy in front of Traefik. See our [Fronting the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) documentation. We recommend that you use HAProxy in front of Traefik. See our [Fronting the integrated reverse-proxy webserver with another reverse-proxy](../../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) documentation.
You can then use the configuration files from this directory as an example for how to configure your HAproxy reverse proxy. You can then use the configuration files from this directory as an example for how to configure your HAproxy reverse proxy.

View File

@ -5,7 +5,7 @@ This directory contains a sample config that shows you how to use the [nginx](ht
## Prerequisite configuration ## Prerequisite configuration
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`). To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
## Using the nginx configuration ## Using the nginx configuration
@ -14,4 +14,4 @@ Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modi
This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host. This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host.
Also note that your copy of the `matrix.conf` file has to be adapted to whatever services you are using. For example, remove `element.domain.com` from the `server_name` list if you don't use [Element](../../docs/configuring-playbook-client-element.md) web client or add `dimension.domain.com` to it if you do use the [Dimension](../../docs/configuring-playbook-dimension.md) integration manager. Also note that your copy of the `matrix.conf` file has to be adapted to whatever services you are using. For example, remove `element.domain.com` from the `server_name` list if you don't use [Element](../../../docs/configuring-playbook-client-element.md) web client or add `dimension.domain.com` to it if you do use the [Dimension](../../../docs/configuring-playbook-dimension.md) integration manager.

View File

@ -218,17 +218,18 @@ matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_s
# Additional JVB workers (jitsi_jvb.yml -- roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well. # Additional JVB workers (jitsi_jvb.yml -- roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
# #
# Priority levels are like this: # Priority levels are like this:
# - Traefik starts first with a level of 250, so that:
# - it can get an early start on obtaining SSL certificates and routing to other services as soon as they start (later)
# - so that addon services (starting later) can communicte with the homeserver via Traefik's internal entrypoint
# (see `matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled`)
# - core services (the homeserver) get a level of ~1000 # - core services (the homeserver) get a level of ~1000
# - services that core services depend on (database, Redis, ntfy, etc.) get a lower level - between 500 and 1000 # - services that the homeserver depends on (database, Redis, ntfy, Coturn, etc.) get a lower level - between 500 and 1000
# - reverse-proxying services get level 3000 # - reverse-proxying services get level 3000
# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that: # - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
# - they can start before the reverse-proxy # - they can start before the reverse-proxy
# - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with # - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
# - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix # - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix
# - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix # - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
#
# `matrix-bot-postmoogle.service` has a higher priority number (4000), unlike other bots' priority (2200),
# because it requires SSL certificates. If Traefik is used, then Postmoogle needs to start at least after Traefik (3500) and Traefik certs dumper (3500).
devture_systemd_service_manager_services_list_auto: | devture_systemd_service_manager_services_list_auto: |
{{ {{
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else []) ([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
@ -249,7 +250,7 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else []) ([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else [])
+ +
([{'name': 'matrix-bot-postmoogle.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'postmoogle', 'bot-postmoogle']}] if matrix_bot_postmoogle_enabled else []) ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle', 'bot-postmoogle']}] if matrix_bot_postmoogle_enabled else [])
+ +
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else []) ([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else [])
+ +
@ -329,7 +330,7 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else []) ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
+ +
([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else []) ([{'name': 'matrix-coturn.service', 'priority': 900, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
+ +
([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else []) ([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else [])
+ +
@ -359,7 +360,7 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else []) ([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else [])
+ +
([{'name': (exim_relay_identifier ~ '.service'), 'priority': 2000, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else []) ([{'name': (exim_relay_identifier ~ '.service'), 'priority': 800, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else [])
+ +
([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else []) ([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else [])
+ +
@ -379,7 +380,7 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
+ +
([{'name': 'matrix-sliding-sync.service', 'priority': 4000, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
+ +
([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else []) ([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
+ +
@ -397,11 +398,11 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': (matrix_static_files_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-static-files']}] if matrix_static_files_enabled else []) ([{'name': (matrix_static_files_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-static-files']}] if matrix_static_files_enabled else [])
+ +
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else []) ([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
+ +
([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else []) ([{'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
+ +
([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else []) ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else [])
}} }}
######################################################################## ########################################################################
@ -4070,7 +4071,6 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver
matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}" matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}"
@ -4188,7 +4188,12 @@ prometheus_postgres_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}" prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}"
prometheus_postgres_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}" prometheus_postgres_exporter_container_additional_networks: |
{{
([devture_postgres_container_network] if (devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname and prometheus_postgres_exporter_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and prometheus_postgres_exporter_container_labels_traefik_enabled else [])
}}
prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
@ -4827,7 +4832,7 @@ matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homese
matrix_static_files_enabled: true matrix_static_files_enabled: true
matrix_static_files_container_network: "{{ (matrix_playbook_reverse_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else matrix_static_files_identifier) }}" matrix_static_files_container_network: "{{ (matrix_static_files_identifier if matrix_playbook_reverse_proxy_type == 'none' else matrix_playbook_reverse_proxy_container_network) }}"
matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"

View File

@ -61,7 +61,7 @@
version: v1.0.0-2 version: v1.0.0-2
name: systemd_docker_base name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-3 version: v1.0.0-4
name: systemd_service_manager name: systemd_service_manager
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.0.0-0 version: v1.0.0-0

View File

@ -290,13 +290,13 @@ matrix_bot_go_neb_services: []
# Rooms: # Rooms:
# "!someroom:id": # "!someroom:id":
# Repos: # Repos:
# "matrix-org/synapse": # "element-hq/synapse":
# Events: ["push", "issues"] # Events: ["push", "issues"]
# "matrix-org/dendron": # "matrix-org/dendron":
# Events: ["pull_request"] # Events: ["pull_request"]
# "!anotherroom:id": # "!anotherroom:id":
# Repos: # Repos:
# "matrix-org/synapse": # "element-hq/synapse":
# Events: ["push", "issues"] # Events: ["push", "issues"]
# "matrix-org/dendron": # "matrix-org/dendron":
# Events: ["pull_request"] # Events: ["pull_request"]

View File

@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/discord # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
matrix_mautrix_discord_version: v0.6.4 matrix_mautrix_discord_version: v0.6.5
# See: https://mau.dev/mautrix/discord/container_registry # See: https://mau.dev/mautrix/discord/container_registry
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"

View File

@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.2.3 matrix_mautrix_gmessages_version: v0.2.4
# See: https://mau.dev/mautrix/gmessages/container_registry # See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"

View File

@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=vectorim/element-web # renovate: datasource=docker depName=vectorim/element-web
matrix_client_element_version: v1.11.53 matrix_client_element_version: v1.11.54
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"

View File

@ -30,6 +30,15 @@ matrix_conduit_systemd_required_services_list_custom: []
# List of systemd services that matrix-conduit.service wants # List of systemd services that matrix-conduit.service wants
matrix_conduit_systemd_wanted_services_list: [] matrix_conduit_systemd_wanted_services_list: []
# Controls how long to sleep for after starting the matrix-synapse container.
#
# Delaying, so that the homeserver can manage to fully start and various services
# that depend on it (`matrix_conduit_systemd_required_services_list` and `matrix_conduit_systemd_wanted_services_list`)
# may only start after the homeserver is up and running.
#
# This can be set to 0 to remove the delay.
matrix_conduit_systemd_service_post_start_delay_seconds: 3
# The base container network. It will be auto-created by this role if it doesn't exist already. # The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_conduit_container_network: "" matrix_conduit_container_network: ""

View File

@ -36,9 +36,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduit ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduit
# Intentional delay, so that the homeserver can manage to start and various services {% if matrix_conduit_systemd_service_post_start_delay_seconds != 0 %}
# that depend on it (After/Requires) may only start after the homeserver is up and running. ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_conduit_systemd_service_post_start_delay_seconds }}
ExecStartPost=-{{ matrix_host_command_sleep }} 3 {% endif %}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduit 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduit 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true'

View File

@ -99,7 +99,7 @@ matrix_dendrite_container_labels_internal_client_api_traefik_priority: "{{ matri
matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints: "" matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints: ""
# Controls whether labels will be added that expose the /_synapse/admin paths on a public Traefik entrypoint. # Controls whether labels will be added that expose the /_synapse/admin paths on a public Traefik entrypoint.
# Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't. # Following these recommendations (https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md), by default, we don't.
# Dendrite exposes some admin APIs under a Synapse-specific prefix. # Dendrite exposes some admin APIs under a Synapse-specific prefix.
# See: https://matrix-org.github.io/dendrite/administration/adminapi # See: https://matrix-org.github.io/dendrite/administration/adminapi
matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: false matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: false
@ -186,6 +186,15 @@ matrix_dendrite_systemd_wanted_services_list_default: ["docker.service"]
matrix_dendrite_systemd_wanted_services_list_auto: [] matrix_dendrite_systemd_wanted_services_list_auto: []
matrix_dendrite_systemd_wanted_services_list_custom: [] matrix_dendrite_systemd_wanted_services_list_custom: []
# Controls how long to sleep for after starting the matrix-dendrite container.
#
# Delaying, so that the homeserver can manage to fully start and various services
# that depend on it (`matrix_dendrite_systemd_required_services_list` and `matrix_dendrite_systemd_wanted_services_list`)
# may only start after the homeserver is up and running.
#
# This can be set to 0 to remove the delay.
matrix_dendrite_systemd_service_post_start_delay_seconds: 3
# Specifies which template files to use when configuring Dendrite. # Specifies which template files to use when configuring Dendrite.
# If you'd like to have your own different configuration, feel free to copy and paste # If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`) # the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)

View File

@ -63,9 +63,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dendrite ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dendrite
# Intentional delay, so that the homeserver can manage to start and various services {% if matrix_dendrite_systemd_service_post_start_delay_seconds != 0 %}
# that depend on it (After/Requires) may only start after the homeserver is up and running. ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_dendrite_systemd_service_post_start_delay_seconds }}
ExecStartPost=-{{ matrix_host_command_sleep }} 3 {% endif %}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'

View File

@ -15,7 +15,13 @@
"type": "grafana", "type": "grafana",
"id": "grafana", "id": "grafana",
"name": "Grafana", "name": "Grafana",
"version": "9.3.1" "version": "10.1.0"
},
{
"type": "panel",
"id": "heatmap",
"name": "Heatmap",
"version": ""
}, },
{ {
"type": "datasource", "type": "datasource",
@ -35,8 +41,8 @@
{ {
"builtIn": 1, "builtIn": 1,
"datasource": { "datasource": {
"type": "grafana", "type": "datasource",
"uid": "-- Grafana --" "uid": "grafana"
}, },
"enable": true, "enable": true,
"hide": true, "hide": true,
@ -52,11 +58,10 @@
} }
] ]
}, },
"description": "",
"editable": true, "editable": true,
"fiscalYearStartMonth": 0, "fiscalYearStartMonth": 0,
"graphTooltip": 0, "graphTooltip": 0,
"id": 9, "id": null,
"links": [], "links": [],
"liveNow": false, "liveNow": false,
"panels": [ "panels": [
@ -84,6 +89,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -106,7 +112,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -138,17 +145,19 @@
"sort": "none" "sort": "none"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"editorMode": "code",
"expr": "rate(media_http_requests_total[2m])", "expr": "rate(media_http_requests_total[2m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{ '{{host}}: {{method}} {{action}}' }}", "legendFormat": "{{ '{{host}}: {{method}} {{action}}' }}",
"range": true,
"refId": "A" "refId": "A"
}, },
{ {
@ -156,10 +165,12 @@
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"editorMode": "code",
"expr": "rate(media_invalid_http_requests_total[2m])", "expr": "rate(media_invalid_http_requests_total[2m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{ 'Invalid Host: {{method}} {{action}}' }}", "legendFormat": "{{ 'Invalid Host: {{method}} {{action}}' }}",
"range": true,
"refId": "B" "refId": "B"
} }
], ],
@ -190,6 +201,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -212,7 +224,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -244,23 +257,220 @@
"sort": "none" "sort": "none"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"editorMode": "code",
"expr": "rate(media_http_responses_total[2m])", "expr": "rate(media_http_responses_total[2m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{ '{{host}}: {{method}} {{action}} {{statusCode}}' }}", "legendFormat": "{{ '{{host}}: {{method}} {{action}} {{statusCode}}' }}",
"range": true,
"refId": "A" "refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "rate(media_invalid_http_requests_total[2m])",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ 'Invalid Host: {{method}} {{action}} {{statusCode}}' }}",
"range": true,
"refId": "B"
} }
], ],
"title": "HTTP Responses", "title": "HTTP Responses",
"type": "timeseries" "type": "timeseries"
}, },
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"scaleDistribution": {
"type": "linear"
}
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 9
},
"id": 11,
"maxDataPoints": 5000,
"options": {
"calculate": false,
"calculation": {
"xBuckets": {
"mode": "size",
"value": ""
}
},
"cellGap": 1,
"color": {
"exponent": 0.5,
"fill": "dark-orange",
"mode": "scheme",
"reverse": false,
"scale": "exponential",
"scheme": "Spectral",
"steps": 64
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": true
},
"rowsFrame": {
"layout": "auto"
},
"tooltip": {
"show": true,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "left",
"decimals": 0,
"reverse": false,
"unit": "s"
}
},
"pluginVersion": "10.1.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum(rate(media_http_response_time_seconds_bucket{action=~\"download|thumbnail\"}[2m])) by (le)",
"format": "heatmap",
"instant": false,
"interval": "",
"legendFormat": "{{ '{{method}} {{action}} - {{le}}' }}",
"range": true,
"refId": "A"
}
],
"title": "Downloads and Thumbnails - Response Time",
"type": "heatmap"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"scaleDistribution": {
"type": "linear"
}
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 9
},
"id": 12,
"maxDataPoints": 5000,
"options": {
"calculate": false,
"calculation": {
"xBuckets": {
"mode": "size",
"value": ""
}
},
"cellGap": 1,
"color": {
"exponent": 0.5,
"fill": "dark-orange",
"mode": "scheme",
"reverse": false,
"scale": "exponential",
"scheme": "Spectral",
"steps": 64
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": true
},
"rowsFrame": {
"layout": "auto"
},
"tooltip": {
"show": true,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "left",
"decimals": 0,
"reverse": false,
"unit": "s"
}
},
"pluginVersion": "10.1.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum(rate(media_http_response_time_seconds_bucket{action=\"upload\"}[2m])) by (le)",
"format": "heatmap",
"instant": false,
"legendFormat": "{{ '{{method}} {{action}} - {{le}}' }}",
"range": true,
"refId": "A"
}
],
"title": "Uploads - Response Time",
"type": "heatmap"
},
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
@ -285,6 +495,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -307,7 +518,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -323,7 +535,7 @@
"h": 9, "h": 9,
"w": 12, "w": 12,
"x": 0, "x": 0,
"y": 9 "y": 18
}, },
"id": 8, "id": 8,
"links": [], "links": [],
@ -339,18 +551,21 @@
"sort": "none" "sort": "none"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "go_memstats_alloc_bytes", "editorMode": "code",
"exemplar": true,
"expr": "go_memstats_alloc_bytes{job=\"media_repo\"}",
"format": "time_series", "format": "time_series",
"interval": "", "interval": "",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "memory usage (alloc)", "legendFormat": "memory usage (alloc)",
"range": true,
"refId": "B" "refId": "B"
}, },
{ {
@ -358,7 +573,8 @@
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "go_memstats_sys_bytes", "exemplar": true,
"expr": "go_memstats_sys_bytes{job=\"media_repo\"}",
"interval": "", "interval": "",
"legendFormat": "memory usage (sys)", "legendFormat": "memory usage (sys)",
"refId": "C" "refId": "C"
@ -368,7 +584,8 @@
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "go_memstats_heap_alloc_bytes", "exemplar": true,
"expr": "go_memstats_heap_alloc_bytes{job=\"media_repo\"}",
"interval": "", "interval": "",
"legendFormat": "heap usage (alloc)", "legendFormat": "heap usage (alloc)",
"refId": "A" "refId": "A"
@ -378,7 +595,8 @@
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "go_memstats_heap_idle_bytes", "exemplar": true,
"expr": "go_memstats_heap_idle_bytes{job=\"media_repo\"}",
"interval": "", "interval": "",
"legendFormat": "heap usage (idle)", "legendFormat": "heap usage (idle)",
"refId": "D" "refId": "D"
@ -388,10 +606,24 @@
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "go_memstats_heap_inuse_bytes", "exemplar": true,
"expr": "go_memstats_heap_inuse_bytes{job=\"media_repo\"}",
"interval": "", "interval": "",
"legendFormat": "heap usage (used)", "legendFormat": "heap usage (used)",
"refId": "E" "refId": "E"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"exemplar": true,
"expr": "go_memstats_heap_released_bytes{job=\"media_repo\"}",
"hide": false,
"legendFormat": "heap usage (released)",
"range": true,
"refId": "F"
} }
], ],
"title": "Memory Usage", "title": "Memory Usage",
@ -421,6 +653,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -443,7 +676,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -451,7 +685,7 @@
} }
] ]
}, },
"unit": "bytes" "unit": "none"
}, },
"overrides": [] "overrides": []
}, },
@ -459,9 +693,9 @@
"h": 9, "h": 9,
"w": 12, "w": 12,
"x": 12, "x": 12,
"y": 9 "y": 18
}, },
"id": 4, "id": 10,
"links": [], "links": [],
"options": { "options": {
"legend": { "legend": {
@ -475,18 +709,21 @@
"sort": "none" "sort": "none"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "media_cache_num_bytes_used", "editorMode": "code",
"exemplar": true,
"expr": "go_goroutines{job=\"media_repo\"}",
"format": "time_series", "format": "time_series",
"interval": "", "interval": "",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{ 'size of cache: {{cache}}' }}", "legendFormat": "goroutines",
"range": true,
"refId": "B" "refId": "B"
}, },
{ {
@ -494,13 +731,19 @@
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "media_cache_num_live_bytes_used", "editorMode": "code",
"exemplar": true,
"expr": "go_threads{job=\"media_repo\"}",
"format": "time_series",
"hide": false,
"interval": "", "interval": "",
"legendFormat": "{{ 'live size of cache: {{cache}}' }}", "intervalFactor": 1,
"refId": "C" "legendFormat": "threads",
"range": true,
"refId": "A"
} }
], ],
"title": "Cache Size (Bytes)", "title": "Process Composition",
"type": "timeseries" "type": "timeseries"
}, },
{ {
@ -527,6 +770,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -549,7 +793,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -557,7 +802,7 @@
} }
] ]
}, },
"unit": "short" "unit": "hertz"
}, },
"overrides": [] "overrides": []
}, },
@ -565,7 +810,7 @@
"h": 9, "h": 9,
"w": 12, "w": 12,
"x": 0, "x": 0,
"y": 18 "y": 27
}, },
"id": 9, "id": 9,
"links": [], "links": [],
@ -578,35 +823,26 @@
}, },
"tooltip": { "tooltip": {
"mode": "multi", "mode": "multi",
"sort": "none" "sort": "desc"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "${DS_PROMETHEUS}" "uid": "${DS_PROMETHEUS}"
}, },
"expr": "media_cache_num_items", "editorMode": "code",
"expr": "rate(media_s3_operations_total[2m])",
"format": "time_series", "format": "time_series",
"interval": "",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{ 'items in cache: {{cache}}' }}", "legendFormat": "{{ '{{operation}}' }}",
"refId": "B" "range": true,
}, "refId": "A"
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "media_cache_num_live_items",
"interval": "",
"legendFormat": "{{ 'live items in cache: {{cache}}' }}",
"refId": "C"
} }
], ],
"title": "Cache Size (# of items)", "title": "S3 Operations",
"type": "timeseries" "type": "timeseries"
}, },
{ {
@ -633,6 +869,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -655,7 +892,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -671,7 +909,7 @@
"h": 9, "h": 9,
"w": 12, "w": 12,
"x": 12, "x": 12,
"y": 18 "y": 27
}, },
"id": 5, "id": 5,
"links": [], "links": [],
@ -687,7 +925,7 @@
"sort": "none" "sort": "none"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
@ -750,6 +988,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -772,7 +1011,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -788,7 +1028,7 @@
"h": 9, "h": 9,
"w": 12, "w": 12,
"x": 0, "x": 0,
"y": 27 "y": 36
}, },
"id": 6, "id": 6,
"links": [], "links": [],
@ -801,10 +1041,10 @@
}, },
"tooltip": { "tooltip": {
"mode": "multi", "mode": "multi",
"sort": "none" "sort": "desc"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
@ -821,6 +1061,96 @@
"title": "Thumbnail Generation", "title": "Thumbnail Generation",
"type": "timeseries" "type": "timeseries"
}, },
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"scaleDistribution": {
"type": "linear"
}
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 36
},
"id": 13,
"maxDataPoints": 5000,
"options": {
"calculate": false,
"calculation": {
"xBuckets": {
"mode": "size",
"value": ""
}
},
"cellGap": 1,
"color": {
"exponent": 0.5,
"fill": "dark-orange",
"mode": "scheme",
"reverse": false,
"scale": "exponential",
"scheme": "Spectral",
"steps": 64
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": true
},
"rowsFrame": {
"layout": "auto"
},
"tooltip": {
"show": true,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "left",
"decimals": 0,
"reverse": false,
"unit": "s"
}
},
"pluginVersion": "10.1.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum(rate(media_age_accessed_media_seconds_bucket[2m])) by (le)",
"format": "heatmap",
"instant": false,
"legendFormat": "{{ '{{method}} {{action}} - {{le}}' }}",
"range": true,
"refId": "A"
}
],
"title": "Age of Downloaded Media",
"type": "heatmap"
},
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
@ -845,6 +1175,7 @@
"tooltip": false, "tooltip": false,
"viz": false "viz": false
}, },
"insertNulls": false,
"lineInterpolation": "linear", "lineInterpolation": "linear",
"lineWidth": 1, "lineWidth": 1,
"pointSize": 5, "pointSize": 5,
@ -867,7 +1198,8 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green" "color": "green",
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -882,8 +1214,8 @@
"gridPos": { "gridPos": {
"h": 9, "h": 9,
"w": 12, "w": 12,
"x": 12, "x": 0,
"y": 27 "y": 45
}, },
"id": 7, "id": 7,
"links": [], "links": [],
@ -896,10 +1228,10 @@
}, },
"tooltip": { "tooltip": {
"mode": "multi", "mode": "multi",
"sort": "none" "sort": "desc"
} }
}, },
"pluginVersion": "9.5.3", "pluginVersion": "10.1.0",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
@ -933,26 +1265,7 @@
"style": "dark", "style": "dark",
"tags": [], "tags": [],
"templating": { "templating": {
"list": [ "list": []
{
"current": {
"selected": true,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
}, },
"time": { "time": {
"from": "now-1h", "from": "now-1h",
@ -986,6 +1299,6 @@
"timezone": "", "timezone": "",
"title": "Media Repo Dashboard", "title": "Media Repo Dashboard",
"uid": "xJUZ3xfmk", "uid": "xJUZ3xfmk",
"version": 2, "version": 15,
"weekStart": "" "weekStart": ""
} }

View File

@ -12,7 +12,7 @@ matrix_prometheus_services_connect_synapse_rules_enabled: "{{ matrix_prometheus_
# Controls whether the synapse rules shall be downloaded # Controls whether the synapse rules shall be downloaded
matrix_prometheus_services_connect_synapse_rules_download_enabled: "{{ matrix_prometheus_services_connect_synapse_rules_enabled }}" matrix_prometheus_services_connect_synapse_rules_download_enabled: "{{ matrix_prometheus_services_connect_synapse_rules_enabled }}"
matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: master matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: master
matrix_prometheus_services_connect_synapse_rules_download_src_url: "https://raw.githubusercontent.com/matrix-org/synapse/{{ matrix_prometheus_services_connect_synapse_rules_download_synapse_tag }}/contrib/prometheus/synapse-v2.rules" matrix_prometheus_services_connect_synapse_rules_download_src_url: "https://raw.githubusercontent.com/{{ matrix_synapse_github_org_and_repo }}/{{ matrix_prometheus_services_connect_synapse_rules_download_synapse_tag }}/contrib/prometheus/synapse-v2.rules"
matrix_prometheus_services_connect_synapse_rules_download_dir_path: '' matrix_prometheus_services_connect_synapse_rules_download_dir_path: ''
matrix_prometheus_services_connect_synapse_rules_download_owner: '' matrix_prometheus_services_connect_synapse_rules_download_owner: ''
matrix_prometheus_services_connect_synapse_rules_download_group: '' matrix_prometheus_services_connect_synapse_rules_download_group: ''

View File

@ -85,19 +85,8 @@ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_cl
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints != 'web' }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints != 'web' }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose the /_synapse/oidc paths
# Enable this if you need OpenID Connect authentication support.
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled: false
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_path_prefix: /_synapse/oidc
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_path_prefix }}`)"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority: 0
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints != 'web' }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose the /_synapse/admin paths # Controls whether labels will be added that expose the /_synapse/admin paths
# Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't. # Following these recommendations (https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md), by default, we don't.
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: false matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: false
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_path_prefix: /_synapse/admin matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_path_prefix: /_synapse/admin

View File

@ -11,7 +11,6 @@
- {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled }}"} - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled }}"}
- {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled }}"} - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled }}"}
- {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled }}"}
- {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled }}"} - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled }}"}
- {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"} - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"}

View File

@ -91,35 +91,6 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synaps
{% endif %} {% endif %}
{% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled %}
############################################################
# #
# Public Synapse OIDC API (/_synapse/oidc) #
# #
############################################################
traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule }}
{% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority | int > 0 %}
traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.service=matrix-synapse-reverse-proxy-companion-client-api
traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }}
traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }}
{% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls %}
traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Public Synapse OIDC API (/_synapse/oidc) #
# #
############################################################
{% endif %}
{% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled %} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled %}
############################################################ ############################################################
# # # #

View File

@ -1,18 +1,29 @@
--- ---
# Synapse is a Matrix homeserver # Synapse is a Matrix homeserver
# Project source code URL: https://github.com/matrix-org/synapse # Project source code URL: https://github.com/element-hq/synapse
matrix_synapse_enabled: true matrix_synapse_enabled: true
# renovate: datasource=docker depName=matrixdotorg/synapse # Specifies which Github organization and repository name Synapse lives at.
matrix_synapse_version: v1.98.0 #
# This influences:
# - the Github Container Image registry that container images are pulled from (see `matrix_synapse_docker_image_name`)
# - the git repository to code is pulled from when self-building is used (see `matrix_synapse_container_image_self_build_repo`)
# - potentially other roles which need to reference the Synapse git repository
#
# A popular alternative value may be: `matrix-org/synapse`.
# However, do note that the last Synapse version available there is v1.98.0.
matrix_synapse_github_org_and_repo: element-hq/synapse
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse
matrix_synapse_version: v1.99.0
matrix_synapse_username: '' matrix_synapse_username: ''
matrix_synapse_uid: '' matrix_synapse_uid: ''
matrix_synapse_gid: '' matrix_synapse_gid: ''
matrix_synapse_container_image_self_build: false matrix_synapse_container_image_self_build: false
matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git" matrix_synapse_container_image_self_build_repo: "https://github.com/{{ matrix_synapse_github_org_and_repo }}.git"
# matrix_synapse_container_image_customizations_enabled controls whether a customized Synapse image will be built. # matrix_synapse_container_image_customizations_enabled controls whether a customized Synapse image will be built.
# #
@ -49,7 +60,7 @@ matrix_synapse_container_image_customizations_s3_storage_provider_installation_e
# matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname: github.com # matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname: github.com
# ``` # ```
# #
# See: https://github.com/matrix-org/synapse/blob/develop/docs/templates.md # See: https://github.com/element-hq/synapse/blob/develop/docs/templates.md
matrix_synapse_container_image_customizations_templates_enabled: false matrix_synapse_container_image_customizations_templates_enabled: false
matrix_synapse_container_image_customizations_templates_in_container_base_path: /custom-templates matrix_synapse_container_image_customizations_templates_in_container_base_path: /custom-templates
matrix_synapse_container_image_customizations_templates_in_container_template_files_relative_path: '' matrix_synapse_container_image_customizations_templates_in_container_template_files_relative_path: ''
@ -70,8 +81,9 @@ matrix_synapse_container_image_customizations_templates_git_repository_keyscan_h
# RUN echo 'You do NOT need to include a FROM clause yourself.' # RUN echo 'You do NOT need to include a FROM clause yourself.'
matrix_synapse_container_image_customizations_dockerfile_body_custom: '' matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrix-org/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}{{ matrix_synapse_docker_image_name }}:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_synapse_docker_image_registry_prefix }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_synapse_docker_image_registry_prefix }}"
matrix_synapse_docker_image_name: "{{ matrix_synapse_github_org_and_repo }}"
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_docker_image_registry_prefix: ghcr.io/ matrix_synapse_docker_image_registry_prefix: ghcr.io/
@ -171,7 +183,6 @@ matrix_synapse_container_labels_traefik_hostname: ''
# When set to false, variables like the following take no effect: # When set to false, variables like the following take no effect:
# - `matrix_synapse_container_labels_public_client_api_enabled` # - `matrix_synapse_container_labels_public_client_api_enabled`
# - `matrix_synapse_container_labels_public_client_synapse_client_api_enabled` # - `matrix_synapse_container_labels_public_client_synapse_client_api_enabled`
# - `matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled`
# - `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled` # - `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled`
# - `matrix_synapse_container_labels_public_federation_api_enabled` # - `matrix_synapse_container_labels_public_federation_api_enabled`
# #
@ -224,21 +235,8 @@ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_entrypo
matrix_synapse_container_labels_public_client_synapse_client_api_traefik_tls: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_entrypoints != 'web' }}" matrix_synapse_container_labels_public_client_synapse_client_api_traefik_tls: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_entrypoints != 'web' }}"
matrix_synapse_container_labels_public_client_synapse_client_api_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming matrix_synapse_container_labels_public_client_synapse_client_api_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose the /_synapse/oidc paths
# Enable this if you need OpenID Connect authentication support.
# Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
# See `matrix_synapse_container_labels_traefik_enabled` or `matrix_synapse_container_labels_matrix_related_labels_enabled`
matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled: "{{ matrix_synapse_oidc_enabled }}"
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_hostname: "{{ matrix_synapse_container_labels_traefik_hostname }}"
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_path_prefix: /_synapse/oidc
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_rule: "Host(`{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_path_prefix }}`)"
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_priority: 0
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_traefik_entrypoints }}"
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_tls: "{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_entrypoints != 'web' }}"
matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose the /_synapse/admin paths # Controls whether labels will be added that expose the /_synapse/admin paths
# Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't. # Following these recommendations (https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md), by default, we don't.
# Regardless of whether this is enabled, it may or may not take effect due to the value of other variables. # Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
# See `matrix_synapse_container_labels_traefik_enabled` or `matrix_synapse_container_labels_matrix_related_labels_enabled` # See `matrix_synapse_container_labels_traefik_enabled` or `matrix_synapse_container_labels_matrix_related_labels_enabled`
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: false matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: false
@ -310,6 +308,15 @@ matrix_synapse_systemd_wanted_services_list_default: []
matrix_synapse_systemd_wanted_services_list_auto: [] matrix_synapse_systemd_wanted_services_list_auto: []
matrix_synapse_systemd_wanted_services_list_custom: [] matrix_synapse_systemd_wanted_services_list_custom: []
# Controls how long to sleep for after starting the matrix-synapse container.
#
# Delaying, so that the homeserver can manage to fully start and various services
# that depend on it (`matrix_synapse_systemd_required_services_list` and `matrix_synapse_systemd_wanted_services_list`)
# may only start after the homeserver is up and running.
#
# This can be set to 0 to remove the delay.
matrix_synapse_systemd_service_post_start_delay_seconds: 10
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages" matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
# Specifies which template files to use when configuring Synapse. # Specifies which template files to use when configuring Synapse.
@ -409,7 +416,7 @@ matrix_synapse_federation_rr_transactions_per_room_per_second: 50
# #
# See: # See:
# - `matrix_synapse_container_image_customizations_templates_enabled` # - `matrix_synapse_container_image_customizations_templates_enabled`
# - https://github.com/matrix-org/synapse/blob/develop/docs/templates.md # - https://github.com/element-hq/synapse/blob/develop/docs/templates.md
matrix_synapse_templates_custom_template_directory: "{{ matrix_synapse_container_image_customizations_templates_in_container_full_path if matrix_synapse_container_image_customizations_templates_enabled else '' }}" matrix_synapse_templates_custom_template_directory: "{{ matrix_synapse_container_image_customizations_templates_in_container_full_path if matrix_synapse_container_image_customizations_templates_enabled else '' }}"
# Controls whether the TLS federation listener is enabled (tcp/8448). # Controls whether the TLS federation listener is enabled (tcp/8448).
@ -534,9 +541,7 @@ matrix_synapse_event_cache_size: "100K"
# Controls cache sizes for Synapse. # Controls cache sizes for Synapse.
# Raise this to increase cache sizes or lower it to potentially lower memory use. # Raise this to increase cache sizes or lower it to potentially lower memory use.
# To learn more, see: # To learn more, see: https://github.com/matrix-org/synapse/issues/3939
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
# - https://github.com/matrix-org/synapse/issues/3939
matrix_synapse_caches_global_factor: 0.5 matrix_synapse_caches_global_factor: 0.5
# Controls whether Synapse will federate at all. # Controls whether Synapse will federate at all.
@ -631,14 +636,14 @@ matrix_synapse_url_preview_enabled: true
matrix_url_preview_accept_language: ['en-US', 'en'] matrix_url_preview_accept_language: ['en-US', 'en']
# Enable exposure of metrics to Prometheus # Enable exposure of metrics to Prometheus
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md # See https://github.com/element-hq/synapse/blob/master/docs/metrics-howto.md
matrix_synapse_metrics_enabled: false matrix_synapse_metrics_enabled: false
matrix_synapse_metrics_port: 9100 matrix_synapse_metrics_port: 9100
# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions. # matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded. # If the Grafana role is enabled, these dashboards will be downloaded.
matrix_synapse_grafana_dashboard_urls: matrix_synapse_grafana_dashboard_urls:
- https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json - https://raw.githubusercontent.com/element-hq/synapse/master/contrib/grafana/synapse.json
# Controls whether Synapse metrics should be proxied (exposed) on: # Controls whether Synapse metrics should be proxied (exposed) on:
# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process # - `matrix.DOMAIN/metrics/synapse/main-process` for the main process
@ -648,7 +653,7 @@ matrix_synapse_metrics_proxying_hostname: ''
matrix_synapse_metrics_proxying_path_prefix: /metrics/synapse matrix_synapse_metrics_proxying_path_prefix: /metrics/synapse
# Enable the Synapse manhole # Enable the Synapse manhole
# See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md # See https://github.com/element-hq/synapse/blob/master/docs/manhole.md
matrix_synapse_manhole_enabled: false matrix_synapse_manhole_enabled: false
# Enable support for Synapse workers # Enable support for Synapse workers
@ -884,7 +889,7 @@ matrix_synapse_enable_media_repo: "{{ not matrix_synapse_ext_media_repo_enabled
matrix_synapse_media_instance_running_background_jobs: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) else '' }}" matrix_synapse_media_instance_running_background_jobs: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) else '' }}"
# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported.
# appservice workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). # appservice workers were deprecated since Synapse v1.59 (see: https://github.com/element-hq/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types).
# Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option. # Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option.
matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}"
matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300
@ -894,7 +899,7 @@ matrix_synapse_workers_appservice_workers_metrics_range_start: 19300
matrix_synapse_notify_appservices_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list | length > 0) else '' }}" matrix_synapse_notify_appservices_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list | length > 0) else '' }}"
# matrix_synapse_workers_user_dir_workers_count can only be 0 or 1. More instances are not supported. # matrix_synapse_workers_user_dir_workers_count can only be 0 or 1. More instances are not supported.
# user_dir workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). # user_dir workers were deprecated since Synapse v1.59 (see: https://github.com/element-hq/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types).
# Our implementation uses generic worker services and assigns them to perform appservice work using the `update_user_directory_from_worker` Synapse option. # Our implementation uses generic worker services and assigns them to perform appservice work using the `update_user_directory_from_worker` Synapse option.
matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}"
matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_port_range_start: 18661

View File

@ -24,7 +24,6 @@
- {'name': 'matrix_synapse_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_internal_client_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_internal_client_api_enabled }}"}
- {'name': 'matrix_synapse_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"}
- {'name': 'matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled }}"}
- {'name': 'matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"}
- {'name': 'matrix_synapse_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_federation_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_federation_api_enabled }}"}

View File

@ -342,7 +342,7 @@ listeners:
{% if matrix_synapse_workers_enabled %} {% if matrix_synapse_workers_enabled %}
{% if matrix_synapse_replication_listener_enabled %} {% if matrix_synapse_replication_listener_enabled %}
# c.f. https://github.com/matrix-org/synapse/tree/master/docs/workers.md # c.f. https://github.com/element-hq/synapse/tree/master/docs/workers.md
# HTTP replication: for the workers to send data to the main synapse process # HTTP replication: for the workers to send data to the main synapse process
- port: {{ matrix_synapse_replication_http_port }} - port: {{ matrix_synapse_replication_http_port }}
bind_addresses: ['0.0.0.0'] bind_addresses: ['0.0.0.0']
@ -351,7 +351,7 @@ listeners:
- names: [replication] - names: [replication]
{% endif %} {% endif %}
# c.f. https://github.com/matrix-org/synapse/tree/master/contrib/systemd-with-workers/README.md # c.f. https://github.com/element-hq/synapse/tree/master/contrib/systemd-with-workers/README.md
worker_app: synapse.app.homeserver worker_app: synapse.app.homeserver
daemonize: false daemonize: false
{% endif %} {% endif %}
@ -2484,7 +2484,7 @@ email:
# ex. LDAP, external tokens, etc. # ex. LDAP, external tokens, etc.
# #
# For more information and known implementations, please see # For more information and known implementations, please see
# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md # https://github.com/element-hq/synapse/blob/master/docs/password_auth_providers.md
# #
# Note: instances wishing to use SAML or CAS authentication should # Note: instances wishing to use SAML or CAS authentication should
# instead use the `saml2_config` or `cas_config` options, # instead use the `saml2_config` or `cas_config` options,

View File

@ -52,6 +52,13 @@ traefik.http.routers.matrix-synapse-public-client-root.tls.certResolver={{ matri
{% endif %} {% endif %}
{% if matrix_synapse_container_labels_matrix_related_labels_enabled %}
############################################################
# #
# MATRIX-RELATED (/_matrix, /_synapse/..) #
# #
############################################################
{% if matrix_synapse_container_labels_public_client_api_enabled %} {% if matrix_synapse_container_labels_public_client_api_enabled %}
############################################################ ############################################################
# # # #
@ -135,35 +142,6 @@ traefik.http.routers.matrix-synapse-public-client-synapse-client-api.tls.certRes
{% endif %} {% endif %}
{% if matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled %}
############################################################
# #
# Public Synapse OIDC API (/_synapse/oidc) #
# #
############################################################
traefik.http.routers.matrix-synapse-public-client-synapse-oidc-api.rule={{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_rule }}
{% if matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_priority | int > 0 %}
traefik.http.routers.matrix-synapse-public-client-synapse-oidc-api.priority={{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-synapse-public-client-synapse-oidc-api.service=matrix-synapse-client-api
traefik.http.routers.matrix-synapse-public-client-synapse-oidc-api.entrypoints={{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }}
traefik.http.routers.matrix-synapse-public-client-synapse-oidc-api.tls={{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }}
{% if matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_tls %}
traefik.http.routers.matrix-synapse-public-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Public Synapse OIDC API (/_synapse/oidc) #
# #
############################################################
{% endif %}
{% if matrix_synapse_container_labels_public_client_synapse_admin_api_enabled %} {% if matrix_synapse_container_labels_public_client_synapse_admin_api_enabled %}
############################################################ ############################################################
# # # #
@ -221,6 +199,13 @@ traefik.http.routers.matrix-synapse-public-federation-api.tls.certResolver={{ ma
############################################################ ############################################################
{% endif %} {% endif %}
############################################################
# #
# /MATRIX-RELATED (/_matrix, /_synapse/..) #
# #
############################################################
{% endif %} {# end of matrix_synapse_container_labels_matrix_related_labels_enabled if-check #}
{% if matrix_synapse_container_labels_public_metrics_enabled %} {% if matrix_synapse_container_labels_public_metrics_enabled %}
############################################################ ############################################################

View File

@ -66,9 +66,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse
# Intentional delay, so that the homeserver can manage to start and various services {% if matrix_synapse_systemd_service_post_start_delay_seconds > 0 %}
# that depend on it (After/Requires) may only start after the homeserver is up and running. ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_synapse_systemd_service_post_start_delay_seconds }}
ExecStartPost=-{{ matrix_host_command_sleep }} 5 {% endif %}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-synapse 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true'

View File

@ -130,7 +130,7 @@ matrix_synapse_known_worker_types: |
matrix_synapse_known_instance_map_eligible_worker_types: matrix_synapse_known_instance_map_eligible_worker_types:
- stream_writer - stream_writer
# The following section contains content that had previously been generated by a script (`workers-doc-to-yaml.awk`) processing https://github.com/matrix-org/synapse/raw/master/docs/workers.md, # The following section contains content that had previously been generated by a script (`workers-doc-to-yaml.awk`) processing https://github.com/element-hq/synapse/raw/master/docs/workers.md,
# but is now maintained manually due to: # but is now maintained manually due to:
# - the script being tripped up by the content and generating somewhat inaccurate definitions, which had to be fixed up manually. # - the script being tripped up by the content and generating somewhat inaccurate definitions, which had to be fixed up manually.
# - the script being complicated and unmaintainable # - the script being complicated and unmaintainable

View File

@ -339,3 +339,25 @@
You should remove all its variables (`matrix_ssl_*`) from your vars.yml file. You should remove all its variables (`matrix_ssl_*`) from your vars.yml file.
We found usage of the following variables: {{ matrix_playbook_migration_ssl_migration_vars.keys() | join(', ') }} We found usage of the following variables: {{ matrix_playbook_migration_ssl_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_ssl_migration_vars | length > 0" when: "matrix_playbook_migration_ssl_migration_vars | length > 0"
- block:
- ansible.builtin.set_fact:
matrix_playbook_migration_matrix_synapse_container_labels_public_client_synapse_oidc_vars: |-
{{ vars | dict2items | selectattr('key', 'match', 'matrix_synapse_container_labels_public_client_synapse_oidc_*') | list | items2dict }}
- name: (Deprecation) Catch and report matrix_ssl variables
ansible.builtin.fail:
msg: >-
We found usage of the following variables which are now removed: {{ matrix_playbook_migration_matrix_synapse_container_labels_public_client_synapse_oidc_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_matrix_synapse_container_labels_public_client_synapse_oidc_vars | length > 0"
- block:
- ansible.builtin.set_fact:
matrix_playbook_migration_matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_vars: |-
{{ vars | dict2items | selectattr('key', 'match', 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_*') | list | items2dict }}
- name: (Deprecation) Catch and report matrix_ssl variables
ansible.builtin.fail:
msg: >-
We found usage of the following variables which are now removed: {{ matrix_playbook_migration_matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_vars | length > 0"