From 949228eaf8e1bc5697d60c6574503e4d8141cbe2 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 19 Apr 2022 14:41:31 +0300 Subject: [PATCH 001/381] update synapse 1.56.0 -> 1.57.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 9e3326695..1fb247a04 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.56.0 +matrix_synapse_version: v1.57.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From f0842d7226f239d434d7e40911e5bbd2cd78ad2b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Apr 2022 17:28:43 +0300 Subject: [PATCH 002/381] Document that upgrading to Synapse v1.57 may be dangerous in some instances Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1766 --- CHANGELOG.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c68ed63d..d8de53ad4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,24 @@ +# 2022-04-19 + +## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action + +If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading: + +> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs. + +If you're not running an `appservice` worker (`matrix_synapse_workers_preset: little-federation-helper` or `matrix_synapse_workers_appservice_workers_count: 0`), you are probably safe to upgrade as per normal, without taking any special care. + +If you are running a setup with an `appservice` worker, or otherwise want to be on the safe side, we recommend the following upgrade path: + +0. Pull the latest playbook changes +1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) +2. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`) +3. Start Postgres (`systemctl start matrix-postgres` on the server) +4. Start the main Synapse process (`systemctl start matrix-synapse` on the server) +5. Wait a while so that Synapse can start and complete the database migrations. You can use `journalctl -fu matrix-synapse` on the server to get a clue. Waiting a few minutes should also be enough. +6. It should now be safe to start all other services. `ansible-playbook -i inventory/hosts setup.yml --tags=start` will do it for you + + # 2022-04-14 ## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action From 295ef29fe0ecd03e48f80fc7b60924d8b253c561 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Apr 2022 19:29:41 +0300 Subject: [PATCH 003/381] Announce borg backup support Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1727 - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1754 - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1755 - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/467 --- CHANGELOG.md | 7 +++++++ docs/configuring-playbook-backup-borg.md | 3 +++ docs/configuring-playbook-postgres-backup.md | 3 +++ docs/configuring-playbook.md | 7 +++++++ 4 files changed, 20 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8de53ad4..b7800da08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # 2022-04-19 +## Borg backup support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [Borg](https://www.borgbackup.org/) backups with [borgmatic](https://torsion.org/borgmatic/) of your Matrix server. + +See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) documentation to get started. + + ## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading: diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 4177c561e..44c970af9 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -8,6 +8,9 @@ You will need a remote server where borg will store the backups. There are hoste The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day. +By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), Borg backups will also include dumps of your Postgres database. An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for Borg using the `matrix_backup_borg_postgresql_enabled` variable. + + ## Prerequisites 1. Create a new SSH key: diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 2d878c11d..75b599c88 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -2,6 +2,9 @@ The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you. +For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead. + + ## Adjusting the playbook configuration Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3d5e6c2c7..c842a8703 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -152,6 +152,13 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) +### Backups + +- [Setting up borg backup](configuring-playbook-backup-borg.md) - a full Matrix server backup solution, including the Postgres database (optional) + +- [Setting up postgres backup](configuring-playbook-postgres-backup.md) - a Postgres-database backup solution (note: does not include other files) (optional) + + ### Other specialized services - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) From 80c9551ef95f87b167bbb2f0aaf40a0e457bcc8a Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 19 Apr 2022 19:42:13 +0300 Subject: [PATCH 004/381] matrix-backup-borg - cleanup the .service from the systemd list --- roles/matrix-backup-borg/tasks/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml index 0a90a2e88..a82fb7b8e 100644 --- a/roles/matrix-backup-borg/tasks/init.yml +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -1,4 +1,4 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}" when: matrix_backup_borg_enabled|bool From 502ea21fba3afe318f7c811d60edbe061b09765e Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 19 Apr 2022 22:01:14 +0300 Subject: [PATCH 005/381] add retires to all get_url actions --- roles/matrix-base/defaults/main.yml | 4 ++++ roles/matrix-grafana/tasks/setup.yml | 4 ++++ roles/matrix-prometheus/tasks/setup_install.yml | 4 ++++ .../tasks/ext/encryption-disabler/setup_install.yml | 4 ++++ roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml | 4 ++++ .../tasks/ext/shared-secret-auth/setup_install.yml | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index ae39d00a5..498a6c321 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -71,6 +71,10 @@ matrix_container_global_registry_prefix: "docker.io/" matrix_container_retries_count: 10 matrix_container_retries_delay: 10 +# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt. +matrix_geturl_retries_count: 10 +matrix_geturl_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 95a0ba53f..16b9fa659 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -70,6 +70,10 @@ group: "{{ matrix_user_groupname }}" with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" when: matrix_grafana_enabled|bool + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - name: Ensure matrix-grafana.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index e0fe8cf62..06989e7ef 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -32,6 +32,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: "matrix_prometheus_scraper_synapse_rules_enabled|bool" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - name: Ensure prometheus.yml installed copy: diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index dfc15a207..90411a34b 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -8,6 +8,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_modules: | diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 634b1ca5e..13a64c58c 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -13,6 +13,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_password_providers_enabled: true diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index f408e2f9f..843f03703 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -18,6 +18,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_modules: | From d04767a9d65158eb4670e90c7052d0dee1a07c9d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Apr 2022 18:46:10 +0300 Subject: [PATCH 006/381] Upgrade Synapse (1.57.0 -> 1.57.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 1fb247a04..44b82e954 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.57.0 +matrix_synapse_version: v1.57.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 018da4fb2517fae2d21ce583b42bf08085239743 Mon Sep 17 00:00:00 2001 From: Didier 'OdyX' Raboud Date: Wed, 20 Apr 2022 19:03:54 +0200 Subject: [PATCH 007/381] Slack appservice: Enable RTM by default It is very confusing to debug why messages only go from Matrix to Slack but not from Slack to Matrix. RTM should be enabled by default, as that's the recommended way to make this work. --- roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 index 96e689675..732b0b640 100644 --- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 @@ -9,6 +9,9 @@ homeserver: url: "{{ matrix_appservice_slack_homeserver_url }}" media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" +rtm: + enable: true + {% if matrix_appservice_slack_database_engine == 'nedb' %} dbdir: "/data" {% else %} From b2105f35ecd6f4ad0dec612d92727b809e9330b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 09:58:30 +0300 Subject: [PATCH 008/381] Add comments around rtm Comments taken from https://github.com/matrix-org/matrix-appservice-slack/blob/develop/config/config.sample.yaml We should probably reconcile our configuration with that one and include comments for other fields as well. --- .../templates/config.yaml.j2 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 index 732b0b640..911dd75e4 100644 --- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 @@ -9,8 +9,20 @@ homeserver: url: "{{ matrix_appservice_slack_homeserver_url }}" media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" +# Real Time Messaging API (RTM) +# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise. +# rtm: - enable: true + # Use the RTM API to listen for requests, which does not require + # the bridge to listen on the hook port. + # You should leave this enabled, unless you plan to use the + # bridge exclusively for webhooks. + # + enable: true + + # Logging level specific to RTM traffic. + # + log_level: "silent" {% if matrix_appservice_slack_database_engine == 'nedb' %} dbdir: "/data" From acaebfbf6729c4a313cbea0f26180f01aab99926 Mon Sep 17 00:00:00 2001 From: borisrunakov <93043305+borisrunakov@users.noreply.github.com> Date: Thu, 21 Apr 2022 10:31:26 +0300 Subject: [PATCH 009/381] optional media cache with range requests support (#1759) --- roles/matrix-nginx-proxy/defaults/main.yml | 12 +++++++++++- .../tasks/setup_nginx_proxy.yml | 10 ++++++---- .../nginx/conf.d/matrix-synapse.conf.j2 | 19 +++++++++++++++++++ .../systemd/matrix-nginx-proxy.service.j2 | 3 +++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index de1a31461..0aaa53edc 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -275,7 +275,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate: "{{ matr # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}" - +matrix_nginx_proxy_tmp_cache_directory_size_mb: "{{ (matrix_nginx_proxy_synapse_cache_max_size_mb | int) * 2 }}" # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf). # for big matrixservers to enlarge the number of open files to prevent timeouts # matrix_nginx_proxy_proxy_additional_configuration_blocks: @@ -557,6 +557,16 @@ matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] matrix_nginx_proxy_synapse_frontend_proxy_locations: [] +# synapse content caching +matrix_nginx_proxy_synapse_cache_enabled: false +matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}" +matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" +matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" +matrix_nginx_proxy_synapse_cache_inactive_time: "48h" +matrix_nginx_proxy_synapse_cache_max_size_mb: 1024 +matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h" + + # The amount of worker processes and connections # Consider increasing these when you are expecting high amounts of traffic # http://nginx.org/en/docs/ngx_core_module.html#worker_connections diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 92454e96f..30001dd29 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -12,15 +12,17 @@ # - name: Ensure Matrix nginx-proxy paths exist file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_nginx_proxy_base_path }}" - - "{{ matrix_nginx_proxy_data_path }}" - - "{{ matrix_nginx_proxy_confd_path }}" + - {path: "{{ matrix_nginx_proxy_base_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_data_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"} + when: item.when|bool - name: Ensure Matrix nginx-proxy configured (main config override) template: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 720b50867..b15546fe6 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -5,6 +5,9 @@ {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'user_dir')|list %} {% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %} {% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; + {% endif %} # Round Robin "upstream" pools for workers {% if generic_workers %} @@ -95,6 +98,14 @@ server { client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} } {% endfor %} {% endif %} @@ -227,6 +238,14 @@ server { client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} } {% endfor %} {% endif %} diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 172a83bc9..74356ea93 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \ + {% if matrix_nginx_proxy_synapse_cache_enabled %} + --tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\ + {% endif %} --network={{ matrix_docker_network }} \ {% if matrix_nginx_proxy_container_http_host_bind_port %} -p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \ From 90a142439aa983c7e59c1c9598bfbed2473789ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Thu, 21 Apr 2022 10:07:47 +0200 Subject: [PATCH 010/381] Add matrix-registration-bot (#1771) * Add matrix-registration-bot This adds an install and uninstall task plus helpers. The bot is disabled by default. This commit does not include documentation, yet. In short, the bot can be enabled by adding matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_matrix_user_password: "verysecret" matrix_bot_matrix_registration_bot_matrix_admin_token: "supersecret" to the host_vars * Change bot username to bot.matrix-registration-bot following convention * Address smaller remarks, fix local docker build * Switch to an env file * Add environment variables extension for additional config * Add documentation for the matrix-registration-bot * Add screenshot on how to obtain admin access token * Use bot as admin to only have one access token (bot and admin api) * Use cleaner setting of matrix_synapse_registration_requires_token * Use config file for cleaner more secure usage * Delete unneeded env * Rename vars to make usage clear * Fix typos/wording and add notice about logging out * Convert configuration to use |to_json * Reorder role includes Nothing should be after `matrix-common-after`. `matrix-bot-matrix-registration-bot` can probably be anywhere, but it makes sense to put it next to the other `matrix-bot-*` roles. * Minor group_vars/matrix_servers touchups Co-authored-by: Slavi Pantaleev --- .../obtain_admin_access_token_element.png | Bin 0 -> 210079 bytes ...ng-playbook-bot-matrix-registration-bot.md | 72 +++++++++++++++++ docs/configuring-playbook.md | 1 + group_vars/matrix_servers | 29 +++++++ .../defaults/main.yml | 49 ++++++++++++ .../tasks/init.yml | 5 ++ .../tasks/main.yml | 23 ++++++ .../tasks/setup_install.yml | 73 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 36 +++++++++ .../tasks/validate_config.yml | 10 +++ .../templates/config/config.yml.j2 | 12 +++ ...rix-bot-matrix-registration-bot.service.j2 | 38 +++++++++ setup.yml | 1 + 13 files changed, 349 insertions(+) create mode 100644 docs/assets/obtain_admin_access_token_element.png create mode 100644 docs/configuring-playbook-bot-matrix-registration-bot.md create mode 100644 roles/matrix-bot-matrix-registration-bot/defaults/main.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/init.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/main.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml create mode 100644 roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 create mode 100644 roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 diff --git a/docs/assets/obtain_admin_access_token_element.png b/docs/assets/obtain_admin_access_token_element.png new file mode 100644 index 0000000000000000000000000000000000000000..2204ff39b036f0aa3f5b20c470f0a55df85c4f9d GIT binary patch literal 210079 zcmeFZg;&WnZU=txAkRwQl3Msqlu1}ac8XvhWo!CtLzJ2qq z@WZ8n+X)W(oNSL3m4Ch{dDLFWUuildF`2+wv{q1k=*s6|na^KxkG`!?weV$c`18Wi zj$}4ons+Z&t>=le(IYMNzTUdCoGvQ)b(F$8$>I3zk-(9U%?&SGY;V`gBbJ4GQ7>_C z|ML}wliOQQ8d0$S_5I&3&tqD&yMMp0apNxXhri#+K|n`*F8a@xD#Fb-6o0>-yng%a z@2`a2dnWYntNlX%N-qERSB!7U{i_8nL z*7wbZQgr`r?Iw0RDRQhdb&l#2jySBi!4IQ`EzF&qr0HyC;cZkqu5Z=pU$Dk#+aGiX z%%)HX>|rF$2DXw>Mzn1o*mwtJByx-D>0R|H{(B&m4TY$0RI?)w)`or$|CqPACKzoneQ2dMQsRW+=O?6?dAD|ZMb3U^_R;?w zxBakY33-nthmw|3XKSKse6ALU5+P>zLU+T0y+Luu6g8=wyryQupW^KDt!e(M{oQP0 z@6DU1r&CD?ooffXWIl621FC9sj@&DoHC?rQCrE$Bc*UviNVShvnsOekk4ec`JuP_k zagIiIw?T@je@gJjcWYPUcPlIRF&oLl#C!V3q^Ry_C{z9oB}92`MOj_l8*_81nEOZJ zlGSG|Tt3d&H|r_l83{Vo7{lMUMn_dywBsXla188)iIFbCcBPh;p#?QJjE@s5MJRQ2 zbQyk;KECkw6ksZUgRt=OB{JfT*&QyX+S5O0eKMv+8lyiAkm5M4>X!EGE*qZfdM`Z1 zoau`h&qfkW2IIL zJFTQ?RaKa;6BBjwic9+ky%KhI>@XXpe~>4|#y&8&$hw7sps-v$>zZDRCjV?x83^jEqc`_7Z*t16f@Ia{@pnWX*oI8r%z=iG;U@OThSjh4GP$TTP0>WKH2Z9arfJ&oBpy8XBm75PX8s z$Sj_wB$}!qoXm_JKvFsJX3)Hz`Mxph{X1<`z01Tq>ha1v7l)w*?+pmKh_Tn5dGUj8 zHX2hTNWl9BzDR{19A_kOt|W3JUIa71{w?k1+s3IhsH@MNBQAZ@=97S2;al~K}%hD7(1?Om#2JRFnFvjyf zx9L83?j#tza0@XAz3tXK!Y9eJ<+Zh?ksUloXD7xisf>Q@GS^!f{qXI0g|cCJy;h$q8y``MM14=gx3yO-oNfz|!*1Je&W>jZ1mtveNoAw)5a10{ zaRfWwT%1WzM^xFJVqPsAU41GjP$;pQXvh#exOKSxM}nSoF1X+Hc#O#>I4Vk2Tb3qU zjdR!3=agpN*p!WrwZWmgwrq?fM7 z#xrbH2?m7oizu$sH6EkY7Bo+v4!ZJ_QfFjvIjypHlX@r0(>5&$9!af_RT2eE)c4NO z98cErwS}d&;^#&tY?!t$%B)XS2Kb-4@9yp~$6=Y63S)+Tw4I%Q974?hVyyTusa=Ti zZ}7XM+R`=^4`m~;TaEj7ngn2$-t@E%4fs>>0?ta@RE(%ojfuHus`C3{Mlrq6*EVG8 zMI`=+ws(yyP0W~^Kl?dJLmhVd?p?NTUEPS%5)t+H4~R)j)KFH_P^iDW@Nir24R{P^ zv2`?8QEW{YnewgdT}1^?2~_zf`86#Og2xXX9QG3Iuq%Dz<1Kgh_V9DfiZ$EXx=`vY zIc&?dzjUHlm&To+^LYwP3Fo#MLvo$1xQA(CYHGxRS@&+jnsRK5hLE28L2&rSkx_A% z4}OF}gGq5%QnZ-0^=n6J86zX4q^kwJ*#a@L^q)WPCUpljn?FjB4Ac80_uP$JPH>N2 zj{gFa)B2E}52?eZGA}c4QO)OIFGs5=R$u4_X((z?voN#zGhJ&^zk2dvoAJ7>?i6xC zvW$L-lBv)MYptI{i!wxR`(Xhi)efj`Zf>sCx^Qv)4Jg9I<#iQaI5|CnggM_Ft-IJp zcK%6}^_I)Az`r-6GP>V)L8-CY{X$m{E`QqxZEKyoZ~ z!n*t!^$3lal+*yCRGH4tfYA7)itoG!X~a@BkE4{Ci%S%W;qsrj*x1?qm?9}vHz^@+ zfur@Q_6&g&J1BNRZN@1X83994925?>A;+jhMt+WrQk4G`+P(CMIBrCedM7`$8Oy6Gbo$GT)g$kyf870G4%O&B8ClxNs-FwL^87@F zgZVz`!NF1gcwfT-5ocyrPTh**F4Rs4o0ynmZLd0opzqroLs9hyWOPuok$EVIX zjzZ_o2UP-0LoR5DYis7CJwFo*3l#x_@$*;n?X4ShCDhizp~E2|ogEcfEIHfT7q+#x z8#VeLXxG@Q{0oDBvBt*6f4$ITi;<3fy2er9-ie}^Nu_Z~d?%2Lpes>x`Hr@%i)`>@ zsyuB+7-j3P-IqI3Nf$WB7Xo~wIA@2O22+##qNyx!q&?0X52Bg$7G~4hf0pP_-U-AF zY8J1x68CR5oT>4^DNN1`bmZwA86ou9QM-yzvWYh^H#bk-oJw@}znVMpj;0Yfz5ToW zw|b??JqS;TGZRC@@W4O`|A6b2;J|MRb|Txn<)WSFCihZp}y_=*w|RV*Q}9} zP;43&+SSU2CJW@xbYnVAAmg13mDV;!T%C$EgrOm5XlQ8Hct+Nq?+H>eT_2>30kgQ7 z1WSUB4%HnAx+hOY3f=JB%F7Wt{Dt|>#`ioo)~1YYZC}lhR=RA=JJcR)kb11&o;3UD zXlM8E%`=48>hxU&cp0vXJqCaBiX+;LnK6C)O}lp1^v>_mJ)tAKPx8{;+@$yD#b1UI z)jBYbJggbV5`%fTUP~6x*j8MUtzBVzT5^QK7!7dhMg@S~v8yQ;ZkJ8Iq{{)CkrJyX z^>5F$lzcXn)l?L8RewXJ`w|nAR+JsLb=iN!Nd=vtvJSJW{!n{bob;P!ODG=5p{>3Kgsyzn99H9XdKb-CJMgd0|VQ(1Zz`5YEKP;9M!cxC9?0zbk8Zm${4DUei<)j(AM6^jb%3Y zf@!_*noCEvN_R{6;@2T_e-(fQo(rmbOQvLq#WA1jHk8%$T<|mS2 zvT_I#&Tljdb66&lk=v_bW7u&KtJC94Q{%-*`@dp`0%7Rr__?=Nq0IgsLhV$yf4URj z>2@REPH*V6bEQUgR#^JM8kgNF77A(rvljgqX%vJ4^^d*1EIgGJ64W+ZXr7g>6!pax z8}Ec?(lP|}W0H8p*@zaOC+kv#k;hc=%fCBeW+n~VlPyK}6DH>M4!7m%*#3ofZ{a1d zsVZF@fG{oo?!?%raAFt4+|I;Bqtol}VR`aN8EzL8o>gXu!#H)&~)<`)(Xi#5fm!vPWl+j1Loo`l%f_1Zw|ef5z+i$g(2 z1!~7bLBXWHzB?!=C|_a{9=WYm0CNl>f}K)9#=mX*SE4y!n@_I+l*(I z(#!2xbCUNAqP&rtY>44yvF6Upmj;BTwPf2eb8~ao6t?Q{R6$Zo@|9&yMoEePY8Kt9 zdDi16PbixWRW@I!c==A0B-^bf~__crKTS;CRWPTO_j^BO` z8TeQzF;EbS7tjGb=y+fwero%6e_1Qhs-gW3viB+;*<3y9CJpDOMkp@%kR-3^GYSf7 zbkt;c%oIVpXPI%a=8rMUZ;ECps3-*f=4IN9kkrL9*r+zQL!LD<|1zFjEj#<+r!r%E z&6)vQ-k@c8OwGjk%+z!^g{P5u+m-)w6uuEh96>^5gfXjxjUJh=hzK#aJ8^dN+p!Ik zrI3yD{HvW|_2R7CN!{(MgV|^(7?2fp*k5Y=&9#$poV+(&{x_uj^P?@TsMgx~=AZQ7 zu^*%BpA0mpZ!t;Xa&far@I+GJqD>#TpUl$;wlvLCiG`4wdU|>$cQIo=SY0bKy%La= z{J;{oWFrU&Y-EHBb|xf57S1qGl!7Y(n~v^xIsA;S$A!}iv84=*+Lf6AQhit_T%eC3 zAv?R-`F1l6k09?XVX%IZ%)mz!&K~^Gz0_RRsI2p4i`KJfh#9j=V2fm`^l0m)zW%3> zJVtX13xtuMc1VCbX8RVhMJdAkDj*k@SdU5ruJdQ9&2`Ug71%{v8_In|GbTqJF~d7` zLAtR)@=o|6f{BT#+uZ(rfs4%0{}d*qxIzC;bC1@ie`TC`8V?8NU$IVc%m0E|m-XFt z<37na5o+48x#N3VWe+`UW zxQOj~A6f4sV*~-wGID)2?TdpLr=`j5y-TH{5(!vu=EoTK4<9lu4l83z&-lzXv;QbB z<;G_hBOA_rE9}Yg?;~iYraMOWf+{W`MaUW$e2R}JzE*XBeb&E4X_|2@5GAqM>{m++PnlIqQ&)rlicwSac?a-4=Uh zo(t(i9T901X_~XM%C%V zD87y^PHY6hVZegNh8R9a-Hnh;BP1rA|J6GO_ajXFa{sFC@6}bU0LZfZ3l{{lt;}p2 z&?pWqI;G`gX6?({#@#z7{VYv1$p8{gfky-K=Iq*cX#a&b4P`IWWV%oDvc9=+2( z8zoi6kC1rN(?9(AbJA5KN+AT*G-Hx0xY=+a(c^HYN(9$+ewoD{=>~w8%-r01gVG|K zZfoEQE(Xg`H-W}7bFp{q;AI@2a$dfXKemo*p#LYS@9w45Zc$%&aYmDRtEE%Ze2I-$ zcR$W3q!%KuTV5uVMx5Q*SUFTh5`A6K!3hU(Lq%2;xZw0d`Sp#w!taG8Mjg!my z92u%b)7(y4d+(p27PVTAmO#9Wva1^39Ieu*@L38di!qM=VZFCui`@>2hq;|+si2US zI;}m5*u(pHbG5Mc%syFb}TYH8s1|2mp+DZW0Kd zEuKe?K@cYjIKIzjU|1imj_~q0lvh<1CdaKaD8&oxVBzBWTTp;A zc-Q0~>KPW<@mWp%5WBb6!<01!^4t865+*j5f~I1_)n(e00Yotuu`{;d5u)DJVkwvX z{z!@wXe1ypySbH@Y0E-NFlm%#jih)G3^HuI!;q=Wvj`=nRP^7bP}n_5p=q5COAgv63^RCSK8Q)(0i%{C{ViCQe|nl0vO7U% z-L-cZEp(%dLKXRds*d||JpQ5uwStaX5dHa>>mcrDI+C8!un;*DiwX_-{XJz6MnaUA>~Ke z-O~2X^>s|r{OHv`Jm_!z5C)#I8*;>f{x*AX`d+jFT2*&$1w`ji{Ur(%?PeOjb>mft z*ppYdqukumA#(b~quZyR-xMVf9;oJ~m3@mB<&$+L4`>U#mFTl5Hje4Sq+xafLJZ^) z*$kwhX2dU$x*$t0rYPJAZ0eKpW`u4Av=K9v!^MrQSIqt{^S1td-)BY5Z`(Jhd1+9A zFksIkP#gBr&KXfc<9ct$wfdP!4K)pF##r#E;ls#y9E>TZnLRwb(Q$mCY z)t%(ZBHzsrXA_fjgzb}a<-s8Z6{Vo|1w(tox38##c_K9n|LkVv&@T0gk*1qnXy)l! z&BTZVNTl@x2UOHiX^!?jDm~s+yG)E4;t)>m>1*FImkmJ5ANFlu&~%sldzi-cg*V?| zXW-eW;;Y7CG51c43hku@?H?U{5^uUeSb)t!5Qy-@M5jMDw^4&DzRPcJD?q2xSzbq{ z`GAO@@2DYYylS)v7ukAzq^X9#60pyli5yO{JX+<1EVFuDRA=0;_RdG37cg`ET6m(i zvbIJUBVAx}KnGeE;KsC+D&o*#DT=V^#ZJ<$cz!XeI}an;rgvPw=g?-DUGSV=(xKqF6!9BAntr&W|-=MRg~KS--g^-@4XgU4RkTB~2NS5TXJ zKfIP&Q4*re(+vGRr3gG5tpn5R;yh|;Iac8(&efpQO+5R1aM5pX#`X&k41a%rJ04;n zogF4@kD8y4`%DQvAR+?U=NsGotn6%BM!MMmLH7>@1$IL@y3HaulX7ZDP7r*I(HKd? zQeHX?kcIaM7{etp%q+i~ZY53(45>mZBRrG+-ogU1eWBat3BfJDMs|*YBGV(;!gGyl z+`6!5w>x0=wv8%|)7p4zazdTqTH8Q))Z7dbNxvZTkL`a6si=26D0~*HL~v8X-s(Su zpx-ID4FQJl_u591YPO?88u+*HkMCbvp053B>zvzd-izmV@-#c?hKA06q}$E~?e6EA znwkV%ZhWNi*r>3_&=QBT2s-z+>$v4B^Vy=S8MgC-sdJM2nnND_+4{4s1&pLCVmLS` zqVx#5`Ozs2!k62jS454ClA4v#(4HE~Ck?xmH;GP-^al9P$J&eC>u{oplq_&)bp}1I-2Q-W%4Zj~$0`s15K05=@biO{FF)$@83HBX7kDTTfij%`WX?Y`|@f{ z7ysFzVTrnWk@HjR3}3dTF1zz43FwsrEQR(UJ?Nh#W2JqQy|<8T`GfqTX-e_;~Y+AuE2jc=gR-P!qBI4o?BWH{+hr^|si1S;6z?{_>WVaw#!DgBfw;qR~3*qH94zxTG;aZ@R%x3Xq>h zk^9p)PMapng6ZNh5NnJ8qnyudT_rWy@YfE{JtCz4T3n13*NO6sB23@iL;xB2eX|kO z?6p=&jfZS+|2-?`8#Cdzlq$>14X7J@oE!UkA-o z%f5Yt8e!?oTLhHW>1Y4MXxI4oc({s>^R>9!CIMPQTi2nIf`Y8tuqUUUm?;fOLV~i2 zs-mv0>{T6k@2k7f{SxdCUK%@oEU~y=hJH;YbAl{LrKLTOzC0{)owcJDp^hlOw;3az z(f3Zo0K_CSGczq(wwS!zF>!M(2SiPV1zOQvdS|M^fx$$v*K!Q-+~t*(m(I>nySuEC zQc^-J|GIjrP$9|?MVA)8BqUPb4n?}3Wo~}Mwn7_j*p2DElgzx_N+(7U3Q|*N_gHbR zDq3VMMo=T=X{8+;FjQ1jh|5d`p@;_V-0F+Lgg70{Cei@!f@xQRk-dF5s0MO!Od1*j z&=|h&es&777Icx7v=ya&d<2#H`=xB0#C%13_i->kwHY5z9wix@n?C@7!@%GnX=vP= zH$vByul@B2`Hz~skku^7nyY!7GS?MWfbs!k?ytkc!_yZ2W=aadA*c`jqaPa=DE?Cj z;URK#hefTtD2-An5#|>cjEctIoaB|S#}gAX68MiwuUc(wX<0MX?4u`LNRxu>hk&ru zr3ZpXkGx(tl!!L0`EBU$vas{LZ8ltlVnOD0PPsl(Kr&Xo2R#rD%U82u0c7(aB++yw z^4HE|yA1sq>H^Vbq{@tvx5R2;chH2-n)7JFe`sE4L}V| zcz8RMX+X4L=IALhGO(f9v8fBw!}ZCwYShh{z1njP5J*x}jpBKI-q?7rk*%z+Q{V^P z4yunSTDtD;M}`Vq-u6CF69^bIGb2~l5f_2Bo$P89CR&4)bX*W)3 zH@}zdB{ahe&PwXqAI26;oSjiZT`qOr1ZNN5pvOe{FM>i7Yrs7GFM|4c&1v2|!+u^` zvJfkc0)7r7BfR~iBfOY6t&v1aXsZ9-h0cyYkWFSxiZC?F)YSdM!!T*;$8>a5G&BKW zGq+n>S|u|20W9tA?V{o1+k&D6DGfWocYOT1)&Nxl?hfP>6AO!tnG4yN787OXq)K#g zae2eb;?;-t1u8+N(C~1>9M$V~WqCO_a6wQofkuQ!$9c3`{F@6V*{_M%5II$F{s#^;)L|ytNziJOPVzXxeg>=QXH`9G%~-Zx%1A% zRDufB?U+YTI@sbmfki@?;0N80Xd{o1h>)fZY@UTw32lJB_J3-SfGrpt=S5~pef9+H zrm9hY?Vdy>B7(zWchw?)FWBc;4B!^R^nvSf-_|8QlwT@N-08l^C+8=6=TAF3JDczV z;k__Wd@ZLc{LVIcpE;@A1N{pUpO`6uSSabz_8t>6FK;&UKZmi&^Pl&tU)l>#N($(o zF*dY+>q;-{Us`dR(o0z2>iO_18zxdxcWcPT*!Rr5Yg-R?z-WyX21x>m3npTz^=Jnr zj^M9JK&G_6S{EF{4Qj@IfCSre%EMu8IeV>EGvww{ZT|58Z!G*meGWZo&+ib$JNwC| z*Z3kvl7U$6Q3OaPEF1#ZuZP!?Yx1HR^snt2y|moi+}BXh$88rC+CP34ohEFciITb< z3z52SdxPY%)UEezdPScaGkJ0Xi;Y5P0 zd##2<=W9PA4Q1l5CWq?>V&}9Yce&jKwR2@~N{a9UqP1K2^LVidkDS-s<2qYPa^pse zJP5pNlc4vzdwmMBN!;K7Y}q<0a@sTL%e;GbxG@7AlT`3bgmf`F-TbfY@k>Vpo;HVz zIwElV+3St562sC_=ycr$gmQ6q2&S3-pWY-Ozkx#t;aWxo;}cx#mF4C6o}%uZ-`V*L zIh-skZ98~0x5OxN^lC#+D>NTGScOW=2Cgf4n*SD&U7?CSSDD*kI3RGp08a4dX*T@d z&yo_m^^sf9ZiF_-HEnuEzGQWvI+Uj)q8b%yG5m+y>$GD`HI4v1z-(*z8_1l=wqH_G zD9p{XqNDy1B|P;9Zqrhb(Lvwq{FI=!Zh2%RrL7tyYa6dKUO>MJirS*!@xc%B+uU5+ zKfvjk5`3nkgM~8*f_I4}#Zj9!X5$w!y4iyn=W-5j zTevUR|MdfseK~rH#*T@UJ?K9%gFucS94=n1&5*OG^tO@q-lToR5y;f@er2@*aEXPgY*upiYx!u*gYMLuux% z@nDXSz(e;Fr;dO|We&$!-#_d*45tHps?-s;N?U!0*BTdgrk%U5P$A-hEQ>Z6n51W* z1qd6n+FYbCQtTF?2T)!&fZ5ojc=m?KNYXP*zXZKtAwmHz0m47DWYGMCKSxK;IP$c0 zbx{*z&+NHDi?^;>D%#B2`eB&(C)u<%V^&xJaOWLY#3BRzFP)!2(#~KpXs|9aAVh)m zEjruvCi(BxG0*_YJo>SHBfX*|vEoz(Ip~8em(I8Fwv#=4j6m1;nPeegsVUiW55jD} zDAN@iryYST)&iorb0wNz1Ed-!nh&18V9~p%KKnFVTu-@h(c~3$UqJg1!1cyhX@U6x zonjl6btq9rKZs6-ovVY&pQ9as-ldzGpouN|sJ=YAxI4duhdl*a{3l2m2810Q9kB4v zpYP5&^4#(hmX?-ftgimMWRuai!19HE{CF>;RidP;5!|>!9wW}m&i-twGY;YN=V&~% zc|~o_7v!9wg}ahn3Ea&+({;k?$KJoYyXU~hGdB#i{&=nSgjd&f<`L|BVMC6_p!oCW z+|V2wEGFTZ!~v$C_w zM*G{ruP81fgH`>M#)db$bz zTT9D5=&voZ+QL>MlneJ%KscJ+A>6QH_*ty|=ys@rvLZ^|Gd&zD2DKa8rlxcD<&X2f zQ``;(k7=1(_1Z=|;}gK~V7U_#x*>Sp+n;0pJ)COml7on2Z4)7&u80)DqJEfn{H}H6YQ=+LIN^t z!=1II^kLt=eIpENmiF+V$+a3LB#!mLj%d3!1GBRa;L+29;kXCP#^nwKkOU|qB@GJH zzvpEcLl9qU{jwSNNl6!>(e^PUc*5>U`mYIa8_(EtXXfXpg4e36%Q}(U@e8oY+d#zX)2?4Pr*IqU5>z3k zs(o~*NmOCtRR;+FfPAtaz`mYjTReV}-!$V0iX9;l(ZUNg8o07qu{=Y0Q)qSf0(>{S zu&o_k6t$+F>3ZV^^h;>Gyq7G$?1hDh@%H9j0sdqS4}F=I z20c>H_{_{IUr-d3;cke$b|^pf=g-fB*$+;7mAZQbnd_2GagctvbpOX2w5h`j z-YeD^cA(^}xWUb@%*@hC^KE)7{vO6pI1CJQba1(;cdure3x9X4LH=tEu2?7I>X!~*w~~a;DDj7*)7g@0M+7c zJ)*#oRMNt=#+ZG^qn6Ln-y+jz@SL;q;KmSe{Cqw00t27Xyk6lYb!Sa zA~;zrt?BIPVMeHQ-Z(B8t^soh0(27H-OpTi($vcSj0-C$JoGsiyNU$dVSggYR>a2U zxr;}ZT3GmYIFxwq`o#%RuI;(TXNS4aLY*xj zI~bT)IDk1M*R96rpI=r(&Szz1{oT}r94I{Pbr&5l0yIQY3RB*W zk83x~{IcqP_!r-3M3LKaf4N2l?yY*$KC1o(kY$9tbxHLu&TPPc$mMWI40hYrmSCBn zw{@Zv^#^O5uB$7iU*h7BrpHhA<`-{rx#|l}U2GmrI!(kDXWMa+#B;lZfZO&?Xe)rw zCGd`eHxpn|)+tCIiw#~o1bdeyBxflZ`Zqc&}RGr z8sgznliUwr8_&lvz*dhLVSpR_f*`?1i6RXAut8HN)mIke z6|sN*JaFC|@47nP@)2eYgWj^d{3kgJEh29pe6}k=k0TPQC9f&B%ZsLv{{Dyz8k+fd zG+Zj7w+eS&wuOJ!KhcibDE49;RZ5 zwA$^^ymcs2Ft;#AAFhgb2dMV5xa3Y|Zdw|*pd7_B6_tDG2A?EMFF!4`LiIG4^_<5&X^i`i6uw z+-_!Nh0DTp$4biHpGe{3pM52klkexas+_0EeSI7KHW(N>%kp5BA@15B@ac-x<^f7p z7Cs_pKQpro(i77gCp|XY2gG9!Z_6>ma7CJwn)+8-HHmb^{loq6b`!VNz*aLeYeRE) z|CJRp!yT@416(xZXA0F+)l z>UXSbandOqr3b0a(aD9NLFq1+&kV&(;sCii%j3 zY#z`h>+Q5PHDg~{zWSP7nZZ16%YE?Tg&5%jQdoP<-ozFQFKaN{($kVOFepbd_TVZZvqh~O4?>|xSpFegc3n_%Y zT4^}C=u##~revarRlK01%N{9SdiX~**TmMltIU6qnvO232g}!(qW;%50?i~}!*&n( zp%?%-mG8Z-5NAj_KQ207&Jb*N z(kA_LMovPqacxmF?&HL7DATG2LYQsqdw5iicB_iG0N#ygnEuB&Y{;FwveoH`?2 zV$!Ba6h{E}#tSM%DGMnKty0VSwFCUF;=996Q-?Lppv&f0xxcp3Dg}?vFXKYmtOf#s zBjT4YUsfGMhroN5;o47WbFpZ{%*Xfkr3P1CdwMX@@wusBpL_c!iT`C+ zHnqaYad!=-x2MUOF5Bf^X%)vF#FZ#2X-Qdq3(3lQfWWRp8Qspp&Q+JTXS!VD9V|-m z#wySlsgQ**$4lSyn#wk5gp&bEgMQvvzPIV9RuH;f3l>rRSWM zPGys$&7APhRR=?lAv*+M*UHk~oejJQ-AS7|$6}W;^7M>Px|)5Ir&H@ac9ZZrRs45P znkuC-Kd|R6uM&Sq!9_#473sf&`WDI);v4c$dUvTn+mmhz?CONc#jW;PatwBv)S8+Q zd5K#QN=ncbyQh|%k`iBRq1rz>DkCHFH0g3s4l+)C^wp}(tMAz&{Sc;vl&MCTSPKCs zd0LhJ-9Crql|x7{A)>6R3QBe8)K;UNHb}~#^@99?$e0{{hr;PLfc{?g1n^$)B(#)R zLFNFb4LdtKxHe(PL-(io_QW9xDd|IHMPUaAJT|r>(BSVLZY;kNQ&NF$K}=$dkc!Ic z8pXiCfV`q2Vp&I5XYbfpH%O8pb6?FK3=XOcJg4~l8Cl`3pE6zZbPqE)!;M)v-KEk0 z4V3ps{()iMFPnYq;xe;77|g4s-4xI0pSK@9E1~_xTa3GXa^Zcs>~rGM+=d1@!CQ|5#Q)pE^IJvOTX|B`k&WD+p(_57n(kk=_-U4kGe}tk!|_G|NQnl*Zi`4 z5#K2rM;#anNufpWeU(#IrvJbH2vgbC^^efEgCtI1Q`2m}cI)4DqwVM>JnRiXzlc1x09eYjePRPLdoc*k(!6f2(JC8{?}fnBB1$Q>e<_V@0V zEv>Sokr8E^a$(tW-oUC;Sqv9u0v+R>|2)pD*TTe^|KoT3uPML&^#b5Nu{1P{Z;xiQ zKiyw>K4vvW9U);fc9^m;+XdKOCn3SL3Wke4KWQo{wMXTS!7TyseS|(%0&P(m(jXT8 zr@?bv%_^JOuJkWVm!5`@@=H=jJhpVvfvNA{$g_og+4Gmo{G@-t9J$;o(A8@s1`UuS z2Fu#f@p1ZugyH-5??bM;M}YC)7~g#M_SwTGRDUZC=u4#Zmd~ajK38DIMCzXt8fMof zfJ+hANsoRH@eKk($Q)p{4=JC-sWzE^stYM7pL+|YuLvpJwH#w4c6msyaQCK6Kcu2p zu_*J6*_IrY-*s8?hlBEnjEn9|_tURiXyC_4FP03a(Mrx}2a2ZHdV(+CES4)oiEuYN zi_YHw3>1N_M#gO5NI+3gxz}p9?e6v8St$f?Dk#&*FqSg^baJzjm+p6z?ti8-_`EUn zsSGrnrYk;mn*6XLdalspbZr&MGMla_{aJr}OxWMA^sRs8WbH5|i!N_1#Z0p%I&Cey zec_i$QP7{w7eub;NggwQWco$;NGpxXUh!gIH(BTIVx{nZxt+H){ zF^*{T^1?bzc3k;rKWKh89pli=$C2r`)rr<-lmZ4&z2XjwVdwWV{bNUxqa7kmt#quN zZkDp z7HhJXxV~}nJ8oWG_VvmwKEMR#qN!SdYIm zAoSdeo0?u7eDYkZL+P&HGxA@pi5K@E0wle4h;qzRTkXzWpANffp2jyZy0a)A1|qt?LBiu>s@=a+;EFkH2RJut z)f|u{j0adXZSAq}vo$sc5xDLJ4}&Kv$YMV43elzH>IJ_Kw`L>bzEhGYgN0}tbwNOP_?r98$}1U! zpQj|Ruy_@aBFoC}YVPUgSk%^4TvEt7A{U!uwWN0^tKgaF;~y6yf_?FQg`InF#UIrgu5GBK^5XCIKF2$sKAVEc z*!`#<43V;7Z6@0%RqPy3dq>?!o-2IM$w|qrPU!1X#OxQ9pa#23Mqy#NE8mBg8eh`i zOfAt6qJ_7=1e4O;*z`i@2_E}VVpJRweb-lCL@BW8^RWv3CVe@VD?+;0D53g&=UnXQ zU-U>=anI{<$c7o?Q15*W7+>c;8M-Ci5B|NGR5Gt98_zj1Fcs9#?cidfVDLA>@#k7u zeG7lwl_1!<5|IHqby{X-OtlA@iKXLbW7a@HT>aLr1k3TVn3@{h5E2hOFsC^=J%y-v zC!F?ub$98T7UOe;ksk(>VjvhTnUh~SwE zkmK5yT=@di^xBLorP8c8a}R-{T7hxzS?;0is4>4!5hfF4-t48(lobKHNmS0UuuCx|?bGC7y8U*NjM6h=__4R?=}({_bp$;M|`( z^&UHWg+1PYhZ>k2u}Sz|ztkFdzB*FqL{wp5J9}L4ycOh*-@oZdJuC%v^F!H8yTJYa z#vxz@X<*k``$>Wxb5mFHprvS#Hhr8%R(e7K~fTQZ*7#o4^iA@66o0RzgUDKlbF!@#HxIzJf>m9n}yc$yN z=xnt-kQ^n_lq{!ed{s!YxlR{}Ud75vSv(02meJ<&NyH%N3X{xuj1gVn){gJIH7R0c zMG_;;1fUFjmu1ciAe>XWRts3RF0Nz<3adCh)k)C7#N5Zr%r-hZB!O25$y~`CE4fnq z{rfk3vJFwWc2s*bQ}5tlB+fHRC%!Tlrr7j*4dcAG0@`0$SzLDl8Ut{8M+XC~Mt}bN z*)uTkajMi+;kM3jW=@XrRBGtV-dVZ##e--@T`KM=yaR}6Ken;ZK?k(LTjR^*E&g(; zgO<-&d_M)Js^ke{an7ZuswXflsS$E`ev(QV+<0a)8o=hv;`8izy-c^^5ovwm=38y_ z;+&hg=2*0J&RYiYnT&PMvo(WenM7 zXNA=2O5Za0BpS48u>69Gvb?osq_6+_@DLkhYG)~2G-i->AgJIo5|%3x$^HaM+1TLd z=9l93MMg&BVWMz5?dCoTxL=tUG&k>Cdw!+IH*U{ug&V~1XCbl7T3|#bE&Ov-l%kT7 z2s?fn7$4xC87<_Dp(ym0bHh~V7eX>reMiT4aC^X;3ymgIKq)Qh)X=5Pt_N@xC zrLEVeIXF1@9A#Z`@=1zSCPMx@vXS>?^G#@t;kAZFNKgJr{gIyT55rrS{m5U<1RVEW z`KBvGDV&gfg$hS8(N8QYTz7;G1e#$87bY+7KX^d#Ab~PLmhCBbTgN`T#c-a8%HAFa z zNSB~=gLHR;ba!`my(fA<&))kVykq!f;TmhsdCe=%I3mGQt;8a3WTd=$Zgc!$SBvs^ z>3KJT^ERea{q0m+Rp|=takX28PIRKV_#ABht54gzDer%e{GM)DNbo!wZP;2Qrh)8m zJ0SGaz#Af?1)6b_TaC!y<+E?Kknl%8&l&TcrK9V|`J2jV{0Wn5aPjbFMhl5~oV=n^k*?1P5ydK+5}N;wr#b=TWZo;*2u-^>WQKnok0xfL<&4wO)| z^7On7_pqI35U*$R_S>b0+o_ZD%E}4_e!%2m8P12kXyvd_O|AM6&0#W3nnp`Pz+vDF z_zPd3iu9v)Jl56)G0(>8eKDGGvhdeAQQ@=LJ=LV7Bv1zE8yu8${b?p0nf#6n1Cf`Q zp(qxuz@(j~{dA2IwiPK_f0X%3eVQA1c85 z$p+X*b>b!3 zDWRhB5bbXppsHeYTC3++{c5hrVX3?P%UF+8krg44L{PrOKRJmZ4WvTUp}xnz95yjyr`puA#|``uGI+0Bq5lYwB#!k-pp^sjgaoV?dpr zIL+Nfr=7U=VU2dHexyi(ml!0ezV1uBc(j@IjLMvygQFQ<9oP0~MxzjCAP}!%QxLK2 zd6q}y)0ItsdBQUV5=NG4`b+wsn$3vHT&Cvt%qLfV`JWJ~zfe9mqHSF}_}ac$;m7dEN=@q?n-gwnMNzIHXR>x60nL0c6HcSrJS%Ks&-=#3^}s3Sf9FEUdS^ zD|JN+D$5?J^psvtzjnTjjEzi6rl^~q*3#xI&0d2u8G5XdvC(v+YYK35QKbtwIyNRA zjjkP_qxw)&Blh(5p*-g$rX;TJN)XJMDMK|L%q9&Lwc79GcwOyjVBirQ^Wp1#zr<;A zbp{i~jzJsNS)8}LDe?~RQI6ccdF??s9!b&JSFgdc#NcyovvB>mVg0*OdDp{n4kdt*y=e^yytmIT8q2ZZG#boQ78J97 zpf_U$aT!4PzE@SnWp_y?+DE)+0PY@8Qz1@;G#8YC(%v#(Rj*(MNJuP~b#4ECvy<&V zZ>7vC@q`dnRzt(%ozt61;rliPFPWjI`m>_q!{8t`#6q9?2YM!ZUg+tOkDj};+^W5i zp^$T(X+xw1MD|a@x=N*l8u3S_UeX){xP&!DMBLm8*UjnFU*Dou@!?htO^j%=tALlz zC{gfmn(iDXBonf3>kV5Im(S2y78PsXeGu@?8|YpTo#eZo*|D3B{>l_$*}Og+0qE0} zKU`{z6Dl7H(OY_Y`pB<$Af?3nDaTMcpgfPxUya@;JsoQGZ}3rZ)R$s|umXgy56lAs z_TN2uevn_ZwLev=)TayDoRX3-rBjhc8%_cYArlA3D@Vt>Ja+3p6BDnsJEGW(hYQzk zLS^B>P-wgUwJ;V$Ekm08;@qJ+1FHjogS?F6JKNyIP_(qB?oTg-BT|}|oN7|$R~a2H zkrbSY_YMw^dLs!MA_-n*sCX(A^de zhEHN3PW~;-8_JrxHV(^Gt|Qn2pLAg6 zz_d6p9x~io)@lw^my?r&${kUL0s#L?9A?fFONSIj0U$9kF=3Ob(iujlnwFgnff#g2 zM66|5c9hoX6QVve&uPykce1i}K{S{e(2ovd=5#=_!*j>O_hk$ur~viSrq?WMfwFS; z+Sg8fJVIQpy)e_^u*R12^H0S<2^FKo{sHCeSRQ*Tz`+W?+N$WDXwYSX00)S85Tl2T zM%_CJ_k%hJTa??UnHXrD#z=36P`Xxx5Ii~j_YqN1XE5`E@)c5WO{hZ-5d zgS#E6(0h9M{C!u~+UKAE?I;S!v>=s#P4DW^`m^a(Q|5uE1HS_87KpuoF~#aTwI8_SMw1l(E&-)%)Z4n~So>MygyX zp8$C~C}<*2adToAW9ZFOg@j_>k5#95F==LRew`MK#R^hA*6E=sXpj~#|^*`y0r`u zc_U3cv36S!X)m%^Kes(`;X@W|E;2zEGJVv509_P;A=dm6f*CQUW=n^Q7Hyq8Dzx>< z`ewdECX=xQh{rJ~11(o(8wDm{*P#hjQJ{i|5U}e%`y#!l5pU+wMLRrx!5v#?NeGpU zp=@;sC-;Ugn;k8-1aZr1=Ns-^zn)GGO#n4W%g6}O#DaDK?I|7?8(ZtnT=Q_rJB+a+ z^JZIhNNP@2q}&>|w|^4}hQPJV%{c&=w105K!WK(n28DM}>XMUJWZ~wn>+cUJ?Imm` zjTD^~8DBPK<>qcn^2b5+sprk#l7_!SC}KxI3wP4jH_@3Oh~Q|rC77vR9+)sg3Swd+ z6!f4EnrG_l=GOS&*p;tnYZ$^cVfyf-;uIeo4Trdy8EvalLSO|s@M;(afi@CzC|S5F zp|Bnc9{P^MOr)>y5~t%X9n5DmzLM|_9ybPhaKgvEWU{D`;2@Ja{5K?zyqYPZ{K zL*`0yVUj7F+oQ%Odsu~`Yh_SW^?1qKRrQKQcj`${;u?2INC-%5ggx;=11KVt&5Fm- zTH-kX2Hg7gfv2SDn7;NuF27EsWKwV?H_BQWs3!eZv`OmM26iv<4baV^$?psGEC*5vMJwMDDD;vfG zb{wwzIEmCW@X|Y<1g#6o%Y)*=ad`asN7!WGNDm8rf**kG{Yo{gaQUL8c*^nX4kv8X z-MT>=ulnRbnTZpsZj&y1C@}8f?ZM*YICS`XgT5Gd&R@VO(E!y3PKW72@+n6SjK)ri zMW4e-vhW&-?#baeUme@3kI`|pN=JzMi;}$diY4>JNh{O_8pGE+;J?fDPR5z&8v?f0;R#@@CUl? z-xd`ebv*nkJ|UaFuDI%gh+ea_EcILx@Eo8f`RaH_>PpWo@DDFw*T;R^nUK>VLQ%st zpw(A|-F&iP>$1x{PrKe}(rFEo;rv`kPJZFY{iyh4ull&U)aInk?@(a0;Oyp`?*$5QBV~%<#}5WDXyqAdGbi{*)sZWzO$z$!@0pESM#qRb=CQ+PW`>37xDuqYi!U58?w!#<#E5FeV~SO-A-Hk+4qjNoyNuc+_mbT zdrrK>HtGz#EGI=nj1n02EydMyoFD7;pe7msDe5+k`_2*|rYCF`I3kh}a)xAa+gw81E)t{>~b zUblJvc!SG5YR*7^y@mKnucdRz?t<>6C()fpb~c1d$!CkTmL|-Rw0^e&P$bURu6Cxj zv&=7bN!8RvXIxo3PwZrKiK08sE3MUWK&tBG96FA)?E>`cP;^66LK?WSmIq|~PKOW~^93A#&)R7En3SB@z4HERdKt#4Zv%&yG- zHu>|kbbe|o?+|;GW%pGXp^zs$Y$Sa&@4iBh=w+x`=q=kE#C&yj;);b7nrpj;E#5cZ zHjn`|hhQ(_M<)zTH$|6l(3GIE4S=QTf^Jv8+dinEApwmnsGOh@@zsSsRTLpZhjY6? z|G)?uO($#B7g9F12Y~Mq08zmlBF={8_AN0sUz2Q4W52p|X_Y9=T7V1r~~VG%0y zI@T&F4eyREF>~WwpO`FnMqDzt=WWl=HA6CaQiqrS>XjCWmgPW=luMgV3P0fh(MUV0N%S!VY9Vcc5+ zUsTRVpotBsMaqy~+L|Z9vs>mx{jNZk`sOVb85Ko_-+nY-9=lKxbh5P3WL@5W7HnQk zxO2SGUD$6Ojb^xY&ikV3)wGNm;?4~EE`VZ&JT$i6E|sZj9Pq zlbGnk1*I`nqN3pxqmu{-FpO&I=zub_I&{_EAz#-12MdrHh8F(BdhVP+<{+^rT};M36uwXQk<1vA-^q~7tuUNs;1CX^PGQYIAHSApZb@;C;KVCdmc?L4^vZ% z5AV<>ry{|dSkyOgqkf^KsK^0OEtApQxJu_Ei|uLcrl!5h1+(Ned=!)e7if?v73i~R z1R>yrLlfWF_`%f0Bw7R{v}MUr$xYraXf22A6qG5;o13*j{W4yX1i}#>LHr{bRWVyz ztf*v=T^F^tM+1o#sLjI5klG%|af{u_v#gtuDKZ~xgE15m5qT&v0I5AlL=!g8fD++H z0dkY6A}^mqzE4x}niJCU@__fVFp1ubBZe0Ph0|-IYJY!2e+P0@vb3gRbD6F2&Jh~G zLqH+$kiRS_fPmv+RJB3ioQ$e!d##`km+dK#n!}|o+nNCp1sKig9jE)p7a!}Bmc469 z*Y1M`JLIr&j;A6DIh&7gkrUJLi%cQ&zXsgR%-9!wdH?VhMC7pFlA)t#jx#_ivNn{R zK!Zd?lmSXPjrk@N6np+1u(@0oxj#qefDQRE@m$@>UWZUPu`u1=Qi_9prs2a>Dw;C0 z@8jA+6?c(Dt2TMm5G_lSlT#qB0$^;2%Zzn5B-yR&=zF|(JzvOcM!%}_Mr+RpDS}rsN-%4I z`Q;y3$`$9hig5L-6Zz$P%wJlpV`^ILy}-$KS1Zd1_8gO%0v<6CAg$ zR@oGsScKg@{tZ~1261kF)=OP`3)Sbw@PH7CdY;daoP%)4Z%_;EYC}r^72J6r{!>K$ zoNN{PaHV=ggkbc4h4TRklANiLY_58WeGFdlCgaC zgFs${p8?I_xj78~)nBX}edGNtD+NoOHp}-zLQbYPL9@EzxL1t#mpvL#SExEFi)9pY zR=)!hpTT{>9G4jXaY!c!M=?Q^^kHg?GWfLxQ0=nq?QWiwW{HXk&eJ{!dIxE(v`xd< zo)a%`o;$x{w%WpW@DLsW37jw*?sF1A@D>tbY)O_N;Iic=c^t=O9SE2Nti{Jp7o9(@ zxrNW+jLBZp;b9Ncla^N&0s05rEurIutz^XkcI!M5MdDwe(w`+>&H5Do4h^95x^gUz zh~JK|0~hA}V(2QE!EI&_gtlzwEyna z`O;Ng)Ii2@?9?UtpORBcLcLF^)xs!UNWs7GCRjC}G^?-(!U14JPEO9sUikf;eK!u9 zdP-?hz}GkT<<;}rO8~3X-WrkuBnsMVX4pZ)+_B5a$>9yc<|a!uWZj*I2DW_jzi1x} zb^3Tdg-W@}*i9j5jnmS|4xC#Uzelj!fKtWA$v{w!+CpzqyUo!)Gfn_~sleVwDZEAb zq2Fw#(!L36R8;;7O*VuG2HKL$ID|tlq`%d1^{rq6MF%N|n6t&VSh9C$NQ!ZK$zSuB zcVolUP-yAz)cgB(T%Ly2gnkr#XJVF=<;qs(cJ%1YkgY45hi=rh2}ELg{s-t~?`l?`vbk;7lR#Nm zj3R_2zr4oM1Oi2pZ3eu2l`tWYIVW z&sM8!yUrA;4(~>C!RGW=pdWA@ah*E4F zOHsr&F-nYbE6B=XQ1gwu4o&pcubC6-S!jK#MB8kdW4gIag8LK1)IeyH*wKN3Xv6eZ z5o>|zngXP(ZENNgt)Nf<#h+_ai8&LcYZ7poJ?q=!(E~|upI0XxDej@58TWg5xTYTM zSqo0}HWzGj1~ALXLLmC40EVZks-UVWfiuatpsMj&qHd?q57_<{3X3~)lq!zd4SMlV z33*?dn$ne%47a8SqJprY!~BfTvZ1-Ik&~a8Vm9sQk{xvI((*j`FMqhVhe)lbl$QEh zDC4Tbc|G^G;6%IYe@0<;qEJV@@bt6{cD97|i2R znx`ms>%(0~Rab({k>WGQN3&oq0aZ`UdW=38UPN#c``FJHLW^zi3%LhB~1s9 zApSFHzO(U^lL_|&RdK2A>)q>~k2f~aTH$RUsw+7>&Es){k+W&f^B$6`a-oG0wZITc zsU0YZ$2sjHR_!iaz3*PrgK%s~^O!4#i1#Hc{u9C~XQ@u0o?g}5xZ17jK5k)=+T+nY zl`t98hHC27?o?G92wlGoeEwg2?x&+0Ni@B`9#0hhp*SEv;g2VJ&;RgyT4|_+YVmE0 z%MR+(GpE-SyMo3yp)LX57DF1kYePBpwuIi^uRcxwN`=(tTc{TZCVReR7BV*{=}`h9 z7%DmxK$*T|eE3rO5xzgr>*^XBUTRdSco@@1{FYKA~Gh12DvmV zJ$?54C-+Ws^yXW{^?aK?0J%TVXq1ye1L?7UGNYT^Cr_nkX zY`*G%GeTP0N}a)9Xw;v{wiWmXrv0HN33wh+s-wfD1`IdMiCjIaCe4^vY@{XrJM#BQ z8!nicdUG;|e@`a?@k7}A9+&m*og3iofPU+L1GMQ&a-QAt`d>TQR@I+tD4_hW>k3rZ zPYfm03ILwl(iY3W^qH9$mYE)+nJ*eL(YM(s0hiYcCf{D(OV*{TXE9tlebdYJ#q!qQ z<>8|Br!)K9(v`x@m8c$Cce7m{-d!zh4z(dH7pHXw}>jtrbBl1or07FdaX z87YQ6^zY?eZv259*I0OJj4z6=t8WZD56zw;V+wucCk^|V_HbLE#$Q&|uRQx^F~w)Q zb?(&x?QhD6xBouT@%P|IZ|?8ZemCYc9T-N-X&f0u(m=fFb)6GFziA-Gl0Edik8OW0 zR%?V=PU&ws9PJ?@j0eemNmaJ4+eDnvQ8mWzKfV_j=aFsRNNu#N4NU5xM-%9x&nEvj z=8OL-@9Fh$%Q-t+hvDP6EW|x++7z6Gi&nW&RLniGos<_ zn~O2FKt**LjhQ^P19D`W_@~gHX(jTc+qjM7f8W%nBkJoX-!d1iT0-w7c=IWg{J&S> z+#Ra~V7mkcu zMS7qn3nOM|rZG!+`}FkWu;bltcpAt;Pd1cZW{F$wI0q)AezZZmLEWsAM$sPtW_7lV**c^G%N_4z|3a86DA35i6Z}Vy4GML^PLzF~rHs^1LnY z{wl?lyBf0zkM_pV2BmY!88VHA0Kc6Mm@Y3izrKi5^cp#1KB! zpEK7OBLZcTogGUuJ-E%kd`kJ4gBC9+lpua2{q7XeNPj0`)BpUyHa90T*ndaFjoUId zK|Hf$)Ne#Zrc)NnG;>FB`wBH~R#ZpSiSOU_uMl(1jj#-|5lR}}-)kI2Sw|dV`Rcp( zV<&?!nt)Tvr5n>g=Sy~xw9OgCbcKQ@&916^VU3v8$8*Dt z^>TesH=3NHRtq(#!zSfMKwd*aE~mWx*~GPXz;703H;WgLC6Hz;!>ULn^aa;7+fk27ehaRwj$ilCcMrD5gvAl$%iPD z4=s7bG>rn&)R5liZYDJ*B-CxsNZV3ai)2$IBO2Z7tdgNYCQ0ADDzKlDwu)VfU8+8sY|FFm3K+gW z5g?9!$2yrR*iRu$Pi#I^c_U}Z?C6MV)~YHr_QPlCeta(q%KxnClyJva4b@>``cq! zGj5=E3KSRLD>s^XW8+QIaTu(Qdj8ePL$yuyHKuim+*8MTssP(}3WFsyhPlqaF+&}g znoZ~(TaBLiC(4*v{$AamDd2pA<@H%Zi!@%JhJaz?+3@Uk55NL%QWRJknV8ui%QW7? zQb5?~VvdOlrSJ)g)kEQAdteYkij*8UrIXUNn9#M^lx;LG;o0aC^_*VB@WfzbeY@Rplgi)o4Y4m48Te{IkZsgkZ4` zRMm}5al6>W*&1RwIoLi%+I;b|C)>C|^f7a4+#QwjL@s%GKEXC0&AVczPZ}+6usft5 zS0>Y$><(_%*Wgw0RsJH0OQ-4|d*)JNM}#(%nJ~Di{TKsi3tVoD&fbPh{&{L;6(h3s zDFp0!eN*pW6$Dc)auLVRrR?1%{3IFD`vB%=Mql?6HsjKibWi+ff_hfG&XX5B#y6H5iIC2{ zqhf-bRCjKr{fXpG*SE!teC`qT$qs{6j=VPcK>41CZc0Zs?oR%Dr<~z_UpQr2^U$*g@;El9<+ER zMBwJ{`7>_mwM*D5&m{+LR)NXir5X9L-Tmfd=F8_h+x{^UUX0=)(QQ#D7hzefqm{fa zyG!HBJx%p&#v}7tFJv*{<%RYwbh_xC-jVVVR^G~<7n4w3-Wi-O;B3LYE8O=_6_2%_ zU|yum_J3Gh=0ZS$`B-v`ryYM}HseR*jDh*vugxEpaK-5~dY9&G362dnxM{K^4_~Dq z;xL=+4D48Rszhz@UApYcqY4{1q&lHUppvYq$tOLs$SVH|6B(xKMbCZkWT}CXLfa(Yj5t(jlTE6B^y-t@hwz42zr(W9cW3 zRJnp9QU({BjPrU7k9OZ0e$@57A($qlP~LX(qljQwdax#Mn6Q4uvW*tiEXQ!+YIVGx z1hu;6X|TwCMitAyjpJDrvTNjMg#?zu(r#OE(r({}cVBw^F~h`I*x>A3oo&h&&P;C# zN%+T&kNX$_G4WuhoYu0cocIsEN8fv;W8JZcE;kx8uDLwFhcaPuFksC}O!e$2 zM*6L}!-r;pCC>OjEk!mn8so$X>89s24GcKmTn}TLvXoC8OmV8x+eu8m{@y#E=x4&V zqBf&9*Y__Dlr+F2N!Mt9$=+1eLgxG=L|lJ1i76_PF)DDEL-v&~W|+cLH`tOS>=>e- z6;@!!>IIa4$eMIoPj8Y9( zuU(v8M1^6xClj{1-j#GMGK?A6|4wCJz;2SYkhOoj${CNk$4{Z5OA-EkbagQSa39(s=C_3@Fynhj?YrTO_#7e^_eRe z#tKMV_ZoWjZzMPgtaL~g*tz5$I1W6@S`t}x94vdPw2`evgF`9P0zFw%N&WykhC+6n z40SBtHU^-*FI`XA>l$Xnh} z{?P(s=I=j87B1!-F3?B;J7IbzJ#BkZLHe!cIcq}y?tkd?5$C_kjj8d<6oi>xI>GE| zc}dY_!TniCIxn3@J&p!{Lqml~FO>?uGc2FQ>JD=YGkV6*B(T)wD_b^F*|nP`YlcEGFZVrx^@mR4NegXtw{z||>9;;R!EUN^T-?)mfJ7Pe4Q zpYn_1;xIEQlvg?hHzFe5?muSu*o-UbBleV$1)C>NCoC~7gqD7z5x2v@!Wdhjw9PUV z`<|?S1$yLT1I)a%e_*x4md#Sid3SGv!~*^4;(Z+Ep8>b-QS6;yT9=ZEJd;vkV2qV` zqix%}mQi0rCij{pT8uH$mnB|`lm{}1KjHLbb_SFf{XV3pE19yd+aW~R%}C5Q+Ne{8 zx68CFF#+xH+gAz@9f&u>M@|;lXULf@D@+XKc{&PXU4b3_LNH;p$j0HLSYhwt{#-Hb zhB<uVs@)_Kt)K0|xn z!|IF4@(~Gdl+MmYfrq%$4^G>`2jcp=NrGgFjkNG2RBuexk&a!k2_P;hI$cf6D}|AO zk94RcRNoWSWWtQKn8U?FC54L8@UavqX^=cz{47Wx&{hi1MJiFdI6t95vXigRQsxRr zvS!DtOHy982+JFhZNEK`v3xjaA*Dx|^D!l&l_7K|dH+_APSJjaj+ffIYQb`&7cUaV zS8FmxUa#DxV9x9HYqKB~d=!4JNScC(DITlEcM+C?@w83G_m_d=RlOFey3;c&@2;6+ zTAw+wn{#@VCtNgFqL0Go6>CXtkYR2sFVIj%NU?;7ZL8RLm&8$;V*Xy}PW`uN7futi&J0Rmj zK%CKLwvhodfi7d=YZZp?(G(OGd>Av~59%w><8FkZp5@Zu-=pyNLdN^i68ZK^p7^)I zY$P}if|-$yY3(E_7P&%@G?VCce|sN=(#}{UtN` zlbU95VLC&Lo~S3UbEqaf%4vATeEyAz_uLNGEwCwYGtJH)N~vtv#`=?-X(O7*GnOY$3sS{yOHZgFv1IwF(5xuDv3Q5Qp6*qV z0C8MI`xOHfm7!nTT2H#XbRM<&`HK-z50|ebod67lEdM?ai(rIGF^P-EUwa?O zDaQ`WhZeLW=*uaqo9xnW+zc0?{eB}sAZkbaTTDVhMrQCY>6$xD%+kpPIFh9IwpG_z zd0hHO#yb{dhcN^6eZsMQ;(x{&@P#+r5jbJhQ=n9JIT-Hm`!4unqFu%QF4DJ6bI+70 z*mvsF7~PrA(P6BdqJ2a&_P#n!i3>9@hx*I1q70U17}_1f|9~e4Y-K?1Ku(PsTS-8 zj~=X3n}f(_;8sV>V_nQv0&cTT(aL&3cbYq?{Yn$8!_Sf`$u;BG4o+BwfG!O=JES&a zs)9YN4zvz|Bweuy?dpvX2$tledk$nHNs=v!U`|z5C;VGAF>aPeymfKOJZL`L;obRc zcmoyMuAiC{Ib-P4fvl97uEBMO5ww@~&BnkWW?_9L1e~WsW3!RK;R~ECd^C7EhL>^u z(q%Li#q5vtp^p73B3@I=%#B#R+C_O-bp#ZOO--|0=2WM^RWhn4Zzoh8@@HKNv5Zd0 zmsC1-A&cQwTQE87w}8l|dG@BhHR9>l2M~65RffhcC%1~T*HW0HKrs1n7tdS9pNeX^ zJ)vKTq78ys8|1*oCEWIxVi_A6DbW-}*;bdj&7Co#U44c}`Q@3BFiZHkB{ECoD8}NE zEOqHy6*P&i#MUI63ZzG4^~Ti(1w8iLd`_ff8LzKREt{8+@ z|8v)C3HucjV`NK%QcDWN`yKF_4K0t;ib{uPjB7dzH0l0>1t@bF?pT9ER*BR{OdSdH z0vqA%N1vP$kxN1zL5}{M*EZ*mNGdpk*2Y6q{n~U$)w#8m{}T+g!32pO8(mQ<1iiVs zm5}Dh$SATQ-xX&LwMIJiuv5C`^iU;0;9xbBlw9l-1@ri1W!f+K5@RsILw6jE;V2G$O6QU2JHT z6_=C%^YGuS0dT3Za*iI*Nzw25)QnMKcYME~;AZ{^hua)OLt(NZKJrg&M>ETBM$!Jn z=5#^*nR9D>&DS~cT`$urZsK$eiHeA3bK8dui@1_>%;8cA3^*x)dWkU-cg1}C_8Gz- z`%Z80mQ}6K|^wPv;Eo(xgN$BBu+P(sbqd z6zhw16e)E2w|K9;hY2F55B=ErVLxrFXl4Z{d<%VQK_z%}$>NwPZhb`om8oR}FyNi48 zH0}q@6>|@*bmZgJpqZUenOy$fu*J&zI_EdEU}4^M@N57vyOu>zc%j~h=X|XW6r%3TEm>Hm;~G6pD8e_(!K+=ut(38&wc(uHr|sX_ z+^|q_VXp`(AHBk$sO2&8E|A1A;O%3L(LII=+&V^NnhaxwJ03V7Bih^FdzgLC1BV3} z>{SRs^5)ks*1o~fy35=6&Sq7DnguIn@T8K~c;Ofs zA9!d7&J$AnXM{HbP*BDl>gl2F=H0v@ER8w1G$bRf5r_yAUshppDePG}&;Xw3T_$nt zoCtV;NyK4gS$q|X0SKm!TOY-OFeT{wd8Qiyez7rer_P^&g@>SIITU+#^b4C`1!i1L z!&_#8+hJ{-d&yl7W-KB6Fs*V@ivm{K?H)XIr??Td4+onxgy~*A;@==NLT%EI=v1dV zi|tOq?QZxT-mY~fORBH%?JkLbcOHZQF{mstD)U`!b^>0=EF*Ui68m7r%BZ1YBgiH! z{ALs@F2>Gj6i$pt;m4xQqIw#2@1pe~e>@4<51e-v4kBxgk_}5D1bvW(q=YZ;MnxB*|IC)#*7d=b#)3ptmI#=|CdMf-MpDOWRBWRYt4XL&(E%i@|4pim7pXY5Zu=qeH{U2K0t#S;sCB+fZFawqfOsiUW|n?mhh=F*6byyKP^7Daath1q|V)UUa^IOPq@of+0fD0 z+3EgHXgEv&l@S}nkfeG=4P>e9*lpwDDc7e@?^Mk@G?9X)Xi%S6}9@z7SwVhKAEKeL-T%t&o~mJGfbfIb0NP*U`OU4KnJQC9p$RtaL~a}n6RNWk!IjA-2Q%oG_F zH4nlF#Ewo~+l)3YRn=E;3)p?w% zz$dW@>5(R=Dw!M&$uio+snC02{SA=slTM;2lHUh!oc=+MH}dM9-I{hH?{Y!VJFO6_ zb9Ye|xCdWb#l&W^iwMkz8@;oy)#X6wBo#+l4S8=_SBjC3NyO5zQHMU9GE`ERKIdU( zX6pAJm9eK~+@mV0qCtx4>H(cb6Q@MmlZKxJma{$5UV{qiuU`%$5Jo?WL=)$v&Tt0CLu{YYbHKcll~rvH z+W`7|9Dry*cQ`dI%K&1-%t4NLni9tD{`up!#S9vBUuI_RHh>IyYkzr7fk%X=3r_KJ zH1ewkQTo((?l9VT$}u;ZJbLbarIn^G?fu$-8JI;O?Ug&i8;Z<_n%x;8-8kUkv44d2 zZ4~P+5H+#=gS%+6YFH$GU~ba6y3gdv$u}~FWgAC<)f(M_?6qjr8~MB9kiH_`^8}r9 zCjRO-s~oJX9mmIHECmH19u?<2a~Gy3INN}$`K|b&dP@Es%c>(!605SUj_Q+rJ<{w? zh?oaSyKX|tjt9@$8|Jlayh~lKtCto|!3j3Unj7+z4dxw1eil{fmk?SAf`!YJYMWpR;Or@+C;o=g4%ki0k zWE^kdZm-_m#an>+g{8)SGSclUtgFNt05oS_Vvd3W4-WOaN9K6txPcFmy>N-5r&~cJ zhMm!0J3>xgUPePfm^;?7@5Zi9GHAPdJl8@EYOeRrwk71V`mB@p8bVlGTQ&gB0kQ-S z5BgZFhgb^^l5x&fbrfdNk#2etEM@n>}Yo&9xo68+jM0J*h#olaIU_JHh=yy+#B&ez#P1&Q7Tn)b(DKw@8N?T>l z`j3RFI8ZUk1vEW)l#LYGKGnSJ#VOr89NTfM1Q6y9rTf0mxMMSby^7u_Xm~d!{u4ym zy7VAC(+G2RNPy!F_UsorTAbexNVAb9o+CCrI%*g76dA#_)b_sF>LB`qZ>TlJ+lcufBw9C z{(zx($UaOU;r;GCa$j@%^=QYPq)Jc-;5(gpb-ewA1U#8&NxCfGFKIXguVYo1b@N@_ zf@y%p>%c#C*)*k{XDBW%zB`N|wbN114a*7qMX%>+`Bp`2_4(EnR`?hQDbFQUo^d*@ zWP8AIr z_UyBER;C9+{W}kTPG0`EwB#HuqdsLdfZYS4t^cjhCTFeRdY`=pL|UX1UT^J+wTzas zvO!(^dn^Sv0bkVCPM)EdB_NN5{o%#q;0I4JiBJ))9h%wLXRWvZ6YRhXhF81=9$Ymq zr7^jAMnU&1hI>Mh+hu;^b5>49Js6~Py^V;9qVF`$Gd#Y~1Bl+--pLzzFB|T90mhd8 zepWAm8Hr{)yI-;j3Qds(2CYlsb*1TTqWJg(;GGPFD^QAoO`@Zl;ai*I)2C0&bVEZHKS^LicR#0kgVPkg%|Nc?Z@dh3IS$U^$P>%K#@RyxwDr|NHWB~N8d z)G&@q*l%~(m+y&^d5v;-EKnjye;o;Z_U~r1C0JYY(`rBzFg&vyLQLZQ7;_P*1Z4xa z3f+|Ps2X^*qaKR=KooJ)% z)y$n$aomG_veo{_qMV3cNw;$l7lbppAN?yM^Y{0LZvM|v z312Ef{lD6sw%6K-|Gm`zSC`JsG;yH(c9%ubht3Db3L?TTLAOSb`C+Zk3TEF^8g zO~kp5>eu+VRSv11QQ>oiRa81ulfV;_Om?f&LKesrZSB{domQn8yA}U)tp?|@>r#~J zn9^7wh$r2{lvj2<$rrD0Sg@0(!kjF8v^{lIt4NKB#Cv*-0rDbf?>mhaZlm$m#M)0b zEko*ZR%i~o28wV&@RM7gbbV61KGIoSefCT;ep7X1fg?MyBF5b9!u(_=$gM++VS}8| zH*@_zkRN!_*-Q`#+Box;sDp?matMa*QwB{1F=HOHaD?LKg56&Exjjd?yi%6J4RAyY z;@u^++Z^r!a!$3=z9n;HhoAJ;=kzpigKukZ%cbi+()eLSBOe+H9^Z2EMZW(tl}d=! zLLa^9qfLzxP544dh?G^~qI`e?L?7>D^-$GP+Pim)+Z%}>Fg`R@g|Mb#dsYn2N+4j{ zmB+GWDCTJk;(*yIrvF`G;bs6Tzjbr-SWTxPKCQW3@#_eyE1m=baa!zv#bgR6r?SY1 zn8y$Ae_LFG@X*Z2=d+Pr0lQX@g&5-pFVaSW1_Ks$F7o89pPTH#V2kI;Tes z;fM*CwF@XK~T8~9K4ecimxp!C6)6TaCQT{3s5y6sevgylj|K8O+c5=46%w~q4QvG^`prE<3h zF2KxDPF@d6hebu$eB09(-%c(fC_q*`DjFY(EL3fwp_c!PL2#6lL2!qrT~l#Z^sHJC z)h7V->vMI_*lpC8dYa?r=hI}99{$$J+n#yF_Y$nZ7%Gm@!BCG(BgZG_vV2PSNPZZ4McTaEcOEGHyj zy(!jy9KuC?eY>!Ua;V&$Z7vv39b07pX!-rvjitu$L+~~kDM|33I&Em)IdgT{ zQ=OXWU*Y2(8-p?df54FS0wwSN9ftB3F(;_iZYV|jhr7N(t{>wzJK^m8B1$fnvYOaE+)hMmH8+6 zynG~)Hb#1T@+nkE^-JB>+tZ|*G)X}%YmX}XUPybnw`T1&}L zU9b1|5BT=Ob-P_TJI~Ye`FK7a_xo`i_v1)Zj5=(GMLhj$Nyr`{a21DQc0SG)+>!%7 zezYtf%)Oro)^~zn_m!HJb+dsL16>UI)9pinuLS)eAz=zF1&Gjdc zJb3h8h&ej=<0#)p?J=3>HKBK27}*C!>$&?!>rKjti(jb{6oj%0z|<=c=OB*a^YMdQ zmNqEqLckw3MbE_A5tQoijZN*?-ofNgh6hI+x6RMh5%2j0B07TW?Z&m1#VPbeOl7JB z*4+H*hDM9%Z!DDigJn*c`4AdPQF@Y9U!dxQ00qyJR7z7eGD9Py_nHEsT?-8>TLvFZ zE##6cKE^crBO}u-AQv9~Q#2;+Ko?Z#$s0`L@vn+OM>0~yXfTP{S38l~80vYcC33MJzf)g;FvsEAAfmWV}A4aQ*!Q9=~*9l0<9o7K2(Aiex zHl>(ya8~_i`<`{TQ+rjb$}UBp(73W6sUBNg?4qcv3)9~fpYtbdTGqBcyb|u?luEyO z4?j@ms7gCXJfUFg8imKK6vbJ$nCAgR;z3FcAV4a8eVja8b_;8zpi*Vf%;kpkz>AP- zEg42Wmzj}tWm;9Al8K241$AG5c{{m#_IEc`HMLG%8uAieQ{RA7E)7_siuKBb=>2tL z6O#}A25-@>;%*6h?J~sk^N7McgHgeY25f!+bD}{HshUUIQ3S1%D2{ zGy4)J1X*h`t8vMxt0xg&cQfk2*wQ3;36_|M_`z2O3~nwZ%w+Qgrm;i+i_Vqy*B-YZN{Ism0E!g(`I zvFvL~fg&TgY$|X^Bj+ejF|yU2l<5dj6N3suyPOL@!al9=9qUbii~mCCm<^I6>FnMG zu!TDD0Z5lj$PSWO6;5#+tEG$TJsvcsne}d4O51!tc1c#mA-nM;8dGZ&` z>^XQM+iSp$24(mHm$j#_DAv=^;#~BO4f?@S!a7as+256m6GWeP%%a2!6e=_ z<;;8Y+rGCov^9p@Wg84kxxtZzrFf`cRYgPNYI^H*H(vTRn3sc;FyQzu0H4-@euv7c;wFfaP~k{!CzeqcIEL0m3od72HxI@OR*!$ z`p~51<)tSlQzQ-fS%|Vn>WpHt5@smUF|Ji;>dC{@uzZG}XZ0ic1e%)4UVBS-bX^u@ zSPi;z*t81!kvMdKhR1bEYg;kEM?fYhV39kRn9zx`L!2Qi0sZdZ4pzT6_MvnG17!rg z$h4D~(pN1;RSmVRRt4{PAdJph^v}4A=jPJ>`tJh+^AsO{zdo&Q2s3V=4H7X>hi3Ul zlI9lLdzb%P6yj}Q-n^`LF{7`pfzthLi0%ri4hs`J`wRmc|9$+tM5O)l!3@c@iXw-Q z;ZQVDmd2s=?%n^sLbQ@d%3|{t*g}87{LGkzkf4C@&983)Bd|r+hB$p zmzkMfl^faA#0n%FK~PiV#GfzuHd`9i=^cL@uzYq}?qoeN8r-sGYJNc0CA5FiW@G*l z%=^$#WZmefmV{)B>q#K35B0_PhM8$J+;K@;Tik|*1-GNv1wh_(M&$ln#Ih_@TUVKH z@lnFd3qn>NYOrr(+iq7ixX|KKELH+x%`3#N98g&A==rnOvuwz-~W>z+rzMU68$0 zjsDf_f%;J}!~)?1a6CU33s8cGzpv`sZ28|`SW75rVX*+8@v@)wc(=HUG1?kA3c6OI zBal9YWJ&%K+qBA*_@$-WM^~@5B6o-cd-D~zmZ0gL66!yDYrxf#&QkdKwH@$q>};hA$f);0do0+fz`MJpx}iHsL;`^aH-#Nz(J zWj!H>t^;Y03O6AWaEuWxc)}g6`~UfXjoWV^)A{t*o@0@_8ZE!G^_;%zB!O)^(BxI0ml?0?BG;QYZ)8NKHhhrn)?=gX z2aN=%?Fj|O!2u@#8FweM(P3cAwK9~8OpmiM=*${`#SG(h5FG;FPw40>IyeqM6NR#9 z>8WzVhn;P66(Vw3zkZYa)M<)}YacJOBFY}hsb90d5!`Z{jBFP6%yuC(=k@7H zkM)$ik|@g4pBa!YQQ$qH1=JOomi*dHn1PbR)ZHDufmM;<3Os6^6)r_iGAx~PA@ISH-h--Ri3kM(ty7h7d!GFGzR|H46}n`C&ha|T3Q*1h z>0@?UUQ7@yK2E{IH822>@+>q{Fq9Kp1y6Q zz>5^}b$xv=!rD<(gaF9dQlTw2n{qp%o+lrmsz!M~iy5P#Zr<7PI;fnEj;{hYkcI%u zFz}0=@6Qyv*?RdD%@4Xxu$OKV!<|$B%Yo_SAzp_P%F?kWCY}w`&SkZnr&U3zl3^4U;(sEsJ_4 zs$x-Ekj-wxN(vrW{bpiA?(0K#5-Y6b6QOzb~sLIJ(%H z!YhA-z56c!G(`9JC4roigT{NXujS|swEiF;yGof}%p1zjkrpNE^5+&wGq z^3Nn9-mDg6U;$&mCiGBbDz?aaQL78ucGr{EjJGW)S&$M02y(|g1I8$J66R{_8h-9vk?p(3 z%A;^zdxzTCn3IPaG)jl>j{*EA1Mib3oYx;QQY={e2*W$nOoffD!K^I%2xD?L)h*<$ z@xleuTBzzJd0o6;XC%2r=`j1WUS#-l(B?4#s`Tr)-F!ty9Ka-;00#ij+DtiQ<=?Rh z*(YjRFUjS=i~&AAzDoSVv9J`n9KGV8H|6fu>ZGtoiVZo*C#)L-!~>K-rzzmmWNK<~ zzp-nMn^-ny0)#c)b3QIx!hkqn(kg07zFC=RR=@|i3V63BlLRM=>v=9c8_dybg4H(y zA>rWRM@1-u7xDJP~Dy)GF0WV_SWD;igL8w@w~IsNWSd=U_H>9BuHNbqJyQ7uHt54D`BueW{Nz;~~*Ur${|01+ zXT_RJQIet0%6{PyrQQjJ8A{!lA!dZYPBo(`pLb*qo&B z;cZ&^g!HsbC?QDTlo%;5jt&jw&QT{_QVl{JVjdqy#(Y|7Qg#Ixiv^KmK~ETb1)q+2 zzaj>t&BEz{7L2E*_DV_C%q{I6`Y7w|IZVZSwHcgJEGgFK>OBETchIVX^ggZ0*ZypJSwyZa&Z|Sv95{;{yXCv*-CP zX==mNc4@c7m9*9@#o6A9P+fcfz1F}!G{GTnx$WW5F6BU9Oy1H(5u>-9T?=H>2J0Rh zx&2;O_cgkXE8#OIC)TC#hDRrTi^@roTmlPbl8e`>;*KE?#Mr_xF?Ol7*fMf#*Lw0* zMz!x?2@Y!OvXxF&GO1!=$e1S1vr)}^(dQ+0zvw_ zrJ?X*`Pc2B?2DSYV<8hZ)UmQ`LP7;IyDQG7MX~N-0Wh^5%u+3zsalWBg1$IT|8zBD zWVFWL%fp3(ov+*wPm}T1Q!PE32zlrZWB|I#=!#EMr8ne`gS;G&1^|{UBh&ubHZJN! z!n_!uB1{_>Y)s5xEbI_PIzkIuE5n7_3rVLP8N(0>Kl9=>Dhu7DaD=~J;?EhiVY7b^ z0|wt9pP>0o0CBn9^XC=W&2kAD6dT(&sr`6bk%gt?yClI)M-B=P&fI{->M?J$W>4l> zR8pji3IgO1@Leqh#)=6T`3FP0)SgP6+OJY{XbG zouv9J@GT(1aH00>)X~}b#X+}--orEcOvjJlRO@UFaE1!C-qdxTJlvZh)#_fS5{tX; zD8s!C?;T92CiGmlo+bKh-G?vsR8wbmCV=vDY87^sURaO$y|{K1J@j{lyTJyR(KDk+ zlTqNsPgcr&*|~(=r6`K;h98ef~4-U`Zhf89A3hfI1KS64oljL``gv9y58jp&KVo)du9k8skDb3GiK9Vr!B(cJiL{a9Z$ylHEA%4aCB@;Q4!-!y})UN8LCPJv4?nu{?s{co8XyI z0cc6~rwlACVpAnUy9Y-_jg7_Jk|RiYc2HKSK4{bT3ZVt9 z)p=CsD%r4a3LOMEh1A{Eb3>}ZT1!hh)cOOcRPs*{iA=*CBE~{b^qF}Ep`Mb=(W#Sj zcN662oGW@(cImG3t~zsSF&&NB^j4JfjT9onqUKEr42&$VmyUV0gxI69D!KQ;=qpG* zpPB&64!O)VKffTArk6clz`sf+;QEq213zNqF&**jERq2n4Z)nb$FdljgF>${b*N+5 zKEC^`Vga$%aNEFib2cjv{H8mH*We&v0QlGEPOXCX(Q4PKF-@aK0=O{F+MUhBO+j$E zgJv!v+$n_pE+1lm`$8#*b%2whip_YGv9nfdXx_hmDZr-~ z8`_1Nup^k?wf}bR0JYTFUB3qE{vi+6xQ-9f_g^LB0R$x5)$#rb4O^_Nz|QK%a(aM2x+Rs3vB~| z4Bo=}hwb@>?6JHa>*J#i0^mj#{sh6kIrw4Gk*2f0o~ofCwc`gc3i^L~9*=gf8<(>l zRV#kdWHe&G-HNnlWM)FCMdw}&Yh=`A{@UC7G_(Rv&}Pc1$?45a)VRWpC1*@f)52!W z#l<{2rnQyJeay0d=CD1DCOKU4oIy?g>IH;n;>V99^6>&qu*|KxP)`sv@9{YNrV+P8 zB*codKWgZ?Mb;%7zLNk~Rtf_HgR5N3L?j_^-fN}g=Lgt&ukd5xV5_WU&HJWG4p$ws8t1oB!&ne=y zFOKJW2xH3>4?84YLMRxWCwd>z!s9OUT0=whKXSL%ct+IlTO2e{p2lo#UBiKlZZo0XYw+xA zYHI$3t@+{E@->=_bOziybI$GBo(2d{htu5xs`)hKzy*EJaJVr>?6K^OCmoK`NJBPJ|POiJAumi#<>GNaoilYyb3r;m?#v;iyU??zq$(x^1_lMy3ZX{ zmh=U!+$eB$DtW$Q29Nk_>U_2N=M#ngD?B!{U&n@CJxa3mSLCf6G-i#JzJY<>v*f6% z_K=PE*Xl@Ba8-qi(pnZxQoD+>OiU-uFD-JdkSL?fx6mIeKPW_ulb>Gyv#G&T^yOC~ z&ZS%8btas>y}hymi3ZL#p(BWgoFv#F;O0$`KPvszGgTAYl$I8hs&?J~5?=yNg7fJZ z1PPiV|;j4WsF5c=75CY30 z1AEILR{`IY+Ulx`2buIi+oN__S%ut^e}+8Z!o3~ZO2oaii;fn6OHLL3)?t3tOZ?@=#-SUT_j#fiO30gq)&{KphUI+Q$DMWs*c4ye4~Z$z^P?3ep* z%O?rSaK{0v(Kp&F%1B{mXW^Fn>T7B)q)yPx&l7E=~kx)Z{3pGU;*w8(tIlAAs!gvEsRYau8+EvTCW@1RO>v9X*WIG3=n$TFk|3-M&_`y!%K#v z+)ALH?GM>z*6IuaI24}{nb%T#%AEg^^ZYJ{yeT#g@31Cy?UbJH)@%(^}3+QK8}M^ z-+|L@oibP89$M$Z1nZN|0)!iliXqp@?eO3lvmONOgll4Mfj?-#*xG#9`Skt^HH|s# zt(}AouOtn9K`@F%Hh0FIEVc;GG*BK~&_9|b!U$-9a|m+##Hhl{P9OYB`LgxqK{0l& zZF%cBss$n;iF>N0V_@xS{@i0D${U=UVq!m_WHS`)r?=Et~OnieLML2)hvtOg~ z&{H8sR$|%m_c)Gaaq@uqcax&aej=4Zlrt|bzg(A#>ozA)KRGLY?&MU=$<3J~zorH; z#*ZG-y?af4fQEd83J-eYjtjg=f}SLEobd=mvulIu*npLon0OeXk|px{X6zBHBv{aG z!UF)4IX~?me$xUkRP5j9BNO~DaBqac{*PFn)KbDzO#%~2q`w$DSn#4>{tJ4q#5v!N zw^w*otLw4fSNe<;yn_H^OYo%5x`XP(n=s*95C*7ImEeQr6Ho z-TVCp>F5ffAn}niH`qQd^G-l#79Ce6i}X5Z(Sf^wR_2tI79-@9uo13 z;+f-e7gWEJ6-f%hvx(-J7hi3=DBzGFCQbUJ zO0Pus1Q~|6&wu4gf?k+|aBvF9 zs-|E2eNW#Wzs(_GeC?{iK@vj7_u?hMm5>O-5a5qzl<+J+I$F;=7Eb1wyv$6pzs$Y#y2tzjFh17Y+Q_f}v_=*vZQ0}iXV5E<$|Q9~ zw3^cYes7?isA3!MW(WQAE&f8?5*HqE5ir!IzxCkOGef+)jVmexHvwC!k`ItbRsClT zZY9$EkKk|IxZp{;$^U_+_4b1IuHjZp&hGE)wu2*Qa}# zrM~_LtNXn|i)8c_7%$jx zJMGWpB~8=X zDI4BtLXV3NSLd={-S<4*3cI0lwngm721XVpwucWz?vW(>tf*f|JaVho?4^Wl9fEqBvq@`-g`5Ci;Tavyt0rGC4U1^e*7143IoIc>+-CZ2Ua! z zlSFn}UUg#DvLzNeH54JC=~3$CA|cj#`e@e*3l}#$^FXxIfOR@A7ZsZbktUF8*LZMnP=2S|w5VsK zI1ueB4&a7>S`Y+@1G{lCCO-a?B3;hfx%z043ndyF8eNbmpVvMMrUQcPEbF{LE#FtET0w_WGPL-}YfC zZDqNxf-MWkbW%WUZov9_#3Xb4$^}qstxtFm4VdHGwHc%qfwtYb#=?F>H?YDe5R`kc#V519sg7J@jR&Y1{ zRqc>*Nld{Ac}(YgDH8@~T&L&HOx%L!R>D9*&9?}`PoE`nXBvTpXfYEqLrk`!iP5lFNZ&Iop4rDQ&OAc z5Sgxs^?By6$XYhTwUIkGKHhOMPDZN`|0ypos$5F}$$Y_ec}2u`XQ7LooxOvo=HR|` z8WjCidR?L9Xfd)hHj|Zgu^bs7D!S}<5kjLZHWokC_>7T@0PzS9NBD;40wt;&7%p&_ zD3eG{tIGA$Dveu6^olAdPy*FXxcO_*f<_euL2(Esh52U3qcudRB$eSCbX)uN@sYM< zE_i_R^kx4U8t`VbrN>~53Ob02{{FcyQY`1dGv^>m>V8C|m~E`5P#5&bWF9AMFm`NM ztR*$M=Ls8wql=3%cPxZ=>GPD_fIx4W2%SpD*cZIA0)+YF$V6oVf9U*#j+Yed_D#A$*`s5Idu0Zhx$U&*E#;8;g9Y-NmiWxp6mzuyBy3*ArjQMf-gS2;CH;C@-D_gM)|_)X&(64eMTt`y4!R93dipG_qu5(@r4>Lz7`Mnn(#Y$ErF+qxto;1# zyDLN2E}sB+1$?jqnaBH{9wh)!*4D_sq}`-WZRqIyp`@>`pg(2Gs7_jE@DlDqA*-+g zbF{WcJX759(%MSH+=Hv~dP&jnaxN|!^hn#j$q2oDtM|zJWyN0nT4Im0LaBHi0rR{j?Tm;I^0?iK)cIT)? z-X*w?wX?H>;*wz#*3uq>`U?u)=4J_m^V)T|nk6O9AWm&Hdh*Q$DGx4$+PHem=L1WJ5jY|P;=nwXg>1&Q@ge_yVh%QR~Vy$F}A zC9FpD-p$EPv)L1b13~b8Rn@Gl_}b=~pS`^|XP(4}3MnKjLKT*4)t=D@xn`^P$Z#NW zU?^{)$tZk@;YQx~KU#oHi;r<2sOPefZm!t^9+xuc;v>Zg!Ws=DCPLrY2Q1Lk){=Lfqo&a-(Uf#(GJ* zCLMbXYuE51MvwV7z$1SbyIbg0nRmXbG6JED;s2^^+(wp$BP;8DyXkGx+eY5bpy||i z8`e$-42Fx#Ul{LmGcpALAW|ONypYn;;-1mo4)D!~F%KZ8fmB2>1b|9@)57-l`KvDZ zZgVp&2#=xoUlycLR0~Q|eu%|NGJp)T|ol85K| zQ*B#N5;XcYI5^J_M*UqgP-Uus>s!cG2h0Ezzq#sS3JNTIRf$liPwPLeGc785K86G9 zQ!hW-fEDD-KWlx(puo8i+yoVKl|;(Iij= zEr;>c85)wpUQ7(0SXkBImhigaM*R$)-Ud6wl&_8>KoLM(=?2!ufkP`y!Zw_3v$Iq) zFBbD^{D9VJej{Oz7}tV4f$L12xxe;oOgHDT39i6{usBs70!!Lxi#Q8(|09s^bs=s5 zLfCbi8&!)a;uwoL$-2Zis>ZV_({>^IE3P{m2@ zG0)7-HijHoSL@T1JFq=LcpmV)ChQRTGFV>=mDbOn_p-8VG}#s$`PfLXKleUJ>G?jo zpiLk7Bu)8s{awp(E@Gc%BXZj-Rg<-Y&&P%h*vC4)6;l@f)hYpR1;pdEY^ag zu1(iv6fzI34oW=vvs+|uZNjg|vfN^0t8eu6eu|2%}nh?DrC+wx_Ir+%E>w|%zn^Kx)d-BXWpXU8F? zlMsheNHkN`$hAxdnQqPrIJn)x<_-2(PKTl*E0M5?bpu#K4rX09Lmop6;dEx0=ZDZx zoMs8hn7D-d5kI;|Mp}m#>AD1V@TJo#G(>;MDyV2IB&Vg_g0>dcvQdHJoO9~X3Na-m zFrWoq$Kd@=8k3MP(~FdWo}iqs0wrVNM@J_nA<@CKb#xcpdi*MaHWU(|zyy4Cv^W?_ zdFW-p$e*g!BxpU+22OylBWtAIOUVP4L+VKhadC4eheg2OmY0_gSC~WRc2=EfY-)kz^=_0!)eYbC&`uU z0f=v_NG<1&lz!i}z)FmznL}7OvRb}VHHna;;kbT%$#FTfi(CJD#FIvi`~}-(pNs3) za^+>9)WxYlo02|UsD7V4Dh?$xWKIh^q#6DVnl!Fd(7IfVm@@`vF=g!qk&GeZ0xf`F z?h%F*e&ek%Y^v8@+K$Wyrt|A_?eo#joC%wZ;0#td7&dhakFgO=t)~kFsv@*6? zH1d$Owt$u*Lz8ja_H23|_&lV+Y`R?W&QISNcjz=5bP*up`82K+UI#1HGo7K7`Sm8}cn z?w~ZPtSn{vNIJsyb1xof%dN+%6VlU7!E2?*{56~cFrQJNiAd?TF6kZ^2$`y>FU|&? zalO3kyFRG-)7NdFB9yxK=7OeX%))4Kwrf@Xl^m^H95uCT{-W>{0e-_{J3f6>oc+_@ zMLm*1+U@QasP)v<)p?z^8%L#o5Q*K552bg;!s_lDlf0+AE<%KJB{n|B#KxKMB@}Gj zPA)|QOP}+8h_MnwWQpDUuchJ^HwNgtrJH8Shh_nUOIC!T)o)r8qeQH>ujRAF)zq$& zGUmYV1bj!#yYynKLw*rXLL^+=c-LK5B;Le?V1L<=#^-n{r%HD_`^5^5fS`pVnT*XP*7 z=jElx#&*tY<8{8L#|JJo=K&yJjgUN8}5)R3{2Jk$||fMR-rCdXLA4LFALGc1Y+uR&JrTlarHj zRMN7iP?%o6e(8h>d#~cu%Q4;deDC!gtJ9NDCm!0mx>f2uE;4+PS{l1*j8Wf-?5!^T zC5@=bDC85IGUrs*UTHR9-JHn~s-IIJ(@49@uooQxz!l32C*GSZG}4A0rDA5 z<_CvF0szeCB-I&Y}y^5$9?;JtR&wfR6RRV5#sk| zG_`ewAkeWjr^d9CrK7KZydDi#NEXu6AXEr>>zSF^cjS6b)F2SpgM%qUD}gOWuN#t` z=6WUaCt4oEEfHiKiS}{kF?o;2&#+M%)#Mq0we5%Ed z?_h<`?eQ8)nmhNwWqz@(I`wl$||J4$-7sxg) zFmEvDoOR^e%FX%uwd@;r0)4FP&FlWHD9Pv`JOBRZxBIC*Z`+YDn+99!pgSpY$E{Lt z%Ce?vyFVYQ*y>Gx{W%SxBLaUTL_tN9QS;1K<6=$L*mo|MeNVNyQT&TBd)&dk~ zVOLVZEwp)N953h*dcJagB7Cqs)K-PYa}(n-@Gt@jLT>LM@T-0X1N@snIS3Eb+olbj z)kXtW0JM|{P?P08LRr!R;dk&b{?b|F`Z7fNf*108N+QpZK4+9tX}w=8ufgiCYVlJ~ zZ89u1WF-dbqdu9nz}1uK-saUyfIVjBWkJo6BcEAa#HaMORFoqv;Vukx5Bl1nXVN_HbrfzL>m~U28*D2;@-8AKEQ_GyAiIZURVcR=CE}f}~iYdL2 ztL~?z3{1~_8&YN^RO7?;uYP}j|6)r^HMI@b(2F%mMP~AIyUcTWc5^RyQ4=dr7TBGw zK5eFL9$dryWX|<m+1fX`$e-dB)(1UIu1zl)Jw$*3I7 zamGSN8-YyomA3uWUEs#0@81HaAwWy)(~K%6d|liQLu(xV2#UO5pL=az+&+6kW?FPR zxGAV8izKd7UfYZ|OG{M5u&MN2=lZ9#+yp)av_RK)Be4%Io!u%V<;1AbfDufXcM1)4 zrU2JUd|HK`fq~ZT!ss|Z+_1NsEom--6N+yN85>7 zD~$}Z$P6PSGQZyCeSP zENq|&3CPSqh=T=3rP%uf*CFWTHPjwZj6zQbZXMjK?Jg_nT1o`(B<4o3w{wS5`z)2{ zYW9>fA5$d)#PIGhyKlLBgdiuUEEvY%VZa`sM36SFy~z#7Q?9&ZfokH-{hjfj*X{D* zvD`+ClUCy(cl_;fRnuUi!P@b|d#$r7Xk-AeR)&e46RXHq!uj?rrI)j`>KAs{IXTPn z-v3z2fqov^K<{KrVS;CCA9vlMdWA)XL&p0=21Z;4)Iix(R9X30is^X#hh-&fgmsOX1H8r&m*Uo*`6 zv}?&373IYzB`1ds^+05#Jt;@8XK%+lUrtu`(}3mH@zB-9zc~j8 z{l27$? z?wrZ!=$IIK`yxgjdLyY7?0zj8LNB9{uLsQaHQPP4Sby-!~lhhR%^fy8f3u_Eu*>DF*|t7GLr+in7uC>MjI{CM({- z!(szf3)H@-^q(b1_g$JIbimI6Vo_wwS03pf{+^yEZ)&=rs1{jLqCTpn9TOKv8!26r zYCG8EktC5Sp3xWWQ*B$MRDAmpO@yhN+wH1J7_}vrk&$_v8g4Ic?Ip;?Wdlm5P51Vy zWA7V>I*E$Bvb>EqRDuA`9$Y!*MlVdin4-0cW1-I?ij4494L|US}b{cxn@ET;69Lq+No*u z4G+K8%P{lyUSG)KRR_dO7q{mYI)P2_CC#jr?<{dLz~?@V-Pzf4+I` zN4)Emmy?~RsPD%E1b9_+Vl@*WGVik0tU=T7JK>R;yYu3-?LNA#4v=&o+QrrjGzDO6 z1fZB0{qvK2dyu=)(9jM|{M0XV4ZIpkF%#HA*|4(nUdrs@UgI%pq}tQ-Jp!?N+Mv9| z2}h5toP3e(1_k^N)MBaN+BtQ$QPUU_Cnj(_zH^{{63^!pW!yqR8`sV*ARsLl5)6W$ zo{5PjeXliPhqa>+rv>!Qqe@g_D5#)9Nc|2x86d(5I+~HfG~B5+KtyMpG6qbGo`%-A zzdxTTt%jb5zwE^p`@#=h&7r=WUKok+@~ZM&)ex$O;viWuMzF%gVX^ki-oI~ofrFb{ z-pqp^<=i86U*)o>2)C0{f$bDU7O*Z=KIZ{YOaXc*r>}sUba2peu)bfdQ2iUqhLrA| zaZHxU9v0cRr7$vQ#EK2T?Akn)Hyg+82xIla!GGlaNLCx$gmR4qP@o z+DFIG64Y+!BUZTXMR(n}94N z&_V_E4+C3_b!xoH%Z|BVk%zzp3?9}SUY~WwH0AIgKjZ-hL{{XCq#V?!++{RGqvVjy|0Gk}aaN}%2C zXHFi{(9+T?l%}iFv+=`lju*^;Qcy)o-w2dgT3$}cE(!+1gOG@5{lLv9yJKRIXV|n9 z4VmQ-(fYbm{cL9q#1j9+qcm38EBHO4oB9N`9CMv-74CEav0354l~4O8bXP$1Wb(?KrnNk+bBWS7r+ z5r_?L;sj{!McH;Rz^{@wRVD=^`%RPvj-K(ZRMm!&eN55J`stdCn}=OqZ-h^AeO{;Z zyjbdeMngjbBgmh=jT)Q*WC8HC(AJjz%)Zb0ltIzxlSX_UgnNjs&w__la7^W|HaiGu zOFDst9anP%`&`57Dj7?Sef-90pYW7Z0sh@d`qR@>z-A*ro72rIAkY}75eAfVwM|7< z*1en8&bBCPn!>3i0d&2JE3i4etlISqM7PhHo7-xRZGkeGX(CFbjgK~<{!n-=`J4>_6Q!oll`U#vR& z9SwKepXH1O#GEha8mFi4R3t?L5&C6 zf%-HVqNh){d{dz5u~S!5V!Xu`*BO~n-q6wUYt(U?HdHXM)r9J1AS%|k!FA-rh2R5bCO?5k3sRMxuwOkmA#96 z73Do@IhAe|2DM#C%!M*<|T#3NaQiqe9dpgTG zxrYvJSX5Nyfx7zOrM3h#e!!7s<>XZ82!Ue!R`N{|8ch>+u)b*z4rOEn*M*B${PZMc ztT3TC0017CWKb1?v4J68`iXbCt@a`Dr>r(9Gs&yfk+&}S-a+WtI2BK+Tj~q|g>Jz5m@lGEch1Pf z@trH9e1U4cX%RFN?<&&Kt3b3BO-pc{ji=@jd+cMic9l`suK=H|n|bkx4lj&$)7{HT zrO5w49HGN}_ABf>rsiN--~Oz=scmK`t#8Tv`SS+TqU78~<7;?fO+)E*++18rj8ShT zQbED?;1Fbxr4@vb3D9HySWOM)u)WXQmN&c+qhG74{1AwzDLwX1Gr29DCLE8cZ@`a% zd#RX^mkaTDZb|zgA8lZO89YCJ>j1DvWYK+U6$A*Wle*xF@OXM(fH-oxpf^wMRSrsa z*|;dGs3g|wS2r_N+Y}GvF6HfFV}sD-22Q|`ZV?zOnikF3BL>wmejx2%Yh-XwS&Daq z`U5Bm%FPG_)7xIlVz544US4L6>!g!L>;hp2#f%Cgp&f5L$UB3YW=AhQKwGVKNo zO2>N4IRSGOO}-QU;lGK_BAyBX-z_hG_@$GO7q39l?CVUr2_jPnq*^_n_5 z_u@LM*LS7zhrr7kmZGs?^7v$mXXv(@?Q_3vv&o(jDfaMtWY;39nOwPuL&~zUfdqvn z6vbYP)ooL$W^aJdJtHmc%B@HP)+e4$X-;vSZ?eBAZ+wU>Ikh-R{6R0J=e^YAg!%I%WwOKR?-and zE({=T+m^w+WXq<_$jQkCjT6{Jkq&TiK{uFv+aAHV<4_bYct{_N=|I3!b_0Z{A>Xm9 z@HX^7qdY%P2p4d0^o{lBZzOkEm_O8*xEK8_|NCiMmpns0L?$X==Y0VG+SvFzUkgQ9 z7c&sWHv+FgVC;v5OFFL+4`TowPGYom|{rlfns&PjC&#e81pskxYDoUsins{hD zV4VU531uQcg#r|`WZ;C@IJ7qaa$^mRxy*bsN0Zkl9+jmQPQ{oReNuc8G}HSvYnXgX zyY7H@K`H)@20u%SD)z}ui~|6ezGP{+eJ2T#@Efsip4&1g&{X0iVP7HuZ3yTBmYlRy z;X~g^;8TQM&F*}oo_aT;6A#L8bTr%J<3ILSwy#mLwBxuGSgK1KQ*97s4^L{70ekp6 zT2TG|1gsPbXA)Kc_e`BV(#q33%f)?l@!rwx=w-)FeG0E_g1$UZqM-WJN4{m z&zf3xt%gu6eXGfAp5dofla$I=*YiXp(lo)>fBTp!GT_p6CZ=4^)j3L9!jSDbN?|!F zij1mMzX^}M_bfjjLcQl*Q?vcYCC*h6B?z^fVqe?^8Yd3mZUDz0`kax0{tRZAIyz7R z^0{Lrb^x){(9%5B(p@|8E`%2#GzxYPYqO%zPJlyb)m8a zk$ik|4~{jEtCm-IfOr6qJsaXTz(p(TPu0%$QlYeWxhU-&P`8YXKl&yn#BwWe090co zHt_U(_vBvT45w=8m>h_nu3sl&(bF8u8(Oijv^HuV%#G)F`1ph~NYA!*ZVN#0z)qVC z#qanSmo;OOT2^$?+xiT7o-adrY-nhh2sQ8f*2{f;ePDqKkDr%UT&6Rk+wvQ9F>q63 zl9Eyt>89-wK(7Wi8ObUrz^M!SdcT{1<2M(h(y<2wn3pes-O$1ob2KH9O%=;7BVz|p z4X*&4(q#NvIBRU=>6x3M4=po@KZaMip^ZO=_{F52@PtFJg_=@((I2R^P^ z3CuP}e9v2a6Dfv(-BG<<>)f#YoG|N=$s!NuHRF*&#?~kS>JVD|c5EmDGCgFKW)#yWU9-N8(cpZZ>MVWG_P~&%1VL;}BbWbKsr{ z6_6Ad^(iRidNUdI5XU-xOi7`tq}ceV#&8|DvXQ5H!rOe*)YK-Eo*}LR5}YK@R6O|g zrb33mh8A4Zn4{xh&xa!4jx4~H5xh9Z+q5=9hJxOr{&;?%!ypL9Ze_(fIlBPAGugu< zKKuy$4UBo9LOD1%ppfYu9hLU+p_JkILcFp#Twf} za}M(4aZ^d9sa$>~5=t&;-_TYJhm}GXPEb%#nI|IJkuPM9m*Cc|o{@p3s{P5Xrkw>T zGj>icuA=82xIj{ZoS4ib%}xU1=?^QVU@s-OUf{66TwYOXKl}3?B{8wJeazl;FNKQ_EaC%nUkWDqi3h4#lVd5gilu@=;GKN@L_b|7zUC2LQ_F?5^ zeFPGW0GpbGh5*XxaYPXh)}@S$jKHRpe$^qEwC<>_t(Cq2_@9~+7e2l*jJ}E1;Z?Y7 zBzrmVvs9hj^gBfZ!wVdW$`IX(J%d}gne-e{Xv#$%|CD6IS14!ZZ zi;Y=NpbH|s--7zXWnXS)NX{C>_}>G_|Xf#aCOL zU6IIWb)Yfm>B08QAKsF{!C}YIdZa$tuXJnL57%M0?HNq(M@X^p@W><^gm*325?|7@ zx?j6<0}I{4+A<~EgJDMTt*@{5`_@u^0sZ#E9GA;p&_Tn%HymsKia zjQ5WB3)WWnJGG*kfEIFc!Uk3wY+YVGLuTgXC4c+&4)mRj3<_|%QshS$fkDO5PpR!F zanACWW5^VPr@yQ>W*WDQFAx)Vbaig6DtLbR2eM_;Y5M}9vGr!BY9g)+n6GPJ4ND`}{ zpq!9xUcy-(x9z$?*QD1^*@z-Dg`%>9b@ESU=^1Wkhy~YKjwD0CgrGp!PH#PEB!;Q) zvtgGo!W-}>JnZTfU#h~pBPAggd9NiX@~^_IXTx+m(tc+5h;?V4zXV6Wol_3RQlp+3 zj&ZA_N)zyIJM^R&D`}0RNw=7FMr^uQmFb}Klp|4kZ1WFH3A&Y=^*fjSVD#62YGbYq z*$$uxeKs^NV~tTv3ExUf^YgI%ML&G_p!^lHOeb$(#dH!J$n}U^nVFb+hFl^mHV|Qh zC33Rw!cgvrKl>Xi)aSvGYL*x0|MB*gQB|&8)G&&I(jX}*5-QydDyT>*At0U7-HkK| zh)9>9fJlRM=LQiFknR@gZur(dN6+()@Ao_2{bP@DJg~X*}|D2~2 z=>L>n^BO*5z2ZzRoWdn+WMrgN`jG_kC8|JpC8Rw-=?-DLfdV+VK#YLd2!JXMZJ(ej zy;mvx`qj@R%9IOHHie%eQ08kfR^!lNLqUN+L)8fI@hK8Kc!`OL38Kwnrzuew=dkHq z3y~&vgaGOtPEG+&`RsvmL4fnYL`vE7i*b?qBGYS zIN|5)OyZ7}#mC3rA`a!^=9UD_A^;KwJt?)oUQBUcv#->6A01m_b#V!Tai!}5Mr~~@ zdzX`Czo#_x`B^0L;$OSsyjK|;Pnz1mE&Hvr6M!ot_-&Yz0^EotDMRSL2bt182ibDo z@2|_tcfaJAea_CmMI5F@GVkIc3iG>=Quwf)CCMz${j!0*w-6%g*`F{ZX9DW`?w!Io zE6Lp4-25a~?)Rjp%vAaY&T(KslbgTiJYF$Dh2iJ}jpF)eOsK;!4vmVJRCd-T=#@)=GO@3FAlMwSQ6 zMKv{VOcI#c7>k%gw?m{X>(5|9P5Y=}js`2qqerc)BPFpwkp=_?@;m&d>+Ia1qPYBC zMM*(Txpj3F3$#qM(J#?n2;yWZbOJ6U4t5{8o}S2^23ze*`9WB4kU9I2drBw?E7Zl} zCyQN#Bqa4}y^D=YJI@t0W!1+Rq&mO-+NhS|j8}CFRd2GPAdtR}hK_D*HT50TZiNU3hwCdUynJo4D47uhT|N~WmLVab*U(<`<&|-1u+lzy#9hv2LP-MDOfGOq<>^#fgzi&>CkFG#5gESX}#|hha;U}km)7~rU$?xh* zJOK}966==2S=1{I>Q0tdR~bmL^6JWZmRjd*6bmsS_;oG-9|k1yiyR#6W*Q2N{<`dB zbZY0I?2f11$s)}U?Jq$*k#$J-LCnz;1W)fAy~r29nFcy;^Tfkhm`S~(R*OwEm3pjf z%UQ%(_}I(rpUA)6n>qDT!l3!vf(+zJjg!nr`4|HZ$CN z8{G6jf)AjunU$S1Ks{*3C(g6M+L@oezVSJ~^caD7fjG(6N-Hgm2L8X~>(}DfJQ&Ma!pt{Zw0%z) zyZMVz6m9{GZX-yYdICqXrI0;239FWljY;I}EJ0OuH3)1;K&|EhR=ylq#v8-mvr?R2 zSNd1-B^Ihev5Ly1rY%eb)LWs;j?sGUfhY8K%Xv)=M01go=#6_FvX{%s{D7#Ph~d@Z$@O?yJsxL~VTxXsMM z0&Ly$N#{A{c$vi*b0-hJW&4n#BAe~2p-28|izJKfns%&HvwZ|va>=xbokb2SysoZ} zGyJ?p-3G?SZ~3}YtCx9|JBz_AceW*1-`>HYx4$2ibe<)2a#9+^0Rb7Ut)-o+FE!?O zv!miFDTG`d3*Ck+%@GXAa-f;-h%P!HyAts5mZ|A)n0nE;qA8%g`MAf`*?<&m(I!1k zD%Zk=z?nE_iKx!zT=+>ujU4mMj8C857jN4pBqUz*e^@cW3h@)zk*I*S$F?KPt&duV zc!Y{90OHND;t=JP`}8>o+GdZ@kHPDrWsZYY!x`19;lRj$(GjZ|nrYs?)LLB5O4T!W zU-eLa@F)K!{U^E`jq&R1e}uL-s7*e9{@elOw8}NN(zm7kiNsbmW~BF=$C?W1g!JHP^+Ps8Hf}(z10SP@4R%Gpv`^V+SDWr z;Z)+I6(4D3uU!!(vHw%*0U+;XU^)>jE6_FWfVJ?6c76#90br7 zW3W;<1vn~?wfdI{eSLjZU!*t-?=O~Op`xCt9+5ktIZ^~J%yas`ZUsFk=pzX}er$$2 zC)00WYx?fAS2&L)kB}sG+P1pgs2IvSF7_Yt_dMqAJ^m9U2|j+wKWeMD2@X2F3=`;< z4ldT}7sM_)sO@IwvrC(4X*WKkk|U!;F@BeP1eq!EzqumvA1=WW^UtTi+X#x~2$_#% zMBw%|#uqcwyR0l%X^JY^p(PC(4qiLV*(LmQdL!Qq&hp&wj7ia8e1j~dy0N9n$Ko#u z&-k(K3r6eddWIME>INL2z>z0LsP*6P4E9u^`#_6v)$wD;)lq3fWgf`i7QiOVnyzV) zMe}`3bkx&~cv9*{1;Y>joPY4v&QiYq0Nfltz8a!}OA2QFZnu0Y5P)`kY4~fUuZ57~ zb4^9*o_vw--7+3D4?gIULTCDG9~7-r5>(&Unl!OofHu$X9F2$u8N=J+$Bg&V~GhP1Ku!sNN-H2A5yh$(ck6KdI_UUYtu=T~6()(BrLD6ozp89shsS{Bk z+ShiK*Ahn$yQU6#Aoy9Hii(BL=_D{ffl_n0-RXXiodsqen$_mYPi;6Z7PZeX^EKAy z{7JOa54NLA75_f9d1AE#njh>~0K;d--;R=t>`BbghiaA~xrtl$vJYN>u13lBpv!5| zlaV5QA+G)s;gi*!xFcvs;Mp~wY9mQGrSLjs^!oOFb#;ngM;$jNI;;EuD9e60g7TC$ z{F~j^OXPty?HV3FociVQxJeg=CeHRgp;{~*is0nu22XLWRF7FjjT-0RbDv9`@vEbT z4N{Ljh)n~F(}}!0@If;>C!h1OXEr?!iffW)k4Uuitc{J=6i{q4JHQei)ZMfHrs@fLkmW>KC`}GK@VRYEGG`hC}jn zw~_>Dd75dWpspwmohZe{1O-E(y16wMAS46YQ_4*G1}Pfw*BZZTzyARL*vjJQ(%jtl z>-lmZjK6y?Ln0*#l3|g)?UaFL%+CF+g9u*(i3-5N zYFcs}+``~l`ASVL19pof-9wNs!Cb*lkoQAx8T1y!y0USJ@yVYoI+od+8v)g`v&5F` znL;Tt1_ovfH$%aCuhL93`%jo?M|4(Q^??n3_g-dc9wp2W)V=cA%DipCQJb%zEZ^ro zjrZ7ET4`Q#nvZ8pRIvI@G{O6m#Yi&ZvgbcBHe@Nq3z7<2f)2W}HKYV)t(WB^EDgi1?;sdaq)PGWs`bdJX-F0$Do{@Wk*%`L59*ja)EXK?3& zUgu($v#=J-fiX5S(be_5)X#m?N0LGpDak2T4`&{Xmaze8_ImXJm6q$#06CfuY({Qk zad3_y<#~FTh zZvK|*7kBs9NBnh3!F;Iy$FrW;x5PH6f(=Dh=yqvF0cQdU$0*O^zkD+gU~sCBvT0UZD7D95N7nL zo~KbTp!pq>O1@qKQ}h?7DF?=|Fl^{dlX@`Cb`NnYwFiQ*O{M1WRkt-P{7B`18F03I zTh45LGI%y7j*Lk2AB`to-;Y3u>nm~vQhO4nT4lsb43(|fTa48?-a`qWvp$@8!eKXM z_+jJQ3C@Sf2yl6^8G>lL47!uKEp~SHcH4W87!nO_OicE$nol98(JWREf{T4cOmMyG1`#|x54K0@F_T_9?dSL&V!%rVi;HvL2N6V12>i@%7*mdLw#IxICP~4O(spQzBgH=wt=cQ6K8Y!IcWGfCL2#psiLqR+7y0L~5e*q+xrT)% z4j4y%fVWsEoaOGGP(Q%;V zZTg3laT$n*^omHQTz;Fp>oBB1%%F=MUk7(u^R@N#PoMn8ti&X21sWmr33$!WLPgfrrXS`8y<3hgXjc?Rq8_SiUM2+vjS>>gD9cx(E7aT(ZiW& zyse(PQzAHt2U#zHY!*t{r%z58z_u=^O%DqPw|{5|sEPEN+&Cz*ZCzZ}`kdIYd?C)M zED?(y4Kr3)&(MM!H%eS)2Porytx)TjEVpToLC+F+s{hk*Y&%a1-YZbW^iB-4rk)Oo z>7RFfL&PtW32U)|Y)F#sO{bxb5U;~tDWvda2j;g)v5-cG;S>S^CJBIW??l%h-b>R7 zGUk>Nj7mG$HiW@1NT(~XkO2_y8DX$Bctt(7?3p(a2 z=@I6*-B9wb`PjFWC*ii%7ouPuLrO;JG1a3jDmZzp#b0=V;{Uqqw8_jYD<~)zbOH;T zX9qi@W(7rsg@ul)|HM9hi;33_5wy+hpi%^q;T?dTg1l|NhDm`}JFXIhtpa|1p-`}c z31ftX5cE%5FGx)}C_k!=RjE46w@|Y7A-%t>_ zTTjZ|37H|dVwswnnjr^zgDe&Uj3~`nbGT3+@$y4NJvoC+8&s$!7ACsR&T;3B4-~S0 zjxPU`=2M$dpV0gOKS_v?B{fOluYLoxM*3sC%Q7&0E!dDKNaBUyzFg0Dc2P^DADzwC zEPXD_IS#@2#`F!c0npHbkslbjCW7bGw{PEo6QL!oNqfuX=`gNvXWqd9D3RoDx{(bxz`gTGY^z<54?(xpb@MSJNEO5baSCga zkY0M8Hv>*(L58R0w&rl&D|UFYI^Nsd3m(x<>!+rV^jTlM>s*A+Dp=Rh^M+jHU`yUm zjDZ3=z34F<%IPw3^vb36YJQt-LZXEQ;jLu^@HC5H*?rN_r*OHmn3ReP_(P#oukBb+ zzZ;plh8S?Vtf{}#eg-6rJ|dixkFOIZ8b3y4I!Z}PZ@Cr}5E4a(wU$``^e=w_{JRpMI zCufo4k`g<&f}cULkqUsn{l_s z>i2N(GBMqT+tUw&5T1yg--YTC=3JeR#a<-U@8xLEr=CYmF(h~V5Mys3hcY2WjO@X;;hx^)IB;GkHClwcyZr85*A{}d64{4A1gbpSpwY9}Aw#3eF zX&?8I9M(>qiESOZx1`&kp`jo3U+fd%tWU|q5F1m|gaurk&i96DQ0U3ny2NhmBA68i4zD!YC&${wh1PSwpB}Zo?>4Bg-MiP^-0Uoz z5}kKgeu$-jfAp)wBJs5$3|?Er4)4bM=W*P5^QCIh;qFNYAyJ8g8*U)=dCO>8qU$-M z*oTAJt5Elpimxz$4op*7*201Z9MQ@&XM z>p%KDe*WAK!YZ@b!cLv~Gg2IX=yCw5IVXo`(aTz}6doxnP0Yx+0<%+?wfpmI#s)1x z%n4vfPIBPXOGTJmYi7m;swDSGJrk4Q8bkbGKV-$8X#y=-Fyrb&c2Oj7|KL0g=we5< z2{DOET^&lKq~8;2m$<33r3>`>y|Mb{<&sxV>6FO+1BI-1`t{o&a{@;9xQ)SaLr4;s zc&*e8&FV`+;o_6r!H-G!-G1}K#GV{V=LHc?tQsm@@HBVd3YG7x%MSCpIJpR(i7d~V zns)_-4LD9f>=45hvyYoPUYpXjHBES^YZzMeUllxXx*JzysqQP=Z(w8^qKJrirak2+ zHtkidzkV~^0{lhd5^lcobbN7Zx~CE5GnIG!G>U?}?yzO60wc zf9LL9xU6?vvI^Pnzg+s4Dg;JDbttcKyRp~;9-sP<&cYn<3npvy$R!W2NbI?`z{B7_ zw*V5=5WwvJydtshKlmS#i1q<;+dnS@)Mt2i{$9}k4+918`tPTiqX3!y_jh^1U6uI`5 zGO^V;$^S?I3~fqE6m#?w%k7`5Ad|G2-wUCj_0SvJ=gIl+#>~G^J)kK>I;RN8(U7*V zV=XQjy+H6(xQ-few*!}D7{Ej@#7?WgY3;{} z&h(xu)Xz;D2L+V>!RSYl>IXD<4P}_{g+ipI0N`qM#_~>|)q}CyRtrUIO$o}>RL$&A z{(@OkGQ?u2c;UmL9z-5Vm6aAP+VFas_lAs%ku*F{4KzF zJ|Ww-R4#`P1bLmbcDvY41^2x+ zcn``S-Qm2&?1Anxo>-4@nT+SXu@+Ggk?g zvGYBVwV;ev9{BllpoG2LHghtt3$%lyeN7WidFI$!0*D_l1vLQ%X0QMm7 z1V~?v7{-EtS_IrBQB(@{x7Mt@0%ZaCe|53z1g1p0dj~uHsiHl*-@iYZ<@#4x00n(p zaXykR0cBg+-s&g7NF{AJU?hM6=YxCkbjfm&T}DuOty_pBNz%1{QsnPO?-e?n@Nd=? zy_jdyAH(VADgi7|j|c;{3Ak$%q?&s}B%gECS0hH7-f^|59Oo~C$$Pi!D%x>9clANb zq^Pa(1O_T5j*Wq&Rru`e6(pmz=P7@03vKyu6`GG{ed=hH>!^_6-FvKQbw$Bt`#7^j zceYgD8|YoH*0~W*_*_}Dx%~%9e^eB;=^P%E!f2?%&WG&UCvDo>wOOgUu0{b>qb~uf z3NCW=K~3Zu(?b~XdhFo1RgN+ifzzB6BN%88r<1xUvK zaWGIH2L9aU#N4S=*CHZ?G~o^# zxB?jMy=*K7Te;z~W(9C3T0)LRN$u$@%Tpf#;{);L+g4LoK#_oYa)2D**2oG_%;tQ7 zdkg?I+7~pCfrz8yZVrE}Z@D_|gI5>Ev^h}mxRIW}sZA=L7Ht2q@sdTk~A%w3y5B2M|!s_S6P6NfJ zx8z0J^dm$cidsQ?W?O4$Z2Q8b<@yZ&+s;I=`VC$KLyvN=ouRE0_g!49?Y#P9oGkfN z2np7!!`B_xe$7yyp4Ce~x51B>0e?B0^VLqT?jO@nvY!6$?4)?CthrP5ezw$d^m~d2 z`to>{#o7;9%{phFk}P?4LE#EV;|Z9XCM)Z}qZJWoCT0%Qp{Y>-_)G!#3MkU2PoJ(J zY*ghk+6_w}MLd1@UX}SVsOkZS1Ct+EWZAj7Eep0qFs!ou7iqA>KU1w%v%TfD#q6fKuSjk9KYVcjn=7wwp)!PqvLbF^}HnQp}g*^euA-XYf~! zy9sUd*t`&2Wr&#tt866g`sY;~KA1;qZRwbh6U&B=6?m7eK-GeH+tPfDfjHE5Z<~J6 zC~FAk@6HTr7kpXH1J zEhs^R=>GmeTI%A&jVYqPr+Q?>)&Hxhi?A8n`1>*cIS1ddtE?mySnOErgK~r;G!zYv z4P}jv?75d!{iFX?rN9+Y-`WtlW?y}W`@OCc-z>NC{YO{6g<8L^i)MdjaGR6mjR9Kv z(;(KlDq$Zt1Dx9_T0(!h$9eI+65so=K8nx%YD=z~IWZ|kPy4w~@8q7^R4e1(A&*^~ zejkvQdBv7kPDMoSf;+$Dc7+?G64~EfLQTepeL49pb#>m&>a6RpRuZGVsUlvBMV41! zZMwZUC-hOoPkTo3@;W+Gh_z-ygQ`rPImus+@Ca{0_*(AWM$sQ~Gdk!Jm(2nn8L%{a zf1_QUrIE8BOG)z2aiX{#srJ8%McrH1^qpW`-M_h7X6o-vyAj*ttEm1^_X(Grn(C7A zpMB9DxZVaC+oQC)H%%#J(Q6H~+vi8Zg!|?CR$m&Q$Fcr-g4D%8?1T@6)t2Jl3vG1k zpJ=Atw!}icJ>5E~5U8k9=BV^1E1gGmn0w!|7O*IF?Pw@GsQpBjl%FSqY0P&a#`RYt z`mgamuyUEph}G70bPRtu^Kt4EJycQyBOSE|L)1%MrO-EX|LG z?0aonQ_iXqlR{Z^K{vMZYMED7)6j8uIuKOINzQe3o>1Y{lRnV7^BpMC!>Nmoi?;cn z+_kkTf3xRy7Mte0#tN*YKK4WSx6?2pe^}H;cVgckWMz-hoVC|WP??)+*-nMN!a8p6m?YQTp- zf(-x?8qP?ct+ptyya9X*`jrOFwXXsud$=7owK-E)=z`A##`3M{FZzh>sv22 ztH9_U{LRB)(yM(jPut2W9sAQ}w()JqoC_sYuZn*D)oAFvc~gh~YVpSMNXYn0ILk!b z9Bp7gA?W5>sLy*-kw+%nlnKpbI5Q8N4(IhFY=L5gLH9s^jKeAY^XDL5Xxm}u#g;|g z{+<=&Q;_%vd!4ymyq2}d8>$5x0OS;5=)|oCucNJPrUDS&<4_6)b*?SWpyMK~y24ZW zJ5EoV9L)YyWtPzn*DrV0Tv}%{TPXV0HKa)`i8x$tV(&o&Tskz^BVK2-GE^+Icj(rS zP9*E0`=zNxlhBi^rA=+ge(%VB#nVwp5vx0OPM%=su_KytARyp}39k8y=>D>#A0y{64I(gma8F7JLR1o<|T;3iOA=RGpN^5JDa+84=qlQ zTs+@Nf^6fcVPIgO@0m)(*qpArbx_fkjj$GObaXVKd1A?{scGm7H|WpgH8nHkkPQW_ z4UXBG#9$nlcU_Lfk?{bbc0b5zOfE zwmn;1`_XTG6y$vRo=7-1Y54Gg^>bp&X`SKpJ5lpT62GhNJ&ME?fBq@x*&RuCJRP_z z=X>?1no!T7Kz8`<9RUc2T3cJe5fZe|(6#~jEb-z;NaSZ~)Fw>Th(S~hy$a*&<@F^1 zj-lgHOxL-sXXfSkOVYgtDfGs{^A|7Ba=B@q-yr)N`tqdlDheu6!mW=ShK%ewTeiu5 zpW&zEF1KAecRuCzSiaL7e`tz#?FT;VD{Y&zyz7^z_((3v`&B)oL=Or1yj8)zN?|v0 zr#9HcwX1Z@0lVReiVHc5WgsnM;99|lLBnZBPMM6Q%J*+<=`SqzoLHsKZqYIqy(OI) ziEGY(mps04pfK-PpVig(K${G^QSW7*O|xnY_8W%?)}Qg*l}i; zY%i2t)Z5J><_Bj>EPn4H#fSQz6V4uGaJ!CA$F&q=?y~gQ2_`qTe8~MACgK^W-c46nG|6%4a`O>OIyxnJ!3c$#xJ^&YmLs z>^HW~=+&6*A*=el?SRSLo2Q$V6ZkiqWKR_wgsMHJxn49CnOD5&n!KD{DbQBHWX6TU zmTWj7eA7`eDs}D)W%}>}?X+VN3u$IIc4)7_;u^UHqKhM0mUF}Q&R%R0{j6RnQ>&_A z_cPY!p7pHNGzL|voT(>*lbud6%%)$Yv#-bWPD^n*ugMv!1Z{gK3Vp-iK61Z;O=6jq z)UAVORhOz_>r(tUXfd5({jSx_`3DkQ-m;l=JXYP3o>0RuYgXKaM{5+Utk2@Rx1%!X zc&97A{kl8Rg8IlsOTOE7Qv0zl+kO9`hF98Nq(Y3Vbr;`pkCtJWuK>qW`5s;*n_6$R@mu5Hg&v9ft?G)8XDoTa$}x79 zNTjJN?EoP~ps{F|cK5EW08s{`!lUSo;~zhkY;UNRczTdIk9&sH;Qu}yO2t=Q!+vH^ zQ(8MjLtw6B^$5NGdD1MCIOCBPr#SDAZ@vSGM{d|caq6z|uPlejTEt7)?zdz0#QU z=xPYT-Hvxd9}PNeC;X<%Z;2m^*duMMq=otU(nqR!Ph~# zbeYEX@e+kq9b?T2!i4vS>|0v;*K|MX<%ux-?Iv%m(>L5Z-4xzH6=i(&nC!D!a~G4< zoR=|{8d=hU^ljhO4x*yA>6dQ)C^jkCSy`DerPotQ&;x$41yGnwG$ttB=F2!1P^nt= z(TWjd`&9BZRji7=(XZs)iOTwXR9NESp3WPUfXp~aM?3k>n^fHa6dPXQ7f!A*3Z_K3 zj^;~gix#I+4sX1Ko*zdJ$at#G9=4a9Mn^Se@0c)CER>%hHlL&2QHfo0;pYAcO^(m+=mGligp?u!h(X2>)wJ7r~lr{VDU+tCWWB8AE@lO=S|k@ zR^%Kf3Zuv!*XMs`b6wHB4Z*)?QWH5>_16u2oG(~5+gn`fgzf#%)rWSLiPS5zJs0{6RpJo|ndB~ohUBT51hbXl zflpeLuG4h<9(~OF>4Vd*VO?}52Zh9N6U`GN)8Q#+)bgM7&W-g71f(3w6pORFSN9KZ zDP#6mmej;qe9FuAM_*ACR>*sX#TL;xYucpD6P7E-S0Wg15FNh|xYT3!NtJHH$k>4* zi3Z{9oMHNK(^OC`*46~$@nK+%{75*QRsQ=*EPOv-9U&Cf`(}+}&YMuY#5fzD;VJ0) ziS&2jON5sKR75mw0o3lELGe- z@D=7*pAXcZQraF-^csr0W3*ld0*i0>pwDxk+Bu$D_*`7{V5DcW{sJL3-`=Yaz}e{7 z*l@867toG%=RQXwD2y(vMTn#92r(H@SJZFrXwTQ3tn1q9y|Yj+S4ix7#>!^dv;i_1 zcfHqPBIJi>Qzt{KVw;?K7J25YBMns!W+Zuk%3YVN8kPq-^cY(oH+htO@SbRv<|BG? zhnsv^Rz@N%ZkHM)Q~N8WGqq}1#lGzwSL^OdStR#weV`$2M9){gHqDFqHoc>>khl7E zUcB4k$AGtAO1-5mIHjL(cF1r(=&Rf|n0ffjXtYN$-pj9)DAN~%E3!G<9xd=*>`*fq z;{(kJInjyH`_g+9USsM847EP;xfMRu>7nLQUw=H0dcEaws(g#~B0)hgkjG)oJYT!Z zgC}SC%W|6cttiWksO#Nh*LlMhSY>f>Itf1tdw2%nO8Cv6az;J4|28*c#Kwkz=hNoh zLzlMnAe2I0gD)?QT5zq+R!o|7*Ne;XT-ZSDY(7#P%>Jh0v}bHwBm7nBgfwU5{BC@S z`<|KhE7sUKQ0E!UwP8EwKf$}QyT7;nv)|3xs7DJFnxB=vBvo6dTr_vtJrfA4)t~#t2GwW%su7f(0;m3e(+C`AUEOh?7$Y-mVcgD)M)@pZjy}KqMV=+@zJ&``ye5rd^4Xu+mT>Oo%J_SL5zk3TQ$&ihWxr7dj zPgo%-MTs+UF$Wrg^bPj)ph8uOS^Zez)&nmK3TE3qk$qq4zOk_pU)DeE1sWs+YkG9^`gonp8VHf1-bp-285*^4YJMSo63-Q$o4I=pJ~UoxXD zt%7Dy`Z`_=W|%Eo-`kA|x#DQUlg<%vlkWlTcD96Q|AUm^ae+FHv95ZHjl~!xpE)jH ziagaX(qArx**yJJHIj^TcfMz9piyyElT=TknT5$|D>9Q|J-=YVZGgT!Zs)HS;4(c5 zqxi?6mVB9nNCp4PCRL`tRbzKQ$7GU~-ilffSS;SleacrNBGAY&mG#>|Ra3F2>V31l zNyt-j1#I!lQR#y@8O=Oc64!5<{Z@;VisC5<=P&Xb)C-etdiu-^tMcd!M_Y0H&h`!0 zRrH9RVO%QU4;+X>9wBEy21jMZq`ahy+ytwMnL%}{TalamcKZ~7-%998T3E1XCMUzx z1&|>NxSpI`YxbtO2EA?ES#p{#1jkYGA|=0u(6vO{ePVH01^j&86UUS*w(L~Ax$ zU?&@lx1`(MjuxIG4ZTR8h%!m%iq^ERBR!^wBcB;rK6psXKzwo@%KwXFMS46jrz4h*o20Cf?Td-iVF=isRUk?;alYAv0Np|NK>c%~NS;pg3$fPb` zA|`Y}h3{V|)$#M4EIdS!=4GkK<#yJeG9fiX^ig+VV0UxD={DPsk>1A5_G=`p8lM!h z3oX}Pg4^C*!Vn4($2Yg1gwLFWp0oeK)@oisxNTg#2U zXnd&Gpf`Tmso9~GV(a~zFe<;N=qJl*Z@6oMtVBL{17=j#QRo&$CHre*Z|ZQj_vu~k zMLQ49-NVq!nyk-hd%{x|JNt>YBk8}T8urM%+m9AGbsBR$94KrE&K4M#3h%rxKANiznuO(WjEL@D08%T%3q8rN$*X0p^Yh3@BUmd-R&FK zsDIbvV7{cECxRL6lUAzqvEm`avUA0b+czTd)D4-Wg^hp+8y!o(_-WHCK4_9ff@2al z47a1nx{pG|EJt$;A7w`8Tfd1~z)(!1pZR1g#Z$~0O}oO+@Aux9;6}6n>x-QCdE)w2 zk^2&_?G2OWJOcs;z2Xks6qSr3c5oMNCTRKwfBCLtho!uYg{EQ|iWYmUgqoaz5%w=MG;~NFXnQXGymg9CuQfFJr*rYussK4o*8ZIq9Ar|jE{W{QU5KZmYmPX zLw)5%`dc{DPnH6l9jj7J>SaC^;s1L<@UAiu?Ry_nmHdLjX}it@KjvwD3m-ymr>lrb z{(H^2#QSD~k}@e#g~GeiHOH@>{spl$cLg7O@PByqw^>7I&e8my>WB7zRQXL|{N7W~ zAX-c*QKh|;hkt%}Qd0%z^6gNv)MnnHd)M3*XP?#&ZOaAP?#0Dl&ipV%`R7u$*KK2{ zP-xz;&y~a#e~FXuR4@|6b@`75*

G!!vHWW@mF5W1&J;Rl-yFxgS|dqYP0@%D)vK zKEBHnO^$1jV1?uAv>7$x#-+>FV%$159#9n+#e zkaDEcM06Hf4;RM zogQA3@iNih=eL2;KUj3!wZ~kAqpNbGchJ(@3G=H_S|yHp)Rm8P&tkGoy*r|HIMJhA zlA=&6NZQ!@O|$-9@#M$5OT}3GqMtu=I`|phyx(o}&R&%q= z>s?D5?wmmaO|D*E>kCW?MUqXn^;`T$l%MCd#J<{UBoU2CP8^XdX`gfIPK6H7&i5&A zm}Ke_btHPGw8TWTr4j`-p{OS?PzXp_AD{S%qc^hc1f=}}Pmq^2*whUcTGB^bVhzWJ zlQC7{`37K7oY&Nep5Uy&5j_WY6 z?llbg)mF-fz!+nGPRl^~2h*rps)K$83K8QSg^4!WjF%VAUeL~_~$er(e3yN_Of@GCz@ ztyq~1^g2y#WYa3*8Po}0MB9w;i2BUWq0QrjT}-Ur)#HWkJx9>B|DZIeXI0E{Uk6>rW!uHvFzK`Y4uPE}uh_aik|jS0`mm;+N%j zB=BujtGvND7S1Af1E;oTvsWgQD614bOPA=pW24PyaiwUc$q9w|tK`_}9l5!iGMu6G zlZrn~v;zC-ajI>UMc@mMY-i8?(K57rcvB)Rn@< zbiy#h(c2o=M#IXFZZ(~gaFnum-})A&qfkm`b*h#=e&@LjMwW}nDpn**{~@J zsf-6n@S0dya-Af%167n|i>3#o)>7CsLnFU8y{U%po;2pI^!^`V)yFtB15P?MN;T4{ z+D$*5^u(!!Jn*y9$gR3WhG(zLY^M1Ss%M$-OdcQT-&C1N^*9alZD1<8G{~k~BQegK zoZD(L<~Ov1BIm(aakmg(&gG_J`Mc@ek6R7znXIcF=klw3jg3&$lUnGCE0XzU^DCLC zlxCgruEqrn_+<;euJd@-?^nK{+mzPqcOy%;?$MZm%4}XWbyj}zbW@2cR!zql=D&r@ zeBN`==?$^X-IwLc%p_VNnG3Egc(Ip3Zk;fsIB`MZ*I)ZArFEswrFWrMhWfcBY55An z>D-i`DLw^mlu4t-$o->XzTgl=XYzG~y4@?`xcNgd{WF5efP=Zbx@6d)3KIvfhCjTn z-nS$m7n9-l#JFfFr};dcS4~nr_t;wF6xHh~ER*sTVws&P|8IiK{Mb3{r51i3CzHq4 zIEu%k#uV4azQaGv2*MVn>8 zq}3B>&B>yKEiAY4m>`j=Wo(uH#9g3UGg3)yGme^-f{Fo z|KDI(X^L#Ccj){?zBM@RKjw0KX8OTrLgIU?=9Z*z)pPg1ywu?LtTfJyFwVrannR7V z=PFBTHW;(HIdoq&xFB!-TDR!a;c{H^_aEM&r#n;ERz+8^h)g^4cWLs=t^{GsDIJ`7 z4R2EnU#ow2n?lGZ%B1b_EypryAwE(S-2CAO{LVD_(>WV$pH{A;YxzyHT=5Af!NpXw z!-bu3@1)+31x)(K{rW3zUJUbHKiSt~s^sSnyDVctK3R3L`RXKgaxJ8W$H_bFbIKvF z?uH%SRllR>cVt^xepp_9m}-4W2w_uhET;2yLzm9&rlL9N^?Uzr2`fHiteCJKAsj zPGrD`*G2ff=3e75;|@1^!HK!~o{a2mUa`mA6PUdDrZu#P#8gPeCik}+mPi!9e2uWH#Iq&C( zhT+DRp0t+pHx>}VZSn+Rl!2Y%EM`kyXJ{wAk1jp;OtLN=P?H!A~RQMbZJt-KA ze{yzX)q%7CP5o|*&#a+25A~Fp7Pk#r^>4@VHf8=jO@3@m9Sw8OD~Z(At5ScK_RW8m zcJpEY#7|oO3oM-?&+DfI66bvxRtYR};NeAAITv+B){K2mla%iPw>$r24x3s;`S1OT z*Xy&B{PxUm=6;qvaAvYR89aRKNyZ*$z+lGyvfUtRE2`8r)(9J`#LTJ;{LKG|yPpKt{@?Eune$D} z^}fXXOG96bGGQ)lUEZ52BWG7`(Rj1SBi1TQnKoZcge%s+`^+xK-%pNi5>G5smJA=U z*Pu%77~wa{MS6De7Z7lf{^h@U%`Mq+{wSg6zbHaT z-hPbCYv_{r;r}|y$U^JUbz;+B-}67a?wYVzB3Nru(5;0mX=*mHc=@V!i!V#M(?nVjI3P^`)2~Jan$GDaBTKDoe>lJVt<28yCp9cvey~A zuAW3oF)Xjw|0D=aD;K2zTZUD+wSB*ofOJSVD4^0Pozg8Jos*RA?rsnfNkNfr zM7nd*D2;S?cg{UnuKRiJcOU!v{_?Ja^<}LY*SxMV&T;1dCu-;$jT6=Tv(t;fD8lTz z;#(Z^@bZJhWQdL*jBg&EI|N}tzg{lrc978L@%{LI{fBuo7I2w(E;?!jFQf_x!@HI6 zgM}1t)a46>?wRUn+J756$T>VQI{6-a$BLtnu8aC2$=9!1K#s>5M<=DjW*W6u+qz2n zl>=DSV_9E^kxlbgD}3Ya4Poug;eU<1<5@~|?6@5p2WbA9cd*4%oe7<(h#K2#k@Pso z#L=Hchq!F@Sw$taXK&kUEXW+M8)W~uPzn#lZYg0N{`VtHLEtJ$0DANfXeM}gTqtTm z*R75h(Na&mJ2AA165&mw+hQMuyB@cgX{`P3(@z_pS^joC#TSVKKfA{(y!YpasdLq* zTzqTt zu!voTY$LX^HLg9b#Ia{q*{tJ-WJWdBc(6o`U!H@d@aqAO4TXG|en z*YBqkaQdY%cv$F_5pD6J@oO?9;koif-YymH%b2Ivo{h6Yhkq=M5CAQD3w!)2OZYc_ zTah*03WguG>;>59h0JVj>pEm_S(M8!Q>je1HrN`Q4w(Mlql3SGx4mHc`q@)1;oun; z;8v0B5IyX+bic^MWlGdOxiZh0OzKW%7SHtd$F&kf13(WkyfGDqW|Hu?J<^NWuXvD-mdn{zTdh%an>%>UX% z54V37anQEq#7 zSOn4iF<%7N;U?GnpGC=Oi^Z zKg(R%^Zh@+HE^{4aT!>%_3?|l_`%<$D%P~X;gIJ-H=o)dV|~j897u=*X?x#@P9vT5 zYo%A782sG9gK?~acPkMHSp_FZL>D-NScbDt>1U8_@!Y!9f%W~pc|_&)=0MHkKVJp? z$9)f+^m(c1`e>;K_ttnJxCh00_C*?5`?{p`+#P?iGa`Nb!)biXJQ}E4gQs$K6a#$3 zUFvE9Cks{qW9pPH;2(^=>bf}!A+Yw1X5_x^-s`r-t1(67p;Y#L0*>wIAa>-N?F`>; zco5swlB$jp*IZr`SUY@tZ;RUg!mhFATg>FUleZ~R!cL~27YDHI`CTE~{40X^L9(+# zdJ7>SU~;#xeqtmyI#nkM4(J0`_ea9lU+|~CMuP`9i1p?P@S7kU%;I(I)(~&Vuz13N z5ovuJ@vgOS^~aW7nSb|N)x*QI%6N?hEJ3jW?XDkg*7owrIPKEZ<3g$C$S-8bAokDQ zKAM;dtGV}0Uw82j`a;$!e1{5b)70&I@@Nl>Spxn;E}tiEYgqCeLCgyHr-DlM+qhW; z=qGI}c(w?tV5d(QAfVrGNuffOR?fXq?anCP8Cf1_r;nUQXCPYJG*!2ng>ra-MYo<8 zQAAp^wEH~?xIb82oqBaaoh2;@-OqR~kgBy?Ewq)cn-^j_IuQ-p*P-^L>hZNlm5c5U z#5}IvzgL(RUzIS_-I&v;DV;4Y;9!xrj=f^lG6!yPeEkY{I2!&t{cCh<2m&}y^@mYp z%zSZSYc2GiMUa#gL(7>~8IiZ$$fnZV9~y6J*kh&a*Tay$L+vd|!HN5%mrN+g@3;YJ zBSX_OZ&K5JgWnH-C#it)8co?26{KAvVyNi1at`CXW56l%-WI9m#w?IC4syry6VOiF z_jC$&Z^|BWA2WY@n0wT+9voE%FZUOWw&%~A?6i1&x@1VuO&Wm-yta8a1ncZY|ZI+ zfJm&`CRCntyva}Yl`Fz6f~zgDPDWcc8BH-BINk@(6K0PNRLbU~wAQ{smE+G*fhgADpXL9{%whTCL4}x#(#0>D7;aMS>gH{u` z2Q4Uubj4NZC2iH()Tvug9?D({VFi!nS6ti(%7@$INx*Diz^lzvN7TN}1`n}DtwYV(W;#XAYbR~f04AI6J;z7X%QOvM%6l0fw=ayfIZ zbNK)XF&5u1?;DjLYuEGkZ({B{`}CWB@F2;PP|85g^VRb2C|$hURNC%0d|ZzM4iO$l zjD-9)9Va69h^y}>8wpyoiTpCV*W~mKv{#NOi z-=0kjQvNr}w0wsPl1U+74?N`O&_E0&J$JT%e+m?WONYYzK^_hGwMOQiZLCHo#+OZA zM-vNi%!48@IZfJ!V`^eH#_#;dowaHCDP#e?*6p5t|N5q)yKNl`Vr-e+OOmWv)TLFD zfwhtrQC_SD+0jdAi-gf=Sj2j0x$o9Us)w@gC;MY2kpEfkZ6eBOAHoEgiB3H)Rz(H; z@eYHw&l?wP-hv>ttt8%zr;|ZPE(r1$OC^57hRZUYTYMjNgyBU%M4*$ZOYW{OI=kLJW3;L8#)I`E<~MF+TDdboWG;5t9lPZ zu%+l+-15H~h@yjLegt%`n}vH9uQ2aU5~ceFzpp3C^3UfHwO=Ah-$etz+dh>W&hX>w zU}NZGlneZ|(1*j5oDPKOigU7fGeRT>HXAwXD51MwGI<(^KwCS!fYgY+yqEmG&bRGjFUO4U*vbFtAz=wX~6ncEr{o*-3c zX+0)6w(6wfFPOj*U;lI4|MUXXeVkq@b>V9g8ihQn@ifm1H zh>j!{CT;Ec;k|9R{pscM&EJ{e9{%={606Ig925!hQb8`tA$D$z?zY}n#wuqb(yzwl z?9aoF{3A8Qs(!`kct#}v$2Z-YpI$i#1Yzmdl)tA6+)HAp8N0pipII)uypCB+LS+>a zo2p?g^`^6Z$rUpPZp?~BT_SmPYM3P@@IybFg|CM$yC_TZc)p?>P-ey%Jng<1{@Hnf z?E^x-%RH)x0~lXP8-09RHfeb7a2HLUfo}ck#~!HSMYotJ#~@FYO(&vEEKa%~9!SX+ z`|NFm2VU})d29&D{~*k(ew3GsyR-55#(=i*@JS;n(wkY|blX;&nK!RM>hd-Lr?Hw( zYBJT|5U>C^S!6lz8Gm_G^ut#r-y_~6|24_?0|Ok!f2{y6t`_qD{TgtD{rgYP z|GjDdzpb&;-JR;*5W2Aty1c)sv$$Znzf`(s)#r6|-pcvw_0kHn|C6nsYP6uE z@?8uPxcw!ywYy23R?_7nSX|}oTxv2`|9W?-ImYhxq{jWYz&!um3pqOnHB%0fKQr3w z-5=!X*}Eau-hrxlL*>46d{~s8013ql2UK_Z%5Fzk0qUz$<9?sY9kL(?CgNG@zW?i% zrRDu|ve}fBfRP$O@9hL(iQ&*QfUr(pVNe8|K?#l&Lp3+DgJOAFSVhE%Xcj zdpkS2q<*I(BUaEoNuM?dIETY^P8;mqzow?7&CO91VlbcL$$(BVAn6DcWY!&>f+0T- zSzKIPoQriuy}ZbP{F`Il8#_Cyt#{ia=)+zvJUzNBVH#GN;svDV`~V=pF#_)_ENC{R)1`_e6m8)6jyyMkR(3d)!$nN(Z{sz2VR zbl8r^V;1+ztStk>K1=4)<-Qbt=NksgO0Wai8wG{bhJ*Sbz~KYX$XOXZ9||Cm))5wW z2qdMx+}#)eF(OhcX0X=3@K>Ka^dX__`%wW6ujuILhR3%g0%pDm>5suHb)SSC4LDu3`fvK%hgxrdagvcR08$maaM4YlTydy$f*?Q_@kxJWHCAy2X5Am?uO=Zz$g3WF-8uil2Bll!irW^6o=e!=_w zQqt_|BY@!6xzL3`#>Nlh8&}``sLZ^Eh6Lfu3m6#?6GTJ&YYI#P9%}r#B*p+3Wl~uM zx8!VLSBm>9MmB^YxDI#@=l z(a<0QEFf>#Zz!0FZ;o3b-mgEw;dL-@QaLtj8F4=~BX13qY-}C|+%r5}vBAR1+P+yW zeS7rpymEiq!(*u))VL0TgjW$l9SUUfj_wvCMU&Yb!p%y22Cp8lNWj+8Fj?o98B2Ka zzutNk;_VALX7k_i1k#j?9+ZR3gFqc*(c>{_lI$HD1M2qBqZKI8zR&*cqwDKy-(?!g z<^v}%@i3Gj2;HA+sJ+N&0Cz#Rc1q69fC>nc%SS5#HK?NMe;aVL{xJxnv{t=qC#xrq zycZY}3cfWoqygEqMtW304gh8{UN(pEvn=39GVxJK;Eorz;NZ|F$XJe8=uYMUfPlg6 zRVE#3pu{8`*vgAMSQ$G27YQ^`9CO}$)6~^8F3C|TP56n zHIUkH5|jUG5oI5Gf>&GG@vxdEYFhdYV1pVxYbRw_SbzOolPi^n76Ab(=8d6D^Y`w_ zi7(X;TM?_-pJodh;@u3}9&sejQ(nbqn4yC8BnG0DagG zW0&^(w;?(Gz#5)npRS+?tvQCUVH6Aknf~{Nwk#RCyF6Ga@|Z3zT9HYQf`wxlBi&Cc zpdPNnK!)^HB{-l;F3;;Y#2;I zfgS{qUv9XX5~F&UsBZGgG_1ik!Ba5PyoYNuxUE4|Jg7n&~Y!M`6AbAbFMT|&W9w;p%7=h+J^O1=Rg z)y=5!Lf~k1v{jNJ_L;VJC^Ok&>KK4pPnfS4Z#HV$|SzlGTjQ+s>=8u=fM|K#c0 zFFTQjcc}Usw^FMebp=UcO{ewUW6=+gHjJyMNg@y-qnG$8ejD&aUAeoo@g3pEHi2^qOKd76T zn-OOwcU~Z(g|veo@q2ak6<}u2J~%AiqcO$$;|f64@z;{Z=FWjJkTIESaH}Y6NK11) zppQQVNWZV|m>!M*a-Ktu@$DTY>Az*c_%-PNhPM(42?;<#DD(s-?BzzuFsVg(d4G|S zGqGPd?{=1JTQxCZCR6=X?uY5h7oW#Cc!mgKwE<~~t3&d@$JiKR;7&-xZ2z$L@dMmr zB(i9mXd;NU$+UKfo~29Cg-=20e(7EM$qfHJ8s9=@-1i zH;qIM?DB{aoet!=c`NA$wXL8JesIC>%!*v_{7;sQ@cwLF5D?`7v^{s*1tFD!Q}1fS z7l~OlWtkcC`hX?@^vyqhG|Fb+b=oI4fOT_woKJ6%kdwEc2pC;0b*5Nw&rB zi*8|`J2GHRRJ62Y=+l-^h6SKN1@*UdFi=wl+B>{%_X1#`!r0L0(y=!X$3Gf9P8rtU0&c+c#=JHIOZ`jaK>CS}k*eiw6zkjyO zy>*wcXMIIGWx`yFqp$YN!+|uhb(#p9zi9!9x9D;`3lKqZ=JV+qXp#8Mc<-NS%>{-M zTWJ01gIlX@0^8uK_c~r-B${sWWvf{HnBL8T)K=R70?^?NVsdD}P95;}03(bTgBnL3 zx&mgSnEC@<)6a-(uw#xlx3C~w5 zN1sr)ZTDYSYy&ExZ%`0k|K}$>{E)qk*-QIOw$IJ^7OA=a`}b# z9Ka#(U)7%uC&|cgC9SL$sLCrrAGG+pBGrLpKpW6qEZt%8fhq+v7ORT}p1zvjWpn4g z5)6(w3}K5TYcoKdehU7RqpkDSN4t-3qwU3-F$2$za&KCDne?O^aNEU$``Pgizw zdXdl9Mr!8SzGsu{!f}v@4Pmj~owQ&=3@5C`#VwC=y_T5KkkI^)lr>{;OX_a3PFtPE zuXwpb<)e3;PR#*WrC6&n6`Y!zQ;Zc;ry~;ga}PYmAB`znTRcEW{b@pPPSkDZr%z8R zv#Ju~<8eW}Bb_rUNA&wX24E3+$jv;Q@PUdWkO5izh11bNCr6|wjzk-7|A_V-!e^@N zU|qbF^!7B0-WpZ88P@>RB--}1aFHjF>kk>|)4b!&&luVUSv-c%NC=A9+f5CVlMDuG zQaE@ch^UabQKZGQk-vXcsme>xTjWhzNHBlGO&ciDGf=F(enw2#P9!OAInKpylf5Cz z6~N6OD6gP*$Nd-)_eBSjU56YrzQWeT%ymnJTmBLaCq#`n-m)Jb|6H93Cn8MkX*Q#Y^jM&~Gk$n6^hzAElfP5bGI@ zqpgg{iPFtv4OXroU065hX0&Wg+kNVGFOwc?{+Z=!9W~&PV0q!5WL6VNZLxisO7((k_0970D_LV)tQ zqy)Q-dN?jdBy2O_W_|#@QL`J0no9GFFF&hFz=D33Fv#}m)j)+Y)Z@HvBaf{0tvvF8;s+iS;sccP<2y!f)!avFW4i%huEIf7gM3HP$jjji|2e9*vv|0n5T ziFFnC%I`crHx8@j{Nwl<4+u0O~LZ7@Pa?m4qZBGt`U zy@oC@M|xOvC}t6pvSZ7e(Cr8MY&059pe6rZNHXS31!=YMrz#o*WdiTWv*q)B=+<-@ zW$A3E*sF#0I3w-@1SEG}xJF&%6yh!to@l4_2KNg6>teNm_88|8X-e^G*iOB0=zIxTnDC%P2xI zoY@-RZX&kPyHbhEHy>hGFvy>}oqN4N-7efKu&6=!$L`-e|Iok210HK8EC>b&JQyOc zNY`3!Hx|Cm`qq#aDKiVEdVFWiFI&xu=VT#o=Iur9^gpzQ4k(U{0&9 zR`=c05SFl#L!T2Ayq(jy52*Of4xs2o8fDAXgK2fJd#|eU!R^F6uK&aTveoA z_(K-YsoE$!(Gl{{rMbh%cIfWfsc1(Xf*~|-y0+U|Q!hSndh<{$v{c9wDBL_>uCx)l z{~cHEF)Dd~7>ed&?g4h#|FR%GUrr$3oy9u2|K#+@!sn9 z8>}!c15$0(&J`Ybhb10FuKoIK7>*Rf%Uw4(xiMOGgq6NzW*vJb`j>tV(BY1p;#UUn z_ckq&S~ZXDT!Uu|poeB*IL&P89Tb{H3$e;ou|Tpdf}7J`wN1qQ@~PrQoPC%Q+_q@0 zmK&M+8S;QM#nuK4Ze)}PQ3_`XZTGCjUu!Ow-<~*S$h<9$OVWkkY!JColUosrT}p)% zeASu@J2&W}5E4C~njGuF^g}ALq-dTIlAJII-*qP?+0i;x|NfrDtm{SaR!6aRnDW~Q z^Q-x(AdUVoU3!;(UCSS(iScadf7Z=WS+$$&@p)H|ARPBrwos;+QIP^nx3=UF? zEIxU;ce5i8j>gYS1Qpqjy-x(2nuy;FuDsLMmVFTqpeDaZXQ0!S8)H92xYC{xqcUlB z40AzH*xF5NS18<9%;QI!PL%5XRD#Rk5O80wO5M0I6jRgUD5n_NeFH$R3@=}*Tnly~ z_KMSC?!jssORK`GfjqxNL&hFAN*JZ^JdC4*jt&qjnMRj8dq>FyuSo&6W)bng3matR zsO}G?qGMntL34KD30)LC(cIG>do%`ip`R8_4s%%wtqEvwa;aE_{FOB$wEhG#*^CE> z?3u^n1O^5o0KJKF8+3i)fnz%W48)6(oF7p^6)r+(gIhCQOXqic0AV{-G@wB1y6-}_ zItu6g)mkv^%y9BfcxNNfKPdRK0r1oLsHKx_HdU^(t zgC} z^MfKOoWCQefl7VkXfhNXq!>irpb@vP@dZ)UCFGJZ!0@zTO9y89#Vj2_T zz~wC3{U&o(ppg!6VauGH52s*h)Epq-6s#S8`FOT7qcuM(4$1zY%K`;M?I7P~;_mML zd&3~+P>QWj8~ou0FxF!2Pmze{TW@7qqRQlBR61g2yP)a|&^$e!yj&fl| zBPH%qAkG<-=8l@F^t*SFpuWZ3bvbA&o`(BO1-WL+>bGYRDBAAUr8{JAVV2dwy?^sM z*u@sZ?N&g)c;k358$uJ3R&mKATtbX!rq3G0i5Z1RugCrL= z$5V7}dBWSdZuT)8P)Lr{)hpDV=r zxD_;jF|=u6Qfz)yuHVtlXb_=XuRG3zhs;6HLBU_dCzGOe=B0CP^m@OQ(W0BNIG`l6 zl|m?%+gIN-=8BHkw1hZ^`DA83jjSWB)}PzusGj>cBqRiQe#n`_>%W%hvQ?e~Civ^u z{-&TvgT8 zC4pmXG$~Q<<(V9-H2UjT>jZNRz~vl&Mn;ej&DqvWd_}iwc&|(LcIK&&y@#kDjihoD zA1k5+wV;U+x!VtXw_T<;p5fA%z_^JlItzuRQ@k0%3ZQ5&wuKhY$?u=K9YYJmgJs!^ zCTJr+(-eOtrRU=G=XaF-vT^L0!h&}=R{HS@!Y(l+@K6~`QAYD7CSirw&$|=~F`pOr)}TLb>}6@}Eu9<;ZwARffaGx6;NRTe zPx13v>*Lb?%#9zV;B?u83qWh$dIM*BJB%zW-6sM-Bap|fISAyThYc!0XaRt)XM20E zxW-nnFJb7EFl_yT+ZC^LZEV@2`gfj(es%pdiL zVPIlA-QPZvlw_R@YVw&;kBo`}*)6~-90d$CO3y=hm8~b=jg5=7sv?0bDxjQKp3okz z7+(CR7r=Zd!_;K;_@-kC2lMRAT600sLhE_P&hNQ7F}5eE2J3hORoMJm(4`>0|Vo+YluC7Mjk^xVE*XNvxh*cj8 zK}}tKq&h3HnxF*Gqd+~O$;T&M&?{pSaU% zkOo757p}3J>EmCxM+M+^RCp@)1uyrj)*^BtPv_t4&JpFenhKW0rTpFqH83@kbH~RR zDe3P5*!Y8$>(k|2Zp3TJiy$caj(B-6>it8jsL~n^_5kB#Y1S~@7ow4A7_(;7iYAM=`eckJtW_?^!Bh(cU$dd!BqVGc zk&iouXh)Ks9zFue#Efub*R9RK-PFe%eD$n9s(7!9P+Ulu^1C=?T|cJ)5lH@SM<|71 za_t?8+T5%a2yEEjJWGB}cGNvo;Faw?bHHnnUP@&&ZVLh(5aO=)cfJ2J+%VaqVg-Wl zD8M>!fce<1G#z*lfoh$*%JCm7C~hm~@E%>_buS@#wM`n>IN{>709k_{@x%xwI?90l=W#hHUr*P=?;AzdIbczf0$zbcpc}D|}`=X4_fV zqNlJO@K#JKu#5OnBC3@`Xcl8}cky)axIM}xI!-&%meHp!oOsK0^kLdLa!H7bkUMTW zV?I)AGMTc{oX_)tT>gqe?)+Y94AnVQ*~j1THmBpbJ>Vf%>^n8aPu?v$3$`%gFv_N~ zB^`w9&Z;2<CMOqDg|^Zu{G(Yq zXWRyZf&Y_8nVQt*|%#8wI_uZ{xk+iWq*XS(>@To&C)T&g^3n6a?Tk=-=p@ z7^Ul)A?M!UEU6TKZhC=A!lXXa<@D8v;1b;-ESAPx3da@4Yp~%^h26vq8FB@Wh#V(s zgrP}}`sB00IHzTOLV6jF@@zP6xIcu}$>MCLk>N0x$OJ2y%WRGGkf2cHYYQ9=QkDsC z9p{3CqW)V7!qM)0&7ko{9SY&kQ~_|@X=NU6aBi1KZ<4n|8_Tr`POAfx6RqC8buGL( zuC|*lI#1aWlg6e?YkjFz8XB*7VNj_G&=B1-`*U)lJn{w$4;7!WiLt}O4(wmeuFSqI z*q~5mVNer0UB?SZk21Q(Mgc(Ha{o_d+I+LGzQ-ALwT;t(px1Q0Dd%TXnjDk&a%2TjLWw+eIa6 zMu;12I93eRK7yO_b;+Q6=PH~3WMfu!ThsThO-D|eK%9`CxY~0IIgTbhn(thriQ)rK z5R{Gf^wPp<2o z>!EG81BG2nTg3 zC@FxWADQp|b{165H+vH(N4Ef0Bx zE@JEVU$bkI?*ksSZ4{w~1bQDL9&8-OfA3u3)IdT=OH1W(-(<^E%%pjOcGP^)O!iz5 zh-<#l(_;pSV?(x{!o-))Sy-06lmsMLk~)4cJzS!mmup3H69s^X>L!`GxJW;L93~d- zJt3I?Se(m7bNE4BSIdLMHxv8$Gf)({zBavGOxf71pHdJNO$G<2_pyf1P&}O!s5Byp z(eR1sB@1iMe&N6n6|MFEJhAppUHvT%*63&KMZubbkgGMO{%pV>DeRM_jYoa|JNcL5nls1-m`q>wD-Mcnt-)hxTRz*3o(S zpwLP9goB@7&eZe~9o=`}rJt>UUs!B%Jd-dmG^lrW z-}yscTSo_g1{l(~YCN2(K>~Era05K;Yas4v*Wd=| z(ec=$b94QNJ&cu=l>h>JNS1l``hh}ObAP6+n8_;#NI7mTJ6{?%<_=m9E=GZF6^BRS zfgLdp3snC?KbW9%%Nr~2=2^K|;i01pe)(cVH3X!3V&`023S*o$4?aZ5L@%38^m0&PMABma_%k}7@Rhl6-Gq(iJG-U2>LEq`6W`RuA&7s}R(-d8_JU8KaaR!dG zR&Y|LQ*`&!w;s~8n8Lp(I%&fW z7GESex?Of4_lpTOOmKhGBAB4nx*31r8ar?!-)Qx! z6)zXtX`0J1kE%oPia9Z4su88(4$-|r2n5d@uOm>OEH&({yr8Ra6IL9STU;&Qt}!h0 zVwI#WG&4xA6 z7X07$!-gd$HQ@dGQ%hE-F1hY$jk*x2pD98|Pg+)D00MZn${c8hSA~`Ntr)mpqYN9}SkK=diapp!P^AYg zBSF@&{0Fmb{FENapl_)8Fv-9SzzVxVJ@;E+`a*XFN}wv-`mI9>_f5IWj+xL|FRWEn zNw@=F$v3m2f?d7TdgboG2fP3CIIxt1Kl?Q%r+&4jaBf^C2*VIS$#!?TDGJ+n@vd>_ zi=8>_9uc$wWhE-X zw*5@_ga&JJn!dUC%znM z<;${Re}3!nkb_K?r|$s2^YRvUx4`SRFR=9}B?#a$_-z-uxnXBB-Z#Gw*!YtS@2*|E z_iKEEKr{zr)j>)myEZ>u$!|LWoJQ!Z%{_9gd(e}oZnG7Mao(3f;o3iZl;gt%;VhZkTS!j79g%DK5L=FEgoo-CeBpPpeJcD3AcfRN}m zZ{dc#&B2Nk>s|8xJ|!s`Y3)WvgN60`#W>jM zFppnz(4Rlr^A{Oz6?d`xJcoU4Ruh`hl34=w3o}z*7kaxlOXvdkO#u7C`EY{W95f^? zT*nLp%|B?@K4tR}>jJ1_$1U9LEi6M>sTO}9cqc^>HI%V?B*2Y^;TE)Q-Q#k2#4zb` zN2QZ=eo@A6Mup@L)CHm?e#=k`n0sl0-_wg;i+%vv{gB#ev~>6Bv~`f06Me$?8f4*V zi+|*VwBQtNDGsE%rnectpgT~pSE%n9dpfiQJ+!&c?|TP6w0KT@eT{Wl!KLUc#FxuZ zJ}oDcb=2Wdw^0*&|M2l{_uOUmz0@q&Fdfi$7Ga${BQix_H*#<>JmXdWOT$IJ&Yb8=?%;)TI1}fS6cmP41ZktAyX_)s7T43G0FXF25sTO$ks zBHV&5ZCC!fOA+7dw+wy@TLDR8(kM@R>L4S-w?Z8JMYe%W&v zRp^z)^aRh8__q0V=}^NV5cSgT=!uVl=SsD6tc7XHG(9;+?xRiH+#aQ*&6-tMDe2Ts zt5hEEFnvYUvtn4CnVAGeMMRulR<=9Q|xJx zU&zc=V;`~DM}F>DkYW8)ZOCN}O{@JH_-RC9FYcB-V8HI?^_30mb>qE8{4^3?z=}!h zF{EZbjNcxIcg}6kr`BJ1kpb^H(5{Z96ns#g1TDt`C%Y%)0`AF|0~ozKNEbdrRKMQ` z|Bh!*O-su!Eq%!5-1cVr1iX6@VnK|7fu+)7P10);2mqKPTNrJIAEY6x3djhLh`H47 zT&0zYz8+4I916^?W^exj;mmZSl^40BTJ=R z$bD*$gvLqa6;^VM+*dZ*h~A0mCOM;($t8yy;({osnBamYkA-%{2i2f0hDr<_ApoRn z(@TA>oQ6BLd>@0jN_~z{+yRk8Fh;8qo=!WCdtUVX*FwG#OoeuoeYTfnpl{qiKx@pt zV=tAKCW+eXwCDxfo*6uRo00cRP;3*aVr*pCp&M%4&UvHun$Gc0%#7xD0r8e+bua!tS!TlvWN}aj7y1CSgB_nTFoh>8yTR=)_lsGdf$Hy{ZCt z1DqfawB$iKeBc!@UZnoxF7}_~H4~vR=>Hv?7(f0Kk#IY>a1T4ta#U4i2b%b>tqUQP zD@gL%nrX3qQ)FQwnh*>H785l$XTqTch?gX3#O7y(<3C?ZtS;nH9)9cW?x)e1kAMr~_dl7U&^tbX`VzxCUTw!PSf&S=cUACxVV0;QWU? zdi3x`;OdTr?^l&P_OGZuO6P~+f#3XUY*JNCt1DN5tc(;D37iO%E+ADudDgS$DE%Dd z4$sf40PXZR&+q9DcWbLs&n`I${8j5H5qAaC@wcivbYiiU*}{ zOJR`}Y2bIL{z^e!CVjm82q*~wInTo@Z_pi=0lLBCL5cDFkHb(pKeQC|V_RE)1xnEX z^934eK%419F~EeQ>(n{@{vO`C-^kJOxKLEYf5vu395lItGj>JJ;GPU*{#4p8FL`?3 zeO$QvvS0)fIw@b|KA9LE?lij@zK0UOwS>C`nSm*3fRU=PNFYN ziVN^+HRTozW^;tIzbk8f%JTn|`776xFXS3z3`aJL(;H`J+zTeY-pqEmF?jZxKf3DH zwm3CrirH&SO5Sxz-<>ee4YvFP-CwH$IXHkjcVDzILa{LgGH$C;Quj^dD=MKe%S@=& zpEu{@E$tu`tvpieT=5dM17Q?Jx=|OwBT3w@vA^`3c{&>zrVWUIom!N$oc zrmT!hyYLNUu>e+Ysm`u+^jxwwR!+%|>gW=q?iO=zcbB|kix|+o45|I$)XTJGK%|;^ zKgIysJLkD!zBEW=e9Dd!>fJ7K z`6fB1KR!XPkW%~p#Ke+x#KGRqnz(RaU|G>QU%uFz`VGDDi<{CrpTg?doY=sPMTLuv zpvcYMX}Hv61=7-^Ck?E4s>SDBpSXQ{m{-e8|?W_ zkoaQtF*8DNTYb`ej!pf>6qO&T?$O!fGSKxrGCJCS6^kWw6cJbHwBgFf;_P^|EWx6? zNgFTEvfaqKR!^ByjJA8_Ed=t@a!>CV0Lt6?^o22&&qUg6`#}F4K zkrYiKm8D>5@fP?XJc(8$Qg4{tbBZzF`DoyW`t6Kx5Wgp>o%W-{#w~cYo_l(a3ZcdV zTVQyX7Or;ORrP9B1wkdZ@v_y0Qwg5UCOXR#;R5F7(ugKz+At+*ViY|aVy*^%!R?OG zdy1idKMUU~Bi79M9*Neyy)}FyKxDj7cG!N)Jz{{VW7hY)FR(p9h zdvHq+(oDUA&*~yfx;oTzMDkHH6O33uQ?t z!)1SZs`}h$bo41+L=iGvlFIn#G0dv>xO4|J+4r0}d;5~*etg~yg<4ozf|fx%7Sz#^ z5qSuNh6;pzwQdLV5<3=FI)LHlIfpTDi(7J^;O8eJ^Ei=!;Gt1U>AnvNltj}O4wmf0 zfxp|=-;avSI;rlgm$bBmyN>6iVe&g?!~&%J2L=WT7xPv=$mYpB#e0g^d$o`}Xx5uO z>aGGni8yb5jl0BWWa#fVTXDnou!V-NPAGJD_j5s+26WC$Vjv&@yKYQMFWBTWz>=T1 zSQ=x!Y@7hj##Vw9h&F~8+B$XYye#~K-=#YKG?jd%+V9F#skMXQMA3T@3{$5*O8=bSuU5hH;mI7Fg~i<24_lHdk&r^VRbF{ zkVGD!Vel?ab0{WZ=Tc~B5m&r|{FqQ{ya89xM=kGcIAPP4uNk%LE-8rKOxV%MXxnP*1!una zwO+U`z*JT#m(F|-WpHMjx# z#A9i`hWg_UW!q-DJ2RQ*fFK!V+xP6FHCGsfI5{`KR0~vNa*ap9an2#cUT28O_DVn= zM589)MMBQuhofTXj<{J)>)! z&=@z1XjA5o<2^sYJT*8b|!fNkx7 zI6MmU`Dssg_f-=N?5D5P`P^)7Zl-5Cn-_?4v;kkVq=Y%0zby2Ae0%~l)*uhLIji7c zIYIYkKyYCM3($C=sa>HF5@y_`-j<<-sYDmT0M&vQ%)u@R?IRDZdx0@D);F9^!`MGs4X zDWhP|klw!ipF(^Oy1mpxg8YSDUQ5BNGc-sbYd+s~-6uXb!oDGzFHE6pV#&U%3e|cD zZSChQ3B8BgZDRhZ(oabv$}Luq6Ms(%_kie|M>swdLfmOI>U_Z@gbdL24+wa$73Jj> zN5;m&EmAu{p}4VsrvF5MW1778+2r@MXTi0fe%6Gq@SL<|%jqha)=z&9!NEaAa?ndk zN$E;3uPv41`c6Mr@5~60DS&`3OpB;l~>i1>h6YKEujn3 zCMqhc>L~zrlZ#8$Y_$jH20x!W@F@#v{%BmyzGV#l^ikaCD2VF$cy)S83Jp1y@rGR8 zEZbHaS7P2uLmgeCsck;}cVR?361mGSR0RcNND8_tl~_IB@(rU=zj?O( zt#yjmzH%GBZ#SF|jPXOlZZn107gR+_g`rn-VOCe{Z%nsEd;7xJt+*Bk zF+kl4bVbekGv>Eq5JGAM{jI04{6R<8_gczEa!JvUdZ?CX<|lJto{A>v+H-iIE#D}= z>OQMHD4b2Vw3;ifPtyIchl(ICS2daOy_7E1HLAAv|KaMbqpFO$c5k{H=>`Gm7U`6f z?(XhxknR#`0cj~o>5%U3mJaDg>MWk;eb4uebN@k%0qo7*>t1WlYyRdnag_iNOoUIo zN%Zn42R3w0PDU}A!PhC>YuF0v+7m_=?`75P%QtN-*f zlOSo!vR&b$@!$(Sk#$uqEpkzAC|ah-V!}SjhN}2>mfZGSaYwZ$x~{_>UCRE1vH3SO=6sA~k*0J7_XBC8z9TR(rtSr489N^@?Lk$Twz8$owX zGR$aVejRktynQeb{C%-&o{>SgShMq9y+S*Z)zH#1O_lv4XmKoVNUeOHo|h_S8UK2G zxd;dma|?^~$nk_x(?K3I!1>_!?OaZ?qCoiz!NM9bUb;2oV>!#CO>^QUFG8r@&ec1x zK3GQrkpUw}@y;2S=(AM@Oi#&Oe!q?&MI6kklg=3K+p0g;_;nf^;%ACzTb(lYN4iF8buz z_g*4;FSv?sKHMg%6;vKKPEx%T*!`JDJ>}Zbe2?1gzP~re@j}(CH=`|?7EA1Z>C;v` zw~>yEm?vG{!a@K5-A0ps_@^(m@%}zepfK1axC>KXNRZWqiODQxoHKfuW9TJ!>{zIU<3F^|UrWEc)Y%J?L;c8H8bQ&7VpehOrPn=PCU+LoKq;IMuUKD_INSi$#a3yvC$%?V) zXqCnJ}>N?=mEkam)bS5)L4xIvH!}(gIKO`He zS9~lorr)ASZO#4tbKF8jUw^EonHLoPh8ZeJx05x{Yc77hhp4w-9C3NLaXL4?{o+9n zbPxWAmCF^6b%EEq$HBA(kL%sLQ?FY-&+Xjs1ZCvY)pb84tga*yN1(Jci*wHpBXKQKLxz7G96({HslWZ>Pq5804tSFswAFH^MLyDM8M4 zn|90#v&@VoP%o$ZoxQ|Z9MhPpu9Qs39{HZcr5W7Ju)PNH1Ay1J&K2!P7>#PHd*M!N<$;|d@9ma^ z|6c5fQzkx&lYRk;RSHvCervgHyZ^@a%o`JvEpa4dIwmGF(5BtAsD%;a_~DbR3kR51 zd&zZgpYj#!KpLf+93RDa`R4I02{(Nriyj8T9UT*0XT7a)wN=5_g?hQ=DBKzlAwOjX7@dnox? z3g8AXD2G^+Q}t0onl^a)39B7AO_uA&zuLLFYyPT60OCQ7I+t{+(I0I{-M4EiF!JkV zcib;neTvV`>6L>>P>e$A$28?&e9!=d(~jfpU+f<-555?B-%l7mAs?7I>@VF)X#OIq z);{UXB%$&-Dl0`z(QijZDGSfHmp9`jqJhZ+4FZl~aa+18#WfgsRT?X0G*zV?BpzpH zT$R|As(E2#@OdyNk8-=GqbNih4B{!ACUf?bKJTP%_JvAq3UL&%)tY$RPFdY?Yn%1V z+Q(6X_b7dh)Yg~KHb&95Mo~)O5pyw8tiBAIOBGi>XMrxltpCt z??Z1pQu8(`(MSZNtnm5oe)}D@*`SXLHpGK=2Zk_x$Uo)-ZXFSeRU~Cbv>$lBWv7A~ zs?Uy?=C4d#RHw_$Cr=X#)?w{4yBCxu?3W*blMuLu4khu501e3*&W5!br< zw`v0;#1d8v=CizRwE-pVV^eXBdp}SDzo;LflBtVKP1gQV;h5L9Lr>tl^6(4`6C{{?T4rEDh+`kwFUx*P5vf;lW_!JkO^_b z01Ci&StviqwH>PU0MvA0K%t#HsP}_K4tc{>$(5Lx3TO|(>UTpZ08aGIMB=T6ri+BzoOFb>F+NbPP#{QU(VZcaAl zpNCn_Zw;O#$Fe#;TWOVB+ZNEJQ!zTX$Sg^B)z;S48*JIUT%iiypT|!vRDCh&SGWiO z1(zTU@?1dYg3)bNc7Ji1^_xeC;L#^tG;+m*2tFFLQm3Qn8Nv(TC;wH0-A{}jTv5at zftmYb6=U|`Sn=-zR;0jebV^2WwJn*pl7RV(6IQ2^xCGnJqWD~#8LW;g5=IBU3_g`m zOS5DXFTSsT2rtMj{4CANoGR}*Bgdd4zS_nVwy>2pjJ7DZISWXvnha=4QJ3UoNeov4 z5)ZvTl7vu0KN|h>F&WL;1^+=Z5o>7!6_v`u)+qW)*a@D^5t6nvmBc9XN~U1+;yq!H z#U#UAKFcCnb9B!yjVg9kVX!i_HX#tclsgY(z;;N?72j9(2e38mZGCS0C?0|k|bJ^JYzn`Sah;(ooCw^Gz$qe7qiw^D{M~=hT|MTb1nIJiC^z`z4|I0&z z!DeoFJ&>T=_^*4mr0Brp>xQ`Y(Q|CtQ(cnTdWs|J$w#r6k2-8Aw%tG0Al0FKn(=IE zkQ2SBTxAw$c7ID3;Ph*@lH49Dl+4;#QJIKr9>U@rYt&(6)u=Im$t3qpY z#hHo`Hife(ClDyU=o@o~vdP1#y=AJa;cDc5EWP-K9A`9+@_q64MxWy$K9~Wu%@&mo z{fV^ta=j<}NO4UOxk|w9ZAh3>3*LNt3?_yo_5kumE+E;7D5SPMBshtsBqY6B>$rx1X37IrSN*&5`G1Hb>Ps z$SyGX_mN--kH4Ayi$@R%A?>6Ke!j6lo;&(Jv#D>2_#RPO7QE^?>^VfPu`*>oN6&Zw zbpEbU-4_XEdTt0PtG;SD1rxOFuI#dUq?BUVM3um5Q+PTZ|7h`X9Zf&UYT6~XP_$o8 zy2E7Q$z-a>^rSSC*Kp?jHVeqzxhFy6+}+6x8a&Qdb~pV05aMZR^HZ#xD)N)|vV8(O zVZEB{cfIXPxzR|C-xHfp_o0H!Kidx7E*%-Z&Mq^ZKuE~@1Qys{e6p~ZU+tbLhq+l$ z8_A~HH=pWLJ%K`$@%-M3%7v*a5D#TdBfTbqOwig z)EO0S8!|4+56z9Qez0&2TL^U^_j~d{xoxI0f5XEeocC9*u7>6+>Uv????3x8!L`W^ zu_%rCY>)rn(;y6~pI3@H}fJ1!R~j-bVJLQTZ0JnxlEf07V1cPPFO zaa^vrHkv!vE!ed3-zd3h!}a()&iV}=`Ewo9Ky?+gWkmMcFCfSFcLQZgN>+A@Bj@?8 zH@k;<*C)s4E?9qXGlJ$?;|vArJ3s#?7g>h-uP#Af%(Qe{<~mc` zA8|;R8{++Z$aV&4NyTKO8F9C+xzS$xEn1V3Of4*!?uvY<3b#iVYe6e|jmffDxj{=< z$MZ6a(?(ZeXv-Sra{c+e`Q3#^`_P&|{8W`Q?BDqc*xz-ZczIhscwgZMcYEB1wE6DP zN0-ujT_pmyrOS@~zwm3@qut?6&c9#-|5W$ioG&~J@IM98CMbhe!6wHItjczOi1@wd z;{(2(q1m!GIJi|N5AWOW?q5*5C#r2TLC(TZ**-QnZ4t395_1jz*y{cVm`Z5Pfn+b> zX^VwCggjA-m7l+>R_Klb47q%ZbxR7r5(UE{ns@y1=+BQD^x>S}6RXylINdkb*bevA z^jDY)&788x1le!>PjbLMqoE%hO9nX#yI?4xHhZ?=Vy$E$vT)Wm5v}pvER`x#5an|n z^}NeUZ)QLUm#ew{!dXk`Fhn z0`Y(F$q1I?0hPxGf=7{Py0Z28shq~tW8(^;iQ;4OC7g`Nz9gaM!C z2cpZBsoRV8g6)MVV+1B8jvl#LhvxriUpu)$Eq7&D_8$r9~io?4JG6K0Io;I?{GCt6?VY94ZE>~aLvtjx$ke*_R2jn3{z z=28_13T{RUw^YSG)nZ%Zb~r=ae1%_3`=RJVoXi!yZcwt+r5loh4Il?JF?{m${OtQ? zZmG>@c{V9bXTnipj1)XfV)c8_VvObLC@sQf+s)q)ppsKfAMyroEv&iQDwGl0%HL8} z(%z-g)HjIje36c_Wyclo3&J?3>olzqQ^ROmg;-=e^o+9w0ANiQLPz9`%= z3^@g+l9%_UQN-Afhd+P2Nn6Tc+6IC|DV620Y+o?uJUMO_X77V7tb%#U#t4wfP5ey< z0Me#7*d0Dj5jy2*awWM<+WtZAgI@I)4GX!n!b^`8JG| zjww0S@(Qabsh1EU?$isq)*2Zikiwd0dfr7P$<*$CdS5IlF7OF@WcqF2bl#>n&95lkAb6 z+=xl@&9|W-Kzy|&5qV+FrnF6#$e6;^Q~6ir+1vU`yy5A*HKG^Rn|-tEvEJ@d)c)Xs z9|oZ|5C5wAej1`?tF61G7M!q?s=IeiXZTt`ywxm1;*0*5jF47`j6M@)f0->dwHCs^ zu!d&F@&(({oHogBEu4h7Kl`YMu<0|GclzHFjFaV`h`DP|zY*r{Mmtawl;xuG{Y^(I z+d23Hzn%0F3Kr8FkC$!=dr-bX!$yDs<~Qcv-Wj0u%dFSl^(zhy>_GcRhvt@^5mIku zev=ta@kzhqAKu=63k)K4+m=QSIQBs2T8omM;F~T!p2+b%6B>-)9BiQ0EtJY^uyGfu z;$j^2^~>VoqUi^xG!S@8^!Hghbo3o?SP&4C7PYlywFd_3M7itsr(kug=RBgSc(x^h zXxka=^}rUWX>L*k6g;yd5fi?McNP4q@MAXhLW4BPH>vw&0PK9MnaO_6|E0!9VdoMU z1%4eM^xnBhX1KaWpIGyc&E25Ln|wE^i4xx*9MCsDGJ>);C=C}LZe?e)wZGiIe{vul z28WDw{$VQ{ky)>~YeY`1^Hky;ao^wT&0BbY`4%@dg<9nxS)s!~>Dt+wo4WeyuiNP0 zg5A*7)qUey-dGD48(aU8!{3)fu*gpk{BNKP2^!;6I2-EOI9$p+odFbw=_XWE1YX#p z+OpTiN8fe=@YAi>`rxqAKYa^oxpj5FTsF7qv~`wu!9t1UwxvtYzL{K_^Ov2hu0D5a zZuZ&5Bf(_leJ`)G%tcd7g9sA@_80JYL4oAih%A17Pv1H`6KgHTIXFQBZ-Vu53e0Y{ z7ebCh*rd`d>G(H+abQN7mX+1!)cV;_*h?D?6?HvafM#*;Q(4Ck1sv`Rbb6NUMC74m zCc?%^cql0%KK_!vH<&qx!=j|yBM>*99J^;)N0B$n%RHSDdnfcx6kLAUg$y$WmSIgG#5AuUT4_KPp{p*~8s@&V>%=XTIn z)!739yHX*8h-5`SB~!RzAGvGl23bBzJ2Q>ro<||8lIqM`!um?|O(PglKhhiH*oJpL zcGRjbm=`~)WqOMJyH(LaddjH4@HSM1LX~;6GnZm%X^9{JJ;V_{{5E4T;br`z(qi7S zjvD-buJBtNN@}9p-F0ymJMxRZ07B4tM(O?qd|6Xe!feRBcnvfzh>;LbEg5agjwm>BQ|6FG|IQ>);o&UKYA=1;R zC;x#CKM_+;DElGEo&WEL&vM8l5nLVrb15zql^VWA_5X97xkO?U9{ulk|M&Bm;BQQ* z|9w*b^W4CvHTVyr--G|(tNQ`s|Ni~|KFWVSdXoKlgX{#pydw~vccUK~UI1bxU|W#6 z$0-T{XL2!AR>{H6E3;aoO}h3g3D3ZrAl@QKoU-~1BitisSCm0FOurFjStx{SEr?Z_ zHRV`rOx{G!of4V~Io|u!v2df*2ZfI_PGB*g{;?hU!r7&yLT~6$P0rNR)DbkWF7ffE zrJu8`Tno^$u%vR8X(Z<4j01}Xd=jGmn)1+=HY${ELnSq8z{e{q>C2m|(?CE5e0~mu z1h)b{5mA48eCZ%~M=L-!V$76MjI->6%EQ;@$Q^nj!D1)Qq8|zNK*F||Z&|vH^DRMA zqaPXU#ASzjiJKx&ye6VF^2~6{-t&7C#Hi}J`6MP1j3h>5pfmB0Lg#Cgi!qc+$`0!^ zB3fk*oV|^V)1biAYP`2Vs<7nImZxUN?IPr@b-d&gv$W(IWa0GG?4>3%|wHo4f$g2sWG_w0rS7B1T2SX&YId9OQ4n1ENMfmFyk?( z&tRj4pL^4ugPp+&8zt<6|K?l$%G9uAhP$lwXE|ow=8*BdhZ5vKZ4oArV|ii`+%T^^ zUIrKC?=Xp0uAz0~RnhzmWI)X~$GdSQyE&Q(_<`|G*Q${)yOXd*l#{V8bI%trZN^aG^9F> z_q0&Lfbw8%t3APTgMhf)HP*%DrIfU^2voJ@*TE9HpYI#~(=*N6!ir6U)pW+mEj1`w zsjD#5XFxUiM1#l?VJ;;WCGvcSuczruFfWLoX_frv@C=Whk+mrq`emR6T^>B&Tw#W0rerj zOX+X;n=>CDeSsU-bv8oaaO(VqdsEt(_qnJ2!fi%|_08$JEM@kel_q2%HHtG4yPI)7 zFE1}!&5k$)zr!sALs!?B&fJaAmQ~!>?A2E2B&;~Hp-r5U{fUDXW^+uK#p?I3T@H}P zolWCHxuw?B%GT%N%?Iy7A*R(vtn{YUhYGAB*EgLFyoCaCMY|=3#5J?H3@!qyEi!?X z=%M{l_3%K1!$u$)8rpxiobGX$BCDyz)$aAj<5b6%mCqLmcYj~*h4v2*cdw!0n?Sw= zQC|l#99Gw-U6oea#!NvZt0o}Qu<@;HHs0^SFL&Kso1kWOXPk&-unB{}rw=Xm<*Fz1 z7J~vt=e>jJa(%_C88tEg6)qs{K>EkLa;?|7<2*T0_2uOWIcM)oNAeB;kX{?imuK)$ ztqRq;|H}e!Hq^0ir2pPZZ)7=b^-28lMYMYe2Xw6n4oCg-UK8{W+S9*7e1Z-}_-?Po zq#$_yq2n%HVX`VOo8@Iyh?SGwIRL8Q>wY1)^O)%zT0->^M7@~zlQX~Wbt@1MARBuv zCmOM^Z-;tpJg>62I}+Eve2Cm78(Sx*o|126$PO3!yDwXBGQ%Ik<4C-C0X3EVaS7Mm z5vukDW^S7+;^}c6KHQ^^#rI#*_Rfy;pWh<--aEfSGuN?6XUtz(YhA6l`09nkt)vkH z{;j`!3+$xuZGXT_hw)xBzRKe*An5+F@_Eq^hLnJ@4vWCvV5kf4}bw%s7E(PLHP@gaq%6X21}lWwV^hdLkq4f)gTAtLL6 zw31(G}%z5Gkam)xl`!)scbyEH5_@oSBwMAG0#dudY3Gv$P|J*;& zU((a1U(ebATe4_8CQ%t_SsSA9jx$P=t!xiQO)0v)NY)g)KvmMu^>(Z0tr+eky$SIqpt71ow4Z@cA$wa~&5m_&Alstp;4BW=5r!Z8Z z3xgfO+oeC%6{Br-roq0E22Go|Aua9>D{<{!x9QEP(R^W^0aA_+k;i0k%c7>K`Kgs^ zJnnGg-&5aHIMb7p_7QeOEqb7|SyOp05{i36iU+3!(}FvS+@knP$49Y(UGO+yTM{qW zqpEblx5-J3p*Ddx4IENTqJPel;mm3lt{_!HqFmPB&>=P|OO&HYXQe zMFC{KH|>ooH&`x-dV${vD4njgO!@g6DwmJVuS;pN?PI4)qb-)Ct+b; zUQll|u8}qkNtPb4X@&E9f_{UCR~>LlDtI=NG&4J^oRA}VJVgj94#37boBB<=li$3w zg51tQaZaB1pz-s4=1Y)=GuGR3YirZ~8@rkL`NWJbLo-*LuhQ1c0Y^;C2>Qpi^q3eF zAlt~gT^sw~CSXmYLIfpAX&lL$l-lCUl?xfv$3p&Ao|bQ*?yEzp+@4KcrF= ztV46(Q!B+7r0VA_A%>@exP0|Ptyi&2LdJX|;wken+6plJCUHSkX@SPs9K+>`a&BUg zC-)PBohXY=Y!wrh9SbG)kd0aaUg>S2D^6rRUKMT21kzteE`NNRD|X6!1SSVIN+xt; z5x2EY6>bx zT+T|1Fr(yVmkx%E%i$?XpHox<%e?W<8P@v=o4(tMbca_c9&(DXSiIA^|7K=Cjsy;l4JxHFfMhxv=oNz0If5`&YV#0Uv8a z#g88m#o3-QAU=FPIqi_)B>afrw0^ogm0|sA&iv2KW^il_IDJhmE%gCw>)jnimzLET zRTiVuHA$^@TY{4}+|ba$K%v;h?L3iCQ=|5|<(JWxL8@%^{|uB+IXFb}C2saxj8G%kcB~%MGpVVjX7ca_@!Nu;=6Xlkc^SL2*m5 zh5hEGGMh*5D%TC}vB9L` zCdYFumFb346#%K9Sk-b&O_!9FnT+SRl<3#s=URF4lQJ8$4^5i%0~_6i`q5Y4od$cR zFe7ri%;sh@m-$x`gUs(7oyYwV1_;2frLK_}lrTvN&-32YNz^Q0i9NN@h^04u00Nha zdj~1tu1I^LP3XMOz0>yR z@;;%go1$TzN}xbDKgDD`<%(GQ%4=%WLCtiOPEo#bskt@kQTGwzMwP{UlUhoAH&)4% zG7q=XmD~D$`^Iw7EMf#}B+}jO>0C>gG9U7&#D0e)O)YMK-UY-9;mdyzUV}n3bSVIR zymlWfH0&vXrt*Z}Ac6-y!5w~kEg_-}QG`Nr$}4oX>o*vn{pY}n%$!mLWIQ?dGqh4Y zTe^*|>7M)&`ue0f&)fYarR7~UOrUR=4JCNT&24*o+j0L4Q$9=3$P-&P;Ri8iomHyj-`|FqGKfuOMl{cY6?7daIq?ogEicH|b2zX6=rR{sXdJ zT{XPglSq4movS1c=C_mxi$2JlK5h=xE_6DDFhDbP;O3iir#XRB@toOj|nn2Lf(kw_+a1B=nkK}zzw!5S`ZI8&Y2iyw%aTYHWN&8xy%ysw`SvN%2Awz(6Fo3hVuRgs{CH>3^7ObklV3sheb27wr+mYK{uXyMNreVYFe zycg+167!a*$=Rd9+f6lf!P>G0F$}{ICBPRebplO3c+Ef2*%Qx^|tD>tzxkCRe7IiD6bjHh9D;K+JPv&=E?#rvNT*O&u_fH<@ zBo&n%?pJ#$$WTSkQu)Xm!x^&^Z}PPgR<0jSA;^wFCq)hJSjw<$z=|u3(aaVShgf@+~HnaDRx9LDI*JO4b=IrZg8K75k zXTn!adYn>goVsA+(^rXpGrxX$s0a28aI+`7OlAdwkd6XH*f3T%tz|cJk~0gqAinAk zzlAykii-dmcz1{Te zsu*SB_i86l(kwR!E?pu5RcFVjO0d2ndNbSKK2orC>@`{vBb zUh_{CEv-(lQ>SOB<~4xeYdQ?|b;`i>aFl-hP5d=gq*qK?kIw(E^o17}QVRLt(R%{@D0`U}O^?OZgP<+4@m8EEY zVFk%BXY!AF2XtWL^QuKlNS>xavym!HEG`b#6mk_56|#Nc|0F3%+o^~!tX$78z!ZB? z!w&AFh+gAQo^8OqrpjSF|LvyJ>u>@v3&+c=sa&r%qd40ah+~~V6^9b>)+QYH-M5;W zn)={(Lrgke;U~k0+fg>^-m+@DR2LZTaq^a%I~=hRkB(X^Jsp^}#7<3NwckFGfkq2D zMn+R`%&4k=bvdZf{zgnhV&d+eax}sSM7ZFXE6$}#H`WiF;`;Jv02Pr|kOlLA2pJar zfxf2I;y$YD{k8qsUzZs#{&-zh#RNLV43GiwiEnO0FvRneczJp8o?Ch9?N__Tj+fuD zu$VYoBTd&042>vK{4VT$JnJ9l;NlwH-+$NL-3_wQP4^}sz7PJHIP;6Wz1mEU_{x}U z;Mt50>i$d(NQn*j{G%=pbVePR6^?ZHbVIn}(0^pahATye>1myIS{4G?5>jf27;;1k zc0iSVKp0{J2oE}_KRHKiSju`4Uym@P`O^5ZP!bL#3iN&ZD{4Mr4pw;iQa}fXY)G(J zfnrwa`Bw(LMLZ2cOWrx*i#85rR%S}#zS zy#4}aKy7SN|N94z5EfLft2B-sFVq)_UF>-|p>uU}o0y#b3K*RS7H5-VMLJjH2bYwD z1_g@uLG`fsA~WUVPdT&t#2dPkh%eEIx=@I1MLb%ALixxdT}Wb-6pL`>UROiA?6>Z7B&7XpCgkG%J8(i$uCWg-^p6^rqaQ%8hlLM-^y!vVk|8f!Qj@Xmoi|Zh5_Bp47f(Dp1 zjD;mIBX3f_Y!*hUD+c=JzTwn29+cOBg;gvn!(zK15h{bm#caSMFCL2?4QYI>@x8O)Ss?A*cE8Zj zz`(vP-=td>xLeTLu5l~d-9Lk|Ik;+S7riXLU^2)Y2Z-+e!lOBFADf7qu%$3pZ1fB! zJw9o?ATHNC;AEe6m8!{czAx|DyF8C|cxLc_L6Jj6wOwpZFCSs#loLZ>8?U|L1znK^ z#f5CVynVnv9<(F(Yc%;f?+%bCoag_IP5`wn{?6kqyDrDr_VYj3L4A zJmM?mXTjXxv6+ZIB9V)jEmiByYk6s&FuGJ zm1s=&v*Ox)gzNu$?1|S^dAjE}%@wQ1S6}OXZ4JWnyUF+*3uo)7FPp~MzK?9`71qY@ z`G@~Zu$Gk2@z`9$8X9-W%DcZ;;IGdCX<1ymUkvve|0jM@6Ezho1)=M=J3Bir zqTexsfIkBu1|#icU-=W@RhpEYJvKL*dA~0y*z^44a}MhJyrsCUAs7XP#ZHfful2t* zcOwy*NC3+L0>uq%FayKGTd~36p7*o!yG)J+1qBJIIsIVZ0hk{~^9HHb+YS3Q0`}TG zf2ynh#UXf-Tay=r?ssNY!_MKk(VN-?@Q?bs5}o>(^~a;iYM1`^$?n_lMgIWJO3&`* z3w5-YKLeaGox$8eG~y3Z@7@&s zv?q8y9o=o$B^=fvBmtlXP*lLR16#lB#7>RpXPZxQ>kOQlKYEily4kS>3iz}bm`-74g6q)xV@WFS62koDydahi_}^guI%8YSyt=_f5ODj64k|gF zQk`nIA0&>cWLk-u5b7fb^kM-2mBu#mGgvblcLF752o?XA4+dAu?53IL#f|ZIFPlk{ zM5P%0W&3n1Gy%DVb!s0TTs| z$8VQWz>mI_1q0>$qO7v|IJbgPU$u8CBV!pMP}&x|3bF*wtv(W>3VY!9JN82{7P}ro z!RP^<5XV9z02TNJTZRtLex6D$5;YYiEeMeETE&?Os*~3Bp`+85Hg!btDJN(#QHstO3T(`}R_nUWx`E#xp*7234;+)X6tK`bjc#H=}1R%I}W2!m!6I54>;^GfA(xaB^_ zyosSk4`d)I+rt3Rw97d6MF zK@T`u&8L3IgwG_%pC_aiZyqe~XAjrWBkBNGxmVqF|O&lo$GWQzgriqYdhe5<9&V2f9 z$4PT>2?~6=ghsiHaQJQgQyog9FDV&Az{U>nIj#4*0N^Rc6lLAGc0Ru_LyAUPygrj} zzic~I(N=%0SBq|77(6Y_pTnyH6l4Egy~pzEe7$vqM90)hhW39oJltlu&}H*6@XLN0yI#0^ZrBrBPYSWSaqxvj)?1Yw~YPm&6qm&|kMl z5JD>Jw0s4nk`-TX;cHBf+Qq+f<+*hQAtxvHailGi2K9AyiAhP_ROqM1;LySzTL3QqqgT6$uL^!(kPU64s@gMufBg;wHTf=BempDaZMAMkW{Xm=%Hoz#dtwt40YJ196wI%c2 z##aK-(Mz^UfXO8sK~4;=Ka%@J(@R| zzTxAeg#%}gp5{Hnz1992Mj)Ap=X0ye+bx^-o%WmIgF_#ps`Y2w>pa5Lm-(F0Wjsi; zLh5gP0fDWp_oS@1(MTV&gcKs5#`Fs zwB^1`2W0=~SNPL7l)vspLl_m1V=EQdQErJ)7mQRu$Wm**wSPYPw}&|4N}aaPe03ya zyAHulnn7EHxU9U<6grHdRmg4Ege*bmtt3#=^1?uQ+~=2M{-*X8KQe`ka_SOPRKPnG zg42PyX`IQ*7Ya%+nuye@=C~BDct9PzFh_^v3*51SUKRyK8|4}Y+syDD`H@oTPCfD8 zK1!O3!tU<4BqUjH?KAE^<|~09?)=jyMNLg%;DRL;X{Yr`z7*rv-vwnX6ga0QU6v)#QcA_9!Je zIVXvL2O>LrFp9#cL+X@z-u+R*kX!Kq04>PLsgZAY$3?B*o9_|Pf4y0c6b3IwvQ&ye zaEeyYz&mjU{ak*HUp@+@rj9W^10Sist$w1+>&mWx(N?Ehz^xDHbcu#l)AX5%PtghW z>oB_Grm{=Rl2LzXe@++g>qhW^>ynaYmibCWC1~2?5xoa0X3ev>Qjy?~tG9|GdJ^;k zN$DzxkSp=M?vL512g!mGkEQHGxv)+>Ny-uY`UdR8FS)Il&{UseNsuW=wag?9Pa2Fe z>DRv}y5AyR`8ikK%FVkC4Gj+r4jTPU87((xu+P@~nvo$YA;HV>3;{}q+R8D*$6Xv7 zS=f-3*a#twbCc3$y=|ep@V!D?w5{amR-W&J#6uSe!^Xhb)wAi;s*)5UdU=`QMbio_ z+eQ{^^17gqkS?@lX9f(Odvi=OBAb2=@34b-kQ~5NGc!c>DfWVu?A0hk^_sDo-bw_K7YV;C?PG$^v7 z4Eep|JR0ja2Ee!WxsFPf|78LEeC`6C4_|htc82Q={{HEL#X)r{ez3#m1#==mm7Atj zKdAG5+}GCkn^S!FC=vHq=#UU=vrgpY2@2zjB6~+pC`zo!C<&?Eqysg(D1$xOK3(0g-)QgYpa+18!l6ygv`hlXVu`%L?-0|bDf zW}%Q&9Lw&JEdPM6zliOTB}8&YXN7Gsfwa1)ew_YNNXr2>_ZV_So$k@1l@v>>5XG2d zzJ{HWe!K`exItGJlg@bSOKjU1^gcq3EWi7m6(`Q5&G+HM$`D_j?W+cVY5;JO`@V+f zWDCJNPFdVCV+xH-ox8aX-^{b4*uW#7NUQXQ@`$B+R8evmmyIvSgD^|oRF~bAs%!`> zs{%tRXCl>4`3uiR04Ydb&`?E}+DXPk-_n0V#5#bDSfLm9CN+P-EGQJ`wd${?S(2*b zZ#b*7HpIIw(PcRZB`+krW5T~E2{3rk`MuJr`%Y;hru34rhh2o;XcwS?K({tdZLbIk zeLGd3@JxX-MC%$dk&rUTG*5G!+3L<2G9mK)WOy`*8quX!JR}T*(D7mLYqL5vr?N)*j?Mddp56hAqDSubWnBT-#(2fl86dVlHf>L^hcZ>tYO@+yQVaYK*{Gi^;xV%e6 z_Ds$toANph`Y{j!fKZoxonkP-w||pq)R;$0>~+fo13`iyOzuptRvoo*S!HNkwp5s# zeSb_NP!C&Qanp2Q9(AM~v(#q!aag*pBd=B10o(c-NIR@4f>G6$$mG>eRGMpO+xs6; zI5KSWZ~ebd#ZZcE4Iz83!Rh=mOMetlUgMQcs?T6FShvV-I2IMZaG(J5MTTgg$V0Hy zD>N?%agS_t23_72OgM2127@ewj=DZTYBh5Mc_1T;o@LIia)%TFHBfj7(Y^_eZuSYw z>ieoInf*hy!Asj_d-f#Lk2vEs$y@Jr|HqX}{N}hKD^TEzoYxnU^1KQALlYv5Ao3QA z0s|rMulJM-w}13r&e!*Id}mnM@r}nERdx@!ndC|1>XxOb1Yv>ctPVCp0EllNe2|@X z<&?8a#(zysKqW6@xgB6)Q7%X#hnxDo_)pTR*oAbdJ*?=N50TV;gVExWqAb8rd3GOC=$*sY)M zm07s9$^E!tDr_xGH!%35a;teQ@EV34&;L|vGerdRJV2wQ>3kfCZo6|bv;%SL4$nIn z=G4H$d3!k}Bdt>5Oe6fmur}zB?4Wi_WU!C_+=v^uw(bUsytT-y?X4h8tHSuN6vaEgAD za&~GoLSlKg;ui`WRZrcTYw|~tM6iJn7#T9KY^y#=-#vW*T%|1yed5+pFvWS*8Y5C=E)7ba$tOv~+h%NrxaHCEd9x>8?$8b0_EAbH_Kn^+SgY zWV6>^bI$jD-Y4Q7{X`YA1cgQ!_gc2msI19xqdEEBeE{3OdWG)hS^=YFP2LttLP7$d z;G|~AsX?0I;-E%rH&jLh7o|AXj8VG3U$@xPZ@D7_?HLzb>h~Nx7V$wHcqLk)1uO$w`&OR@&e!x~r&!RpD1?SJB?TM&)?D@?>_@lDE%0 z0=KN^(%`VQB*3R{%Jv-&w6EKLVKAtX;^N+Z{$V_rG_!herhRnMdcnUxw{%hMws~&+ zuZEgIGf6_GM#`W1{kIp-`dUZgE`lL_M}?~q`9+I_Q}?dXcKqGdCyWrpWX1<_7ROI89{UL1!uqI&bTmU5;%kbgUZt z6VY<=@&XFCOiSq09gc*E{x#W&fCApM^VVgkq`19?$#l46b*)==V{`knvU0!-baSVA z{rrki{r8nW@j>UVoft4~2&iNAKi<&4(h=?PtkJBqQ?a-I_;viO$dAYDo}J<^o>C|U zLWOA?DrTP~t6m_V4VCNstNoijF)`f*rf}E zyKkYfa<0qT6zc&4Hp|%}kKb06r#nsGYyQ(wpXB3C5$+iv%_SO0yL>2{Jb0tv1+&`! znZ@}JU6X!d&O(ki1wL$GFw&bG^>PVwgv+T127^zI@Tp;WI11{Hn@MuDDg@EDh1d)) z`gsQl{3cN)Y>R8O?qP6$J%_YW|0y&`Loiym*n&^Qnb%l4_$uJML-L~<|3u>1V{>nG z1`OX5tsnH+-v2$KOH_zgC?X&v?DFYy6 zjf@1QoTI@s$DTrg;$YV|wYQg|-&#Th0pw#YK{N6T#md09H6wNv6J%gB+t?5bdvQVI z%AkZEu}E0>UU)p4^Zonn?Gzs+C3m6F^{JUl%7S=iA|&{?Z{Ow=6u2xn-Lrv=g4|pR zz~}6~LB^wJWh}^V2)sLN3gL6I+&wyKE1(>6um)m>F_(Z(wrId;Tf%T(03EPycMlKR z`>8D&8J*E7>)~5|A{14=Fl#_f{X>DCsnI6$9k=)s1;%Y<30xXlR!$sZp0{RdB~!|v zN{_BU5E5=~^2i6)5(=05CI&P|FPOk6HI;Z(CRj@!OtSYI2_+4~Gw4Y2{aU_D?y~Jy z{?0LZ4-6ky^?%7k0k8@Fx?`ZzARn9k^EfZABAS*oiRpoB6_$oNx_*7O3U25TcsRvr zfm+q<+iHl4T%9Nn=A+knbHB#09hH&MLYB^#FEtAm=~La{+QjWze^tT7b$ZSzvIdM& z>7F?vRqH{?I|tAv3-z02Wbpv;X8^IoAGT0MT{)%_cNtdHLz9m&iP>l`f&Q)4F9H1` z(W{c~CZ6Q|!`k?dQI~5dTn2KQMYKsLFETWu2bQMY2wG~Nvy)+rOM>( zJlMgJO|XjQfzKkA_(|-2YH95GhHsMJmi@$FY+_CZ%oD@$SPj8j0netRlT(UdV^|_% z5>a5BU4n0k=3KsnoWog4tr0h|*yP!kn6rs|OCfQ7^+gh@WAavYdxs?Z) z3*`cf^=2t}`KF7Tj~{jI!-)?>@pUgA@YfSf+=AG~I&gSTME4KR z1}3Pc1CF=I{a+#}_Rt)_{oQRri2|Ph=6i-bt>DI>lXM|l;UY_~*=mRogHLJboL1h65DW7z8737EIXw_9)N-5cZ-Rewf zT&#+U9Hodzwmt9AM!)J%246r%#!45%QJ9G)7Z(=?KVgxlBhJ~@Fb(nRSZov}9ih}z zPE#-yi(?iM6chtb#fgOfrfhOdc5H=doD5_!BdiORoQvmi%}m!w7ij|^@c zz7hqR7p6UUGUHRbWOQzf-;fe6)|l7Yi5Il>D=U!q2c-i_+a!FbKIUuRPzs<)fI>8Nnk+M$er#t4mrlcNK;Zi4cFSJ{JIYk%kb?;4LY?~PzbK8Lk8X@wvR?5f82M9j6NIUSo$F>)R! z`#ab%8B?Nk`SHwhUNzkb=6_63V$BmgX1XPI9eueW)fDDnT2w7CvZ8ryk)PSI+Z3nz zotKIvRjw3r%;Xj4{D6iN!W0v&+en;e$=AP%X1rgd2R}G2oG9wNr4~_4)Q)24HkIcA zi_du|dA1qb>WW{q{m>}0_}VOoplO}!cJdt2T)C>c3n4QYa{e`&)1NUiKkwZDmM z^4RneNY-n6&yi|4-tkgJRc#Cc5to!iyd){(i6RjRtst5lN*S?x+QOSX+q2qtU!?(^ zEV~dbUptI;y|uw@gvI2H-U_4M13!38&C-IaFye!5OTIw6buwVDv!CQ<&)?hSM;M;j zW$S~;=Yi@eO(KO@x=SwhjopMq>ocl?FDQ>bS1Fl$sNySw=ZUq$lK&f9vy3Lv%4|%O z;T3m8ThG_->I5q%gW}YP>QoBO-u)l;F-&od3SV8_5V$-Rz<-ocooO4AeM>!h{3fjWIwc{eu zndix^$69fPMv@|;x(T%ctI^nCQxA}K$8W4EAJs6}pq0^fF2*?-X4#S8Nr$XIETk2xp@@o zqt{RxB1|H$M7WB+O1Xr)6WFf?ZQt`&ld^f?t1?zKv3?sHleJ_oDihx^>PVDmsv^2H zEW7hQw@Ckst&)!3NaMaGRPiP3?$B|lN_lqJE>BT6R96d8tn<$;?W}af01l{ACS599 zQ%`IgJWz1>3h+7W^+64==p$w#HNxD2nLbr*e_P35^+A!vvztTEN#x^RSDRryi8xxF zL49^tN)6g*v!dafB*US(p^V&3>69We5;Fq^|SqRZ98`eWusS1~k?4iZKgUGbt|7YntbLfpp*HK2&?M#0Z~K;Xn|<&(JW- z4syo&Wl7T$arYh)Q*Aqe=W3|ufn&BZjr zHs+rK&6eocOqZhhuGWET-(_7VuXp6}3oXIHT(yadQA)|LY(+L5oKMP@t2|>7Q^)+% zK{}dl8gz5T30ZtJDd3nI^17L*FrVuGos?DFTF8;9e!?>^}!h;=iu{)IQeay9KD4~-yPnqN)Y!NQ1f?O`5ue^ zw)+|*S#P&~0@$eHMpSk!-bihu0wY4#Ek1T%uMX%4!%zNh-Cf^TdL;q7P(jS?iA~1) zjYbl|r;cz*#K@%Ak`UC^p1>pJ2d;Z#v3Y$?m&!EjRky2|V3C6z%REZnY!+K34ZV+5WZyAb|`a zbw%Z~cc*7|Zw(cJZzHJ90s_RX8=r)QuQrMt@6pR zlKpfn0R33x$(qIYvh5Lgf<-AZxk>`9`Sr}v!?)O2%;`#<&Xz0duJaV2&$8di?7Y8T z&T1)`-*-8r{uL4&>|xuB?Cj!l(np1UM(2C3calO14rJinNBwkPSJW^)$Ir4li6}o; z)8KxBwfwMz-tg4=^=9$u&JBPjARv|n28Ta`e3!SZ7GIE)+E2E&C-T&J1V zT7^8i5S_P~L|IPldgT#^_^1%1UA+cQ!~Gr}DI(#av=Fv!5kEPUwR2rs?-P?+DU(Zn z@YyfAMr`=C^`TYRRMCT>2t%O0Zg+dm$qP3O<1R=GIIE!a0q&+tzOeXs$$FF$ zpEak389ed8m7Fa=8XfZTY>NXca^l~=#KTAB`=AOkV3n{{bb<$nCEf@xchPGF$@^4wm+Jy6FVt-C0L7<55jarmcPE=S$UNc#HcFBxhOGb zVeIwEL{7ffPA(xRs*nET;AfUDB){6VJ&zvGe%gSPSzJZ{ZR7;0CaDtmy4CB*LqK2j z8t7lYG}y<+nsZs*Y@MWRd^r7CRz^-o7Xp3p^wrZ7bjBrEq2&F;{kb(ISmHAlmbN2W zWk8|@L@oeAdX76ht0Q_n6c=YWFgSpO5CDn?r^k+NYmB?sY%`qs=-;EX#cRXT&do0aC?-*R)NUkNq7yWy#3JpEKHV$57ALv;g8@cAN&x z*J-sHU@@5_c69SIRc1!J3KCA_J`T?3d?-;V>+I?qCh(&(yiK&Su}!^gbB^hMt5B;g zR9THI1*tp~D3a>`e*Tt&9VM!u%!p%D_nHdSCo$u;ChSfR>EkGXxHBeiTqd~)xmXt8 z-18ZRkwT=KF5L)URpnsBZj()UVNxBZ95E)uKtCW=bP6ibGbVVnbJp;5f`s(Tv<_A`Y>ur7ZzGefP0&(^6qhcVyfA2Rw+*Iz@&P)Ig(x1P=?+ zNWsP?MI9$WX#fJcEi7z?qjG`GiLKm{vA{3bH#{r~ zagOVU7ZPfzt#fOpEB!g&Zw=vk&XiVD!Fav-!-_xDIIgwT2N00}U0sTvo`Ip+B)!ti zL9f~T1uClg?hrLsqp**Pn!=BwqUb`?f}s}|OJccSK7RaYKA^#|wY~jWOG`%7M_9KK zaj=GfnD9qSOTg07l0dLEAT|MT?s=>nE>Yv%3^tsKiVEv5Qs4ajVF5=C&~lOM3F<4T zU~kNWI1{11wT!=FIdg|xJmR#&AP$7(?%X{Yl9<6E8$`ZAxT$4^w|u|TdQs}5)yoKk zYxOZHRSGv^Ge6RXsLIVWTfP$szbH8s6L%LcDPx8G^TL&oZ!Vg1p<)fXn>F8u_kL%m zz$r#eDUxJny={+FqUyM(fd-!AT^Kg>GwxV@!x8kmeNdXLrxP8i((LXKu@g*SFfNlA zvbrHUH{)hWCN+^A-Vo-2tsd2K`|Ds%560+uz1yLBq41~DdC)*{XhH*Y5( z4)P6Q@1OT%yyR;0;4lZyJA;UUO$~Kj8t>cG(1I^M(#Ia0YM)>Yt3NYAx5{!^{&SJh z-saQbyF^oPi5kxMrn}ERqo8nkMeAwy2ZjI|1y>Kb7sYwa%?^zd$1A}(T3m-48W6`5 zcim`u=lTpS{O7v)=WvDT^56g96N=eRc}@=%)+g-Y;bD+L6RIkV5lDyVG;TJITu3qWx2sdrm|x*`!gl|6Uf=j*Xo#-?rYTIh zKB4IWRerk1C^p>xxB%#D&KVN!&tM56B-&+_CgZUbyY!){u(>QkKArm$fZWblo2394 z=;CCl*<$%Jit6UMUNUD2PH;4w$|geI8om28M;8dZldG)zv2dAEdN)cKfT?D&O5E>D zg(wn%5kRdnKibLAxS$0gq%DT@S^v=G1-Z~HXsY=Y;)E|VLqnE`3dxx5UT6J@HmD=+ zuodx(xKLoaI6~+A#q>_Nl$*!vg3RtT2sXM2Fxx6;Z~}czlFjQeS^P`+N*3c}aNWDbDxb*f6q) zk2k(uhVx{+mXAq~7x&R6{ZmK`F9)H1^O~YyFP@AWY}hp6xJnu-eTl&z_n@PSOdL_@ zdESK<&#>)R9vkDw=Em75c>rhW>tp1;qD@Tx{P_gqm+92;mR~)u>wQ<3azt-+OuxZ? zd(yt5=Lu7-Jg+^v8c<)V)uF^!0oKUKoQZTLx)83J?I)6Vl-X7cFbS@ z7@1*sKH-s*u7T%f;`^jY>5L6-vjKvAu&rR8o)-95J{sRb6z3T4$;O1HVD#t93&igLqh%I+m5SeE z%O`kJHOPFNLR&yXWBsKqX*xk04|=`S@+O z=9C8^P-pEz3acGA9h*syQV7XN0TR%AbTvLU)(4dFbfk|`pH(&6&9bhk8yg$XFE7WJ zmlZiY1WYnuI>Xsrs64wVC30Yt@+={uI{>5|r&Rs^iD0@wD2DI_z32{-9(?Zy1tG;ptlPd?{pV(lb6Izw|3)yb`UJXf7}4C5$t_{x4EFmN~ zek@!^x=S8{?Uq?ZsgG|xWl&f)G3G~@=&|)cL^)#3zgQm|!vH@pC-;N_9LOLd%}Sfd zjzlmJ!(W2q#*cp9He?2BusN_flqD3N?ACT#5%w26G@uq)XtJQ1C-eFK`_dJSgjeq2 z1{nnvZT0NtXK`vjkbrB}IRfvW?_kKFrKMe6rp?%7VkmXc>bBf~_v_GTXUeK7ZAnQc z-I+LF;*qQA%=NWdzVb!?(qNy;8yJIYHmiDrD;^4E_I-!2zgQ8wSCoQ}+3A#Hn*r_K z$wx0=q=oX`QDm6&xcXu@BYwz{LwS@lY0?!WYH=hO`BVy!8V@}%9;pEeI{)^+ydPFZ z1LTQj;*;?Vt`60OC&J!?YFkBjL@1s6c-YQ2c}90xc73W;BCoz0ZAu;#p+l(yg#T~JHZTi3f%20wCWPJNo!0Ib zIXf1|Dgv{depQ4&Fcp+z&nHvGI2S5}3uM#d2fvb1Dt_m%a$sWX=XM{1WthQlT}-gPVSbY_6eK%po! zx<|SIQmlGf-OT>q*=lDwEXk{wchq+Ik;6&hDFQYSjBvExS1(H}$u zcTw{_x7}~1CCeObR3s*%CNy>p+(>?G0XgY1H|DpZ5LNARY7P=aNXVE_>M}`{Qi=R& z52vVkNyXtyd1aoRd{ysWB@+_lk9XCTEs=8FlQ#!kt}}e^e>yF_paAwcD_3`*u@0oQ zCl2{qH@3wfC1!Md%GeVf@ML{vHbCLhEkJpV_q26{k54Qyi; zMTuzt@VtHAhbH}Lk3_GWFcHk9bJ zU7@rFhSDh40zu{OrHn1U?j+d}<}g0h9mnaAf=QOBj85*oCsVwMvSf)fF_MW#MYrKcrghJGf&u5#NmTv)ak(AAiNOowTRTmV! zV1eZEWbGcb4njvaZ@*5Wyo=H~vPwhyK6Iz>ZLIf-F@KK}d{FB3q7W|dNc=XzB#B&| z<++t-!|#G#V1#!|6-?f@bIE(@vI=Ljay})&G_m+1v|vU~9XI~@9oja00Fpc$b=ugmyU@3^ z>~2n@gRb8uN8%99bx$m+^?&S1P@7i>0q$~~0_ai&6W{?goaa`O0j(ki5;;e`=?(&t zsNgy($K|aU5*Sg&+VgVOpM6$Rl4D4uB~(ophk^C$g;HRJuCU8f>uXwo5`F@E%jd`~ z>nD`|=H><-_Qk!hNUT&K5Jd+EhxDAI!?lTgn{hHCO^_)F?Oo3==aRaR^A={+t&EnS z^qYZxKoaFhH3p*(De8#C-|v5VB<2!gy$O%o-0-WO;a>C z=CiiQ{dv4`SkGGYKx;XAy@b;isoO$G0PT_P##ntl#1~BtahNE|?y(hc5XZgnTXaBh zI_zaHnfd8SMbbB!c{IM6=l5S^zEM`Jv5`rGEqhex#saXBL}fzi(OWu2d@tzJ(kfe^ z)N27BXIwy81BCpD8f?C#;1I8^uLDQyQ{V$4+SuY^JhS>2l`cBrM||jXMPXT4!nk_| zXVK`%dbZ#oD1v+CiI?#}JLhy_drM_pn?AW~78AgL8}_*o<(I2~Ic@)gZzSggT2v$$ zje5_~a_OaPJOaNLaq}Pud!cQ|Pu&2d4M0(vwUMkQyadAtr`B^=8>d%a3sDw8>!bK3j7m%w3@;2{i0*0RhcU*GQ~KK0)B_!@ajv zKx;b*8dVnf%I$kA^5lPci3Utbj(09YKrb$G8!s}PWk)H71in^fa`pg5O>zDmULS)c zfvldo>8iN{`t|AsPerxYKMtSMeJ8=12LlF1+LKJ*2U5u>((Sf~wzkoG4=1qSGwJ;a zw9zJ8`Kl<=Da(3b$mJs*>zb)u$NJ{A!)PI@^;dhwckei18Yag2Km}N{JvDQPk8Pn~ z!+f?qN(DgiXuTUk;D;)B+vj??SQ`tN1s{KW*7d${$@=>E!S!%1(jv`z`FG^DYjYo{ z+xZ`aar6iPM+4viPg+TB!6~=rCr1)K@dg7~>S)0rh&Smf zpqr$JXxKy07z`+0}!~^9h1w)C^~`&q~u$$IUU!tUbIrtae%iO(d0x8-npNMPt@EAnA)C_1L|V6Wx+Y`j#> zaO7Xq)IGOW6-J9CLC5jxxgL$nW$&yF9R?B@?_5vc)747ROjM6ECa7>z zutA`$t0GJkgdd}0ZUZE0?HWls7O8&q32uv=bXc_fn*icq;>GX z{6-lwEtGSiq;>Fi`&YV|mNCbFV5#EZ-_4eRw#LiRee~@qzh61+A-p5ia@hY3I_QHA zOTGyFQv4C%R2OTX(smy%QdE3HxO{)<2J8(-NS`Lx$v`wZj@P>O@+z3qP{-4o%4PRF zTrCeiTrG(MD6f<1^Aev|N@kPpR(U`OsI3QNG@DFu=Id?pN=g9M*xq>Ssq1aS%6haE zuS)!i;%C{o zKOz^agpoa7(*Z-~uF9vm$~e5x7@30a5*ttj$HBUz=}|F-p3BE9c=ZJOn?zH}Ex zLOtxEa0!VCVfY%$#_(s3=yfIVt)C2O)385-A=2c%CvMDn7*|O>+a* zrgD)Am~s2SM)!s%#91g8>8H_-3bzG-Mv_(HvetA*`KVL zOzd(^O~p4JWyvr6vY=|x^GF0*A|NvQ*W@N5;=V=jc=>dXgU6!N!6vu2HOW!n$pPGx zz3%iL6ECCCwuVcM=BE+AZ)}b)cs=h}e+Qec*m!?(&$;NB{hOe9b}W)jVxnBRg8ZB6 z&QjMini*`eFmK>rJ?v4|RT}^{CLZqd;(#j?r%+HV;+rK@+1wK@;1;W(J(SIptSE9K zP3onOocoEz_p!)Vj6ZYDO3^#M(&vDPnvMhn!V>|x~tu4?bswR3}_S0#! zdeM8tO1UEP2&b)7K3yK!+0mac>!gUP5r9?DOKzmtai~5w>7ox-SMpvi#A~Yf(Vg`FNp~@kqNr?FRU%<{nci zPNd2Q`@E4(7U&(vKQ`rin$D5)6-5FT9W^xN%@MS6K56P8MM9^)bfA!*&!ZRd@d0K> zTDR|gn@>2fn#l6@K?L3}z#lP*RY!&mLx1K_C_~VL5W)t~a*+6wxG!>y`*fXHiS;VP zW2e3Re%kI4p}gFNi;KI)?kOFRyd9oeu4*hgJ#X(2d0lQ%U|Zafg&&H0PuvBGJ-6A!AbrFAG^`@%Ix|!2Ttb1J6kN|#K zDkI3O2lHT%C4L6ZhYlP7Q%DAl2s6JuA@YI$VAcT3i(JdLUZf zsFozlEvfMb^s?&h#2Ir-%T|xLj8(OR`O6hJCY_qV!z@zWrH9wQjec400(hrmvfBe+g;9`~iIVVD~ z4@8l1mv-X6EjsyirTd1Pt;Pc;OJYRc0X~4gOqfmS*sOk&JG1sv>Gg)9lZVW63?$-! z>ekRr@2{oMkJj!_e4bO5$HCPs&EGlQQJt}w>)$xtdTW3(aO9E5@h7TTKJvz00*M&; zJtmkf&SsiP>n*`uI7l?W=2^a+wU`K{*m%#01ztp7PWM%s=> zUSOE%y5^~elHI)>V4IFPpHDQp<9dSwD6X{u8w^UXxIAz?8?dYzybYCm@(2cMj2^L( z^pNi6C?=>f%}rritVy@Z5HbDkBVZ3;q@YPh9O0{-DL$;OZbG}iL`2>Fce;Na5Bd75 z@JG2EU}(Go*zr-=@(cN1OCkRVR{(6XmUm{{y^`p(0_XCuFgmD$Ip!j#d|;sijJ$9& z9JsDLc{p;C*?&Y^W-jBwq~hgb-o~LnUF`2jh{x;HsJ!H%_Fu=+`I%~mhbI()BItlt zel)O5;j;D>48z|;R3he@EzdWQT<;wA#q~b8JFyp*b!OavW@+ji*L9l@%g+1N(dn|v zz!_sDU|};R^L3Uk*|npbgRw~D9e_DA4w35<4?2zwMjG_!If$-A`J=!dq0Ry)-}&b> zO$p5`3#T=v<}XqB>PtHovA0&8lf`79+6QktHqTq;Ce5R8rcHKqK~euomm0vs#K_F` zz&Z5gb%(~b+s|&0rwe<7Z*o>Or>M`<63RJQ(yD2&l6v-*@{8Y;=bL}NID*3G1Bv*` z(|(Cvwrwu^%JLB4ypiXtzf$NxfsYcCogLC!TBcjd!1%A`#s`-rWmL9Fw-8LUnxz6g z&bCfxsiHyTm#CFCBS>R>-thr-djlNopuB(CEX?|j)2wRq@eZiPws*-MiK;as0Eyp2 z|IE8gtJ>fD4jr^Zku%T&aI#C1d8B;P>u;T>AQz|rf!VdM!aAj> z?-~NzdcX)V(DgMU^N1BZY&4^~TKW~M!qC0MlVIpJkYGvruQjq88Si*RK(b-l5jA^8 zQd5%vx?M@&MgkIYz+Q3PQTgz?v-5M7?pV8Q3Dc=K}z#7%=mFl_;3BwCI@`Kg_sL z#&#XXKU%cjE(|NJRt6rAtZ56gFo_ZQ2LLO_K9 zbfLPsfoW+3wRLq4zzJDPYres?{3ZDGMn}yS=iY(f6o0aZYdWdjDj(pgD{@axHU1Wi z1a2lod|tLKj{;D##uml>jET_b_S|BqxSR$b>DcXQ zIoYlzu6ZP1deeHjH4^Zw?Qe$&T!CVY6r$qob_Q&|a84h{1jWVIReg@n(Sh(}?N{~< z*YeHbRfFT^>!Oj2VFt5aO1U)hsA(q7w&`C+e9oxU_>|nmJ+4gio#$nXsyvO>5oFB{N(rHs(!cA#j|$RlMKap+%*Z<9VX>fzO`VmI z`4_7aDkrlY+ggQP^Z-AhkXvMkZ-P7)ZdQ7$_PYG%$8OuEa}Kq$7aN}h@JY{qr0xW9 zjsxIVqAAvBt!0rJfV5nf3AE-CrQ~Y}RtIfsDjfEDHDrAKVXf$%^{E5m%qd8E1puH+ERN{N~P}#0n zJV!^tKns$lR(@`dL+XY402C2h@1W?xih_pvYzfcurJ+w71R>5WEAqafWMz$}3CH6! z8zHXXerGZWe5sxZT+b`BMW_Xoo!0YP$FWA>#-c~}ZUC+Nv%-tGw{a8x-u3yx!g_Uf zyM(c%m#X6W4LU9+DAW&V&U zVM6~;CGvBSCWr{6GUgz|;{u4nR{n6v$`o)}h!nTZcd<=W+ghkPt7}MS_?6BMBgTeO zBx2;*BWT$YfPVB6kmRc{j7}NYnl&Qr^y`}g(4T8s6qV}5mqoOZ@2W*iYB(xMy565lEVK3K9b;B_In8i!2SRdvgBcLJbn^u`RqN!tGQ#ODJhNDn%Oe+Wq<_Ug8EBO5W6TgHY$61X=-C-G z3dBl-JF$ANWaESmDMYhcyru)7iMia32~c~;<1DZ^0k z6_nqMo0W7qS>CqAmXf;f`i+*AMp@a*7UtF;KoOvJF{+{1GxvcUCEF8?S<)UMEs;YI z8~xK@HiG(cSEvg`y5#ZD1Fu3YQR!xtlE3s_us;h)?_pcml=J(bhAOO*#{&#Pg&DrG z-$pSJ3@=-E#aTg~=x*0;BX4!jK{W($yvLA>DDFLY#cjY@8_SDCKQ6PClgtWlVf3yg z6!P^0J#1&<&Np@!I0ZK$h4bJX^dn5u^&yHL+lFZCNNAZF3saPh>=I_PIh2T7FuSj+S&LmObX#4dm z9ZWq}+RM?8PqWmeiy%Y5gcr<-C$rn0`z64L`aq7a-@o=@s5o<22LNCpAB;sa8_C$bXt@JxkJ3hy$0I`{ z>4VX_DgdfwaapPHk*Yw69HT^8kY8K&MjkR2IFdpB{eN75mHVJ@Vs|LH(4tU6!W*Lk z$o)X2ptP#VbAL*SkJNnR@gpJ5U2tTH=kk}q1OMqMWrmGM~l9wb0!(e#CCC~Jcii)yC+V_;P8v}_5 zOS6?sT*|v#PbY3Z$QaMk2GFLDb8TX^I(9p5O^%E(z!u48KF26OiF~~xVd+iGc6?_0MJq`OWAlZ;_6!6v zSl{|U;uz02O{xvvtaj-7fJwCIVZ#GA$O`WOT&rdGL+uQKWoiDzAEiy{lB7Q06$Kxt zMebK+ot-mGp8Ns;0ueF#c&@ivUcY2Iy5t=Z5vA*8ZlBU)to?9Q$BS@QM4b|+Vjq-> z98;K!8()02s%wzasBAujg?G>OLREB7%b#ZcRhrtcC&uh5gt`TBn~NYm`^#(C4-!j7 zZ^M38R(7VOG7cKxD=90lGrsWYlG)^V&RhkUfRXzw8F@n3vwQ>`pScB%sm=_;hXO|# zS)Hc46EsXZf8f~?7;%(7cL8-3;CM{EM08iDBH$MtYfa2?A(41D)i{t=oo7~^w~ds% zBu6u(UsDe6Vv~{|NWvc)$`Kg;AWi8ITjg>v6rTnoC)MDE7r46%N2-laE8K>tPJBVJ zA%X6?FIeb8B7NlJYY)#h9-h8)DPHx1P)>&kyfL{yNdx^yYad7C(XHeL;=5$+D6E&o zW@~H})f$oVG`P+00Mxe)^M}o0V?2G}3pBw0!q?ma)r={1=#) zRyN-fhR@I6oEK%~HWr7TSpEDW4}OJo4x*1I8Trkkq|T7n^~rL&VYmp%#2v zlLZTPm_WhGhQoWzro1I*U`0j_IJ<=6fvB2}9#kj+S@z2H3HJWt6>d;C3TqZ~qKrX# zH~-+;rK?(nM!WArr^wpW%#yyNO$y*3&&|)%tCmU@@-yqj%Z%$4XYY4% zvGh)|zSu^ZgUMCdgO*M4r3Oxb?;8npYt8KM2qI0-jj!7)-tc7xKHs=i z)5G*Rt(VMDq`CT)k0bgVsDTIR4DAo{QB8dtkUh_O4uMM<^L3T8(bMhSynT?Ko%JBQY=DPUy+KgCW@z7fH#>gT zMN;{`PHZHpCv?z5X{*++j$F2)~~ZQnfVy%wpixfHRlU5PhU6D0KHNSj8zs#MBBMKJGT007Joe+{E zTH&*a^X=`hysk|LCG9M7a~(;xs*aEb-V9kO&r2gj#c#6qzr_}AXp74g4Qqydi1bF- zh3d&ip6;4URMW{Q58b=bg?yq74n}%rTRW+R5DP=HnH)*ZL#&M ze301n_mVMG96zO<=Q>`j{k!;7q0+Z~3ZBtlKtfgXj|nV`=G!^whLcCw6h&SAvL~Z# zGRx|sc!*|mLuPmQ{EI$QtE%Z53&=;@y1LKw>Kbjf%oi6ff_IU2_V-=VdYC+168OQ^ z^M8WU-K?`OUROl7`-uVqR}Zk9hk2VU$?JU02J$#fcH?Lu(M=}X!-1lIODo&j+uhJ# zfUKgh`E`wIFFv=UR;SzQQuWHM!smSw9?ArrseJi&W&5$T-&7O4Wcd6;cP6zouWxHO z7@JKvOds{Knpi&VmZ5`5xn!o(#;Hf^T??80cHTZWK84%XtqJqCiy!zC*FsoZ1chG1t<=pd=QlQ{_6k2Df%ghp z>~H=3seJFStwOPVo1H%Q==;NDoIQP^$G-M0tfx?Ku$KQ-8La!qXo&)6;5pC$M+I~tjw z)8!@?d#d;M%MbH-D6IXazd)}LQ+`5sJ2QZm*^x;1N{a_$l9kqc8N~r}{*L80o0uh3 zImUw8dLHI;lJU7<1)JDd4T3V{{n+o=91mtTXih(T3VGMa(OQa1;WjJWUo9yHjAXVU zVq8Ar5n4G#2|Y+eKldF&Ovg?}{QKmt+1z-ELDw7XEvrx3=_Zh#i!!aojCs4JMB_`* zLiWk2X~XioidNg(E%4c#1{E`QL{Uf4ClBBe=k!QNv?FSXVpJKQ7!nc@?(Xo)x?L^g zet+!@qobpH1uO2P zj7^IqWi5t*5NIHUA1q-Y#Sqpfzx6gr#`u?JS{fk%h&=St@qwaY<4Jp>-ww3(Y&J|# zi_U)>Fw+apk0`dFHDCNjazyi`IdR~`?rv<2pW`1b*<)Q9#h1EtK00jL!2G~h%B{Ju z*UMTKuvet*{da0<$DPM!;o;vZVW^PUD%e-7Ph}KCen^@7{e-Ue`HAAUbe^fbKlsQT~Lnhdz5~$fSuV6z=lzVNW_%19iMd? ztZ}$ra}^eji!A?aTTFCn&FxXC+Rmu_;ZTjvmN(SAMW3wC_$kYHq;*TlI)X$fpmfMn zmna@3`vhtupI5n;x}VwjM3`c&?DA6|(RO-U@=J&O<&C$&?|(dV)l=j-T{>r-J;!iyZHP);;bAPvfG@kUMJ@FN;wd)UCVx$t90BMGXSO% z?d<^}yq^2K4{&hQ(jCAFw$Wuq0n}$h5Jh3(?M9{I@4zT|k7&CV@W1capYDrz>;@ zx8&2W>wIq+onR@9U^~Wma%GDk34ABcZ?yAzcE}jf8--bhosKbPPRo*TBHM8=uGL{r|qB@8~=F z?gNgP``)qE+H0?Mt!wSqOuysS$ZMAmRn#xMr~O7+BqgWv*jMzmPQ5WtVPPR?$m|E( z8-&^ncuK7npwG_EZuxj+eNg6x{2+lC25z^vwyD`elcg+A1`;M zrxvuH+v}nOT8B>~;RtvU!_RM*uqvuWsBxl_=3d^>v|39&xp@8h^{=t9uG3RY4vnJp z<0o6$br=wN;`4M#`S~2GH@ennt&~_(%fMp0TGc~}wajmD2*f&=faEFB0#{jFDMlAt zgsY+=2X9A=Q}wU*P4RRT=9@pZDg{*Ez%L@uK}{Eeu-HOvfyHDaxVGJaI~sYC(AN+_ zi*{Zrnq$`omKZp@9?MpPfc!Q=_~fn;Xe(R4B0QK=jVehi&Nq2HU#5#0QgtTW>;L+U zYSxDTeM~3cD~#KAD6Pk=}jGr(X8KZUb2j0!&uZro#6PKX@duG5EO55a zFCT5}^&3W@^!BPr?c;(Kg5hfNIHB+c&MS`O)DQa(iQ0+pk4DDaF2ckQPfnaR3aji7 z!jT&BlA7+v+spDVvB9Bcbbf3DI>)6#P<~Bv0Ao7{T@=1t;B~@G1rr6wq1jgA2DdH z5%jz!w#tgM4}e0_orlP;VlF-tlfnAmQ%OlW;Y8^MLtdg8bi7t`C1+~ ztQ43Q>EHXL`s%~%-Y}c|W2ywhP{Lu{dm0XgLPxsZb(ts7o5e@|_6f53f)|oI^Rf~V z8wHL_Z=(hpFl{z&O$yxkZo@Q*5(0x}4`>SAf|^}2Y3OgCvyq2*tZ_g_`<*)rEz;btfJnZQn8e*O(KUun?tH1hQ%Ma6af!W}J9 zw0Fj>cr?|lq;HKsq9mw+A(S7BbF>|xP(K0|GHlcddI#1gtj_P1M~96^7y;U#tta>u z#c_x+oH9g^93aKGn)Y$gV>_q-;VNnrkF^9O9rQgMDUkF!k(4ttqd+ecUVgHJA?h}( z*H{FsH3x?kCA-ZeE@bqeM~|WBuF$wV)5md+Ywkti1xpwFWHNpw7G#x;7nu|&`J71o zAyfIvpsaIR9fRM4gH|_MkNcTBcqBzkFCCBMJWODpStL#p2??Wr`AwN>q!>OW$Gqvy z#I!REc&oYUR}t4N%+0USfWQ@qGoQ8kj?m}H?bP4)^V!L%G{OeK$Yc>`Dl40#>E9)` zTU5yvW2*NB0?NntY<;?=TFI(_|C!^661{9@$!{S@Ww3<5sNN)xY9V39U`6pFGb~Td zxCL6mlT)Fx(H4g!C9Ec#Cwj%24x}2C9ltB3D(?m_4r}P=Qt?$+&lPwVNlENTo_BV> z09BSk4y}a9+df`rXCJh*lY%&SV&wRLRI7j(?b-R=G|Jq((nt`KRwN|DhCPRN1TTjw zh646@kCu_klf@!YJ60S#2>Q&a{cHQ>Ud;r~2#O0FW z`?<@AJwe#m5ebw!P-5UMw^`U`j}Y@pT7&`-i@9%}QyXu%ah zW^788z;npXZXq+xv3XhyJ+ILo)5-XNm{Uvf{qYI$vrjfmUm+et(Y3_{XyXZT>e9&5n4{dCVB+xM!PkR-25YHWU3jwvw$+;U{)D~0V#Cf9}vS?kz zy@E)z234Hr>wWN0-plsJO0xX4av8xsy?5jo21{sDhtMo1E|q zVoVXl4+`9N8J$APq?%K8&bH!)b`&a?~pt-G)Q>Fi-B*DGWsq@?u zZTzDn>&beD*V$to?J`drm73qm2_&UJ8#*c1H#R_Lt9vy)TUvm|5CpJH``1V6Ys_{I zfuKx+P{s1Mm#wSglve=(3%gv?7??z+`hXV;wsqqcOFaav()i z(aw(EZgZkH3IIoPB@Q0A%#=lg23Zb=<9i`=gD1yFrPgaI;7TunI0kAK`|#~kBO{EI z6y5R{?{pZoTb2V}eIO*}Y`81xlIjMB*oykt;q&{_)j_tKKObZ&(07HO zoLvlUdP3q^blzhR<=4GBBQ%l^Y(qM)$g1NZgPf6txq*Q?=_+~L+}wb>Ijw8GP2b$@ zqqzGCpi`@x@El8#U)cxjQ3OUeY$q#Y+;?XCGw!`yrKg;;jF3i@8|jWuU&{-Nc&Z?7 zTSlKm-E2$+j`vqKmqIxX!bMII^uG|_(yGko*bJsvS}RVFjK)Z*z_O3M;AX71<=a-D z7PqNYJ^hK^QEec4@{rA;tKiaDT%P2+9gEg`Q5iU6R3zU4g(o1}#D0HNAz1BxVtW-G zlg%aun7H3#V|zmp(=X36pM%ZgazEKlYFa%vEHp7RjPk`MEOp*61xyHxjx{u(t0^!i z`$Om3CI>5F;5JJg8Xo5GsQ;kbW@h@2_cXsNXyg()>vUm9bd2rUR2W5}nO1l2K zpK7IV|4DFmTH4)RG{O_5e7rsN@@3astTXIa*>8jp@$vEcBl$5PA4BfdgldfgUPg^R zT~5KuH?)mB0TJhn6j6?+>+dYgm`ppR$fA2%K#kHx;8V|U6x}7z7%;M&;#T0`Zp(G( zaIg=eXR$PrBy}1hkKgQyVMXoeABxQfPn9%a%U~%!(P{q8bzkSbD9i8@k3->2cYdJVEurjHA-aTW?x(2I{w|qzQ5s9eh1y@jRWbJ2P}tehPhN-;X6A4IV)xhYvU(+;Odc`u)td zmCSW+UwXV-LOws%{>WB-7JxOvH4to${m01=hbf1^OF&ul0CzW9h+g$HnYIWt#~9V zc%-O>!?x}Bqt;aD5cd2|NZSM`_vV=}^%-@pZVe=4EB3j?1lPBmcqH+eQ$c^7JaY1w zpOe$*r6_9mm|@@hsAuXHxlQZ$q7${4uwG9hU3hrXV~=q)S)wcusxqXCm3HV0_Q=L*;%G1idbPP^25XV4ZDkcfo&c&vPUhg_dgL$`PNG-Gr zR{t3NeL7H&H4Al@ygIoy21JD%582E_QTCUG+Jfaq=Pse%PKdf6%lpX^!z~JeGwrz& zNIc}z$k|lA^>xddtxDa^>GynjhnsV!Pe--({cZph7Pu26&vrhE)5K)V%vdWXw6<#x2yC0SDuvHeK&TVY`v0*}*z~8A z?#J~Vb3YmI@$omup(H0W?t~E3FAYlCx?1OQ&4i<~IlwuPDn1CJt?$qBSV0R8dR~5hdC!KlvD57t*S(QqiQdSQ z__31@;|=GpfgzM~btSaho{)n;=qoBJK1w~Q%vmXOFRq$}23$b_+;?h{7Fl0AZco2g zStAv-YfQLW?W=*G9o}`UIk}4|62PILBz%SsgqKmvRWknP;GR}$dzK~ePl<}A6@FIx z^aSmkhG-5Lc8LTjdIYTID1MsUrAg$Li^CtYI(EfKxcgkX*u4lH~ow&$KkF^ z8DSFjM@Ite@r*^xe#w9kx#}Q29f#j&6YA(>PqOIzd)DxEMK>pmc-7Ig%@>cE?;)z` ziicxZuMDe*9*fS0+aK@39LY^lSvxX*S?AzH>Owt-$6Yo;L7yu`jm4BY*fw==J-JIo zlUY<0UboX20{9gP`l#ugE25Y|vlG3{#zqiA+qdtKEtdWP1jY1wayjZQCX<%wwi&R?>*Zcq8FAn zNZGb;A~#X(fWe{h?TS((>&*j~?fL`{i9ykGLY>N12APL;P336-eSx@~G^+vrnDDz( zoD^N%b_aP%|L>KRB~D!~xE)Mfm%AnaZV{jXsc=vxFya`WfAdVv^@$BNaM&dKes@*} z(ODaOEU_V3mWDL0mZS+sQBJ|)?I#|6-5gv&>`jP1-z>4k{Kj^E??VFTPV) z6JS2`@&aWZBPMlV>64=-@i1SWmrQOT4ljktTu=Jv_vGI>5k_((@rf_s4+LWT3UF@B zJd4=5tlcD6+1O_N3i06xJ4ez|*c?*uFPvzmE%G{a$u%Y!ZD?gGL>RJu@Fc1}H1+5j z)5xWU>8#hii(40Xf2T<3#jgtjnH?#g%CKk3qk>wz{`z|YKGqzz^-hK1k1c5W4v*<(U;QRBX4u#7~m9KG!bs?E>K@ z5YOTI7VE(!z;ah)jass>hA_G)*KwgvXGWrZet}8qTtGf&D9wDVl9+QsYWhMzW{2?= z`&@EUy4opQjx$DHf5f@}lM0*o50DArq?FZ!)O&&zYsyix7$9B;R+rh?j-=A&um#c! z!h7+ZCLg!70~MQA5s+lb;uV_Cfa1c9i?bA)mSrrSgb(t)R64eEWhsC^X1>t%_@Fdm zx=WgHT9GA%MTQt$2joCRHhIg+#s;`^c7`3nCdQVQ;LuF3$o5m?&;THy{>U#c^HdFw zH>bMt)i}mI$8^OGen$gyczvK0M51FK>GtfAuyS{PV!nkpZVsDZUD3bI%*2u2ho2v|)NpIX8%YZ8ia-Ds?kOd_3Gn6n-UOztOlx> zn3VK2K}{D4#g7QRGESpKZ~Iv#k^BL(;(Z%-^}=X_xGVFhm@3wvuU0T#;l#RVw1}GX zqX2BDW+27^kcRQ+lE=!HR#pHglLJyspchv;$X)U#^xfy6D$b3KCBO0=Qv`R?3kzd} zUTapl;8!?T(1^T?pG}>WD_%C_;_zqF!f7$ zL6T#QJi9aU)7cG~psYm`pU&lvy{?gyhd44DB09nd-{#ngcxyff1Rc21D~XeX1PFUB zr1|@|gY!A-kS23dih};8%7x_n!e}gT$M3tJQ}W3VAs)W|?AcORhgR?IE;q>{35AXP zT=EwsHud6x0opV3LKARB54zQ4P16OCk^4Ka#j4XjGl`Ba2}k+}anMUk>x$47eHy~G zzmh7xbfDozY*9!rkVM_upQhi~L-xY+dE2gqHGF>U^{3AV%+gm!w8zNYc#UvCj0{3g zNBHIUODTxLo2eCq;+mxV@~L2u;zhHo7M_YyYCGAB1o1oK0>>nD6#jc8Ulqk2ItUXO z;-U4lYw7hTgfd&Fp~bZpZlqDXF1wi7;!P1-q97vr#4U2ZXe5}(%t*&^t;E96F$$bM zNpMsld_FqO&HqYxMq|lYSXtknr(B?r5U96wK=_=O>}G+&f!~eMvz=jKHgY)-h4_?o za zrM!Dg_U>SC!lP?LL$k*6=GD@sowf5_19IR##9)8C;WVJk9*3ldUEZWSKfNk6krvxK zHJYOVP2m@);V5!Ay5-;?4N%;CF}k|43wxg7Nghlz^?064x0RX5$z;D7Z|CI|X(fbw zNGOIaYJ=S5sEKcfTt2A>nM!tZ_DYVaP5ECez`=KnmoivY2AO!3JAs6x*F;Cdwmd1K zEtuEDR}03k+3OowLw^dge^tL#E9>1eU;LC^4tSG3i7$YsWo>c85rdhQ%jj1Hux~y# zZ$oIsBeo>v9ajQA2Y<<`6qjDlG4n`|qh{Ftkkr%C)UKe;kscjfoS(mhKsCzOh94FU z-Z7@iOFk9Y+p|-I3kDRpa98ZfudXE1%W9<>Ut+EmsqD6?7Z?OwUoe8VF9!q(z>

>$lBEaZH` zpg3pbAx)O*rT8yV$&COV|GS%WJnXs9YYux2)V$-Ag1@9p&}nyU+&VY?~1)Zrbr&J zmY33-#vjsV9!|oTD-LpHY}|+}sT};2qqbey=uy3v8gR;QM;p(efi?XK$xX%F>kzY} zlew`tMDyFs3i|sx-xE%!H!j6>*UuY%RL*pmY-&=(xHdf-uMG!N;R)-t?@(SSFIE=b zf9R5BbmkLFEA|=$Av41w&W>7yqXxvsx2qiR8z1~UOxtje%bM&KuDFPb9QDWB3i3_$5M~9lo#r9czcHybf2}d7y z!CE0`6l4)VPus*#Hdi($oKQn)C|B|-E<la@I2j@IKj^>;@^>s_c6MqUT7-E8~em!2Gdy z(3CcXkL2Z7+)ifNP%Cz5&aQCUTvhfvT_BxB!t5ZA(xV{CKRZ8vf7wA{Vg7Y71AE7; z?d<64RA^Mv&lD+!Z;lZ_#}Aw5uGM(ZB{7d}3GJN&I#Gp6e?`v)3+Qn%EZiw2B~+vC zB_RR9zJ|ns#nmNSD^WYXPoWImEOogEI~%O8aiz~z3F-*(bczmXSXoW(!D+5D$m6lJ7qRfx0SWrQ+JRHGUm0Yb$5S%iKIXtyEcL@gwyYn z%{D+C9tiry0+w%yqaelIc9IC?JXImbCAOFP?8{{HRpuf8fItDURW6awPQd3@4fjYn{e7|*7MVZg0`%#_gNC!ZECC7m>J`1F zewnd(StF2Q4^+JL%G!9;N5=ml%CGG^m$v8LJ(W9mkfpdjUMnjs3qm=XYG}>aJ=*1n-G-doDQ$--bZ>^J{PA0rwRewyl&SWR?fan)y^SdSC7AmZR366e9vo2e zCg4>}Jj`~q82A)DIjIHGTh+vaw{E@3BYph%@o!^ZOerttSjRm149(;sQ!88Bg*Y?< z);vHfdb$id^ zhD2;a8S$jS4*(nT(64EEU0qrrNSEH%_mMaJe9&P!F{H~yFQ}!%>pF=# z7iIOI6GJ26LsMA%*>qUKL?`A0H1d9FaZeyGR6Fi7Cq33v=kv!ETemN2c}Hj+FJ1OC z;U=3^{RtoF16g>Wo-MF}gctUu=*t|vkXyN9JUN^<#wj)OF8kNd`SL`#Tl!91?#tuk zQAuj(5#6vobJ`o^Inw@GG?=G_ZlL5lnC0+GID&qFM;{qXZVt9%g3AngviCi@Hsh>8 z6;6M;OQ><7O@V~^uD05^J4063-$RBdvM$aY$fKgr-&S@oGW)(clLq$A5u+3I&HTLI zY&acNQBatUE>1M{=H=@o^?7hQ%`Tc8zci>7!4uj_bNY~`by&PXOu=@|=OBm_wwHUzw5f39$J${9q$l25T@ zX=(Yxm>2Zo)!D77tgMV0M6i(u4`)nO(6M5TFjh`jlas^?r%ADsMfQ(I$>j2s&%!e1 zA{26F(b;+jza1R1buu*B6#~2sD1VNRKO^pvUvU~=NBIuJsrkC_fXaZ^kNzgg&Rkm` zRw;c}s_HQ~=>B1*e-yyjgkIh+QhFH6MjG6A`Do<#Z~5XcZ+3RX@A4hEl7qK)hXs9y6uSB_HbvPhMt}h>L=_m zhUW@XZl@X8%`Mb+n|r!sWG>g|l8g0gCKsA+J_zJ~j8F8ede2s8n>|r35IjF3KKeWX z?*?!$Dv}q~(?l`DgNvOaToMl#rCTYbbv=QF@Dn`VoX?JfG^~EojpQ)BVIK}W7=U*y z_umb^dPUd^X{_)TA@Y8H;4(+MF!O<@+Ml z{L0#IZ85BjLEgQGalBGTJ0^^~y3b0<(23Ewak}dNd`80l>YKIB*^0fqUs)2RKAkw>FhsPw}#_O{(lI4nK%8rBH7Mu;E1u1B;7uD;WDoJ!Xj{EM_ zL9^>5cVCT>6rNME48Qud$6FM2p!Q+sJ`PV92ad)Ti)IlTyz1#zY`{k@8dVazS0CZuzYOMW;Ex;8%|9%NwXvI;N zO8+AZKO({s{Q?80&2<*q>VIK=X0i9Xv)K%SBECY@B>aV5s^mI8)S`+W3sdp6E&zXU z3j~xuwF2-|#qt9k3m@R|M@5DsVap4dRA3RGZO}Cnq_rQ@zu#eRWs?T59jOcA1rqqZ zHPMern{DCmKE2z%zb5?T`x%}5g&`#GUjdaQzY-1!yc{auIp7X!!YSLyx?a`JGJ$K5 zJ+craTRMJM+~J&hUh)pxVN5S7^&+0*>pF(CQd7M71x7rZ+^-9P?%g~jVXar5&AqP> zTu#Qd4^{&@UPauYTkiwXE$*{S;YwMKM*Sn^`(Ls^+;iy##j}sSwpWqVPA%&}Dfs>B zo){<9WAxp4FMA|s<`E%)7Tk?0Y5G?pAsFlFZCG+;gF5t6UG8C{fCk@b(lq1Y_Kp8(?_|Fb%|#2KTdO#2$p z^*6&fF*jn`Ae~{ZgImp3B;bM=H6VziF)d};tw8kg^T}mX_0WOF^nD?7_|xir0&D2U ztVJ>%=qHW`%>2rogh&NhN@_kcM(V|$=(%K=&exgnf44M*{YuxkIfFc-!}o0Av~J&S zgKKI?2qr+jYK89Uj9v3Vw3_+ zZRMCt#=wi8W2(uxPI3lwK5jrzlm3z2NWxHAzGvVoMcnedZazKUO}m2eKV9+l8j^mm zblG<}u>0MCSO|vDiiOi|F`H8}twE_ZQmgkZn>(~|C~W*?Qa| zlvO{;tMG}+amLj1^#jfx%x4?)t-l|!tW9FebO;__0}9`Y^Je&Co<%3w3lu!QgX~2* zzqf^szlBaX_1ZNAf}B6^q0}O7$*m%89}dLILymtwEGhCwE+1Oo>>;UUIv8npbf8fPz8LhW>kzlN(VoS@0>KsA;Zw2TascMx0+Y5N=O$Eg#CeQ45FNM)!h<49a8{<9?HWA1nQ_Q=sbex zyA8wS8NYyFAONGw2oe=GMA)zOe}-QWyJQA1;EaPXx1u;wDED>h%8?*Es|l8~ul%p6 z7P^|XEw_{nM@ynR_hW@}+feQ`5o?3M(^FUbXivTqU6O#15aty3S3bW{q5ykuXh{+I zuJQRVcR<0%s^fBdzDJZ1$Dym~R*aa-D&}57T;Q*xECI1V?TV>ELdp>$*X{el=eV4b z@|2iYb;tqqAG|vKu?XnJ^TASFJxed20sHg=zdby)gMjnCx#o-UdfaP>hegR<3WuK# z8|0?<*j4urVh=Z0g+bJyB>F{NLMa z|1ZzrD{tVRC-UZ#f9*8T>>oGM|NqYb$^7^Ee>g7xUoBcQJ);p`XFO6ch90mKNF2x0|Q_4ogO9GOnW6{_Ppr|=8) zQuv?MRH&rFD6W}h20|=s7nkK-SWr#``7P-;r2dKllHtm?rK0jk$x2yN48Z2Rd*jBp z5Ti!!@vfavf*~wSfTYeVZnju0`TGqIeNs$4Rz>pL)4H7fO~_1%q@=m*#@En%O$OW> zJ`C|>*Up~&qiR>$_CbZnEybgeTNs_wYbi&3*``Df6B+LnNg~4ZE++a$Zo!WCSBfJy zWTfVt9S6zOF$P>=jDsic0|zHgBw5nZM5nN8c(|B<_h;!$3A{AkYV{z}IUFV+_QT0@ zW;2)rGe<JD;rc7HpEjjP8lShr91B6H5uH(F&1V`=4Q+$X)$wSfbYKYqJ%&$B246 z*=2Qc657noD|_G$mO(|rE9c86e*d|?`x0z8^{?4GcZWk_cVFa~Uh0l5MMsm=|8z5~IO`Mj z#h9rVn!p4^(c4yzuBFYcU=5q(!Czk3*!8n1H#yy zb2OTWSHyBW;Q(jFk~&+GfS^uV;c`@{{4D2DlN${a6_Muy+iS-{jERf!-=^Kby-|D* zF@1>EHj|0^C?vDWe;o$vV85JSufWSvIf$+OfOSf}_(crvo|-G$Vd+^F%bcGnwffjxvx$khO1J9(Pm@HTpa-@}yT+Vw=q>IMG(ob*PpjB~1NLL>6bc+#0{OBo=j+mIV#vb>MVt!9xn_#tU$gD9BLBDT6-GJ2ih zr@g`7(x%jI5MZRTir`9>!i^VBzo z99o{|CxfsbH9*|-`oD%tBAFC(*2@&zheCj4&p@9&__Y0$vT1Tk!HH%N7Hs7x5wifZ zvOyr_``?k=v6^}3OY(oM2)zXE4Lc8|x{ncHMYG8p{`ilvY&(I7wfvpLqO!SYIkQBNp-yX&x#M>(F z;y=A~o?^PptW0g!N-j{x&M*IK?|%dY`!o}Jhp1sEHWS5rl~7^%duK@CoMvZSzZ{sm z*5XXCs@Ffduc$pGO#87sF{lrPf79o$)(HyS^rmN`!1Nh0WqKp+*Y=Z;Vpi|L!NyF= z<`0C~BhM|_&fTeg84!w@xmh$4^%b0sdN%9`rq!w&&tX1$KFO$0)%;XQBf>ti=%fs z-wUXJqnNt^bnVwx6})H0b>?QXVCp#w;LrVBbU=h6`~uR}puoUwb1_0G?=y08EN!tb zAsk6a@<(7Jsegdr3`u{JvaR)iuzZDkvC}Cx5jMfMqm1MVMs#6b!p>v<{XrlEFhh^a zVV#Oc%fyhat)&R6B&4gtqfnA3bM^!3kceU(V6-JUJ1Ic|{1gQ_e^|Fu>kIlh5Hz|6 zmhL$;qAwV6cUW=ix749)u(O+?JoWCYL;%f)dt*;(ZXl`ZAObxGd&L>I2+A-2dVC%@ zmV~L&vam4$2 zon%}61?t3WrzI*&U4V^sXmqsacxwvOw03F9fkL2@*@mQdEPUwse|O`yKac_*1WL?v zuHbr#(|8sYmOAl*P=-$4u61Q9tDx=5?Lr%;*d}$k#d!4OSpN5t9Lhl5SK#1uI> zuX6duw_Lzb80g)1p}YwXNum)yRb!;F3FjPZKzjy2XA))Bc&__v4ex`^gwaw9FFD)r)E*}&htT}j-HEhw0huCrvb)AM%pLcbwZmo41R+QD&{y`#x z4t$zgdV1*CyEN0Sg;g}h9@e2ORY@J$_rvKWrF@5L<{kd5F!(czX2z+P`R3JSd>#$6d@f~)n<9B1=TaQFDmU8o4qe|5)%rsy%Tfp;G7~)jUpW3 zFLyGUnh2G^tc6nW0glSBRC68U1zuZv_m(NZSa`v^hQ4&YeXDyvu6G__1HfvYzz*q> zL1*5S_;%BZQnNu$iHq(ugTZZGu%;l|P9Eat`NjRJ-R=hbl$^^GZNjhcrLHby%C>T+-O){KuZS(deM#iF&fSPn}&KraOagDOlPkdkB z^RBD4gI`=|EQxaD{>1`-dVQfhRjRn&4xsJLZNz&a<@fZoJb)SM>gpQv-sOA^VImIuIW^orD_&Q#{PQ}fA~j1$O6%grvlgHZ zAfN+8VFbgV8ftTz1~8U`G}SNon4Fy=Awhtz^%fQA-7!%kJn&lH9{p0X=X9J+(rsDI zr-i8hQUB&dId$%E_rd~Gxs#LX5xeM%7nJl>lMjYn!wkP|2h@t;kl>+E_VTmqx1n*nVf8=hn+r56-LN6a4Ffv&Sc zli!K74J~%P)zZoV!rHB%xHkc68V3dlOid9&0NBy3ni#pI zeV3m8OGbvbyg)Asb>o`r%zM!YamV<}O9@WBUK8S9c1qy|0x!9V81o#RkxMcnvkU z1Nud_V4vJACPi8f1SA2?|E%Tfc(M`ub|er#7|&cmS+-ta0yA z^Hno*$%`*sj{0aJSGY4P6@k+>>gFYi>oRIb{G6u4FcO=-It_wC z4vw<3`Tb+%pL!_0B61_qhI7`d(|*;kA_>5E+G@@(+85krX+${gozD{yGLs}#?jPgF z%At(xBb#h2R}{58m{rS7?x^LNc*kic_*LIIb3Y$%uwn%nd<}@`Q-1P$pdYEApduS- zPD4W&AkPF)JY!QAf{>BcQJc2v8BQSH`xkLACHUyZ%W%iu42iI>pQ2lk9c-!VC4G_lM)Jp=m`|*2gbq>&+dwyOD>+F1O zXQN}@UcY?OUWkSoa<9G>i0eL5%-?`0tmBrSG;@@Us#?d!kzv&Y=vkp}ZvF|tOvjp# zk7BJh&iyphPkSUU_y7~{7nM9BTt6Tu#yhh!S07CgmgA=BT(r2JuESYgQvG9q_TKjj zEXviLF2f;zX>&@J<_d{8!on03)`!u>IGLs zpHjrqCOx2t`k^*Iw4osBTubW|wNGrbyx)nh8=#mIHJ#SKkKK3;{!S>5N`G~w@f#t> zeInAawuzrlU=S|tN<94vtqHKw_ybrV@2;DY0>-GSW->NF3u?4OCu-h*Bj+f3K>-Z1 zF?)w4vkF`d7lNWNt7cp{+S;T;`v!)FXB3)u%-#!wvyvw0 z88NUgqw|b(5-1{Vtg}5gt&$0A(1Tb`?zWaqPo-8J)_SoryE0omBSZY7ZjdLFtqC2m zY_lxYuXyVqlEN>N0;>LfdZqT?JK-p0t1u?WI&1@4WA|lT3=B`eXQryQe9sl${o~kX z$uSPD4TFI;00G&{CLR)m!I@xc4@hwVVe3B9(EPZ`b z+A?T*wFGDj1qv^RmR!DUh}6067;lU+f*w((p;yhuV!j$_Lcza0eQ%@<0?a#RkW+1uDR9qix2+F1uJS_D@K#9XB2IuD-nvc z;9aVzb=bOITdC}`nzlv{8ke;jI`D32rQRE&yvD~@4pxMUn%b)Cd52-Cb+yD}wKmI0 zn8d$s8XyC2?Dh=QQKmKb%Cx3oF{Gq&z`tbs*;%Enb=sEw-2b*|%utxU9cOR3pBQXq zZ*Q!KrKi>qi{}UT9S2XBtw|{ujDEs89Ep7IlR*^YyrDN~Bk#FyLa39;vdM zFb%Omn<6SJ)q$dE>gwL?^QHww!@zmS8eThdxduo|Uxw4%OBvu667n*L_k9`MK@6%S z*@rX%wa@C>_DbnXx=z#beLziZMh9Dv0cS_a+d^>rDD#}E#Gmry$RAH2|_v5Q+!P{1!lb9nfUPoOdaRNhYn$$)C;45dI_QCDtH3;!z<0KB?uN@Sqsl^_}a zwYs{-Ex%UaKmc1iZY^-*x@1ZU?Z>AE;MIjTg`nMn?c}|`uI-L1F(wqprig%_)UU#T z$%;&+wrIcBbeRMLgee|&78iXir9R7f)FA#^7jb(?4ay(AQsr^|we~m43f!+1_EB2g zZ0!}AR>-Z5Edv7s?A!nNc;V@JMYYXmc2#t2Au>5N z&coX(PG1uu$5#&M$HCbHfUWm5i&T)Y-NrTC&XL*KCY3f*vT{zhvmJxLtbuU^JpQGc z4~1w5HeIOwo_cpXA>tvL&4#5vhbCHfcZtG^I{TBLa^&O`!misi*vAnEt6vDqY4AX& z9$np(E6*8vS)OKKXz0UrQH34=5NFVQm$VA*LVdl7UQIbZ4bsg0Zqo(3ibmv>nHe?- zN%R$UN7gS30Ij(K$~5W`z&52)-PSFF{g{ltxC^`KqgQ6`{5`}aT$crP_A*KuMTq(g znDo6$)gM)p_gSD!LIPN46i^1{3DOB+G0I~`ilxm}aTKR2A#vz}326epKpl6_x1vfq zx7E}DDJvks_%%7%lPy;cz^lr#*)hZqYoVL6BSn2#q`3hV~xiOF4pjY zS#kH%D?bF7T3;Pbfc^FYpWMja-s^H!Z($EJ z=vma$46o}~{5(L+OJE+!a8wusVCU$Y4J-6r$M?R+`@Z;BgP(fXn}=<$a9KAhdz{8+ zBndaS=~NYyV^NtB#VM&Z&hM3NmXu2-bvXF83X=&b{W#bIiL^T3_aS7YPIvh+^mQ57 z+DHD}ZH|Ztr%#lrsA#Uvf@06bq|btc^~$6V6FW~&CC)y$gH8q>Cv}6wVIAGZykGO5 zS}{Cv*XGF2-<#P)%b>v&|!G|g?_LQm51`(?ar%~O7= zw&7n-wcR0zJkl{x)}l)O`DPxxG93;lqc#yk%i~r943E%m!ZDZ=MF7ZAWZT zFaK=8FeksQD2C*h>+J=7{lF6S_DUtcW`(9j0HSA|urQ#imwWV0J&TGG9l$ZpR!Pv| z90b1Hh$UHZmyv&FgLpL+bwXledlfy*hc)ezAae32p!Ryf65U~1{%dyVwN0b|E;&NQ7ZzXqC~ng096 z6%QGIj5;2am1ZIGnMd1!-N)kEq*KF?h(N<4TAYo1vTR*V9lsGv6XSD%&aRXB5>X-0 z(gp6mjqE3s9##cSZRi^i_ujqx&Ic@%o#Z9+vaDa_6EEQZfTEf9WlQFif!(vnFQBq; zWXiYc;*Y{E_8lJqgyTO>R!4eU22A^+7*cAF3vQ~ZJy+{v_?ekkP3nghrIZyZu8*()I@mprspS>;d(=l#C;LD=lD}4*@nf~fts5QAb%tBblf{WSnU?J2 zYHfx?)fJx*AuadMf;)N@8?US6cc!^{q8bW<9M$3sK&y+tbJt*$O0PB;#rDb9O5*&+ z_B9x&Q%B~!sv7h$`Fxx@2wu$DZ&zTkrXAd@PJi3yGC%pz01v~G%=iDkf?gen54CL@ z_Z^cN?#Rg}cR&=Q(lJO9my<8C*A{x_{D1=&UDMGE;jd8oR&fhL$HKJL`rpq_ccU1< zMX+!E37;EZ+Y>T1U3whLasC*^9AcEI(8mI;nfjm&UX$`YVHkC>mi4N?DmL!l!2?h% z+bqwK`n=X@+}E2{Iuli zyNgAXESYRyEA*8{R39e#=U9q;>fPOW+WS4W_iD$~ACgP#;O{>3jn21?-@q<&@CwBA z`ETge6IWaISflc`otCIl`Ok07O>cGQbB*qBb_ED_@`Z7N-)wN85RQ%ilNClSH?TJgdq7GB)X#Eu!?_ zmI;c2{dQmISqF=CU13;B4Jc|`Mn0<7?K9-0Sxg(iPki)Df&?oHuO{nl=%qkMK;*vP{CV3L@zmGm<_ z>8?I>-zSyUC;zSc^uw#y)NoAtjp38me>=K{RZV?o{(edJX2l_Paf$6nyyzS z`qLyn@INbIs{%yj1pm46y056}2p%Tc^E^Tl(1JyvZSF+*d6=Un6oX@n;QR#; zXFET>1J2EC73HThCthvy=?x9E#bYl8lAezp^%MS8);)r5lPJh%u>V{m7=mBOai~lw zt7B(AE4$?lb;$MiZ*nf(Qf0SNY_RoQ=9P?otz2QA{9W`X*-btI{s%ps>(BQt?N8@l zPShB&#>ggQXJ_M|ynRG2A|i?mgP%$Q=l(tofih>DpxBH011)XsnuCG5iBcyD#Grx- zXB=Fep@0oHEG+D6zLwo`)7`g)>ed3j3tT@tJ3C#CAvP|e z>IG!am6-!6u4Mj{s0R#QRS?eBelB%!Tj`PgFuv2Lmuh2qs`;wyWU|@3U8=VwM@5@q z);sCxv(>{jEkBVntL$)sN2SFoEtz@d`KGT0)%(UGxs?K|SW>z{kfHbR@Hwtu>lA@7 za3>^@ZzTHx6T~jkBWb76!g{7QY|5^Q1oVkIla_!V(+mA*^fclZtg>#D`|a^_AkN$S z5o)37)TGjO1|T|}4razo(5Kh88_((d11fDB<^E`l$19zSBtN2^|HIUO2U7jNZ{T>P zD6hifN{latQIv^u6{hK|f7pHy%te0h~&5(8Np9``CYTi;- zlvj56dgqPP*Sj{N{Bef%_I?EIk+qu^uPe1?jY~AtbqkOQ2n4Ki!=?0&_d081pT>FL zW0IMZ6PI?9APe{h5?tP-goV-gYHMNM?Ng^wA*V`c#_tvTm%O}EVeP{FY2&u_l^Ys; zahAK*$?(i?Rg5d2xh!pJKN0u{`QM~0(_*jQ=f7A(sS?}6aeLR>h$IfR%!&=Taq9*# zJDQNNv4--=Ng;(db@Y-;vmh_WcWt#>-p}qWr%MG+?^o>ciK7i6a1jp_tS2hS&a$Ly z%AgsBEyQ(o{2Cg(bfH4@F-Gq0iDqmnIW5C`=lEB8fxf@V0 zyYlH&BRv3`0mp;hGy!oVrx?jiawWom)KndJcXu=Mm(MGpi)3Yu3l__SS{(rXSu;IX z*Z9Lj=M7wpRv};Tn1zMN9VTV#hgB(4Q~Vmd)4ixk?>N_Kq%21YzP;wg9KLwB4CzPlCqyI%%?u_s-st zWzqWAoSY!|Kw8$sG4=tAi%;QWhO}morPhxomCGOyk`4~6z^JL_lU21@l+PWwuYwiE z@vdRgws)VS%h8O5W0d66XM}sIHL{TPz{2(GCyAVAL^c~c-;(;1QkYP4+B~}0W%%CV z8FX~Na4eQ$dr{{B7Cw=mK2_CJTrFk+0Llg*gB zX~FFr)(hN@%D>K?%tCCSqV;Q+Rg>?>c__?b$xeOuT(3l<;Mmg}_aV24heyz;U(V|i zIqJJ+iyi%_JB&<#CSLb>A4K6EuShHViD|(c=f|v>Enw-7;B5gq1orR)BP&hT73t=r zIkIU6PR3aj6X6kCfd7*PHD7<7tCgLV6;Ni{$1ETa3AJ;3M9RigEm;u?E7VV?;LpH- zc)5nLvopBj@3?zyO#6I-egJMV9cHW0b)T;>hT^)kB-npORsgMeceV2{MC@7s_-rtc zW+^tTK$g4cUUE#2x|x-qpHeL z*e2F1ll(NP2UwrV`3NMC4JRjD=lqn1Pk9{5%Hr^x!v|JjXB;JeS`o!fTx{%Ok0Xj| z4|kx?v{9>DTaDHg4r@wM=zmLAV$lAtq;v3>@>3QsYnA*(R_{ zV6?=L_CzQ(;KYqS1{3zyrcUvL@l5gfCg2g7beNq+pBIfCQaWKrxRNr=XU#cR$-jz` z;uhwm0J;2EI!vOl7?=gXS^sTZ_JHc1gYGatUN@$wz>q}@?1Rj*KX9T~R@QeNv6@V- zww*=HMowCrI&RZN4c#Y-BYKH_k$Bj;Xg@GC)Ovo-8z4lXjRJ`7=8Xbiul}qOTDuUy zA(x^FZ=Z*|_EnA!kcQxP!}o3%uDlc)yc7T=2I_wbZimgk@N5}Wo(ua61G@nqv~l#k zpAbt7HBq<%1ChM)edMH|xHtxT5+vpCO7t*~rD7>qok7RO#s&+B%*<>v=rC8M5?vW& z*po&bm8M3>Qkbk=29hX<R<|>gk~Cr69$U56_fR3m zG(%(K0IQ{6M@Hou=H}*&%UH$C0^)T)eQd-A*mx=Mbc*ouh9q;fnl{;e=!(UZ?|bqK zz&2{N0(Quz{bnDO=%22C|F7Vi_y#oxB_|mg$2GKCjlA9g97pY^`G|9suPHWc;yM3QC%C# zw3Cg#{>h=9Fs8Z&)w(@AGejG$_uqDs2cv=zQk{%%1vNKLx=agOT0URyOPe2DRiq1T zIzIM>6c(Iq4lp@jHj%uiBjTLGV%-ylPB4!Srw-CGKu^2py}kVJjM8X&gfqq>!LYqMlumlUmW!;z zgw=C7AqQMW2*Xg$J(J$;Dez_;HdgLMQ1Xa5yk*4`I48Nd&{R`Xdz3cKd2GyA(bY3m zn+X<8GtL|@oo0EbFSb}27#Zh|Fe;BSk4hlMK&|n^#gUnft=rx@HzryK1F$}Bj0l3m&#r57rg-Ge99Ewp3A(hj^v1)<_LUWW zQZj84_ZYAsv4dxp%>>w~;~p%!U{F+41WFQq4uN1{WoAJc>tlHMynWRhnrOl>QCR+4Jj}9b zaQP1nYB8L+ap_#8g_d0casluB!-OZ75qGW{f(fgud-+B+4_C>Nnb4s+J3FCq28*31 z()z)IuIQ6<1Ec$!=w7+zg(@d_&-MBHKP|bO7ibN#IZj%Qe_m@i>TPHs0wfz)VK2`C zK8TuuU5kimNVN|pk&#ctb(SIBeh?DGMpMY825bYIUGJ@}8r$zN=&AIABi`qI;@;>U zqu+VlfJsqBDK9N81-Bc(3O=@toWX^H@Wmj5s*AiG3V&me%&r&kg?cAW1rJ%)s zscEX1OAWT(#~0pX<74XD+JY!2_-O4B6tm|i4hQVU?@y}Sp!iB?ld{xi@PL_v54{93P;tBmpITu#-8i)IpcuL#ecEd$MTY^5jIA? zeH(UuG3}F3;x+&G?*R+ntJcnF+V3iP3l`&i4ohrMaq)SG14%ZQMXal*um3Mp@;k)A zY$lzBx4Ng#^NGTPD7`;!j=Ox4%u>5k#LUhv1FwBGClyRNFd?wPGX-ANq#xEdl&4PW z=j0&cfUO!F49G+Gg)jLKHnepu-VP92z*1EaVSn`sT+?sAefw4_;Fs12Xl!>>wyKz-)PPkI!-*D@a&-L+hK zFgy-)F>!k&#nb4X8C$lyS~@1)))BUxAGHg!NK0Xx~ z7#wW5y5l8YYaGurpksmQMs!oULuJHqsduIiH-O z>H`tE6VBrg!CT|GgM-62)>TVfwCNSks@Qq^7t396<=s8b;uEVoEQ>C27*(G{^6%L> zZ%y?4`h^MLd#%S&iN}%7($X@hCF(*Eh>eLVvbZj%R=k%r{7~r_f^=g~_VVw2zs8yS z%gcBUJ2NjJck8&$y1^=y*H8{e@*O_;+OV*2(;4ZH+^SAmS|ZZ%J~4*Sa_{z!Jw<^N z*78u)U%Yp@|8-|~DYc-t#`_WO`!zzJ?khcsGMXr=-znxx;T|QQcip1(T%>>3MwM^a z+VtnX-N8BX%hCDy`pTqdgBoPB_T?E$70lz}JT2E>}qe<>aVMo7R_!pa&wZ zZ1ncA7aMzZ<@#16Jo!|d7hY&+n(-+~jhoH{A^G;FeRK+mjca0Rdgta1!0Dmx z?`;zs8ykoEy}PG3!<_V?wlGf14qh+L^m2>e(i=i4m8$Vh1$~3j0S3Jr-k3 z%2Fth>sW++9p4mkar&5IB%#bg3}IGT#VXOewHjViQB|pQG*47w2|>_z_xAqo@0S1z zz;wM&9c%Q!WPUmO^+B~M|3fo5*B&>FxmvV(;#n@YMa%LDW+|McuTzd$u^)zqvkGvu z&&|y#3-CZq2SKtYgrGg7b?%^j#r;6~=xNj&7A~$%G(6r8I3=T2=oRClG|{=`&y!G4 zhZw9i-HMHc!O%Sss(XnO(mz}^Iu;#7GUZ|OV&=}9 zc;UNKM@xX=9x;tB_)L-k2OS_VEk@~_J9Z9UJg0dI!Vxwzid)rI0U z0+4)Vb(MxR{3REc1bqz1Z|>p-^fx(C9Kvsxr~|3TnZSc7v9AJJ46*;NSv5u*vSA&H4TfwV(A0 zXpIWTsaBLPr2Ub3;O{~hVBp&uA;YV~q>~m0o(tL8*}#mPlNF*>R96eJnc!-cj7mad zz(9nhl60TBh$pE>Ou0y*K*!7V69NI1`mgfh0}DujQNeCnPLq#F!}^D(1VMBFDK263 z!97vz)cG20^N#8?vVBz@Y%X72jZBE=>;jj*i^LEy4s>vv ziGlnwFf`g)wZ9C@%fA$sOnPtDRPd00kraiCsrRYJB&2noliZoG)k^sY;|4Z1Hgx!q zy+`udwHP_TY7aUytEnIVL8_H^006fpwbUJ48}g;oTUk+VC8xicBHO=%}5`96kk=BP0w!~`p+NYV5xEKo1g&`O}Dax&uAf87te z1#X>CK_8$h6GfWHKmVSZ>fQOxoT5DmZgQ|}Xwm)wL?_U=ePX)G5;T^U_x#)#l!wSu z?JfvaRGO%x?<6KBu5PSlfRO6yx&EG^j*)~H+V-pY0D@S|*mRVB{C&I746EBgY|?oJ z58V$w*=+6(SsVoE#8uZlTVS&gu#)RugmA5T)o8#PQWA3VjJ&ew-d-6vQ>?74&Ir8Cvfgs9wDp9F za*kRJ?@G&gdLS$d1-Q*dmlDcB5Yj*!s`qRA z)Syn6S>OpQT@D!gM~~S9k`aVSYo?zNwDY9lb+cb7{zLtD8=nGEv^rRCX5gLh3P$ru z5We#4K_Lug^!0y6oBewp@Kb8h>-2jKDBvuF{+W}};{L`52|z({Ovk1QF>r?#|Q0gM`w ze#c_zLHccY9Pq>ONlC^gOZWhQK>2ZucHQ&eYp=8megW7K*_AMxJ!zejQxP=s%G-?t z+dn3TIptx>#zc7%z)~{g0y;Ki`D-A@e5Co)D!tJh{i7v;mge{vKsuiS83bxHwl&NW zuR?mOLX<6M%ibP70+E3rE%3djJ;`T7a#JS^;7Nt?C5>Q1lJZ%hKsRj_#C^a@Lo+hy z=n)n=X_k)_{mXo_vuO;<>B~U`Pe{nJ$`+b2227CnY zw-_8Zy5H?|1E=|`61`zQRtG?*>j$NV?J_zZ2Qhhtl;08b+S-%H7uO@m-NN^>eea>F znSfna%#pQ)t&UKCs_SSNxu4DjI#Ew|KXjRrDA!nA+^%o=` zdESv5iWN16rEgmbC2t<5wHuV^Rq(udN>H=+tBaiLl$1xzd2gpVl0|?6&n-hD@}7m{JE z3P|1dP3L>zV&=Q9piKwG_x^r^NwXR;Cvm7~s>h-FpH*tWHVizi1h5>+7+x^hj8G~o z+i^k&%sSm=#`YJQ$~X8ix-qh8Qe1?fm&qCMe1ZKdhGo?;G)~9e7b1=V9igDS1wm7u z%`>C_Nm41vQB#UfS};1s;vNs*XdH_>MHDLLsytIg5WY38+qB*L9V_^+kbQDj%sfx& zSiv>nlIYF=ju|2p@%?+~6=NGph-!5XzoE!(+Vw`7}rV8;OM4m>&=xowP_nQJCG_!ppX!?Pd7?tsankD=P~t*+ui*Q%uv}UZJzD z@YuK3QsyM2Aqp#ncBQ)79dsI3?aF)m+?EhS@siOEh^@;FjsC}$mY5*0Jg0*8z=!pw9T9n(PQe0U1y{{crAF4Cw348HVzDOkkfpxyB zN8z%4)$N<-W<=pw#Ee?^CLn|=<=uxPXIL>_G72Ck$Oz8^$F|EBCy@KvpBy zi{zihadEgsG`$> z)EPYaf46ZYX&h(H;A<9^gl}u`ev)wTVC?eQIX$`5lK$dUR@*D5G(60rHBPy^C7Gpg zg_4P>KAD`H#KyC^bxX4K3Q9|^8u4K%DGcA17DlU>`v7CGh|ziqQC85uSpt$j8XDSHIxy(zP37+y z40xuHJDBtn-G7vV95*Oei9Wxu@UCo&S`vTWI(J^w?LL7chVh?~wlg!2t*Z{4KO$u6 zKEd>vUv4he)p>?>w&`*+ExU%WVm8HN8vqD|0f`*l0+++-;C(cSDFkR_y0gG*(PsYY zwvLsDff7Eis74F#L0JL=Yn;hQxd&4ao`6)H+#?cf`@bEQ2YnGz++pLBEqyTbVoU)w`na@I2pmkk_5URb z_;>fo_yec%dm7aT2ms7`&@b$9!Oa}ixId97!rQyEqXNwza1{Fv4pP$EKx)l8bKJuX z;&fdh+NzwF!R|&>kB&Y7s0$J*{5BzZW#`R_R@uw$9GHqRxSE{7-rp}fK=m^a@lr4~ zH*0b^tx@M1*$cnjF0X{RZL-{zJ3u?CL!ocxdbKf5N%~1#kL~H-TzAWDc#;2c9EZEP zvKI_rKRsV?J-`t7uIvB$!nM1*8&DV9qe;ry;c@Hbj`gB@A^91IB^GpHVa+?Y{BQa< z;%qJeL1zq+k(}2txZexbeuRQ^)7Wxi0DLe&KW`w9KH6Ws=h{tY!bbpX$>fCSX3;DE zj}_Z7|35Wda8m!`>tbi&O^(3y%yslG6)auzT?KjNwmq&wrhir4CL|NlUG^@I`|boq z$7f$Jw`dsSe->J$6770M*sXu9ab_=ONGa4WoeT~vql|Ran|ObAkd$|d{LxZnj($uU za>YKc4&~BcDMVieNf?!y#}W~TwD*J* zf>V_zqc~0Ut7tLlDlj|HUjl37AjQIFF4qM?9qpTFrZNJHDp!ovfbE(B3M zon@Uy89!^;`pv$y2DtSmbM@@)DZIEXM;G_D#Xx?Ec&TWNQ48v8ReGRzdZlIHvms~g z{>K!tM*}zvA}}@eJFKsqd~n%0D9h9}922(_s=Sk<5p1&dPnVur_mph zKrV@&3b}H0gdN{{>Z1XSEvqb+6UeqiRc6qAXnvkArb1Up_HSnYq=aWfD>;!09~Lg$ z9T^&u=1((qb`CURDLL8Vn2ZC#WvfA>LCIHhQXc0GsN(Ic?ftCSk=Adoh&DMok#yTC zs^0UnJ5k{NwO9&h3)J_WMt*PDnt-In+TVwk4*sNK+Kv{?DHxcTqWhNBw6zyEMp?@x zT9(EVsIH^@>n<_{5CQAW)w}y4WF)^z5o4U5TK3Am_1Cc1I$4isv zXRA=u$w`$v*=`~Sw=RCj&1#+6z6JxhmZD+)!b2-BPXt}=W`Db447~tq3;P1@q0t9AmH+4%yhh| z35Ixc^TGSO9Cui4S+Cs^^(}vu%BCzj0K%q#^ecJKi!z^qxQ2CQ zdBT5))~+;;@=qMEIsW1_iwyfU_9)W{1s}CBUH&S<4;OJgUCnuuRcO=G!7+DqW^T)U zC#dO5mq~Dyx~dBY5antNr?GjH*Q}g*bc*5%3mKX9fEbpN)m<1;)y=KInZAMs&xdU; zaU*@sG_UA_IvqeskZxN4Cpu&*KwrLZjzdJr9avJQP15kXh_t*jW65XvRk*Cv(QfoA zb^U$Z**Za8^cR7RMXi~F#f9LG^V~T3Y=Tir#LD@wATIQcx(5+amW7tecivvI z`=1DCuJ#9Mvg#FO;!f85`qnKurCZ9Npn@TS40F#PpXTxWx*WeSF)evN5qX8B`xoQb zUHD1NSfX*D{$L)O;0?k5zXnT-^3II_wdK&)a`GUaQ-0a}IxK+ZmN#qlubj+#gHC<5 z_fl=F7F@ipFWv94l4t*@@yPWAKj!uSt0S`sy6G#V6_7!9(D)GH?)GPSjQO7Q0LhE{ zC(&{{m!{h?{_`CJXT3hGWm{)$g2~jccdp$@?WsdT3N)n-H(>}DW8M3Rvg9F0>c7VSLLvS72gpgFeor_+do8MP%FtCz3U=N__0ciy*zBW@t%z9Z=) zy`loB-Y*SJZiKn>-+TC4=_w1q!3KjxY0H<)3LZZc@8=ShzVoxAJ~~fNsaW!zi}(em^dL<=o*;SO_j7PYOwP zNY%S|kng$7A6zN7Ov+9gLJ$;@7y#;)Yh1iRT~}1TpED5BwV18&%;#IX_kU3&W#hHyd!}wDF@2@L ziv#xCA@uDH^)HwLJqbxW1^{AU(Bf6MI62j)mDsrb7?;Il>>(rN%G9v}1h{|)2? z3#`&-HBEaBb|v50RVzWG;;}80!Wv+Ei9^uL{2K>N8wK<|Vh^|d@S*25 zQX(HazIIB+-d%-E5I%lKgl0_Ss!dpF5;=>0?OSeMwBPbv(*}wjgc8yN&in@*871yY7_J z>pOy8V_R`0PsC69DbH@eDxAo_7rl$l`+o=ephc75=H_9;ctZ7Gb z$$ZrJtA6}SwQnIATO#*mC)vzCn#XbN8^?AE{`gdrXkA^Mh09*!6}g6V_?OjBZ+>~b z6HSXB0t@bB#l^+X&|C{t0Gx;zn708T9kVn+&+MZpDHd+`+c{lNecFTc)QMWdaTv8c zgAz1ZSE}nAqJx%>&K^wE2FWoyPJe9y#!iaHZML=VlT@}dKhDVY{f35XP+i}!t}tC5 zpu`fDhmHz_GVcqwwvZ}cEfU3;3FnSW2tG9FGptXJ-yUzCV#1rxth`D%7Z+%*yj$X@ zQyICWFr5k`(lt8Uy*dBu1!zYypX=h!y{s7JN6;Ofdd3?2A@m*)g_;{6=pRVW7iDvw z)Y^WybaIPI6(3-zb!kNCCfh9Fg}c~G>PGjd0KXzA2^#+EZ!B(ufP z4&HaQ{-@4wc2%30wFLkG!q9~gRmk{!BimJ_aH5qO9)9Cmx?H>*T`;H|M+Za1GU*UP zFf9f}N>{=4-va}0Wo?*tUCEV|IXzuJuC6|Vw2a7@vE_z`nbs$6W5ZNiTMJ#A7#@WI zNEFJ;Uo{w@3Ms57t3|UEtT8xYkap7JP>wzpYFnkem>%79X=UXJYdmf36wo<=f<-0o zvt`QsQXPD_S=$e;yb)cSZEV=^TP!W}pxcb!GWC zS=?%B@usj?saTg1ehcWpEXwIu9YON}Q!F6Q_ba%THEISLi_T>SHc}idM&hV9ggyrcdU_NtTvK zlUiiPAoiuS$U-M0kp4Bzq!=v z*61+t@$tEO>8u@aADm`-OuK9Gt$4eUP!3%f=wJ5b69pUDsluonlVbrtL_qg3Q6`!TYD^>^w`RgNXnBI_S) z>uD&zENNgX(RlpzgRcu5fQS^%Mwq$@Zk-!MC{MZ0znUu%$(tR|ro-HI_3Q5!=Cxas z0KO+&%)e?>ol%Rk?__`3j6DfdVL{D?L3aX#@(T*>Y#j;XxZ{x_s8(+Wy^B+ z7ouhD);eiJ+UH2JJJXxRj|+T`lB8s1?O^XF*lefGY@h$Rl;Xsn&CN+&>ZDC;o8R3T zD!RbtD3oR4|3{O!G?S-$HgMhrn=TVlt0l5DKnDUtZ@QPKX|u4NA(@}Ax9J?|{}B1d z?31d_3B%+h@;5oIN|`#NZe0tW&#@O2z6b<ny|mjTt-lz*yrZnV3g;$(SjT9)<2HX$qdN(35H84hU4uhHEEgOs)rOl>!p1in zXMY1zq1j|ij2nceZS%+KRs-gtM^@LOi1I7A9^qoO+MQJ=NKW!)zwfpGj~1Z!@JuyR zK4;X*Adv<)hae3lo+&Rrz@{YK%+fRLO}cr+CvN$^JLSmKBdOqVF<*ZBP~nm#8!1~- z&k=9sviDJ!ur_hUS=~_=O~p9K|3s9BhW8Jh#wUt0=m5e>mLX2eHcU@U zHA0H65gQWVXG|I&8)}glpV$^?vWsVMr|tpv{`2Q=KTc)gFJHJL6lRe_x6cuJ#@1xdwA-xomeHE%(;<6s&6Ayy4x} z7O~gO+IO7@)MgkPvC|?{y#N5$pXOcSHNO6olja>b-yT_3TGQQ=ggUvHzGSbOAjQD_ z__@=>b-f1#y+-Ba*5S+RL`%yjhZXg$V{4>E-dp?U^OyUS&~D|bXcR%>WoV}#HGQ&q z*$o&xu!wS;A2Pl>Iy&NqbbszzwB>xb@$f;qPEoW>kz5`M?#V(<{pl;~$+}jK`V$W; zLiVeW%bMnPM_Q4~!6aES%Wui{H;SWSq2-m%StDM2tyfZ0Tbppf^_BgT<6p8qF>tvk z|24X(YpFd-Set3DKYnU|@(M9zk@shB5`z5l!R|@lB^_`#Y)Lr4RClcx)r&!y;Q040 z_>)k@)#(Q}l2EHVI&>jJC=W}9uiMf8lE8w|#mP|oO zdl!2r?%$ujmwa9XIRhXKVESr%uy!9bOVaE~jkC6Y`uiIrFGh&rmcambmD1eOAddHr zKc$?xvN@=dneQ&J!j@`a{maVATnhdwD&K-*vXUzwvcJ<@+jSd0JKWAp`UCB!Rxo>2@;>*JYAj z{dx--r3Mxzs>-ygU87=R79XlEO>Mc<53U~sRWssM>t0Ki!I0%UAcSKJBI4X3M9oPX znUs`Prd)B}7i~sj7^ho+EmV%q&VS6DJdllWfaUK5RzDEk=M@RPnr~~aTP7i|I zasC_C3XTkfrm03YNgtK+`ffwhkA@~Q9O9D7Z(PT@Q{MkJ+PDSMB<8&uf(nBce=_{j zu#RDh4Ldi;@OO|Qrpcb9nLtofIaqJ=#Vfu~V|urv8g?srvluV+Yp-ga@xM$|-*iOF zv+surnJy8#yQ)vQ$#Ffr>Us%*J>YUi0076!x zT=ETsRU}h9LX2@}4Q$x#?3h=Q5STYuE9cHO&Op#t*h~Ys6#XW9`5<)vt=7ERh;II-X z(?F?bZXOa4;AT; z&F-HD)8ae2xX2ewRM9FaKaG;w?H=fZ7XryGM~$9u(6VduaHk0?t#Q#Fw*7IEk&%7l z=60PuAs%~s1H2a^DEI=WDUBd-fg%mERLxG)TcfhP{DK1SujRb|Yo0P;SoJRD@8Q?K zOBonmzib@SYKHz>ImQQ4Ifn1u`edD@fQ*aTRe6$J)JaM!mp32zBBhuCp*%A-0Txna z`vTpsUXFeT73Sg>ky5AdqO6PUSfi9cSiYoq;~=A0xIdB=dyp->u+W+T3n*aFE^Rs_ zq^1IuD36YgK0fZ^oBbF_zJv5Lo zz^3C3^&jimao(xn?QN5Fho#teVPv8ZloyV72|(-!ZAzowCuo_N`B+8Mi@p0UfR%=l zbCi|s0|Jqs&k)_USm`#8Uao=DRSJ?5?5(MAaID$yX5Ad_ctb78O!5txM;6&$cxtuA z4X|ZQ%>7@B_Gg?>;dh2eh>0CWNoL1G!Tsp&*ZTT2j%n9uNA7T@8B@>@!?-gp1$kCZ z4o2~Fb|ezH3aimhhuQQh?7;w_bhP{Dr%ip5>P8q~fRXx=k|!;5FZZf=K~$miJm&1D zcVf0guG+$IfhMTN9&u)zwa=9b*dY;j|d_@ z?4C$UX(1(z-`*|Dl~XgdwvNpmE+?g+NQcF}LqiNzTDYR}P;RfdN4I8)G7M11{F1l1 zn7k&{^-YV>VX51kh?w|id7btB5HU{Iox7+aUDFqFNXtdlqe5*sM-Vw#hAf=Aye#Vj zw_O+kGH;o)!;PSro6Ew2CXZJK51z|;?EKKW6H5Xc0jkhIg9Zbayk+}n9`EMZtV@+v zhE^d|B`^tfHSZGHekY*${RM}Hwl;*_z@Z^*c%T3N2_9}dFnQ;6p8@H|NQfz)`vqux z0C?wiU6~!xuwafL2!Vhtys^+d1BmDmbaXFdY~5(8z+lgs!m*yW+sWiC7rA#WXC{==yoAHDCzP|KkLnGBPxK>cQeQck99JBUy)av)(COvOX zvjkOwfu7!7QQssEYdANx1-DLgpwgMQb6DBYmx+voxg617i}=VrE?Av3dRYGgjC+KG zB5mEzU(nDL!e-pxPX4fTw;uv9d}Ag0%@O2(2-z_wD3V&9l%8DI0PBJQoidwo=6i~Z zKeP9Uk?zO+a#6aHOawk6_wg}zOtIYfRT+2Rh7i_oAHq{ivLs2&ZuQ6=BpY<{p5=c$ zlby5v%9^2XjH23MTIGUOT@o&cXqb=q^&y$bb+8D` z{5$WBSqfCz1dNZ3k(%}YoVjC;Y*g&Qt4Kj}N<&qnIh);_(^G4k^C6eGAT!-^0S26h0rR@2l(ntEgu zu1{3jr3@(}Um&#@73uQlkIw8klVJo{*{({9jVv6AZlQ_ zAPq-{v}$7J8f;754Ln0xg*A*PzLk}wl*tM6WNe3Td~ljFpBN|s46DcVnGMgOcTm?N z4Mo_%=x8fm-DNwWW{jq$TdfWR@EQsx0s_=e?KH`(^9Bc~91NYDVxnnf@8OEyzInq8 zAxRTGO2lH!nlSvEjAwfH%Y1-5^jv=(| zROxGZZ1*v4Tmf;-LG8!>0>@s!rczX&!bH>r1qbkSTGrvgI5)_6K*6!O zx%l@u2?%DaW@e!I2FaZ8L#QD>ZF4jIPbRhd>5*Kpcy}oUvsBBE<02ga8*JQNlq##| zQ=1B1e#{j2XrGeOj%^IT^Ay+5#?s}@XvSsSwwBNLC;c(s*K18R6#95DM;hBn+SvC3 z=Jo=+xj}B@E`9^cW+U1W&s0z&Gqy+ZdxUSsNIkFf(?mq>=K3{fxZpp!|NbR}3~4D) zNQVh-Oz~~n>%g>G?so1>a%hBeP@lnWw&{d-noOnlRrpQ zwoIU*VdA}{y8JhN$pdFO!Z;D=$h!R$8*op2pFV!yA=Cgb#EfkXP_}dL%fl2KeG+ug z#C+)z6`H*(EG!H~5LoI&X)%hIjkYvpsN}um;AtPXNgHKd;n0GqcbjyUl$`^})L z+Lw}*F3Zaannb#=GBbC;C{>F~-TsT-RIj9=p`jE3^pTN+Pe!AKk(jXIt>sssMAdbz|Uw0)jh@fl_S1o6MxdFV)_%e|d5Fdxb{sVL$&VP5|8 z9i1f?4Hv3`((yJ9G`9g}b2hTWYxvT}UVME4Z;3ndO}OmlsNsjce|ZZGq;JKPI~taU zTn9kJyRJ1C-V2V^AaC=M-Ij%phvKk$V%=Mw@Rqd0j6D}8{NUN)re(bgT>n_r*kT5( zprwZO1IQiQu-6PT;P%FN(3BN^h{zrBru?FDOJe@u3|hVFq942CA?(6`%RxjO(joy^hZOri_=$vFv_A@WY(^?_dC0Y z9PvX%K|$1g!pR0DDaYoCpE|RX5l8yWQqdb0v4;N$0G3L|6-SOeOOV39BmVPUeO)ST zf+Q5h6*%{H&n`gpMmT@r`FXMigMvI)BR1d$-LF^+k&RGfNJw5X=gG}X-$&~Kyd2hA zKB_VEDsVJ|Z;Mmqo0MtQ6!#82S0y2z=rPs3AU`{#1g0fGAy+C(>oI-=3)jnj+)z(` z$`GT^Vq3FY05v6~)JlWu4+Ad(e8H-m7bQJ5ivbK|tPtb9C(Mxub36!e!@`Ek`U$TM zm+EsaVZgx+6fNylRRrjLm+n8zhbh{SMJ8Eqdy>Q&>&K(x_B7Uh#>vwT@Yt@eLM=CM zIxEu0$Po^u@=uH;Tjl8`5+(e_^f|8;n1gVFy*=55)mIPVX#D8tXhKSRbzhjQ=2m!^ z%yV|gr}_G5a~!YXpfluQUqf^1TW_zF=c+|4r9PAoA8KFm*i}{IJTA_%Q^TL)#w$#Y zGcOM@;MxL2b7gGzD|S7f{*W04cLbpqUv5{jRA zlXVL^Kt&+S@TaALvW+Fd3S-;lDrb@v)khdVs5zd4-{ukC+k;xUhz}gqnI2p%Mdh+d z6Nt(KLJ$2B!$3yA8Dzs>Hvig+qWYF!YHpkB1^taYJ^gR&Gx%uR-}@9_Xd>ug-RN{u z_C>9EJV~}-nfcdsbQ^AMPklYSOSS}|X@#sq!CTVNx}AkPX(~jVdWp_X$r%}lwG{ds zmDX_;*`ak2$_xdg=SAjw`+4eGG8l|GfV>p`l^=51zRc8H;f5?}kSV7JWo@$i+B0aX z06^xn+oP`a@`~3S{+N_lEm5wZZ)8MCo9620N+n1?)YwTYv%8j;W@u!jo40v1`-)VW zP&uopC^Dj#k(Z)RyGXQb^qWpmx&^6+xY(O)h0S!T>Ou#HU#a=rY`jwRqm3=)mYboa zND$jW^j*r+y?6k#mNIOltw3Oew}Qj#poKEFu&KUXsuX*VqU@D9Lgu&64-3}!Z|a^Z z3P|YcP9w9)r?2`nU^Fkz@IJqxPDo6(s9+=>M!`YGe3&Z(i@$q+?=Y9BB?I44w-dl* zzc#4&P2nNW;qerxUD-$%bL!6Tr+OW#S66SWKMZesL;YDTR$?Cw{hoW7M3xd&l+=tf za`)uCh2W0RtSwJRKFWe5P=?+ZFBht8D2~ssBWv&L0ZM(PZRXR#58({Li-aAIFi`5~ z_|5fTsIPxo;C)6zTO0bK!UNHg=V}}_lu)7{qk;6)6r5ti+c(X(DL1b1#7NFLR)Lnv zQ?)!EF?QVu(*2M|_~_{9yFN5LFGdjA!1;dT=rSp!jb1KJreZ%u{Z}c78hE(Q#WgnLA*5yMBHBP>^D&dSct# zoIOcuvPOa>fr=D{Wwmh8{b2~BErL8fCx^bN=+fqY+5moZg?n@@;xjU$$=VOU z#}maG2v}(lMh2X(~Z_EYch;@_(nW1%MviGp1Bt9c?+s5Se&Zim~`eIv6^ z{vI5nIVTz9DvcdBvVkJ__z%w|-Dk zS~`K*xnYR_n*#9VE6G&Kdj*f7+`XXO2MXNg`CXU`)m&$?_UYjw$34W|&Kk8UP3)Q2 zKNaY%TIspM?cfLl{!vw4u7b7NT>O06#3cKQQ5rQ(6XtMCmO=6PxdedDT<;l?cYWG~ zM#So>IW&B^N}s_j7{=U%%T;c5S%+xrr~~b3K!T2jdyN z*n<2;s5+ybh$ke~zEjossdIVY{vYrR?$v|2iiB^UPB3yTD%{B&B2CuRoS&$w7_Bu8 zrcHBCG|2=@FE*zXs6E^>>-O3IHxWij&_juRxz~#kaF>!oRKCF?Tzdo`{YE~5w4N-y zbjjW>L!t2?ScvsLr*gqgfMf_61=CxZoJoQp?H7jX?~P}b2>kEXnag`nA5%yu|j`C=jbP!J`TO&K6$e(ebQRlln!g!9njRB^E81-l^4v>4r~SfNJt#BQcMV9mIc#)H-7OHcDaNCg zH?s%KC#+RH=u7lTw9=9n{$#xcJTAi=mzRPg+uS}+dC`gKDwK1Fe0ajZ_yUFyOjY>` z3TF3DAPL??dyK8Uyf*Y)3+Wzk&Nn>gh~xwKerb7$&WiB2(`4cC{wY|t8}Ow8iI_pg zU2YMs$0@}|3X>EH^f4NWhMOvzV$Bp8_b>w_sPWAb{h_s!qVdn5}nXTfz&-WuY8 zAC*p)f#u~c6~a6zGJp~pKs!7-s?N?n#YeItxctY8y`K#S>=mlCu<^EyP23YlN5{v9 zi$02F5{8i(u_PRFC&5G?tn{RbPFJE=$o&!`IuCgkG`o;{xl>G_Zj~~*qIS}SgFx%d zHv1;tmG`Q>Y2sPFs#>AVV#ZdI&H`zT2rn>f)b**$rw8jWpR2D<1i)m&ahc3JwA3Q70&&fd>e=*^|71!i`ec%U*wszX-I@0)1=jdvz1N`IR zg@_sg40882`sfHMRN<$OZ!Gx{M+U%k5n%rM29rI1@( zB43Q=6NiNr2BtdfC`BA}VUf(2*3+fBK1s7V=83=~gH`}cv?0&Ju|GLc|C4YZrm#8- z3ZiuT=J!vb4523IJba%J5OCu0^Tq$MFDh9|$4JT2yzQwpFu|q_Ezpn8c%N}K!+{v{ zCuNh)8ZSN0vP$fmTogXVIM{B!_s^S6rngixR(hc2Mry9|NuT9vN>V*-J@9J+Yg_4~ zgOJ7{Dwqs3F!wl%c3=20*adkpnR#yQ3xJ+iZ*7UNsQzDbN>YfduPtY{?qzFzXGQ&i z^pxB3IdV*dGK)`Gn2k*O|3}`JxKp{dZ&!*^p^_w_*is}RWG+P{q{uwaa|vZkl8}TD zGFM_*<{_DqDP+o=Ovy}0=IJ}v-tYVV_W$thqhlZK-D+9udG6=Fuj{gZor(x)L)QIN$6qeRXB_T5RlF{n(c9UQ^8()xIl9%ZXPW%`q{D4Slrm z4xpn`^DBO`CewO+&3yQ-@Gf#M++2{cIj;Kq%U|p1EQp|)=EWu+W=yf>1fS)Q1CBho z=X+L*(La!ehfqGel1^*@ZCYLS%%(4O;m;5M=^llXF(Nn2D;93jVbHyP@MdKi2>{R7 zR+Zp zAv@XdjHyasrI|Jk|mwc6VKE|yN@WTKQRDnsYe18>ziF*D4#TjlMX_@GeSd?}o6 zV3BRVZ-$c*2uNjLe;l{B&;B{L93AzyB?jpSP+xv1c}!gYn|_>e{JZh!amh9+GLSqI zQ`RakK8vk4Vd~-uqW0RcRuHtW!NnC{`h!iAnLzX2!c%tHe_j7Sj^mH=aIAyYXllx1 z;^GU=o^(0wO?;0TE{;n*~HttH}RZze$BPZ14jy-myh&_(ehh^ zEq8du@|?S)ahHv4J3nLOrtQFt?s=pq{2_Afsc?3%dV# zfByJ;6cl^B+sC&PF5f3+#)-LPf_p+r4+YE(ZS-i(J3IaQVK^6XH_tbG&J}mQJvpfhJVDYoMjj6L*NLsKc|GH{7_Z(`wpHAhmx}uq`PRmEU*7A> zYJaaj{A(%0b#3ec%@4Q24j!1#lkTL=%$bY&?nZV`n8_cCxUVF3=n`h_IqMb}Jc%bi zMZWDZ-xo&nKmP7g6KU}#eP7T&u4?)6iMI_{j|z$L_D8%+n|jL6Opf==wlEi`o95;0 z6k#OtC}}+UuU+aB>L?7cMcD<)CAVM+C^h9w>L0&Ws4b*HuwC{ItX`ng7uo*rYg7(< zRGPq`sq#x2ZJq#zBG;^JLQ9Lox|Ug){WmlMVz1gp94|UAbm`we1K}JOMIYy>QW%u= zY3L57AN=jaw7Pw1rTye5s)*xU|1iNxzNaK|%~@l0IzQvt#ogyO?wA{bC@J#qm*o8Y zlA$dd>GS6{vOZTv9$$fi?D+4g@IL;*{gNvc$hYo=1ec%(e`ij(y|)ld-? z&#(XYNk#XQ7V69US=UEK#62yy^(yMRx%g)!&a1Ti>$cvz`LiXLCNN?%Ij7ksd7a-p ze<$G-=ukdy|Gi{)lGu8N!)nq5N+aeuL>}kD;UErW20mtS$zPSq<&rGp zpDH`n?xS{;e$V64>1k6vz2_LH2g{}_rF#hbWQwLLaeSGX;VE=>w)=iUNg?SL0!sKl zq|L>Jo)jZNS*xPi+4-QJL1Z}j{nCFPB6PXEvA-YD#A+OR#jSJg?rgr_#F`oL;zxcb zo8P{IYJ~Vxr_A7SqfWJ_rQ&9r>XOsu%ovEE$|M$}LbR~AdE_hZaOPE(rYXl}95ORA zI$8>cpm9_ZdfGRQ*&>xx$5uPx=vQK^0*`0=6|D2S%Q??@gfSN_ko{gR!V3TAgUp^K zZ9&zoes5=QCERwue(lcprY_6Fd&Y#x0?5|`go|?-(kT8CVrGrif3VFjB~Al!;Q>3L z3@&hDRdNa2a4-zqO%OLC*d;bs@H3|=^M;P=ffUOSz|Ok5a2Djm+}yV4C^1zuff7p_ z%yXbzVBLc=YWHXK`s2qw%K^HZf>7*liL56NkRFsGe*W)1J!|&&QUf?nyMya$Jk_h) z1^27RDu(X#H}Ugdlgj22c8JC!ydjN$hxR&?e*epP-B4HZ?zf4{=JmVslE|a5;l{%n z_+eLV>?`g=kaxk<4|9buvF|+v*(4Q^2($YkAdII%KMl^>{hI84di4B74o1W>d{NZ* z9xCVE;{|zCuEq`)MoJKEVB2>w{$rK&){N=1ySD!4A^g!oIxv|uDb?u0%=PsWI6fSu zigbKnm~v`26@`D<7TbNV&pkV|V@Hy4bBkG%E}>a7y;&E(2+g+$K~@4zOruh>-O03i zT`HboN69TBy;DwgQa^n7&_JEzBj5>)b{!{&sEWIcoJ}G*!_Q2+j;BFcjzJrgh`i$B z4Wsc=AP=GQkm1gU^&q_Gu^3Rz1@VJuq#v8PX)) z4Xm!m1>CuvtZ1X0S((rQ2Zx_C1FVzZ+N3gXRy19GRK5=gTp3m-xKLZ5t-WLShX#Cl zD_TL&VI^5U50uLQjeHtd>Z|{fQCzfYrneX=H($s2BZu{X_ih=wK*p)ijyjolHa#svo>@Ny36y7~(C-V4yoH-YEfC2BQ7gDJ&;({;TW{GWe_;3SmaHa+N~&!K zMb>W67WRa-cM$cvO(frK@k>$8;bIqM!mlTtV{r+cTMg7Y4x6=(5!yyAcRX5HJSR%s zrQpI%|0CRSx+;T9a%*Lp#rD<3t{NVBI=Vye1#SlzovQ5b{}mmjL{yC^cJuc?)LUR0 z`b{+@1rmzD1P=6`&1S6;_3athF1>k^Jv{KN>2R@x#!CD#% z5971vSJ;G{|ImYwhUWwnf*|OCJ3Hy2@a0^ojbo<**T;{bx2QlT|wzR z;heYAw}~N%6F1gucq>he-XG3`gV5V98}-~g(flz$DWHipx3u`Tj9E$8sMB>>J?`kc z7j2Nd^l^TjM0j0nY3r#6V846!?$HkoU_VGx2Lz8_8E`Co*ETuV3)0$K`u$O~|D8d;4R41KL{Ak{h`9TcCBlCY*ioBXh;j-2pq{u58nnRs!Xf zyAPS=q}Ah%;juu^!1NaEVdXJ~NRkxmjS`2Rer8EYLw?D!ZWGDp7Uq1&!vj)ZsqAY( zd>lW4M|D1pu5Xc*@tK|89~Kh5DopDEB&6MQZsMB-%s|`2aU1hIs)p{62&UvK6bNRU zc3)gn*KIUZXaAebQZ2+M-T;ASZe+3a0HOxL`hyXm>|Zxd; zr%b04m*Js3PQM2w_kSKaCm83`cx=n*epIjOtw-4GxM`N#yR9}XF8$!-Nyl&br?=#E z`%a~B(SAGl$m!eDX{*Gz98Rimm4JgD5BN4DCmuMR+SMhBhWzciE8%!kjyzYL4xxcZ zzObz;Yw}wDBhQGtks#LtRn5^fDoZ2RdKo(cdMub83xkV4?1T<~<9pgSLi(7gsi|=j z!ucj9?_Lm~5rT&;rX1uf48EZE$tLAfv#7%?>TgHdLdU63V|O#ItDVSqOd_gvIGETr zCU7`L*_%2Yg7;HWjC-V%50&leI>InukOnb)N{UvYW9W^fn4gLs>qh_)7-7%GBMm9b z*}G)L$$Yn`P9;*v+#m36%<$NB2VEs1BE|%qtgjSWGL2KW5BOI?!D{Q{xaDy?guxFI zB!P7g&gR65@H&DIQw_4<=8R@(B|M)*p5Jx(4!^dbD{S|MveWaJZ>j9?VEO$0dulPc zelwN5f93J|;phcj;FN7CLi`j|)zK{fEk-Mjk}B5|6(;m%aE#Fu>9X{`t$DGaeQ+v{ zN~9@qekQtofVkCq(BK`!~d=za*FsX{(sf(df34BJidgiH>Mhc4Ud z#=7aG)b{tY5G)CQ<`?t5By-Otck%}i3qjieus>iIXLicZfFe_bb5@`u%U*~Pm6frE zR-r(d$VemHt*_Ijw8<4-oQ0kRWM3GBV!y`;Ksv+Iv`fsb#-ETl87(a>QlddD zbpF{+_s(Dr0sDeqWW;^%I4B`_pcft<-Z?^-I4@$|%N)h;BmG9XEQ{;eQ3>!bcWCGP zG-7K>JA&s(*7>h%#qK9^RNw-Z{Q1Wx)B{^OQ|)@(wd%4cs;$J{{-?`+B0}mP6rb1g zJU@NG*Eqt_p=Vf%c#8jWrc^l^;M(*rjt@F0=Q{Un%ir!sT(>2^u&`ideqJ>{m)TbJ zKpy8VO$l3dRT0q^2d}qj`Gjr6`lc+0k}crAMvR@rvY}__y_)&HEZ|6pJkqsXXrR+@ zE=IBtth7E4-I+RBtf$EI>{24u$6ym9$gFR)q;H)26wfmj8oH1duS6f)c(p(|Uh9-0 zJv(f~C0Ux%s&1&b5Jkf4>c4%1E&ncU+pL(z+k;g<^HRj%DF4>{=N-$JVV4tiOcxfc z!@|R!R1a1doK+CN?T0xj&VKKUTUAulb<_>q#1whxK}+U)?;=<(_*+z z6m<=fq98Nc@a{HuEfp15pl?dJEH3|5?ZE81q1kqR?l0r*tl`Pr6IfUOzfbT%Ve%q-JK>@&Z}%&pI^De#>=jMXY$wBs~htr z?_$VJwmgqB@~6EmA#>cfikR|i+{IR9eZ^^d2dOT})wrB=W78ey5j;h#9FKTOiM))8 zH8gNdE$EjCkQct@DpuCnsb-mLtR9vLpE1A7u!G~I;n?|*<)2@!caGz~8ebCaCz3tO zuASL>WQd`D^Bk+|yEDm~$?v*tCeseCS#I1mObTA}t_Ml(1#D1Yr*aEr`xqzS580w>lx~fyajC)#QB6ZFZtaD7^ndTb&QF8Bl5s4egL&jF z0`JuCD^l*asX2aA*NBz#c>vc%CB9vM$!ZtSKOdLl6ne+>5V;{b4f*ablRQqiB zTL&cutV874L0#RyD!pL8{PnVlY3pUKn8$4BiA(EYEX69M=-wYHORzEk209!Dv z$7OVM(&)ZWP1a$hGuIe0(;b55A+*ukYmjD8NT^gwu34pM!-9 z5tg;}u{#B+3|y@iU3qTL;W7w<;(NCVfncsomqwDfGE~8u@~fLNs;fe$Uw6>vEKK(J zs3x(NFr8?k>;G6Lg>Bbs*?XB7g6;F=4EU1#V1omPmNJD{q2%U@g;@*dlb($asd81gpe4|G{OuB@(t z+07oUAa;jDCJ6e>P;)c5tn8RgUkRMs84oo?8yjtMq{rOb>)$3P9y_uyrKwfm>MO6R zO*8ndjq}CTzaW&T$lqKN8U5qj-eIU!d?$i%D?R7g?fF_`Kksd5G=E0*Ezt=Vd%{33 zx;y{9ipufUW!P0BNaHp+DCb73|kn9I*YV609eF zZNEVC&#y;GY|9U$OV>lrW{)dBN5On!AlQIPv_r|Y zHW^4k&fSrGlQXs2fYzT{wY&$SWV;Vq=$ElQzw4NIDbEgYMj?E6v<^}S&*YLa| z8;l$S2y|gimc@1B)IrcPVPQJ%;E=fwf23gzZCg8K8B}COydZ0s?F~E^RS)q8Bh?Av z=x5H_$D&jY?SusG!G|Ad)q}9y*XNIv4CXlKU(s%8#Mjk+@hEep5%0jA0=(6iFY>mL zHpO^jsUYH=gwS5}aZzTO1o-~+h=dC`sjHH%ygct*m22_&m(cc=et z5RF-#;}6-kc|K%W>lHnJWharPznw|eVtw$yj`{yx@a-4wvE+SV@r^J0`(@nE7g>Zl z*A@*8yaT%x{&Q3C;zx?o+qdnwuyoUxCH6l@01kpR_s^QT|Mw!&n-0v$kY4z&|2c4& zh4dNzcXaH0IJ1YwQ}W+0xp0sC3HGvoy@W-SjP$tu>toWyY$Y8z|9+#!E&F!T{`)15 zOdssrPWkVbeBzV*|M%lewIBNX>MSj?%I+uk+6wPk@z^9S?nI8-c7xbc>S4_j^DysZ zQ-2FaJjSyf6Po^{t5=$+IQJp0+3akD{OG(hVgf?tj4k((Zm#`5tH6t0cE58mlULaT zt~wao!FKH}uLhAWyXz^JB?@g&eN)=T-|~K9W{OtuDboX$K$)O|DwLlgfLJMR|3_G? zOz+825ub<>iTWR()>s`DTG(Xwn`C?2xrnTjt()Zv51X1sM80CvU0PZ^DZ3vW8~;i_ zHdzp9@PyzeCpKRxPJ?8yqWmq(+7Z5}dhCNnvKGbdX8i9u4qD_ggj#qz6BnB3Vm-3B z3}vT$XjWz;~uI`8K^Q`_)|xXq1E5?g}53PTYs152jn+ zl;yDamQoLp7V1Xa*t|1#+%L0(XMP|>#BG9IVyUc8nJ9j*lVtW6)wd$xDS70;fx%Z| zbK*G4+|AB>Vovbfuom@L10}HMX+YpyqQ^#cU$rh*u-_j#(zixul6_bYipLrxTy&Awb+bwS0-Ve#ReO?kPwVIRNf)Bf_%!?66_9VSJ;)6sbWNxS_oJ}5j zVvkw4w*;xAjH#(0I2R+frJI8I1njPn9o`sO=aRR_}nyl6=7aIr$E1800PSPz1|OWRERBeG3s7zom(_7AG>Qq`P{u-bnL^->L_(q7njp?FFXqN zt7`(W=wGA|y1NAH>0)_>r}nE0r-4~&Ch|-=y4VY4M;<2ab!+#9GF3U;};Wy_h`e50np@ z{;oDKK4NFDf=|VzgnfukZ9g7+%BS43aasn^Nv5U+p!8>F^BD-OPx~S(vLmgh^Qa?U z9}yAJrEzJAaRP+N#$Ux;T-vcS{6qm;F*q@L*BS9QqljBKGoz5h z30bH7D(3CN;V*mm>7fMQli_AJ>RWz8A~5Ez_LAEl3Iuq-%?{p(X!VnnxeW!PMyJM% z8++YQ+?bedP6cw}>$^JtU2{p?oB!~s*u@FlQAQ!V=kaAnw{P2uBOX@4z@)b8c}D)1 z3vm4u9SM2~%H5eI?bR{#X>dW0hryhm0UO8HWLog$b6Fk&nJkd7*%R=>CH->QpqPMUa(qEH)@!?bLZ(i>o!vzy;vY!kx`xowIXb@4Pj{99a77H?F z(3zjt$H&Q@bJYQDLdnXWy-Ph9eE`xJ&<_sz3=d~^PrcW&NfqGK2nYk?3N~;N^6>iB z7?Ni{ppdj1?m;@~xC0o{;F4Ie`+rpmw9f8=J_m6WIT}-M@4)F@I?zUZd>65?9McIM=wPvQu# zMaozENJ_^9JmT8h+uyZW1V;PYv0f#qLR!X7hWWwv)kwVxyeZfaYiJ}iD>Y5bgQh4i zeZaYRYhbm1-!#OD(5%NAWL`>)*URq4mU)5DoB0Y!0E9K9dm@$V>S8H)nSeMD1AVCt(tNq8)y3spw_?5kF5sE&%`zh z=ylm6Rt*LDbK`>hI@)L>i~`=ObJwjnPaX(&QDbS6hKavMG?i@dPM>b1 zlbO2fz*2APM;j+3QZePsIcGS#z&>bWkG?|@y z9V`o1{z$iH-`+C+vJb8ohxuH5vl+=lhLLLiReH5Xp9=>gfXf@{ZIFJ!To>5^$tGT5 zbzl<17{=kUz8Ia0(ar=mS?p%`AF71C(F!u!$u~Y9LKTXX3e^W!(mN31g4&t>5B0d@ zsZh3{D>*B7u&d`CPCpb<&}EWxFzayc>6?VMb|(`adWbEMevzYbdfpk*OHw!&q`B!G zXQS#-kYmlGoc=LOqTyma!tfFf(gj+14r1_Wc(WBwtr#aU1s)3Ey1_yFq`Ctx!)E*p zK*E9A;y0 zO{g&A*Tl^!uFd>pcrCWQJ6%?solCdpQ#6PM zxf)$1ZZw4Y$9S|}DL77dT{W@}Fyfv4T$G?e%xkNXm!5Zq7uA&{5`0jrS&KRyc2n*i zTS%>h^0834eF0TUw7F@cd&wsq3!Odmc(z!SMkpj<`P?A1YjjYiS6_w25mO*+l#|;m z*?wS0Xk~R%!2gSo7hkY{u+qy^!fnPMnKVuER}#_jE@n$qyYCJo~k{)1P~bSB375(%1xsODA67&#EFu2_o@)&+K~!dWNH7 zA8+-pobpSU*<2g)FvhIxV!Wh>hs5T@=0YjiOt{Cgt}m#=ESRG_9QWVpmRX zP~*^2lE)ea0{b+nrN)&QaNt{yd~O~=J_J$%Fr89YdpWYcsK|F#TmdGWVa9MPq@X@( z(pRz%2n|EP%18I1abxi!$55mb(q7)nwU>I@=*=Irs55Mh9syKWB_yhG-C1m~CjI@2iX~R{6VR!zjm2(Iq>`FgKGC9( zJV~_Lx`Q$jD~H(B4epI_Q!xvZ4CK+XTCtaRc8aBG6@2M@DLm=IiOp#Hw|i5$9p~@- zIS>2=_AAVw-#@E2F`e!$W)yYZ9@y=l(29;Y{igG1qpc56$d5)L*D zkCC3y)YT^MXX+ME`B=M*SNcpx%!t~Mo|_CNg^)}8j1CYSzf-s zu`yku2*+{n!85;q_@6oJ;Ncg$IeB8w-l_h2!O|;0J2p2;HvpaO28S4C|?vl?`(zCD#=0m{>JvgE-yR1z5KD$fH zw5^Zbb@uZXZQ*MvTI@ZE>vd}vi;{q8h=md zZl-iK_#76qdw@7Kd3L@^1JBIav)tN6pF4{S1Gn2i1a?BlEdYb+JDVGBz3!`m;85>~ zR=_yc<^KA-;Mtc?wTkRKJyw#K4f4Cs-yP*~SxmNePHZf2oTBVV(>B!CM`!ra_W((6 zCV@HIE8%6T@F;t6@y)f{p!CaehYumP^{k-n_x=FE(vP07=?JWRZ#N(+6DTfIqC^7e zkR|f{?V=?Q{pk3w;mW}?%^iXdDlOubi5W#X6`^(E1%NHRFP0qU*!9lA)o6QC9n=Mo z2HNy4Jx5iUec3{x(m8e7T=Wh(5ayvq5c^oUQXtVd^uf9@6fvCS|cFweG>Kc!v^=N%q+B#kA zZ1>VHnXR|IGqPaq{yW6O*xlWx<-W5eIv$JuYC17$%APr5!v|{D*gTUMQT~?PFR`AZS|#jW8pN7=CH zwWMGY1BP1s{m1d~TGozA$vEp4hXH1fC9*u*Bd!J>Gf=l>8N0p5tieH(I-AT70|j*%ZY(>AgN$MIT{#gYtF& z4;i_;#{*!ibGJO^H$l6CaQ>FATfpF%l1o-%Rh!GY8`RJOqxU08f&OvFhZ^iledFz^ zahTG4fN~#vxAHx3)^r! zgbo?+k!A&kai-+wF?!11P9Cdnyb+4x6oIM)!~q_X4ST103VI}o-&ZqqY~vD(L$DJD z-gXg1X+%dyXV*yz9ePr4B9+u)51VH^C%X412$NmKhk!Z7E3t&veQl@vncLC((MaHi z>xgx*?{*xk!=bknFhYUK^+_sp8>{q3#o|oH&5dk&iY{Z>>aKkaKTO{#oqYa#wM~AD zL{nhPP=!tYT!Tm{f(c@8DZC;jBS6O0*{LmRLk+#x%X;>^8b`yqwSO*;==OUbdImZT zpxsOD?Kt3vFb^2r>kP@kjgS!P=)WAq6MSoSJ$~Gp`tj27vM*ouT&=5X9e2>VKf4_p zkq_EL1V#B@2F-|3{0?nwpJJ}+&_-+PTQ|AjN6kh*A-pr0E^z~B+bc0A4)?!ui`?Iz zW)I!}Rbcp_0{+s{iCar0K3=V-_{6-P?_o1_mCy!J>8@_?5sh#=jMwqCq~t-yF6#} zMbTZdS}gGwjTtLw7O+^8P7Iprrhp#9b#v9Dd`eSrm-nZ&W^9>eb~|N*KO6D!(|V`< zV*2***mJgX?-QEsmOftxezX_I8G7Jw_?9>eZTzS+a}aKb5i1|BJ%y+i*Hw`|06#%; z>}qlqnx14nF?T*zNHTUX4(%#Xho_lyag3DAvzgku6F3V%)Bwz4zI%J81g~GquL>*P+XJ7L zudRMD$$lCb2*4RpG$70LI- z(YF+fq>EJ{smoSWNymMb;*J{JSU>srv7=t@H*{7{1AAEWm=afBO4jZ^Q}h{y8zwrJ z5-n4!+tDcwK?#awym7XqSL1?uVsle(bMqHR)seFh20eXN`=Zvk*KI_QelI(!idz3O z#gEu(z$7!|XRs^y&gk}w-X?H0Nb+URSpU-1GuULn2SkM2ES^y~Dx3or9T}meRqZKdmMeJNeanJw*f@crfxekl^{@1A{ z5ho6qor_|oXc?nLowI$LH9jpocnJgo7q?A`4$h7|YAT=$W*hbkgvFKqLbnKYs;)>P##<^!>)hJM!x) z`}3ymeYfE<*`1^iZFRI8@VA@U6OCNl8>#EGm^Ej1Sz&~IXS!EAN2BM4c8Eu}WC^g{ z(nJ3oCU9)=o}E3r5HM*=wQhHj?Cmeb+e5X+z-2_poth+gBr!c4u0Qfh#D$#A7c1ah z*IhR2pj?son&x&rVC((%gFi!aG%$ zyTPkhi~^kcmiNZ%(WBmlt`YUSzWM!KxZWTG&#sbjrE|>@VmF`OWUrr@;a-?##<#ME zb1ghG1*ck!_~8R!OWGYUXGEyW?b%N|;9ZwULB+$vBMD=j9~30SgKaNjh4x{fu3tUF zGhOTvc}KmzA=r5D-u^#hEl3?1oLfe-6MIyu{LlPeQODeFct_$3o@EF?leYHfgams? z4X;oR$$7~jyDQJ;>sK?F0ba)_9jv=E#bR#qPXmD^L0n4G7LS<7zEyto>6qh`YW8tF z5kTDOfe&CK$CG~$t9kzi28^swGH>|c7%v2-91ewVH%yR!_u3xb$wfV2J0dbN zEEjd2O0(imN$wv;ycaeOZZCf>eA<=llhX zS&oW4#*IzNe52^W;2a&}lI;YR4jCNkTo$H=K8{`ho(ziz5NLlyJN1?gEg0mB0Ma|} zG7NVl6WKTJi}$T9=NXnS0%R&P(Ut5`c-SYS{8}qlet7PJH&J!Gk< z&MjHYPDMPG0z>pOOvEfB8ANYAXaCA{Ru#YF)>VUlcsHJ z*h3{BCfCR&1nopUf>0ogb9$X8EJ-{mCL5U~6`zY<&d)kjZ{1(*D1EDS(tfgYZrqGK z+#mY~w#vvpmlOCNIA%ci*-7q&;{z~J$bmuZ62M=YVSO(gJ^UqN@x8=3@9M#U&p{)d z;zFN+YG@TW?^0(aOsgt;w650#ddTyJ8ev2Q$o4665>T-N1VUyOP8rsqoo~J-x{*$r zq|1NP3%+;0JVIi-kk&_b7xeF_)eoS2$210^@cnZuvPn0<>4~nX*@Yo5Zmp-MH8${X zBEn2HFPs_t5}r4_KFoY%@K=vW;86vYbi&-owVv1t8>cuy`kg)^JIUJy*f8V8WU$Qw zvB8kjpca=`>?2WPq0z`x(}T+!Y$;oNv zps_+hp7Cw6HRYVJh)8DF)E0aWE;>GiB;i{(%7*g}>Qk=h;*fHj`{jR>H#D z3Vwa#BO?7DzhE6BDMiJuYiaT;(eXr5r!o^2nY?!Q~WL3fpOC9vS( zW6q|YP+WYpR3gJ6{6r768l-mfi+fdRSB6zMHQbueKH&gxhgQ?c|qbiHsA9o5dt@wGTYgozPz|o^eac{x@YF2xZ+ZH-Jb9wA!opl&urleV0CoHyz z1kDa?$0)WSdS?8}%xy-x|wY_4iq;c6?vbw~?#01d|@f(=_VbuLk z0Bf1jOXuR=J@hYdQvRH?sCtSJ1SJlLR!Gz=^Crn)J~A(d`mnYWcO&1 z{P!-4&BwkR`Qa;+&DXMB>ewIWqw#hxB{jE%)I4I7#k30TgibnjdWRHu_{g_50$}yy zvhebHh`CngO*UZsZ9UgqWJCZji8$Hv2{?u$J6@D2NjVMU5MSxzOKajNrGnYcN=P(T zED2$L49XFRM6(p%FsPb+FP55a+wj?0gTTr8z38?VLWvd94eeH+3pc*0S18soy{{hK zO^oNj|mprrbhggmOUz&fPaA&qZS! z`AUamVo6o`MN(k+C#%e+zP`Z91QXr#G$M^Z5e~#>1$D`w)Pq@c1kSi*H8xtx1C+`3 z8ns!ZI4Wa@!)AKCQM2c=N5SO6ip}oAck27YDwnG~gu@$GFuCh_z4+BI<89W~TR8Ua zz-m_|z*%V!Ps(S8@%sC_Vt>l6Ul1lz8TQ6;jIR~f)p1(&*_02?!;cCl5ZZb?&*R_k zjf=)_JYc?TP7@$4o7A?a$!BQpKL72Ai}p4paJs`Z!oMzV)cXjx)i2iI!)gW9 zIk)W~?PYy^_h+-dXUX3jbD)YlFwWDZ##YVBr7bBQ> z9ziKjQsD(l2VN2AibXbaUEkBU6X-E-&6=H zXdTUMr?Eia?dAyequ+C+yp)wVU=_9U%3_Cln6Gp@N9fgYFJjkM3(kz$b%}ceiQ`g8 zPIPd{b+E|~X4?g3TF1zZkth67&Et39?QU0l&bCWEvCN29pEsh(ET`47%_J`%vRUNZ zxti8iud$u2%&MuamJS%HA~KJ|k70|BwzhfbZgMXqc7d?lJnFR`di5_9pWtU&>qrPJ zzoTBmX!Sy-8e8nGLkDF|TQ@EzHe0Re5BB-%q;sbpugm(t5}JU`hdC#(!VC7uf1RY; z&Cg(injE20tYn_3fiK2iA*vc1mT@Uf5NnK_$DQY8Vb-Icrv_FHY2M@b!l%ZBmn;2U z%birQKkEVvd;Q)RaBhJw1crs5vz{st$k_0VawqveYv6`ip+*2*V$Gw*MHVIYI$mnQ z2O2~*z{1oS341T@x7htRB3u_>%bxn{07DVph@d3#@7! zWe-Vqh+&hhukBMpDBVb;|D|~HlULvDR|r24tx(UXg~SAg02(N|$HtI_Bj6R!0Hy#g zHC#IBp8{ifd-G<}VCT*|!&zObnmOv$#052C%I>o&mgDnl11?*m6*`KT#Cp!%XDz=D zN@DhpzTuOS_zfQ%`S}C|TPW8m56oUGH+%8nqSWVhr+Qd z5$V2?*;*Lj!YPtIz(gU&HLBV&CdtR<`GkYFwAA_+h5$O*Fmn#fnCP$z#2k9Fp{Lnu zpSy2omKqm0F?>b#Bv)GJ;%5o1*BM|o`U1f>9Y7M5B3D~2aycB%9T+KF{AL!@ID9r{ z%|W~=^+Yh6H6^Xh`drA(QwM{0IkdGyVTt+{M;o9mv=SJS(eB3N`$94&I#&|%ef6q8 zewQmgF@Giaby{nr>aBYDB)&aVQ!KQ5_U-Y;+BL#=i!Lu;o7deu2$WF6VQtXLf|_A( zR%%{!fKO&$DClMwF1pTX_Mt{Rdp6m`2z<*gbbP%g?Q)6nO1Efp#Vm3^XMGc3ldaNg zGUTBL2?H4@?t}sT#apK>Tr-)R0Nr(gXD}`*3S+fI!nI?t$u#5E>SfxQL0|f znuAhKYVTT0s@IWf#8}V=u(wVoitc^mseFrU-8q^`T{#tRAK*!7qAH z_F_^S%)p_Ky~t__R1VaQr{v{QQ&LlgZ42?2Th`?L5^}~XLtI; z93VEeXK7md)&IXP0~HTrlQ-eR0+g3mASH&mxKN--xNHuGsZPdI8$YMhhIaY5Ek(wa zG%0OvZpTy$^n~A4QMUM=>gqZM1{b5Zfx@SktC4S$z%)1@Au;TtsjdANgKt8!#pw80 ze185RpPmcC(aJvO!|OQYiqE~)4KoHQ7}T#WkK~SQjceDZH<{8-5I3FII2B#4H4J5a z&PwgI=Llqy!Tz&2Ril_qn!rhc$R{u0g;l+}Z~924`1hmdU`n zN(p6X6mxny0x`65njHcde)SehWvW$J;K|=UIzDNHOSbS#fkduFeAD~e>%tPNU5dWa z3HQG1>dLLOD0UJ%e zS^H;^x~WIv!S+iD*YkS&J@$8{3Xeo}PsL*tNmQkN0W^NQ*8s7SnKP=MNBk^FuC==G zOppIC4psS{SmX#{_x)^a4-y*K4CKWzYW$x7Az>mLw4V6#Df{mNQE4wjh>u^rV|6s9#_8VtMM{+<kvLA-9!d$S*xKS|xkts+LjN6?8D~=FxU1E9ud=1i0Rv)Q z^PW7_QwR6^8WEyb*WH0=BcCh|y?uVSSEQ^a+d@-D|6a)OyqE8zjJLM7CWV32*=*l7 zg3cGES^IJ7`SbPO79e(kfKY9c8&sDZ@x(7d2{9m?4ygjU;#Yzr>ql<8U~ofJQIpsO z&SuAmOj5_$Ql7@X_4P&BBxO+1FFH9n5wuVkM_tdpw}+gyJKq{Y1mMnH63!2h@K}dA zDwshVVe$e}$M;oFQ}YPrNbOBIS>3*X(cz6k^3B)HX8jBAGrw8kjIa{mgw>~ykD|LWQPL;p?2B8*XaHdp z?JEB3dr6D%Ms@SpU8}yl=#dx^X_xn2ACyfUO~MKa?*9>%BDevw&U*h|l0D>2aWPq8 zxi43pk$u;2>z2}J<>WuD^C`_{O-~*2({=~HZYW>mkqzdF_=0EU2wHN?=vSv<64*Sm za>Ukdrb!>inRbs@Ma*$l7b*Bgqum1$MPhTg@x9aZGv{?`@nzwK4CUl2?9p$PljAxj zlH0~B60Tz&K;;us4$lab_xwJs;zZ(l*&wa|4!9m5HSN*EV@3gwjea9|6*TY9bE2iC ze085(r0Dl=AN>&3Q*UDbEwC%o(qxM0c&pIq>-x#B_TKVWsQ<{vH+d_Zn3}TrUfFE(xh#I~O-r3?=N-HEo5p}j6k^Xy+1u}4JaJ-a zrabnnm>A~z6rhjTtp5nCKS|g1{hN`!p%)$;c;jgc7YawjMj^&)Ya?He*6XitvodmX z16q(95;h-5d#Cn7-_HI5{cm|y%4J+%3UE8-|CRgdTPL@z?1*rl@l^DzzAWEEnTgEICV~s8PjZauyNI(t^Ya70kT0tQc@In z%Uyh?V`Ec83sX_4#Pnc=qyoov2HVnk0n^6fONNH50EQTk(Et2d6Jlj;otc|^x$LCf z&~M`dbkAO4g1at$LR#9~%nYOCknLU`Q^Ft%7^M=r+24=3{~j69k$|s=A%jm zAN%+$H#n76_pMi#8s9N^7$2{Xu&ck^N4ops^GjnN9M#j)d+_WTRl8~j$IrP?zov8p zm`~4teNuyART2lc5~~@tN#{xcuV!k$hX5+ zuU`FL=n{@|N2F-A*9FGt!40p+evJ<=&D_RFRnWHgV|AiOKfP_~I#uE9|7-6pqoQoT z_F<$!loU`(5kZlXMpDEgRa#o4Q-)^f76lRM5)lxPF6j<|VML^n4(S-_`tRZQJn#E_ zde`&m{q&!8ubU;q#C4tf+~?lMKK8KztwQYWy?vY1f{}1`aRF}8Vbg*EN7RqP(o!`` z%cHx1=YjKwnv~-9AL9V3h-uM_fyfj?zK)H}8K{6n!X1ewG`e%#?7Jvp_1Yp5Jnq54 z;r{rpSHtas8tkmJ-;1h_PELsJkxS(+VS8j(fxz8AKnlCvtC#y8sl~ z23;%A1dgpn0sFon$vfKoJ|4(umX?;M z%FPV}rc5Pb0kmUYLbalLcWtsNlN{Z>eA(T@!);em;Ij(?al5&>*=f`Z2}A7LUlSAD zcXV;u9MG|w5q;3s*2ejV-e*7FK=;Mu$!|~nySr4Wx_LJpj;S+ z(1b2mVdu_NSrVqfWSi;fRt2&PObgYpH418X?%L#K8q`co3J?Itu2MG!aB#0va<2{` zLVfpeNs5f(fFf}LOdol`#t2(bhy21{Sp2zKL*+69v*x7NuD_(t5ltAiuRugjE z$R}At9Y{xgq zaWZGbQ46v6vB+rxTKe!K44sp=pFWfdlue0@q=XWw1k|}Aqtd^qK2c7UQnFGwFD@=_ z{juuQRTritz3fdZ%X=p>&bJ_cT4bCg<#bTQxu-j5;^C2q4I|nZ=-f_^$?56ouL5{G zIEn_PY7C-8@lS!U-l@~YDrW33m&L_nyo5_(4*)RL(Mbe-oY<rEw){ty#$|By01 zj+d_!(Pd_Z@CQwRhYywcotFfs?Bm|OQvz?d;mOi|i%;xz1QhC^dwG9GdS4YnH6?+$ zNXnfZ#nX(?7UpCoat&{(?wJ#1TTAQdqkT=-PW39B@zZvvGpAkM{~V8( zeBt8ZvIhnMlqlLGSQeTBMdVX|F2sL#i2x<;;@Yyn8PRWC1@@S>3omp=!D87N!=Yb9 z{-ua-pWQ*!e(??!3C#X|qM}011fo>l+d|Ie6+h+>qT#BRcVF4wgbHu{-hMp*NiYHf zpSK=aM&w@srlz7!?!G-e%HR})oM);H8`o@;9=E7jh=w5(xCE>ed~J zbt#0gMR|5tYs;?S(s94l4mHC#*4nJ90CL2Zgh67U>=Z-qdz(TA;Aa z>sEOLgS^PE#de*wPw!coC+48zKA_nM4qH*rd9p;EM2O0*cuU~m0O*IUFC&2l%+A419DE%PXsS@*!pfq1{PAofKc7~twnsh5g6IgV2kqN< z4^q2|$83u9kwbqn(k8wQw!`?M6cy?HOSHfpY1qdUyd0)gZZtw3(WZJH+}d;{Lu0Uo zcALDsx8cB*{}(S$uyr&hVW4}Gv<;ib#RXVkvvl=)Vg*Uk=#8Iz9O0=A+Y0_eieoe5 zwbg9S)X;Fp&dwoq{dW4CvRuU$^`rf6LFc)NmfGsl@^a7)Yll+?PQI3% zot-+;oR>u%z+8ZQh>VMd<{!7qoYuyf%uL-!)HJ0shbu3`bc?pz3kGw) z7X?bo%Sx&lvL@s16?!pE><+_;kZzDr=N23sjF|z%4}3qO$>CGMTKQtVlNj$aqkYu4`!vFEL~&yA~6OocSl0tg^QgEudmFf z-@F+i9VOJ}mKKNWOB`=P7)>D~KRNMwDK4%!p88EN_8i1%Y*f`iy&)wC2HmZl9ojwt zRo!~$cR+B~$U*VPgVx%c&&wZ_Glqu743S5|FbirZ1~o9iJ~LDCWbFn?pr30U8tyf0 zwlB}g!#hal$*2CfGS>h5;R*`mPBwvXp1steg~M+wHR+XwMWk$+;oSwNwwC;jCs_hCqy(gae!~^nPq2~LYzscP&(&3KXkH)IjghT0 zOz_RiyCdb5$RJ`{_+8X{lBGX0TbXeXar>~esIKQ_cHer7zMrlzw1nP>A2SA=0@!JY znKmckfx%7B)Sw_j)?Q*D;qM1R)3)i*@ExWRq7@vl^G(;cAXYvwI0ztGTuupY(a=Sx zq(Z?oId?E0svRWw{&4C}9!dd05U!|MjU&)cP*4t#GoVu=cGr@LIA2SkuN$}@)6!Ol z>Oo0GOJBR~7A@ALi5JlWe@RfuB|Va;hi*dTSV>5Z;c_u0U*eUP44Mgh6BX2Z)flx<04Z z`mg4}IKMRr=#&Mo+@K*VF2*+akc|qZ3;Jghc9{yyVhFYZafjbtcEoCWC9m52iWda; z5R>51u4SNeJrx~^O2Bwpc_d~Z?(YBVQ;ACzP@00)siI`257}&$)-j5An{6dvCM+W~ zlb9Usa07)me>q0Kj~1STRzny#WNe%aQRYS~U8?4Rm;B0VQAO<4ShQ-#!Vgo$vPr1o z?H`4q>wY^B1)dL|p$Ln&lH;`4u>hTYxCn?1vR?sf;69I4zDie@spBfFbV=!Vt@n?1%0kO{q^uqoeuNQm?iMjb7`OC#cb;|66 z4S9>&-50Ckx)SdxKhLJY$|lf;Nj~iz1&#q!*0FQeQA*_%!mxM2Unl5P*v0f13%nGM zBmJ&r9b8*03BB*b-!7Y*8+oOGld)f(zffMm!uaRPS2En<+FHFO1-oXXIrYuslXtD( z4GxYIyXKgeYjCMyaMZ2hcrqYd|M{awOE(W5nl*Jo`j;aYt+5^Ny}GBLCgTvm^T?oi zV_*gg>|@h6-iw`r00I1ARFsbe|DUn3w+rrE+`Rm-`vFk}1&qHij==!{C&;o*;hW2j zznw-d4=5$c`ocUvA}>uJu}pFC(fNcZf$M?mH+G>>diG%33QK}W#tXM#qY~TLZEDUZ zvdSeF<}T;zi}Kj4w zmpT+5ctj8*{esg%l*-hs{fJpl{{`-+qFyrdkMbFDsj0?ZUS1PoOK!}N=cX*jv?M7~Hp>PiW9inGJZd|~|DOlFg>Bg=%&>3`(`yQm+?8|zAr}yX2(IioQyGY%p zlC!h(p211hX=HT&oP5YNR)--7w_y5ZL5)L-H^%M+APv;fUi)cBJBzp4*+?`24IB3BYm&gf#Pj!0YF^lW`rljtda=+M(Xq?*dKQ^% zTY^G@f*Ty(2L<#D4C$vscRoDnV=>{X!^o(|hjbV@ob(SuGuj30Sak&j0nnC$s7zQy zWQpz)Wh50OFRZNfX`uAG_x-ZbRt91Lfjq4ea{}V#7`-1!nL109Pn=v(@_4`Lk#!q+y3Vr7|#Ll_TR4w$2q%Q z|9QvN~vK$2@>(BvhdkWQ0ZB=ecsd?!e!>5h5qr5t2!t z?@Oh&Vlya`$im(4NCQ5F>w2JBWAx&FuBk`Z2JU~1i# z_!X~sY>oZB@{OGxb8B-$SNlS*80<^0EnR;qcTs4x7@Ae!_;7IB=4E3=6Ll3YaWGx3 zD|r2Pb`vI?_6^!8DEyCio-)-Aki8~>ZbkHSdP$<~akT%#YFlJpSH=EMoHS=@F80u;HNgL#^(cM-#J^NmM&>?I6k4A@ zKN=8J&o25c>*_P?y638%S@5Gb>xUVi3PP6e_J1nSYC(jNCV1h^Ep_mwKesU-)rxs% zGm4LU54Z8EuS|#`pWIdYulPYk>WoX0U{;iF5@+@uUg$3yeZP5kGu!Ts)k$>XntMu^ zPM_l-BFuF>HrFAFBX{dWa@wvy8se01|q{9`OnF~D@T4lW*d2Yl|Cn>x{h2!=<8w5Lg_-) zY_Ua>Y|3ZV1`M*fm146wVanK_8aTt7?krr zxJX%Fx0I)LFEGO3;=X0hpPUF5<`*F~#7VNuS?@XGL*Oh46&9up6{aE!MyX{SFs zB_=Q(Uv@f7Kh#Grn+Yeg#{T#@K77Blh;o94Gse&J=6aW%u@2UmL@0pw=s z67acK*_o?V|2-sx@spP0O?K)pQ6$!*>{K>vG{DpkD)c|cbsOhn?iNya@J1@?{gd@6 z>CdT61x>q>)8Y({Kkut5Fw~hzec3#6Kp;z4Nb$gZ&00JIQ`w?%vyDXZC|pa;#rLW@ zM?>kx50QG}lStH;B{NC&&1CM+kvDtW*mcp|+Y=V?IkpDT*wbO_AJ#d#kxC5SNS1%^ z(I%1(zq7XfR=~&aoM6u<*URte@$y_s#Dd#@J}VpRShoV^5ZWKAN2?mCDaD#3(9KSy zy2xccz{h+I-|I@D4-N=RN=j5D$yPvbswpr`utG4FP*6;ZwWten9jj$4_8M@=k@uCb zcgF6XC}U=AZSuf?FetV>&Qh8)5Kd+*qbtyP0W0viHPEeYXJ8ZpJ?c=oTQp4ki)7_C zzIKxRrcIzE0jR7uHW-NQdd9`fxRuAn3m8;m+k6n#eMiz^y?Eq=ACz2p^lMs{>BcA5 zPuJ`!y}dsmd2%VhkU5bP3!QVke-~GqcVTSehpsu2A>q0OVHDsx0hP0cs#Yi9|tdtsJjLpOGI&H4BhC8gN(%OWNyT5ci*UKXu;01N@g zfeY$!vr5=<6&E+p*8V~&RDCq08F0{;TeM6y6I&sj*hR30MTorKRcxJ*nCONMtIu9gss#z+ScLm;2EXRMPO8{$WyoK{~XsCnb^hauOX{p?`)Pr{&VLK z7a1%dg(yq6Q0NP8R^m@DJh}f~RI=I3V zJ7|vpD5DXw{3&f--T31>L|A}ihtE-@VY&l`FmP_yK7)aVf0Mn22Fd*%Aa{wm?A$OlHG^uPF{qH# zPBW)0K!*+pT2BW{A6*AEW(#Y}&lwrfQO4=We_aM}0Yeqa6T3g=_zyEfLqa|h_+O)q zrNyx)y$IsLU7W!_11Evl0LrWD%r>HVX`snp%GAv*emq5gWMtI!xQPJTIBcX2{?aKb zk8?yliF(WiosF5fC5bQ>0n5fWE{&`lz6=cp$Ce-pxg7=XhGTAFa|3#A59gb&qcMeC zidjBq=h!R>_Dp;fyB^hL8lUtXiytKGB?IvTq%2rK6QJ|$ThUZ3ug=Ze@1)MFC)tB! z&w#2F4w`{4|4|DKdHfEBKfrFBdW_$Ni{9Pz6mYO_e61Kb zsY-?$^@EL?dUr>ugi9bq1EGrX&3H3qPv7;N$rmigC=+WrY=cgrtn82 zX_7sgER>-wm!trW^#kp$lEQT;xB-F;9KajV%8=K|6#dm0h*i#jj*H2iJ#MHZE^~4B zXwHKHA!iaNfMECicVNJStMm=8->~gabt|IP9;Wc_GVO7JC_DqIa*z*aW zeg+|drVZxPt*Kx+RwKoNb@cp0Wx13Z@JY~=O%)0f$f0uSa!r(1u3RyL4HyoZu3S%2Zvbt|s4K@{0E z1sb8-=&G%&G!O>1zh=HN4p||T?_qzT61=8!@U-HNZ__f7?&H?2t2&0wV#JE$xnK{q z-}+d$w$7`*Bkr^$XjoKSrMus6s7;%{3`AyoNpds>Rk`_Awn2-lt*Hr@12hDRiWVFA z_!Ch8L!g$H{u3#Sv7PNcY}HR~sUgz4YsCjjvKe5dzP|UKFA9QC9wW_GWqub-=!`Mx z{W&BjjM>G0MUl~OBy_JedmA)&s}QK)ExY6K-2Aql~K zfFz>2<^Y6xuWZJdmb&iou}^wp7iES=OOu34kkv4*|I7Ld&umVBez04>=9a=&26jmb z(mwd_>5GQqZ+Nj6@bR!gxb|M0*XG#sn{i#H&~N~?9PlgO*ZfhcJb!R90SM$8yH}1pFEXMb3FYkbWBsPYibZb0|$O6jCoyTh&L!&s_ zzq`%c1t@!HbTrpsbwP4=IZSSK1@eSDLK4X%wep1p8B z)xyC_TjNGtiA`d8xiF-Ap~8X`g*I>U!I`nvF+iI`^npF5QRLdY^+Xw>uWI({O(_m0 zvGD{SOOh?WV?H8MCfg7>zGy4vG@kY|iJnh1ZI9;Y|6QxCB`7HP>*vqM zW@dCre8&asRMji&&Oa6$qD@jo%9*Y*3O73F=!nC4DRjnUV`Ff;cx;&V2-+6rq>rRef%xz^ZSv_&iJ^csBi3HRk-Jq-S}K;!LM4P? z1KNwq-DG5EBu$i>YGS82PpDMy;0yU!LtC*m_1e>=+?Drt3$rb3@}DOd==bb;>Y`0t zTw+`FajOM6bJh=C>mrtEbB)3cNRK3_|3xRdAJl1TxAAiOt5{qvQ4%P-B6WpmWf_s{ zPN5W-YUd}_#eeTAt(IY;8bxk#(!S+rfBRwGKtQ0$+_s3I@UNlYEk(Zf0KuuQeoa;V znm=CAWH<}LuXj-Je=$13*_X3!u`Q(5EUhZJbU43|qf7F)ikYB2?Qhlh6iu<%&MqvJ zAwhCx#f?sSzZM;jXCFb%GIpr_^Y@rM7H~rxrzLNPNp#**x7(fwmc8beMltm??y1E_ zFl<#m`kVmnXu~v6Y?f!@Bv%spHC4_lQ)F4kOTaZZxT1Q&tQ$X-)wJ*;_1?1!oAT(J zEY~q*^B$OgRc;xpdvi|0|0Y3SQ;=Q?^;n-!S#zrHvPYM;I#L&B;a#!dXrGDtMK71*nUq2fQIUJ1k4Y*Fp zIz^oJ^s5?5eV3P>je<{!Wv=z#&%#efF@u4mWxiTMA)MSRho%qTb#9?oXbzSb@-OU? zsm^JM7ckB~ySUfw+lZds*5ur}~RUon@^B zgf8rhc!PO_UUMd%n2eJI$Bo^&8RH^e#Zskuzd4+mlHA1nd}buFI9?D!S!gf0o1Bw^ zXAlV!vxP(w8()r$m|Iw6i@9|3&vS314t2%I6-`q2nI`@1aHS@8HzicvmMXn&;Rr_i zq-Y}akAn`mv2p(L+17rEL{2n2U85)a+28lbMTKQp@y#m-^xGWmn=83AWP!37?|BtP z8MCFr<-lu@j|r}K$#aUl?+>lYMs7-Mq`YwIlRq9jw^yfmfvr10zU8GX>5gQ5Rl@P; z*NIt7{+2tpytsiR;ao$(m9aPr)AD`yrzWYImZZAc28;CZ`x&W~39A|t)B#V(auZcYw9?;Mcg@ePWIDI5;#9fHwQS&LL|=36aG{qIEYJ>?s6g_ z#4Rl?hY6_dw}s|UzrKtGdp4HDYm*%2M4|8y@4ji5e{&Y=!tK7x z)lh6>oqI)8gDB*dWH}e^xlw#%BZY>-`ON1=s<}S|l98cy0g^pcW}Z$+Ceb zRlZ<6N?WJ5=2-98r(4A7iV`!%`vK~HWx_Y9ipa1C!bhQIik*jti zB+$fzouZTrvKuU!gPn$pC@{ukr-+gL`5}FM>DEX?ag9IiUYYcxek=Qo&H@@-_x$V? zgkFVU?ZJz#g=D)F-F@vAkx}8W0jBd{2az0dSa5)P_HeFKh8q8%E@FK+^NAL~ZiU1{ z^Yi^<-6LwZLxx;tNHRk&f6P_tcEpe)RP_#C)c)X-uF!Q$PejpmHC|FL>+6g_X+M=R zlV4D9BkW(_&0F(vl0KC`M9O61|9%^!TkW$iHqxH;Pe82#d5bG&w*eFJ-e7km_mbw!cXpb8T;~V33$3Y12ZDU&ya>9C4ENowq>y(GHHUBHCJkxt zeM}5VT#_8z-q_sKrN)U#+>I${&Nm~(-$Y%E9nichRX5yJXRLnk=PK462;RbCFHM~H z6cD}Ow0;EVA5Ly&uVMV%56VQ{>Z=rm}Xwe#?|gn>vRI**qL zU*hfq?3z93u6&lDRbA`w_*ufPY#`NK>{j8R8p{UL7xsT1Y2hfJG(l=KCRV$>ncJbWPjh}eJW*OX&S?FppSB2(r_K>$A290*>HYeO zoKRBnrWWbuMv?A$uC7^o9<6elo|Wg@2CEn=mO)Mfg|0#M2}MDamuE?`e7*0-{NcL# z(Jt^91;5X>>ibaATVzhJIYw_LK))?%KNo(?Ky9~R@AELqBmtsi{1aK7Nz z@9k@9`|P}*4#50LW1B@)xwO`H(f_!$^a@8`18d$x7sJ;jU> z&GU}1uRAsQ1+@5m6^0gm`!a1`+)ej`bvcy2YMtaGSGkpP0|ID2ZKy!%dyyP)4TrCQ z$J|Y3hnA#^!9W3m^WUXYHmPw)8=UyZO56j zO49vL>ZG8P`}hDY zy3mu7URfCr2#wA17CUSPi6XA^;)Wn&U}0r7g9^hkGGMaKb{ND+9n>$k8O8G>9z2+R z3ehY`sn?w}5@G3{z#<|6;=zwsRPC>q=;&a5%%ENG*T6s<%&79-Y4`5tl{yGn1{y_4 zNxHleJfCF%tKYxx54Hg&0+S5cpx3^r z@<;aykW)wpotDqaJRFZNVKLYLJb1t7l|4|%;Q#M`v;Ke7oc@0*ZT;VmIm4M?AHw5* zTMztS-Za0n4N&c4(#v#_e}p1KgfUZ+=945n+bbO{t?jTdz`+|ak1Kgd+D+PD$NiWe z>K31sC^)N{fp2?=&G64R<0kl@dw7KvnU@zYqN77^5%QDaVjsgr$_qnp&OJzZpR`Qn zqASc4T&C-r`-3LdC29=)YWNn-<}y?)u@9Bxe#FZ66Jff@`@DwQf<)Fm6@pu_?e2R< znjA`vI58ijBh8w&ky3A0w@z)WFZl?_NF_{ zDM*YAB7QciL40$IjKDgqz@_|k@tw|$0os#@XeZiYg24aSJNiB0d4S`aZlm7mTG|+u z-jO%H>XS$FbT&S0M7X(^ICdn#EjKT^FfUaBycBHWCueTzT-Rr5#%YFRo0^edkADxC zD9yT271<~Y%k9^$T_n72^#8p3S{!(W^V+lp6@r@@Is*Q^_5kI%T`UdutLY!_PP9Rl z67}E4o?JjR!)75D%R+26^&j1qoT7+n!>4uQ(U$RNn$$_Q`4@11y9A49%FW)wR#k!_ z%NOmXNV`MvHT4E7I?{&#FOv8IBv{xxveo^!;5DV#Z`_#Hr)=Ns@6C$Q6><@>8ht)@ z{OznrEphw6N*5}V4Cds4f;he%h@Nt;s^)vFq^oBik#hN1h=(;e!9+X2=KLu5q%DaO zpEenvg%`i2ad4<_JdwMn=HsRDUw?by4+nT=uJcVs#DP~S1haz{d}n0RaPoEZgs%{c z2EFX<7Js8(YD__T&-nT){&}H&uVbouvC*KX^s@Il=DM9zXuJ3e3XsauC>y|r;ZCTg zWAm}WTfsiD<9>rY4I6v`*C`?zQ4IE&yIkBFv8M+WpVIM6GpCm3mj0#BJ`g7~>uEAL zw%V&d<&8@Xv@Z7wozQ(mr0YuEljNUzbiEt(n|E_oP`D}e^hV1JD9rZ#!B%!5pcOjH za9fK%RT2OX-q4Wv`K`Sp0ejM)y(9%m!96_RkHp5RjZ>)K#TnjU9Iwwm`>-^=(z1BV zT8{qG{);kfxF{3_vNPRKhgMK1UcM!()&^@Rlx~)1hrYbR`I>*ENuHN8*AolvY*2!! z*6Ti+efCIvo*E<0R)@+1p|fuS--Yf!FL=bETZ8Z6VZVPqE}sAR>$w%{X4`H-|J60$ zOw*2qUCCNjsyoX|fBDoMT3J`t5;EiB9i1x8{k1dmm{^VMC5IGbxCpbqEI!IlZ&thY zA|{*F$~pjbVdx#p7)z>6qGdsfen~`($w5`vdP9%0Q)SyjYTNRPMAGk{@j?SEaFg?g z+n*A@c#)Px#QF>&@xg;))b|yDf0dmpvtLQnJSQ02wYs@Ze{NT1Zt>F!6dXTeHcQnR z{Zw|z?;iD}v!jp6ePQEr%3Lu*UmvlDwVwS_80VQxbhANLZL``1TD=maF<#4bVWsWC zdutp2d>(UiK~F_fL}3}p;_v3e*%Gckvf2W4%|hd+?1xHhhKRlzeZKYAY%j-W=1qx% zx@%^ct*zq*_0|UY=miT3@=%P2$Z`Cka?W#Swy5uTww`UpimnI;8n2`4)FU77Hxwr` zefPRhRjovipcoDEy+?gB#T$js7f+_B9Cw1rWLJ7>tj&jH4VMak+?99^x-YtdeT6x;{hdlmw86yj1C_kjt0)a;AET7-mEco2m!AB zQNVCJg7?0Hz!!l`(ygUS^z|lwY+Zi&wyxVwu7^y0TqCy{9J6^FMnzCo=cxHFTx`x3 z;1ed)%3QDPN=cZ zna>n6tv`xgl8U`8Q@_bg9U~U*rc}wrUh5H1vd~@k3h{HC@VLF(>UbeF;nRBA`Hi** z7%%M@vDCV~-!%nAc;g~`jejR8kcZXwFY&K@X1A{OW;vNNo8J}(n^qWsSRDICeD_Ig1*a-R_4G@$yZ%u~RH37pbZbZ=dht>cS6OuOZKt+}l0v!GFY? z8a&7wx3OS$N^n3lnY`QW?!6UJSZA48yDzjizaD3b&i+VpX~GR1@M5OIa4RL--eZRK zsK-UoY516=WYrjt{rBMtHT8=N7vn#zEKm3a5>USs5^fq@PcXzRUBW=Ub81^;^4Ko! z>iR*y|81sV6^U^v|LlR~HQ`Iir-!Ge<59cg!6LlzyS7Vp*(24iKUUE5K_uSXU1T)S zE=}S3_@_>8Ez`rhihPGNEb-e~5U>Nf=Y^AwVK-66xkqVO1 z1>GKpQQm_6VR-jVCljO(RQIx28mIll%Ds0M-YYh$cv;J~HD1G9ffYxL=jF?KOC#4^ zjLeCpj-$m2fM~kR%;=YwcTh`lwj^}ex&$mqkmAi?6Ti4%p$W&Z$pIBElEBHbK_vlH z_MvIOlp>+vQ4B z!b(YWbd#Da@tM`WpGa^#JQ@pzgJ1m$u$~*NskHDbjxx4iiLAiRH`X6a9%V1RO`~{YV%e@C?-y~Om6hr6pYOxY2KD=~Lw_nb@7`6U7#bm! zK0(jNEg&-ecoT*0O-{ZaM!&nT*XzwcIx!;H{`o1N(aL0DHjt=LRuUdP0rf6zDB<*H z2(MInH&^xCGpAicaptn$uKO<}uC$lezbN@(_*0O3Z7pwSL33c#%rC*AWbiXy7$(!Z zq0X3Zz?yUCAR>Oh42^oF_*Z?jed1n~NB3Q4XG5FRVe!8|FBFrg$il#P zxUqKFzg9_4$>e zC%gucr#JT*zZE3%6-wAEs!}IO8Ou(E#pd+gzoz<*hn98mOJwJ`Qa3NFsU?5X$ZJ3MCswdbX)&DF=+mglR zHd}n*#++s@iH}2 zOm**5?bn{0%zZDSZg<>1>2lg2_^#HYo$MbFvriW9DnuI_Xt?=A80x7fn?w^bki?lb z8=FlYlPd-e_jmD$+vM!>c%lSLxG~5Eew43OG!c()g3qrBmaj}L7(<(WGU4Z=Dk&!M z-uZ`dIUIE3ifsSC}0XcwnqD-ApCQ>p$mawRbPC<%d7l>DpFA{I2t&Zd+~3#f*$9 zMQaq9%f_jiDfa!cn%P)v@Ao=|%lc=stKRaGeQ$A5DB5nW_cg;6CDoxG)?_ zugk7H^CgUyXQ7LU8H3a*Sx|U$MV$>{TwLny3*o(HvJC^ms)1#(g7=iTvv4YGo5)of z_6HT|OG;n)fmoFQ3y+y9 z5@vLgfA1ZEPpz|(eE}j=*+C9bx$%c=<|D$^`H_~YaPbP9PWtY#YzjbSC7xEVP;R^`sMUn?eXC$GYZg z5qhpk^Nrii5NgL<&Jc^*KOL>EX31XT_nAQ#@~$vgSJaf!_zRDJx@4teUBj0bs@cZC zTl4$$!ReerXD+I zbdOB&{=8VdLEYf77l<`e7Mu!B*VfPZ-kcd2MDVt=)Fp86r+V=23Q0JxghjoJwVPdV zKYrWVULSdC%g&CGl-fS7u8?{Zgwn~SO!cPSJW%0h)US^@B&>71n=XihQRUvtG)m}ExM}I~u0YPa&M~|7XO4F-UokV?3K(yGv^8S3uoW|UI~L<{dYB%vUpbb# zVJ3}^`)xi;F&4WkX)TOdR#JIXb0nW4BYr26($a?e{)j8tF()cIB#dP~57f2AuIpdt zUvav-zs+3wXtG%!(>yZPeeSaL48bAGH=~SqNp*Q zilWG<1j>C$O%2wb6S3*&KFTbEcdk>v|J-W+@wRFAd_E3NL&}{y-iDhZGpYDP+_dZ* z(}QTHcY&Ld8_ZdsJAU#rn(B(V^1U?W;n?HR?+C4D7_8Si{ry}Sbic)Xg&5}@2fucY z-j9vpPtiLOoIX0d?C~(2Ot#r*Jk#y3eOq~=$aRevfw(+jjIk|`@i=Pk=hGULw5ccFMA%9 zp}d?^&kJkXq7;8RTa#Isqi_bwxD$tooGA~XcQ{x)6wj6IWvI*6I1rnWZe_Ng7iVuprxs>L1G}@W#Ut(JEmA-Bf8?*BF?N$}776 z3J1rB!`2EhQ}OP4yRt+l60aeAW94Mg74z@>Cj8tC_F?*~$%16G8wWLdRves-GHt!O z5!V2vk2vt~`SXw%-?{9W`h)75#-jXVWa7hLb3RLQeRlnsHxA26&4G_w{X$#4XpBWp zMc0QZ?`;Uf@jb_50|Fc$o9k!KJ1XP% zv-`qOvbsLW)}lGnzchG-&-XIp;FO0^5U*I)_TD@xt)uKZzV|WO6W54?Gney4GwZm% z-2((4qc=Sc&RznsZ$rL@hPv+R_Do*c=#LXdCS=W=#%w@j`p-bJ`Gv5}8x6usA5C<}R@zt+mW!mg6xZNSg%cQ0@f&RaJJHRL51rpnf4|` zU^(ym$Z{)hsu*LvsQb-}N-C|t>mDi!Z{fK*Mh9z(lvNq;YX?h<_CI>!k+Wn(|Wm3GKLd3ub21qll6j1>g3ssxd_)ENx{c zSMwb`UYpilTAvtx6Mb^^;Cj6!EQzxYtREjG@ye|S>aD9rlnW!tdo>~<{?ycWr0-B- zKwKF69^W4JGN|`*KPpm>>18CFQGV9;lkF-F&I-Nk)xrfe%3hvMbGo^``(Of3b(Aj< zVol)+1@1Zc`H3(<27cgtJ$H=)`_obeR`dTp{lB~|*gJ+Zbp8a--LFCSy6kEh_TNt) LD9h!`8v6YolOhHelp&About` and scroll to the bottom. +You can expand "Access token" to copy it. + +![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) + +**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_matrix_registration_bot_enabled: true +# Token obtained via logging into the bot account (see above) +matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE" + +# Enables registration +matrix_synapse_enable_registration: true + +# Restrict registration to users with a token +matrix_synapse_registration_requires_token: true +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +In this room send `help` and the bot will reply with all options. + +You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). +If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) +or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index c842a8703..5233a6626 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -151,6 +151,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) +- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) ### Backups diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 91324025e..738c71ba7 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -987,6 +987,35 @@ matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architectu # ###################################################################### + +###################################################################### +# +# matrix-bot-matrix-registration-bot +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_matrix_registration_bot_enabled: false + +matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_bot_matrix_registration_bot_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + + +###################################################################### +# +# /matrix-bot-matrix-registration-bot +# +###################################################################### + + ###################################################################### # # matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml new file mode 100644 index 000000000..40538478e --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -0,0 +1,49 @@ +--- +# matrix-registration-bot creates and manages registration tokens for a matrix server +# See: https://github.com/moan0s/matrix-registration-bot + +matrix_bot_matrix_registration_bot_enabled: true +matrix_bot_matrix_registration_bot_container_image_self_build: false +matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" +matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" + +matrix_bot_matrix_registration_bot_version: latest +matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" +matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" + +matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot" +matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config" +matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data" + +matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" + +# The access token that the bot uses to communicate in Matrix chats +# This does not necessarily need to be a privileged (admin) access token. +matrix_bot_matrix_registration_bot_bot_access_token: '' + +# The access token that the bot uses to call the Matrix API for creating registration tokens. +# This needs to be a privileged (admin) access token. +# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is. +# If necessary, you can define your own other access token here, which might even be for a different Matrix user. +matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}" + +matrix_bot_matrix_registration_bot_logging_level: info +matrix_bot_matrix_registration_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_bot_matrix_registration_bot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_bot_matrix_registration_bot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_bot_matrix_registration_bot_systemd_wanted_services_list: [] + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_matrix_registration_bot_user_password`. +matrix_bot_matrix_registration_bot_matrix_user_id_localpart: "bot.matrix-registration-bot" + +matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}:{{ matrix_domain }}' + +matrix_bot_matrix_registration_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml new file mode 100644 index 000000000..03235b805 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}" + when: matrix_bot_matrix_registration_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml new file mode 100644 index 000000000..c90da6a8b --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml new file mode 100644 index 000000000..716d67bc3 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +- name: Ensure matrix-registration-bot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} + - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure matrix-registration-bot configuration file created + template: + src: "{{ role_path }}/templates/config/config.yml.j2" + dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure matrix-registration-bot image is pulled + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}" + when: "not matrix_bot_matrix_registration_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-registration-bot repository is present on self-build + git: + repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}" + dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_matrix_registration_bot_git_pull_results + when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + +- name: Ensure matrix-registration-bot image is built + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + source: build + force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" + pull: true + when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + mode: 0644 + register: matrix_bot_matrix_registration_bot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation + service: + daemon_reload: true + when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary + service: + name: "matrix-bot-matrix-registration-bot.service" + state: restarted diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml new file mode 100644 index 000000000..9881592fe --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-matrix-registration-bot service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + register: matrix_bot_matrix_registration_bot_service_stat + +- name: Ensure matrix-matrix-registration-bot is stopped + service: + name: matrix-bot-matrix-registration-bot + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + state: absent + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal + service: + daemon_reload: true + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure Matrix matrix-registration-bot paths don't exist + file: + path: "{{ matrix_bot_matrix_registration_bot_base_path }}" + state: absent + +- name: Ensure matrix-registration-bot Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + state: absent diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml new file mode 100644 index 000000000..d5db028d7 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_matrix_registration_bot_bot_access_token" + - "matrix_bot_matrix_registration_bot_api_token" diff --git a/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 new file mode 100644 index 000000000..756efb018 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 @@ -0,0 +1,12 @@ +bot: + server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} + username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} + access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }} +api: + # API endpoint of the registration tokens + base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }} + # Access token of an administrator on the server + token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }} +logging: + level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }} + diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 new file mode 100644 index 000000000..ba2a95931 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix registration bot +{% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_matrix_registration_bot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ + --log-driver=none \ + --cap-drop=ALL \ + -e "CONFIG_PATH=/config/config.yml" \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_matrix_registration_bot_config_path }}/env \ + {{ matrix_bot_matrix_registration_bot_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-matrix-registration-bot + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index de86665b6..d24c3c991 100755 --- a/setup.yml +++ b/setup.yml @@ -37,6 +37,7 @@ - matrix-bridge-heisenbridge - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot + - matrix-bot-matrix-registration-bot - matrix-bot-honoroit - matrix-bot-go-neb - matrix-bot-mjolnir From e435c55458571ee379a821070bc4877e8103e5eb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 11:10:45 +0300 Subject: [PATCH 011/381] Announce matrix-registration-bot support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1771 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7800da08..a5811c68d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-04-21 + +## matrix-registration-bot support + +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moanos/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. + +See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started. + + # 2022-04-19 ## Borg backup support From 27ec1d8bde2711817f78937dc7a38ed0ffeb8bc6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 11:21:29 +0300 Subject: [PATCH 012/381] Fix matrix-registration-bot repository URL --- CHANGELOG.md | 2 +- docs/configuring-playbook-bot-matrix-registration-bot.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5811c68d..0fdac2aa1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## matrix-registration-bot support -Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moanos/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started. diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index 78d0bd0bf..b1f65a894 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -1,9 +1,9 @@ # Setting up matrix-registration-bot (optional) -The playbook can install and configure [matrix-registration-bot](https://github.com/moanos/matrix-registration-bot) for you. +The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you. The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server, -where you invite someone by sending them a registration token. They can register as normal but have to provide a valid +where you invite someone by sending them a registration token. They can register as normal but have to provide a valid registration token in a final step of the registration. See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it @@ -26,7 +26,7 @@ Choose a strong password for the bot. You can generate a good password with a co ## Obtaining an admin access token -In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the +In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account (using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom. You can expand "Access token" to copy it. From 12198a147ba6fd5014b97a635ec66e821b2c2449 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Thu, 21 Apr 2022 06:49:07 -0500 Subject: [PATCH 013/381] Update matrix-bot-matrix-registration-bot.service.j2 --- .../systemd/matrix-bot-matrix-registration-bot.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index ba2a95931..e1aa89548 100644 --- a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -25,7 +25,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reg --mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \ --mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_bot_matrix_registration_bot_config_path }}/env \ {{ matrix_bot_matrix_registration_bot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' From 92384360f53cd1a111997deb522dfecc22dca155 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Thu, 21 Apr 2022 06:50:24 -0500 Subject: [PATCH 014/381] Fixed documentation to reflect needed user --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index b1f65a894..c47d5bfd7 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -63,7 +63,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. From de3fc61129beef1368d2cd8bfd685ba05028ec21 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Thu, 21 Apr 2022 13:53:01 +0200 Subject: [PATCH 015/381] Updated: mautrix-signal v0.3.0 & signald 0.18.0 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 4e95f1f92..c63874e0d 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -8,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.3 -matrix_mautrix_signal_daemon_version: 0.17.0 +matrix_mautrix_signal_version: v0.3.0 +matrix_mautrix_signal_daemon_version: 0.18.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 0b5e4aa784a7d4dc72e5a2b389c5882658f92676 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 15:53:05 +0300 Subject: [PATCH 016/381] Use non-root image for Signald MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1775 Related to https://signald.org/articles/install/docker/#migrating-from-versions-before-0180 > Prior to 0.18.0 the signald container image used the root user, which is not recommended for security reasons. This was fixed in the 0.18.0 release which will start as root, fix permissions on the volume, then drop to the non-root user and start signald. Future images will start as the non-root user, so if you’re upgrading make sure to run 0.18.0 at least once. > A special tag, 0.18.0-non-root, will be published. it starts as the non-root user and does not fix permissions on the volume. --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index c63874e0d..e6b9678dd 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -18,8 +18,9 @@ matrix_mautrix_signal_daemon_container_image_self_build: false matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" -matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}" -matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" +matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}-non-root" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" From 69f684255cf89ac36c5e33037d30eaade1b4a759 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 15:54:29 +0300 Subject: [PATCH 017/381] Fix Signald git repository to unbreak self-building The maunium fork of Signald is no longer up-to-date (does not publish 0.18.0.. at least not yet) and all the necessary changes are now upstream. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1775 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index e6b9678dd..a7532fed3 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -15,7 +15,7 @@ matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautr matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" matrix_mautrix_signal_daemon_container_image_self_build: false -matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" +matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" From 380e8656442cd432c8c1eec7a76ebc36ba9bf79e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 22 Apr 2022 07:41:10 +0200 Subject: [PATCH 018/381] Change list of public servers, old as not functional The old link returned a 404 so I thought I throw in joinmatrix.org :) --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index d9c7a5866..f2df8698b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -55,7 +55,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee - **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting. -- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. +- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://joinmatrix.org/servers/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. - **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server). From 9e0d969ba47480a6355e47c550d828dca5c45afc Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Fri, 22 Apr 2022 13:56:34 +0300 Subject: [PATCH 019/381] Upgrade Heisenbridge (1.10.1 -> 1.12.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 80b3c95af..96ab33821 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.1 +matrix_heisenbridge_version: 1.12.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From fa108b8ae4a4876e8254c1d432d4491cd0e76685 Mon Sep 17 00:00:00 2001 From: Matthew Cengia Date: Fri, 22 Apr 2022 21:47:30 +1000 Subject: [PATCH 020/381] Bump signald to 0.18.1 According to https://signald.org/articles/install/docker/#migrating-from-versions-before-0180, This release only chowns files if the container is running as root. See also this upstream commit: https://gitlab.com/signald/signald/-/commit/3bb7e8d2c128681473e324f811cff25e0883b88d --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index a7532fed3..14a2c35fa 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.0 +matrix_mautrix_signal_daemon_version: 0.18.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" @@ -20,7 +20,7 @@ matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }} matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" -matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}-non-root" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" From 68424e68e595e01e68824992062898ec92b26d3f Mon Sep 17 00:00:00 2001 From: Andrea Tartaglia Date: Sat, 23 Apr 2022 11:13:36 +0100 Subject: [PATCH 021/381] feat: make synapse htpasswd file path configurable When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated --- roles/matrix-nginx-proxy/defaults/main.yml | 1 + .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 0aaa53edc..8067b916e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -221,6 +221,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "/nginx-data/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index b15546fe6..9a1576d48 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -161,7 +161,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} @@ -177,7 +177,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} From 290754371a8407c8b21044d40678799d2ad6d633 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 23 Apr 2022 16:19:24 +0300 Subject: [PATCH 022/381] add matrix-bot-buscarron --- docs/configuring-dns.md | 3 + docs/configuring-playbook-bot-buscarron.md | 75 +++++++++++++ group_vars/matrix_servers | 42 +++++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-bot-buscarron/defaults/main.yml | 96 ++++++++++++++++ roles/matrix-bot-buscarron/tasks/init.yml | 5 + roles/matrix-bot-buscarron/tasks/main.yml | 23 ++++ .../tasks/setup_install.yml | 100 +++++++++++++++++ .../tasks/setup_uninstall.yml | 36 ++++++ .../tasks/validate_config.yml | 9 ++ roles/matrix-bot-buscarron/templates/env.j2 | 19 ++++ .../systemd/matrix-bot-buscarron.service.j2 | 39 +++++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-bot-buscarron.conf.j2 | 104 ++++++++++++++++++ setup.yml | 1 + 16 files changed, 575 insertions(+) create mode 100644 docs/configuring-playbook-bot-buscarron.md create mode 100644 roles/matrix-bot-buscarron/defaults/main.yml create mode 100644 roles/matrix-bot-buscarron/tasks/init.yml create mode 100644 roles/matrix-bot-buscarron/tasks/main.yml create mode 100644 roles/matrix-bot-buscarron/tasks/setup_install.yml create mode 100644 roles/matrix-bot-buscarron/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-buscarron/tasks/validate_config.yml create mode 100644 roles/matrix-bot-buscarron/templates/env.j2 create mode 100644 roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index c16ab2fca..666f8a63d 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -38,6 +38,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `sygnal` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | +| CNAME | `buscarron` | - | - | - | `matrix.` | ## Subdomains setup @@ -60,6 +61,8 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. +The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. + ## `_matrix-identity._tcp` SRV record setup To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md new file mode 100644 index 000000000..3e2a395a2 --- /dev/null +++ b/docs/configuring-playbook-bot-buscarron.md @@ -0,0 +1,75 @@ +# Setting up Buscarron (optional) + +The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/buscarron) for you. + +It's a bot you can use to setup **your own helpdesk on matrix** +It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room + +## Registering the bot user + +By default, the playbook will set up the bot with a username like this: `@buscarron:DOMAIN`. + +(to use a different username, adjust the `matrix_bot_buscarron_login` variable). + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_buscarron_enabled: true + +# Adjust this to whatever password you chose when registering the bot user +matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT + +# Adjust accepted forms +matrix_bot_buscarron_forms: + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) + +matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically +matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically +``` + +You will also need to add a DNS record so that buscarron can be accessed. +By default buscarron will use https://buscarron.DOMAIN so you will need to create an CNAME record for `buscarron`. +See [Configuring DNS](configuring-dns.md). + +If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain): + +```yaml +matrix_server_fqn_buscarron: "form.{{ matrix_domain }}" +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, invite the `@buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: + +```html +
+ +
+``` + +You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/buscarron). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 738c71ba7..225d29134 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1047,6 +1047,37 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [ # ###################################################################### +###################################################################### +# +# matrix-bot-buscarron +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_buscarron_enabled: false + +matrix_bot_buscarron_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" + +###################################################################### +# +# /matrix-bot-buscarron +# +###################################################################### + ###################################################################### # @@ -1472,6 +1503,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}" matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}" matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" +matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" @@ -1556,6 +1588,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-client-cinny.service'] if matrix_client_cinny_enabled else []) + + (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else []) + + (['matrix-client-element.service'] if matrix_client_element_enabled else []) + (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else []) @@ -1587,6 +1621,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else []) + + ([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else []) + + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) @@ -1698,6 +1734,12 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_buscarron_database_name, + 'username': matrix_bot_buscarron_database_username, + 'password': matrix_bot_buscarron_database_password, + }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_registration_database_name, 'username': matrix_registration_database_username, diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 498a6c321..645563781 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -37,6 +37,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}" # This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default). matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}" +# This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default). +matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" + # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml new file mode 100644 index 000000000..ca13bf308 --- /dev/null +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -0,0 +1,96 @@ +--- +# buscarron is a helpdesk bot +# See: https://gitlab.com/etke.cc/buscarron + +matrix_bot_buscarron_enabled: true + +matrix_bot_buscarron_container_image_self_build: false +matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" +matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" + +matrix_bot_buscarron_version: latest +matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" +matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" + +matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron" +matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config" +matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data" +matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store" + +# A list of extra arguments to pass to the container +matrix_bot_buscarron_container_extra_arguments: [] + +# List of systemd services that matrix-bot-buscarron.service depends on +matrix_bot_buscarron_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-buscarron.service wants +matrix_bot_buscarron_systemd_wanted_services_list: [] + + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_bot_buscarron_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_bot_buscarron_database_*` variables +matrix_bot_buscarron_database_engine: 'sqlite' + +matrix_bot_buscarron_sqlite_database_path_local: "{{ matrix_bot_buscarron_data_path }}/bot.db" +matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db" + +matrix_bot_buscarron_database_username: 'buscarron' +matrix_bot_buscarron_database_password: 'some-password' +matrix_bot_buscarron_database_hostname: 'matrix-postgres' +matrix_bot_buscarron_database_port: 5432 +matrix_bot_buscarron_database_name: 'buscarron' + +matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable' + +matrix_bot_buscarron_storage_database: "{{ + { + 'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container, + 'postgres': matrix_bot_buscarron_database_connection_string, + }[matrix_bot_buscarron_database_engine] +}}" + +matrix_bot_buscarron_database_dialect: "{{ + { + 'sqlite': 'sqlite3', + 'postgres': 'postgres', + }[matrix_bot_buscarron_database_engine] +}}" + + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_buscarron_password`. +matrix_bot_buscarron_login: "buscarron" + +# The password that the bot uses to authenticate. +matrix_bot_buscarron_password: '' + +# the homeserver URL, uses internal synapse container address by default +matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" + +# forms configuration +matrix_bot_buscarron_forms: [] + +# Sentry DSN +matrix_bot_buscarron_sentry: + +# Log level +matrix_bot_buscarron_loglevel: INFO + +# spam hosts/domains +matrix_bot_buscarron_spam_hosts: [] + +# spam email addresses +matrix_bot_buscarron_spam_emails: [] + +# Additional environment variables to pass to the buscarron container +# +# Example: +# matrix_bot_buscarron_environment_variables_extension: | +# BUSCARRON_LOGLEVEL=DEBUG +matrix_bot_buscarron_environment_variables_extension: '' diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/matrix-bot-buscarron/tasks/init.yml new file mode 100644 index 000000000..3da32948f --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" + when: matrix_bot_buscarron_enabled|bool diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/matrix-bot-buscarron/tasks/main.yml new file mode 100644 index 000000000..63e87dfb8 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml new file mode 100644 index 000000000..0ebe7e426 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -0,0 +1,100 @@ +--- +- set_fact: + matrix_bot_buscarron_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + register: matrix_bot_buscarron_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + dst: "{{ matrix_bot_buscarron_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_bot_buscarron_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-bot-buscarron.service'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_bot_buscarron_requires_restart: true + when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_buscarron_database_engine == 'postgres'" + +- name: Ensure buscarron paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_buscarron_config_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure buscarron environment variables file created + template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_bot_buscarron_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure buscarron image is pulled + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" + when: "not matrix_bot_buscarron_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure buscarron repository is present on self-build + git: + repo: "{{ matrix_bot_buscarron_docker_repo }}" + dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_buscarron_git_pull_results + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure buscarron image is built + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: build + force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_buscarron_docker_src_files_path }}" + pull: true + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure matrix-bot-buscarron.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + mode: 0644 + register: matrix_bot_buscarron_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation + service: + daemon_reload: true + when: "matrix_bot_buscarron_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-buscarron.service restarted, if necessary + service: + name: "matrix-bot-buscarron.service" + state: restarted + when: "matrix_bot_buscarron_requires_restart|bool" diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml new file mode 100644 index 000000000..cc70e79a3 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-buscarron service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + register: matrix_bot_buscarron_service_stat + +- name: Ensure matrix-buscarron is stopped + service: + name: matrix-bot-buscarron + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-buscarron.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + state: absent + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal + service: + daemon_reload: true + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure Matrix buscarron paths don't exist + file: + path: "{{ matrix_bot_buscarron_base_path }}" + state: absent + +- name: Ensure buscarron Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/matrix-bot-buscarron/tasks/validate_config.yml new file mode 100644 index 000000000..5a517d394 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_buscarron_password" diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 new file mode 100644 index 000000000..c833f27be --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -0,0 +1,19 @@ +BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }} +BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }} +BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }} +BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} +BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} +BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} +BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} +BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +{% set forms = [] %} +{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} +BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} +BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} +BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +{% endfor %} +BUSCARRON_LIST={{ forms|join(" ") }} + +{{ matrix_bot_buscarron_environment_variables_extension }} diff --git a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 new file mode 100644 index 000000000..fd6d03100 --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -0,0 +1,39 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix web forms bot +{% for service in matrix_bot_buscarron_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_buscarron_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_buscarron_config_path }}/env \ + --mount type=bind,src={{ matrix_bot_buscarron_data_path }},dst=/data \ + {% for arg in matrix_bot_buscarron_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_buscarron_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-buscarron + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 0aaa53edc..ed8a88171 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -159,6 +159,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}" matrix_nginx_proxy_proxy_cinny_enabled: false matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}" +# Controls whether proxying the buscarron domain should be done. +matrix_nginx_proxy_proxy_buscarron_enabled: false +matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}" + # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" @@ -303,6 +307,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf). matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf). +matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 30001dd29..a559e1090 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -110,6 +110,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_cinny_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_buscarron_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for dimension domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" @@ -259,6 +266,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 new file mode 100644 index 000000000..0ce1473be --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 @@ -0,0 +1,104 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header Content-Security-Policy "frame-ancestors 'none'"; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-buscarron:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/setup.yml b/setup.yml index d24c3c991..ce36d1cec 100755 --- a/setup.yml +++ b/setup.yml @@ -38,6 +38,7 @@ - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-matrix-registration-bot + - matrix-bot-buscarron - matrix-bot-honoroit - matrix-bot-go-neb - matrix-bot-mjolnir From 5ae93fbf2bc5c2288ede6f338c9f404dd3035cf5 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 23 Apr 2022 17:11:24 +0300 Subject: [PATCH 023/381] add buscarron to the readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 631dc297d..26f109404 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation +- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. From b720b15de64d5e12e2543cb9d57e710c4236148d Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 24 Apr 2022 09:50:23 +0300 Subject: [PATCH 024/381] buscarron v1.0.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index ca13bf308..6322144eb 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: latest +matrix_bot_buscarron_version: v1.0.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" From 2d21a70b3e9f835c94080f0298cec68c56956c3d Mon Sep 17 00:00:00 2001 From: Sekki21956 Date: Mon, 25 Apr 2022 02:05:13 +0200 Subject: [PATCH 025/381] Update path to signald Dockerfile --- roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index c7202f05a..06f77348b 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -70,7 +70,7 @@ force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: Containerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" From c83c70ac35687cb620c3c23656c62bdfd8ac7a9f Mon Sep 17 00:00:00 2001 From: Matthew Cengia Date: Mon, 25 Apr 2022 10:21:48 +1000 Subject: [PATCH 026/381] Don't self-build signald image on arm64, as upstream image exists --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 738c71ba7..bcd26b993 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != ['amd64', 'arm64'] }}" ###################################################################### # From 47e5bab784339b416f67b5a5d5a006c1df9a289a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 09:22:01 +0300 Subject: [PATCH 027/381] Fix self-building if condition --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bcd26b993..d42567347 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != ['amd64', 'arm64'] }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # From c92af9fe894d466e9b02e1279ecda9f7161b1a60 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 25 Apr 2022 09:40:49 +0300 Subject: [PATCH 028/381] matrix-bot-buscarron: feedback --- docs/configuring-playbook-bot-buscarron.md | 14 +++++++------- roles/matrix-bot-buscarron/defaults/main.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 3e2a395a2..5a2c327d8 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -7,7 +7,7 @@ It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matri ## Registering the bot user -By default, the playbook will set up the bot with a username like this: `@buscarron:DOMAIN`. +By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`. (to use a different username, adjust the `matrix_bot_buscarron_login` variable). @@ -32,11 +32,11 @@ matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT # Adjust accepted forms matrix_bot_buscarron_forms: - - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact - room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted - redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission - ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m - extensions: [] # (optional) list of form extensions (not used yet) + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically @@ -64,7 +64,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, invite the `@buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: +To use the bot, invite the `@bot.buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: ```html
diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 6322144eb..96e8ef91a 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -65,7 +65,7 @@ matrix_bot_buscarron_database_dialect: "{{ # The bot's username. This user needs to be created manually beforehand. # Also see `matrix_bot_buscarron_password`. -matrix_bot_buscarron_login: "buscarron" +matrix_bot_buscarron_login: "bot.buscarron" # The password that the bot uses to authenticate. matrix_bot_buscarron_password: '' From 4a0b8397680119432287c175dad68f479324cb82 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 09:42:36 +0300 Subject: [PATCH 029/381] Automatically do the right thing with regards to Synapse Metrics htpasswd .. regardless of whether matrix-nginx-proxy runs in a container or not --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8067b916e..3c68e7753 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -221,7 +221,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "/nginx-data/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From 2f33b330ff58d676e5db5081a60d6a3fadcf56c6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 10:29:09 +0300 Subject: [PATCH 030/381] Announce Buscarron bot support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fdac2aa1..03ce5c7b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-04-25 + +## buscarron bot support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [the Buscarron bot](https://gitlab.com/etke.cc/buscarron). It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room + +See our [Setting up Buscarron](docs/configuring-playbook-bot-buscarron.md) documentation to get started. + + # 2022-04-21 ## matrix-registration-bot support From 1163e9880fda08bb55d46e6b388c35efb0c4fc75 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 10:37:35 +0300 Subject: [PATCH 031/381] Link to Buscarron bot from configuring docs page Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782 --- docs/configuring-playbook.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 5233a6626..16a7aeeb6 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -145,13 +145,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) +- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) -- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) +- [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional) + ### Backups From 4d08e935a2f235f36f261a54aa5233e77848a70e Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 25 Apr 2022 12:36:27 +0300 Subject: [PATCH 032/381] matrix-bot-buscarron: fix username in docs --- docs/configuring-playbook-bot-buscarron.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 5a2c327d8..3a5822abd 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -14,7 +14,7 @@ By default, the playbook will set up the bot with a username like this: `@bot.bu You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): ``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. From cbb924dec7d54f738077b45b749add2135a13155 Mon Sep 17 00:00:00 2001 From: Devin Dooley Date: Mon, 25 Apr 2022 19:17:40 -0700 Subject: [PATCH 033/381] Support ansible vault strings for homeserver secret key --- group_vars/matrix_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 24ecc5f28..67a9339ae 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -533,14 +533,14 @@ matrix_mautrix_twitter_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_twitter_appservice_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}" +matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}" -matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}" +matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}" matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # @@ -2357,9 +2357,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}" -matrix_dendrite_registration_shared_secret: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}" +matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}" -matrix_dendrite_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.db') | to_uuid }}" +matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. From e41fcf27464f7175e6b43b093d4115cd24ee2243 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Apr 2022 15:44:02 +0300 Subject: [PATCH 034/381] Fix file name (vars.yaml -> vars.yml) to prevent confusion --- docs/alternative-architectures.md | 4 ++-- roles/matrix-dendrite/defaults/main.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index a6c2a02a3..c8097b60b 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -2,7 +2,7 @@ As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. -To that end add the following variable to your `vars.yaml` file: +To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)): ```yaml matrix_architecture: @@ -13,7 +13,7 @@ Currently supported architectures are the following: - `arm64` - `arm32` -so for the Raspberry Pi, the following should be in your `vars.yaml` file: +so for the Raspberry Pi, the following should be in your `vars.yml` file: ```yaml matrix_architecture: "arm32" diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 7f2e629a8..f3876875e 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -61,7 +61,7 @@ matrix_dendrite_systemd_wanted_services_list: [] # Specifies which template files to use when configuring Dendrite. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 44b82e954..db61cb724 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -74,7 +74,7 @@ matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars//homeserver.yaml.j2" matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" From 4f1f3555f2c5f54658da9419e3733a72957f8671 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Apr 2022 16:10:36 +0000 Subject: [PATCH 035/381] Update element 1.10.10 -> 1.10.11 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 205f3480a..e45458754 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.10 +matrix_client_element_version: v1.10.11 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 1ee118bd49e87181640991bc2e528bc6871f9e21 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Apr 2022 17:48:28 +0000 Subject: [PATCH 036/381] matrix-change-user-admin-status: do not allocate tty --- .../templates/usr-local-bin/matrix-change-user-admin-status.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 index 6c3082ef4..f378a10f5 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -9,7 +9,7 @@ if [ $# -ne 2 ]; then fi docker run \ - -it \ + -i \ --rm \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ From 7776c2e0bb8e216fa0b733768a2555a331d2491a Mon Sep 17 00:00:00 2001 From: Brandon Kraft Date: Mon, 2 May 2022 12:37:56 -0500 Subject: [PATCH 037/381] Upgrade to Grafana 8.5.1 https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-1/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-0/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-7/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-6/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-5/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-4/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-3/ https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-4-2/ --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 0ee7a86a9..ee184e1d4 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.4.1 +matrix_grafana_version: 8.5.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 7adc167412b95917ff04012ff5a01577211ef41c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 May 2022 08:10:16 +0300 Subject: [PATCH 038/381] Fail if trying to use Jitsi on an architecture other than amd64 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1797 --- roles/matrix-jitsi/tasks/init.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index efab8745b..c4ed61a6c 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -3,3 +3,8 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool + +- name: Fail if on an unsupported architecture + fail: + msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" + when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' From 03674e1a36e8a7591a506333038ff4ec5b341b2c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 3 May 2022 14:32:32 +0300 Subject: [PATCH 039/381] Upgrade Synapse (1.57.1 -> 1.58.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index db61cb724..77694dba7 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.57.1 +matrix_synapse_version: v1.58.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 1439be2743cfb0659aeb506b83aa2f91606125a4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 4 May 2022 11:10:00 +0300 Subject: [PATCH 040/381] Upgrade matrix-appservice-irc (0.33 -> 0.34) Related to https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 5dfe3623f..d0843836d 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.33.0 +matrix_appservice_irc_version: release-0.34.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 549e4418b9d107e9b7a0c4dd1873bd7ab5d88168 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 May 2022 08:56:06 +0200 Subject: [PATCH 041/381] Upgrade Synapse (1.58.0 -> 1.58.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 77694dba7..ad1d863f5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.58.0 +matrix_synapse_version: v1.58.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 058fedff9124ee3bcfdcf2c6d67d26555e968a83 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 6 May 2022 09:02:24 +0200 Subject: [PATCH 042/381] Fix "endpoint seems conditional" determination in workers-doc-to-yaml.awk" This prevented us from keeping our workers reverse-proxying definitions updated since Synapse v1.54.0. The last `workers.md` file we could parse is at commit 02632b3504ad4512c5f5a4f859b3fe326b19c788. Parsing regressed at commit c56bfb08bc071368db23f3b1c593724eb4f205f0, because the introduction message for `synapse.app.generic_worker` said "If": > If a worker is set up to handle a.. .. which made the AWK script think that definitions below were conditional (which they're not in this case). This patch fixes up the regex for determining if a line is conditional or not, so that it doesn't trip up. Hopefully, it doesn't miss something important. --- .../files/workers-doc-to-yaml.awk | 2 +- roles/matrix-synapse/vars/workers.yml | 155 ++++++++++++++---- 2 files changed, 122 insertions(+), 35 deletions(-) diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.awk b/roles/matrix-synapse/files/workers-doc-to-yaml.awk index ca58b4862..5b99d3964 100755 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.awk +++ b/roles/matrix-synapse/files/workers-doc-to-yaml.awk @@ -120,7 +120,7 @@ enable_parsing { worker_stanza_append(" # " line linefeed) # and take note of words hinting at additional conditions to be met - if (line ~ /(^| )[Ii]f |(^| )[Ff]or /) { + if (line ~ /(^[Ii]f|care must be taken|can be handled for)/) { endpoints_seem_conditional = 1 } } diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 48530312c..f1dfb9406 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -1,12 +1,15 @@ --- matrix_synapse_workers_generic_worker_endpoints: - # This worker can handle API requests matching the following regular - # expressions: + # This worker can handle API requests matching the following regular expressions. + # These endpoints can be routed to any worker. If a worker is set up to handle a + # stream then, for maximum efficiency, additional endpoints should be routed to that + # worker: refer to the [stream writers](#stream-writers) section below for further + # information. # Sync requests - - ^/_matrix/client/(v2_alpha|r0|v3)/sync$ - - ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ + - ^/_matrix/client/(r0|v3)/sync$ + - ^/_matrix/client/(api/v1|r0|v3)/events$ - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ @@ -20,19 +23,14 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/query/ - ^/_matrix/federation/v1/make_join/ - ^/_matrix/federation/v1/make_leave/ - - ^/_matrix/federation/v1/send_join/ - - ^/_matrix/federation/v2/send_join/ - - ^/_matrix/federation/v1/send_leave/ - - ^/_matrix/federation/v2/send_leave/ - - ^/_matrix/federation/v1/invite/ - - ^/_matrix/federation/v2/invite/ - - ^/_matrix/federation/v1/query_auth/ + - ^/_matrix/federation/(v1|v2)/send_join/ + - ^/_matrix/federation/(v1|v2)/send_leave/ + - ^/_matrix/federation/(v1|v2)/invite/ - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/ - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ # Inbound federation transaction request @@ -45,22 +43,25 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/devices$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ + - ^/_matrix/client/(r0|v3|unstable)/joined_groups$ + - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ + - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ + # Encryption requests + - ^/_matrix/client/(r0|v3|unstable)/keys/query$ + - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ + - ^/_matrix/client/(r0|v3|unstable)/room_keys/ + # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ @@ -74,11 +75,27 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ + # Device requests + - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # Account data requests + - ^/_matrix/client/(r0|v3|unstable)/.*/tags + - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # Receipts requests + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # Presence requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # Additionally, the following REST endpoints can be handled for GET requests: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually # ^/_matrix/federation/v1/groups/ + # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ + # ^/_matrix/client/(r0|v3|unstable)/groups/ # Pagination requests can also be handled, but all requests for a given # room must be routed to the same instance. Additionally, care must be taken to @@ -155,16 +172,17 @@ matrix_synapse_workers_generic_worker_endpoints: # #### Stream writers - # Additionally, there is *experimental* support for moving writing of specific - # streams (such as events) off of the main process to a particular worker. (This - # is only supported with Redis-based replication.) - - # Currently supported streams are `events` and `typing`. + # Additionally, the writing of specific streams (such as events) can be moved off + # of the main process to a particular worker. + # (This is only supported with Redis-based replication.) # To enable this, the worker must have a HTTP replication listener configured, - # have a `worker_name` and be listed in the `instance_map` config. For example to - # move event persistence off to a dedicated worker, the shared configuration would - # include: + # have a `worker_name` and be listed in the `instance_map` config. The same worker + # can handle multiple streams, but unless otherwise documented, each stream can only + # have a single writer. + + # For example, to move event persistence off to a dedicated worker, the shared + # configuration would include: # ```yaml # instance_map: @@ -176,8 +194,20 @@ matrix_synapse_workers_generic_worker_endpoints: # events: event_persister1 # ``` - # The `events` stream also experimentally supports having multiple writers, where - # work is sharded between them by room ID. Note that you *must* restart all worker + # An example for a stream writer instance: + + # ```yaml + # {{#include systemd-with-workers/workers/event_persister.yaml}} + # ``` + + # Some of the streams have associated endpoints which, for maximum efficiency, should + # be routed to the workers handling that stream. See below for the currently supported + # streams and the endpoints associated with them: + + # ##### The `events` stream + + # The `events` stream experimentally supports having multiple writers, where work + # is sharded between them by room ID. Note that you *must* restart all worker # instances when adding or removing event persisters. An example `stream_writers` # configuration with multiple writers: @@ -188,9 +218,51 @@ matrix_synapse_workers_generic_worker_endpoints: # - event_persister2 # ``` + # ##### The `typing` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `typing` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing + + # ##### The `to_device` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `to_device` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + + # ##### The `account_data` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `account_data` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/.*/tags + # ^/_matrix/client/(r0|v3|unstable)/.*/account_data + + # ##### The `receipts` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `receipts` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + + # ##### The `presence` stream + + # The following endpoints should be routed directly to the worker configured as + # the stream writer for the `presence` stream: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # #### Background tasks - # There is also *experimental* support for moving background tasks to a separate + # There is also support for moving background tasks to a separate # worker. Background tasks are run periodically or started via replication. Exactly # which tasks are configured to run depends on your Synapse configuration (e.g. if # stats is enabled). @@ -206,6 +278,12 @@ matrix_synapse_workers_generic_worker_endpoints: # You might also wish to investigate the `update_user_directory` and # `media_instance_running_background_jobs` settings. + # An example for a dedicated background worker instance: + + # ```yaml + # {{#include systemd-with-workers/workers/background_worker.yaml}} + # ``` + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the @@ -292,18 +370,27 @@ matrix_synapse_workers_user_dir_endpoints: # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$ + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - # When using this worker you must also set `update_user_directory: False` in the + # When using this worker you must also set `update_user_directory: false` in the # shared configuration file to stop the main synapse running background # jobs related to updating the user directory. + # Above endpoint is not *required* to be routed to this worker. By default, + # `update_user_directory` is set to `true`, which means the main process + # will handle updates. All workers configured with `client` can handle the above + # endpoint as long as either this worker or the main process are configured to + # handle it, and are online. + + # If `update_user_directory` is set to `false`, and this worker is not running, + # the above endpoint may give outdated results. + matrix_synapse_workers_frontend_proxy_endpoints: # Proxies some frequently-requested client endpoints to add caching and remove # load from the main synapse. It can handle REST endpoints matching the following # regular expressions: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload + - ^/_matrix/client/(r0|v3|unstable)/keys/upload # If `use_presence` is False in the homeserver config, it can also handle REST # endpoints matching the following regular expressions: From be95918a2f28ee516c844dc7d5b335dd06221cdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20T=C3=B6tterman?= Date: Fri, 6 May 2022 11:37:40 +0300 Subject: [PATCH 043/381] typo --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 38e13a8a9..208ce4e6b 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From 83b7fcee453f39388456f0bccc8f2783905f75ae Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 7 May 2022 09:36:40 +0200 Subject: [PATCH 044/381] Do not proxy some endpoints to the generic Synapse worker These endpoints should not be proxied to a generic Synapse worker without other preparation (setting up stream writers, sending traffic to a specific stream writer, etc.). Disabling them for now. In the future, we'd like to fix up our awk script to disable them automatically. This is a fix up for 058fedff9124ee3bcf --- roles/matrix-synapse/vars/workers.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index f1dfb9406..33bf585b3 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -75,19 +75,23 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - # Device requests - - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + # These appear to be conditional and should not be enabled by default. + # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. + # For now, they've been commented out manually. + # + # # Device requests + # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - # Account data requests - - ^/_matrix/client/(r0|v3|unstable)/.*/tags - - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + # # Account data requests + # - ^/_matrix/client/(r0|v3|unstable)/.*/tags + # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data - # Receipts requests - - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + # # Receipts requests + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - # Presence requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # # Presence requests + # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ # Additionally, the following REST endpoints can be handled for GET requests: From 3f45805fd2b3b05cd1f3893767d9f25b0760ad3a Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Sat, 7 May 2022 12:40:17 +0200 Subject: [PATCH 045/381] Change back to original mx-puppet-discord Closes: #1801 --- .../defaults/main.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 522576897..d6e6f859c 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,27 +1,21 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord) -# -# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See: -# - https://github.com/matrix-discord/mx-puppet-discord/issues/201 -# - https://github.com/matrix-discord/mx-puppet-discord/issues/202 -# - https://github.com/matrix-discord/mx-puppet-discord/issues/203 -# - (other similar issues in the past) +# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" -matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" +matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_version: v0.1.1 +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" From 84ea5f6eccf1d5c8962f265e7dfab1384334763e Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Sat, 7 May 2022 14:34:33 +0200 Subject: [PATCH 046/381] Upgrade Hookshot (1.5.0 -> 1.6.1) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 45807ba9c..181bc2cc5 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.5.0 +matrix_hookshot_version: 1.6.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 7390646cd5d2879b7928c28701c0cddf42b0bf03 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 7 May 2022 18:42:15 +0200 Subject: [PATCH 047/381] add hookshot feeds support --- roles/matrix-bridge-hookshot/defaults/main.yml | 5 +++++ roles/matrix-bridge-hookshot/templates/config.yml.j2 | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 45807ba9c..74ac714ac 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -121,6 +121,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: '_webhooks_' +matrix_hookshot_feeds_enabled: false +# polling interval in seconds +matrix_hookshot_feeds_interval: 600 + + # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index c17715097..6fbce7709 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -78,6 +78,13 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} +{% if matrix_hookshot_feeds_enabled %} +feeds: + # (Optional) Configure this to enable RSS/Atom feed support + # + enabled: {{ matrix_hookshot_feeds_enabled }} + pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }} +{% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers From 04aa609ae51dcc7eb8cdeff478ed651249fe8892 Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:20:36 +0200 Subject: [PATCH 048/381] clarifying reverse proxying of well-known files --- docs/configuring-well-known.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 27a4001cf..9a6da547d 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -116,8 +116,22 @@ server { **For Caddy 2**, it would be something like this: ```caddy -reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN { - header_up Host {http.reverse_proxy.upstream.hostport} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/*:x + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } } ``` From 6abdb6e6f086a77b0b4a3b4dccce3e04794de7ad Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:20:36 +0200 Subject: [PATCH 049/381] clarifying reverse proxying of well-known files --- docs/configuring-well-known.md | 18 ++++++++++++++++-- examples/caddy2/Caddyfile | 17 +++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 27a4001cf..9a6da547d 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -116,8 +116,22 @@ server { **For Caddy 2**, it would be something like this: ```caddy -reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN { - header_up Host {http.reverse_proxy.upstream.hostport} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/*:x + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } } ``` diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 6370cb015..7d8c193db 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -214,3 +214,20 @@ element.DOMAIN.tld { # } # } #} +DOMAIN.com { + @wellknown { + path /.well-known/matrix/* + } + + handle @wellknown { + reverse_proxy https://matrix.DOMAIN.com { + header_up Host {http.reverse_proxy.upstream.hostport} + } + } + # Configration for the base domain goes here + # handle { + # header -Server + # encode zstd gzip + # reverse_proxy localhost:4020 + # } +} From 527f5bc46973b368101488d1b1b56f9cee9bbbc1 Mon Sep 17 00:00:00 2001 From: Arkonos Date: Sun, 8 May 2022 21:56:14 +0200 Subject: [PATCH 050/381] clarifying where well-known files are created --- docs/configuring-well-known.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a6da547d..4a68047be 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS. -To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them. +To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them. You have 3 options when it comes to installing the files on the base domain's server: From fcfd00bcb4e71f7a20d3717650842d1431e93260 Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Mon, 9 May 2022 23:38:01 +0200 Subject: [PATCH 051/381] Change back to original mx-puppet-slack Closes: #1808 --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index d6e6f859c..2a2ecd58a 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8c..0560128fe 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) +# See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: v0.1.0 +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 9fc60d8c868158af533b7c7ea6e70c926f1be181 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 May 2022 16:20:34 +0300 Subject: [PATCH 052/381] Revert "Change back to original mx-puppet-slack" This reverts commit fcfd00bcb4e71f7a20d3717650842d1431e93260. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1808 Reverts https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1809 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1810 --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 2a2ecd58a..d6e6f859c 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 0560128fe..bb92c1d8c 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: v0.1.0 -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 62cb801878dd448025e604560ee180d8da099789 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 10 May 2022 13:57:12 +0000 Subject: [PATCH 053/381] Update cinny v1.8.2 -> v2.0.0 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 2ded40482..32e173113 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.8.2 +matrix_client_cinny_version: v2.0.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 02d4a841c4f96ab6b1d9ec617b6d3033debd613a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 10 May 2022 14:31:41 +0000 Subject: [PATCH 054/381] Update Element 1.10.11 -> 1.10.12 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index e45458754..ef89bca35 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.11 +matrix_client_element_version: v1.10.12 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 3dfda42f3d0e5fcb402e41711e8b859fd0d9ac5a Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 10 May 2022 16:50:46 +0200 Subject: [PATCH 055/381] Update configuring-playbook-bridge-hookshot.md --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 208ce4e6b..ef6bc0ab1 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -26,7 +26,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | listener | default path | variable | used as | |---|---|---|---| -| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | From 8c505e8a2cab0036541b87163cd7febd09fab3c1 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 10 May 2022 18:38:57 +0300 Subject: [PATCH 056/381] matrix-bot-buscarron v1.1.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 17 ++++++++++++++++- roles/matrix-bot-buscarron/templates/env.j2 | 7 +++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 96e8ef91a..1e6faec00 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.0.0 +matrix_bot_buscarron_version: v1.1.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -88,6 +88,21 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# Ban duration in hours +matrix_bot_buscarron_ban_duration: + +# Banlist size +matrix_bot_buscarron_ban_size: + +# Postmark token (confirmation emails) +matrix_bot_buscarron_pm_token: + +# Postmark sender signature +matrix_bot_buscarron_pm_from: + +# Postmark confirmation email's reply-to +matrix_bot_buscarron_pm_replyto: + # Additional environment variables to pass to the buscarron container # # Example: diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index c833f27be..876072e17 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -7,12 +7,19 @@ BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} +BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} +BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} +BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} +BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} +BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }} {% endfor %} BUSCARRON_LIST={{ forms|join(" ") }} From d09934c79c270a674cc8d77d1bad8a20d1503712 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 10 May 2022 18:44:20 +0300 Subject: [PATCH 057/381] matrix-bot-buscarron - set defaults --- roles/matrix-bot-buscarron/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 1e6faec00..c2b44fa11 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -89,10 +89,10 @@ matrix_bot_buscarron_spam_hosts: [] matrix_bot_buscarron_spam_emails: [] # Ban duration in hours -matrix_bot_buscarron_ban_duration: +matrix_bot_buscarron_ban_duration: 24 # Banlist size -matrix_bot_buscarron_ban_size: +matrix_bot_buscarron_ban_size: 10000 # Postmark token (confirmation emails) matrix_bot_buscarron_pm_token: From eda75e6492e42d63c6ee1c3a28fb2838cf11c5b8 Mon Sep 17 00:00:00 2001 From: Didier 'OdyX' Raboud Date: Wed, 11 May 2022 10:43:57 +0200 Subject: [PATCH 058/381] Bump Slack Appservice to 1.11.0 --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index e303f8340..ae3f55df6 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git" matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src" -matrix_appservice_slack_version: release-1.10.0 +matrix_appservice_slack_version: release-1.11.0 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" From 34de6c9c664d3299a82b7fcf6dee541a191a0c73 Mon Sep 17 00:00:00 2001 From: brush Date: Fri, 13 May 2022 03:44:16 -0700 Subject: [PATCH 059/381] Update configuring-well-known.md --- docs/configuring-well-known.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 4a68047be..c27635a58 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -98,16 +98,15 @@ server { } ``` -**For Apache**, it would be something like this: +**For Apache2**, it would be something like this: ```apache ServerName DOMAIN SSLProxyEngine on - - ProxyPass "https://matrix.DOMAIN/.well-known/matrix" - + ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon # other configuration From 3499b9cd0314746404a9fcd350ea15d967df3c51 Mon Sep 17 00:00:00 2001 From: brush Date: Fri, 13 May 2022 03:45:08 -0700 Subject: [PATCH 060/381] Update configuring-well-known.md --- docs/configuring-well-known.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index c27635a58..9a519343b 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -105,8 +105,8 @@ server { ServerName DOMAIN SSLProxyEngine on - ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon - ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon # other configuration From 1431a351ab325a905c47491f787146b6f2e80fb4 Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 13 May 2022 11:57:59 -0300 Subject: [PATCH 061/381] Update configuring-playbook-bridge-hookshot.md fix Hookshot instructions link --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index ef6bc0ab1..ea7d80c05 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. From 8ec1f4bee01d9eed0ad569708804563a68f934ca Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 13 May 2022 16:20:04 +0000 Subject: [PATCH 062/381] Update Cinny v2.0.0 -> v2.0.1 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 32e173113..dd9c4dc75 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.0 +matrix_client_cinny_version: v2.0.1 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From dca593cf7a8fd5898f1a04fba212258d21f571bb Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 14 May 2022 11:33:19 +0000 Subject: [PATCH 063/381] Update Cinny v2.0.1 -> v2.0.2 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index dd9c4dc75..20d6a8704 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.1 +matrix_client_cinny_version: v2.0.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 894669eca2092351e6105ef7beba981d96419b5e Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Sat, 14 May 2022 21:07:57 +0200 Subject: [PATCH 064/381] Change back to working original mx-puppet-slack Now that v0.1.1 is out, which depends on the functional matrix-slack-parser it works again. --- .../matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index d6e6f859c..2a2ecd58a 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8c..3b069ea24 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) +# See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true @@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_version: v0.1.1 +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From c58c7dc643f2984daa82ef28202dc959a01ff7df Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 15 May 2022 05:45:07 +0000 Subject: [PATCH 065/381] Update Cinny v2.0.2 -> v2.0.3 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 20d6a8704..5b0991cd6 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.2 +matrix_client_cinny_version: v2.0.3 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 2a9b52a1c2757fcb2093198245cf51581f29847f Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 16 May 2022 04:29:29 +0000 Subject: [PATCH 066/381] Update Element self build repo URL It forwards to the correct place but might as well just update it to the current URL. --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index ef89bca35..7abaf50ca 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" +matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git" # Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM): # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357 # - https://github.com/vector-im/element-web/issues/19544 From 311f44a19cdfd805ba851d601aa0513c3801ae07 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 16 May 2022 04:36:18 +0000 Subject: [PATCH 067/381] Document `git` as a potential prereq Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1792 --- docs/prerequisites.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 0da1c7157..1ed4befea 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. +- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components. + - An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). From 8ecdfc3ed6818cf77ed42a0f6d5976753635c080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 16 May 2022 09:26:15 +0200 Subject: [PATCH 068/381] Automatically enable admin api access via nginx (#1830) --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 67a9339ae..8788ba10c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1495,7 +1495,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |- }[matrix_homeserver_implementation]|int }} -matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" +matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}" matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}" From f21269f4418ebe707dac079a505cb4fcecd6b267 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 16 May 2022 21:40:31 +0300 Subject: [PATCH 069/381] Upgrade mx-puppet-slack (v0.1.1 -> v0.1.2) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1829 --- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 3b069ea24..b77614f70 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile" # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: v0.1.1 +matrix_mx_puppet_slack_version: v0.1.2 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 4109dc3bcd784865b6a71d8be3567260595635af Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 May 2022 19:56:54 +0000 Subject: [PATCH 070/381] Update Postgres (CVE-2022-1552 + last 9.x update) CVE: https://security-tracker.debian.org/tracker/CVE-2022-1552 Source: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ Postgres 9.6 upgrade (**not a CVE fix, 9.x still vulnerable**): https://www.postgresql.org/docs/release/9.6.24/ --- roles/matrix-postgres/defaults/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 8593bb83b..bb8202173 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -22,12 +22,12 @@ matrix_postgres_architecture: amd64 # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From bab1ee22335c3437f227ee4168c9b57174a58e72 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 May 2022 11:31:25 +0300 Subject: [PATCH 071/381] Work around mx-puppet-discord failing with "No relay found" after reboot Related to https://gitlab.com/mx-puppet/discord/mx-puppet-discord/-/issues/117 Looks like the bridge is too quick to start and fails to initialize itself by connecting to Synapse. It's mostly observed after a system reboot, because Synapse (and everything else) is slower to start. Once mx-puppet-discord fails to initialize itself, a "No relay found" error will be observed any time you try to relay a Matrix message to Discord. Relaying messages in the other direction (Discord to Matrix) also fails. With this workaround (longer delay on mx-puppet-discord startup), I observe mx-puppet-discord working well, even after a full reboot. Of course, a proper fix is preferable, instead of delaying by a magic number of seconds. --- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 7a4c4a383..52b12c3d0 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 +ExecStartPre={{ matrix_host_command_sleep }} 15 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ --log-driver=none \ From f972a80224bb6ba8b6338188a6ef031dc525d56e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 May 2022 13:08:17 +0300 Subject: [PATCH 072/381] Upgrade Synapse (1.58.1 -> 1.59.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 21 ++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ad1d863f5..bf2a765d0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.58.1 +matrix_synapse_version: v1.59.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 37cad10fe..97f73c34e 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -432,6 +432,11 @@ manhole_settings: # sign up in a short space of time never to return after their initial # session. # +# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but +# applies a different trial number if the user was registered by an appservice. +# A value of 0 means no trial days are applied. Appservices not listed in this +# dictionary use the value of `mau_trial_days` instead. +# # 'mau_limit_alerting' is a means of limiting client side alerting # should the mau limit be reached. This is useful for small instances # where the admin has 5 mau seats (say) for 5 specific people and no @@ -442,6 +447,8 @@ manhole_settings: #max_mau_value: 50 #mau_trial_days: 2 #mau_limit_alerting: false +#mau_appservice_trial_days: +# "appservice-id": 1 # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -742,11 +749,11 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js # #allow_profile_lookup_over_federation: false -# Uncomment to disable device display name lookup over federation. By default, the -# Federation API allows other homeservers to obtain device display names of any user -# on this homeserver. Defaults to 'true'. +# Uncomment to allow device display name lookup over federation. By default, the +# Federation API prevents other homeservers from obtaining the display names of +# user devices on this homeserver. Defaults to 'false'. # -#allow_device_name_lookup_over_federation: false +#allow_device_name_lookup_over_federation: true ## Caching ## @@ -1375,7 +1382,11 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} # registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }} - +# Allow users to submit a token during registration to bypass any required 3pid +# steps configured in `registrations_require_3pid`. +# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow. +# +#enable_registration_token_3pid_bypass: false # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. From 2cce91fe1d33f6ca1130a7067260ab3440dcd78c Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Wed, 18 May 2022 12:38:07 +0300 Subject: [PATCH 073/381] Upgrade Heisenbridge (1.12.0 -> 1.13.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 96ab33821..dfbddd426 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.12.0 +matrix_heisenbridge_version: 1.13.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 4297af5c51f34439590c1e450394cc15baef49e0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 May 2022 10:19:43 +0000 Subject: [PATCH 074/381] Update mautrix-whatsapp v0.3.1 -> v0.4.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index d920be51c..0bea0536c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.3.1 +matrix_mautrix_whatsapp_version: v0.4.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 99de38280df9ca928f9825375c882db100e31933 Mon Sep 17 00:00:00 2001 From: Paul B Date: Thu, 12 May 2022 12:24:35 +0200 Subject: [PATCH 075/381] bridge-signal: add variable to enable encryption --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 14a2c35fa..ce89a381b 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -127,3 +127,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}" matrix_mautrix_signal_log_level: 'DEBUG' + +matrix_mautrix_signal_bridge_encryption_allow: false +matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" +matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2f427b907..b831fe9a1 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -152,15 +152,15 @@ bridge: # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false + default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. - allow: false + allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }} # Require the requesting device to have a valid cross-signing signature? # This doesn't require that the bridge has verified the device, only that the user has verified it. # Not yet implemented. From e1e83353b400033a07d3d259bfdd5d96c4a8f9fb Mon Sep 17 00:00:00 2001 From: Paul B Date: Thu, 12 May 2022 12:57:29 +0200 Subject: [PATCH 076/381] bridge-whatsapp: add variable to enable end-to-bridge encryption --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 5 +++++ .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index d920be51c..f2523fa8e 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -123,3 +123,8 @@ matrix_mautrix_whatsapp_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_whatsapp_bridge_encryption_allow: false +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 0e3b855cb..c8318f961 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -158,16 +158,16 @@ bridge: # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. - default: false + default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. - allow: false + allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} # Require the requesting device to have a valid cross-signing signature? # This doesn't require that the bridge has verified the device, only that the user has verified it. # Not yet implemented. From de8d6f8d6c14bed13370bec40c622115ce82660a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 May 2022 11:37:34 +0000 Subject: [PATCH 077/381] Update Synapse v1.59.0 -> v.1.59.1 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index bf2a765d0..23dfebf75 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.59.0 +matrix_synapse_version: v1.59.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From a1e5ecf5513f804cd099724266e7c7d0b7a7259d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 May 2022 14:43:16 +0300 Subject: [PATCH 078/381] Upgrade hookshot (1.6.1 -> 1.7.0) This new version should be buildable on arm64. See: https://github.com/matrix-org/matrix-hookshot/releases/tag/1.7.0 There's still no prebuild arm64 image, so we continue relying on self-building there. --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 61f689a55..ecc997708 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.6.1 +matrix_hookshot_version: 1.7.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 677a2fc50310aa15126dec7edb5c21b70b61bf58 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 May 2022 15:43:39 +0300 Subject: [PATCH 079/381] Fix compatibility with ansible=6 / ansible-core=2.13 Details here: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_6.html#id36 Basically: ```yaml - name: Prior to 2.13 debug: msg: '[1] + {{ [2] }}' - name: 2.13 and forward debug: msg: '{{ [1] + [2] }}' ``` Interestingly, we had been using the new/safe syntax in lofs of places. We were using the broken one in many others though. Hopefully all instances were fixed by this patch. --- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../matrix-bridge-heisenbridge/tasks/init.yml | 16 ++++++---- roles/matrix-bridge-hookshot/tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- .../tasks/init.yml | 16 ++++++---- roles/matrix-bridge-sms/tasks/init.yml | 16 ++++++---- .../ext/encryption-disabler/setup_install.yml | 16 ++++++---- .../tasks/ext/ldap-auth/setup.yml | 8 +++-- .../ext/mjolnir-antispam/setup_install.yml | 32 +++++++++++-------- .../tasks/ext/rest-auth/setup_install.yml | 16 ++++++---- .../ext/shared-secret-auth/setup_install.yml | 16 ++++++---- .../synapse-simple-antispam/setup_install.yml | 26 ++++++++------- 29 files changed, 298 insertions(+), 184 deletions(-) diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index e16a69796..a53112ad7 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -14,12 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-discord-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-discord-registration.yaml"] + }} when: matrix_appservice_discord_enabled|bool diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index 5e1814121..a35144f05 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -21,12 +21,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-irc-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-irc-registration.yaml"] + }} when: matrix_appservice_irc_enabled|bool diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 8cbc71821..c83318171 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -21,14 +21,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-slack-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-slack-registration.yaml"] + }} when: matrix_appservice_slack_enabled|bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index b888c51f1..370b835d6 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -14,14 +14,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-webhooks-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-appservice-webhooks-registration.yaml"] + }} when: matrix_appservice_webhooks_enabled|bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 977db9252..64057301f 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -7,12 +7,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-beeper-linkedin-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-beeper-linkedin-registration.yaml"] + }} when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index a66d7199d..ef3efb761 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -14,12 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/heisenbridge-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/heisenbridge-registration.yaml"] + }} when: matrix_heisenbridge_enabled|bool diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 384f6d3be..14bbcbb32 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -14,14 +14,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/hookshot-registration.yml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/hookshot-registration.yml"] + }} when: matrix_hookshot_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 200e98463..f2cd59632 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-facebook-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-facebook-registration.yaml"] + }} when: matrix_mautrix_facebook_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index f458df1bf..27845148e 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-googlechat-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-googlechat-registration.yaml"] + }} when: matrix_mautrix_googlechat_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 680dcd88b..d00e52528 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-hangouts-registration.yaml"] + }} when: matrix_mautrix_hangouts_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index d33acd09d..867133809 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-instagram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-instagram-registration.yaml"] + }} when: matrix_mautrix_instagram_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 21d52066f..b9b698c57 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -7,12 +7,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-signal-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-signal-registration.yaml"] + }} when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index a97dcd8e0..93b4d9f85 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-telegram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-telegram-registration.yaml"] + }} when: matrix_mautrix_telegram_enabled|bool - block: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 5b526bbde..34f4ebde2 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -7,14 +7,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-twitter-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-twitter-registration.yaml"] + }} when: matrix_mautrix_twitter_enabled|bool # ansible lower than 2.8, does not support docker_image build parameters diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index 57166386b..d4fb82218 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -6,12 +6,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mautrix-whatsapp-registration.yaml"] + }} when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 69458093d..115ccf353 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-discord-registration.yaml"] + }} when: matrix_mx_puppet_discord_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index db28f324c..9bada5d87 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-groupme-registration.yaml"] + }} when: matrix_mx_puppet_groupme_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index d16e6be0f..ae6302b30 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-instagram-registration.yaml"] + }} when: matrix_mx_puppet_instagram_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index d28f6ca1a..699ad6f69 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-skype-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-skype-registration.yaml"] + }} when: matrix_mx_puppet_skype_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 66d51784e..ed6753a2f 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-slack-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-slack-registration.yaml"] + }} when: matrix_mx_puppet_slack_enabled|bool - block: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index efca41103..9a171af79 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -13,12 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-steam-registration.yaml"] + }} when: matrix_mx_puppet_steam_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 757f1f414..d774de159 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -13,14 +13,18 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-mx-puppet-twitter-registration.yaml"] + }} when: matrix_mx_puppet_twitter_enabled|bool - block: diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index b8af8e604..9ee96b3eb 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -15,12 +15,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + }} matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-sms-bridge-registration.yaml"] }} + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-sms-bridge-registration.yaml"] + }} when: matrix_sms_bridge_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 90411a34b..cdcdd0828 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -27,11 +27,15 @@ }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index 374c9e55d..b483f688a 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -4,7 +4,9 @@ matrix_synapse_password_providers_enabled: true matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] + }} when: matrix_synapse_ext_password_provider_ldap_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index ec298ccd2..1d224bc92 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -34,19 +34,23 @@ - set_fact: matrix_synapse_spam_checker: > - {{ matrix_synapse_spam_checker }} - + - [{ - "module": "mjolnir.AntiSpam", - "config": { - "block_invites": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }}, - "block_messages": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }}, - "block_usernames": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }}, - "ban_lists": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }} - } - }] + {{ + matrix_synapse_spam_checker + + + [{ + "module": "mjolnir.AntiSpam", + "config": { + "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites, + "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages, + "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames, + "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists, + } + }] + }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] + }} diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 13a64c58c..22ad318de 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -22,11 +22,15 @@ matrix_synapse_password_providers_enabled: true matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'rest_auth_provider', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index 843f03703..091b0eb2f 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -37,11 +37,15 @@ }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] + }} matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} + {{ + matrix_synapse_additional_loggers + + + [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] + }} diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 740d9474c..579a707c6 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -39,16 +39,20 @@ - set_fact: matrix_synapse_modules: > - {{ matrix_synapse_modules }} - + - [{ - "module": "synapse_simple_antispam.AntiSpamInvites", - "config": { - "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }} - } - }] + {{ + matrix_synapse_modules + + + [{ + "module": "synapse_simple_antispam.AntiSpamInvites", + "config": { + "blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers + } + }] + }} matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] + }} From a906fad12ebfb24cdea35da404ca9f4465f29081 Mon Sep 17 00:00:00 2001 From: Vicx Date: Fri, 20 May 2022 19:09:16 +0200 Subject: [PATCH 080/381] Fix synapse LDAP simple bind config When using LDAP simple bind, the `bind_dn` and `bind_password` configuration values must not be present. --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 37cad10fe..266c3243f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2521,8 +2521,10 @@ password_providers: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }} name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }} +{% if matrix_synapse_ext_password_provider_ldap_bind_dn %} bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }} bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }} +{% endif %} filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }} {% endif %} {% endif %} From 0c741e8d166bcc73792cbb44810be59e7031c330 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 19:58:22 +0200 Subject: [PATCH 081/381] Set version to v1.1.5 --- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 40538478e..99e6e3a95 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: latest +matrix_bot_matrix_registration_bot_version: v1.1.5 matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" From 275943c0f8cee716ca70b53e35da451dca2e4df7 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:03:59 +0200 Subject: [PATCH 082/381] Updated: mjolnir v1.4.2 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 0093576cc..dd2483794 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.4.1" +matrix_bot_mjolnir_version: "v1.4.2" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 751a8f8a5d9532447f6d92b9681ac6d062fcb7f2 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:16:04 +0200 Subject: [PATCH 083/381] Updated: mautrix-googlechat to v0.3.2 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index e334e8d6b..bdedef07c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: v0.3.1 +matrix_mautrix_googlechat_version: v0.3.2 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From d804e97ff6bcc682ba91af64599680fcab3f2543 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:19:58 +0200 Subject: [PATCH 084/381] Updated: mautrix-twitter to v0.1.4 --- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 3dd4667cf..b2e292ffc 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_twitter_enabled: true matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" -matrix_mautrix_twitter_version: v0.1.3 +matrix_mautrix_twitter_version: v0.1.4 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}" From e779ec45f4e9d52b66e21c188e79922ba176df89 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:24:38 +0200 Subject: [PATCH 085/381] Updated: hydrogen-web to v0.2.29 --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 905e50863..27b6c0d0b 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-skype +# See: https://github.com/Sorunome/mx-puppet-instagram matrix_mx_puppet_skype_enabled: true From 8a65e3a0db33f08e989f010eac924125c843ebd4 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:24:56 +0200 Subject: [PATCH 086/381] Updated: hydrogen to v0.2.29 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 4b91eb2bc..88d52ba5c 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.26 +matrix_client_hydrogen_version: v0.2.29 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From 2c312435c63b129cba07982bf512f0529ab32633 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:25:41 +0200 Subject: [PATCH 087/381] Reverted URL change --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 27b6c0d0b..905e50863 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-instagram +# See: https://github.com/Sorunome/mx-puppet-skype matrix_mx_puppet_skype_enabled: true From 554615d72712ec61536b9915b2f214fb1b082318 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:28:01 +0200 Subject: [PATCH 088/381] Updated: ddclient to v3.9.1-ls89 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 5d733eb3d..95a1188b4 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls79 +matrix_dynamic_dns_version: v3.9.1-ls89 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 64850531baf73b73809597856aea6c2ddfa212e5 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:30:06 +0200 Subject: [PATCH 089/381] Updated: etherpad to 1.8.18 --- roles/matrix-etherpad/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 0daf24a35..8a0248606 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -4,7 +4,7 @@ matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" -matrix_etherpad_version: 1.8.16 +matrix_etherpad_version: 1.8.18 matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}" matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}" From 9c24167b8de0286ac28a6cdc032d8df2cd48db88 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Fri, 20 May 2022 20:32:19 +0200 Subject: [PATCH 090/381] Updated: grafana to 8.5.3 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index ee184e1d4..991cb19d6 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.1 +matrix_grafana_version: 8.5.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 271a8d0a738c621d0748a854eb1a28834fefb2b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 21 May 2022 10:20:56 +0300 Subject: [PATCH 091/381] Upgrade certbot (v1.23.0 -> v1.27.0) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index dfbac32e7..64e2e06bf 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From 3b40d8b0a09036af58fce0a39c7df5c1ec23acb6 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Sat, 21 May 2022 10:24:27 -0500 Subject: [PATCH 092/381] Update Matrix-Registration-Bot main.yml Line 10, which sets the tag to which docker version to pull was reverted from `v1.1.15` to latest. This gets the playbook working again --- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 99e6e3a95..40538478e 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -7,7 +7,7 @@ matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: v1.1.5 +matrix_bot_matrix_registration_bot_version: latest matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" From f448cca73254c7a94920ece4c766f1d53116a9d9 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 May 2022 11:26:01 +0000 Subject: [PATCH 093/381] Update coturn 4.5.2-r11 -> 4.5.2-r12 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 46492e21d..bf3564cd0 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r11 +matrix_coturn_version: 4.5.2-r12 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From e37bcd1dafb2f07316022161b331e69ec9ef163c Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 May 2022 14:14:41 +0000 Subject: [PATCH 094/381] Updated Element 1.10.12 -> 1.10.13 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 7abaf50ca..b0625dba8 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.12 +matrix_client_element_version: v1.10.13 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From f60eb7232948c1d222de7c27c9ec33418a653bd4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 25 May 2022 09:00:32 +0000 Subject: [PATCH 095/381] Updated signal daemon 0.18.1 -> 0.18.5 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ce89a381b..ad0752e34 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.1 +matrix_mautrix_signal_daemon_version: 0.18.5 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 883317ac2fdb74cf3bb250fa71e2b2a2684692a3 Mon Sep 17 00:00:00 2001 From: shukon Date: Wed, 25 May 2022 17:29:43 +0200 Subject: [PATCH 096/381] Update configuring-playbook-bridge-hookshot.md --- docs/configuring-playbook-bridge-hookshot.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index ea7d80c05..f47f24c0e 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -4,13 +4,13 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. -See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. +See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you. Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions -Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do. +Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). From 2e527338d3fe1952a6295bb1ecf5fb4d22f25ea0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 29 May 2022 08:23:17 +0000 Subject: [PATCH 097/381] Update Cinny 2.0.3 -> 2.0.4 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 5b0991cd6..891058009 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.3 +matrix_client_cinny_version: v2.0.4 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From fd3a9b2fbb9eaabff3300e73c4dcc1f9234978ef Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 May 2022 09:20:49 +0000 Subject: [PATCH 098/381] Update Honoroit 0.9.7 -> 0.9.8 * add `NOENCRYPTION` option * fix race condition on thread start * fix greetings messages * updated deps --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 9e7cf2b5c..709cd472b 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.7 +matrix_bot_honoroit_version: v0.9.8 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From 78204619ea8a68615448f91e81e7932deea823da Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 16:28:33 +0300 Subject: [PATCH 099/381] Stop using deprecated (in Synapse v1.59) user_dir and appservice workers Source: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types As an alternative, we should probably find a way to run one or a few more generic workers (which will handle appservice and user_dir stuff) and update `homeserver.yaml` so that it would point to the name of these workers using `notify_appservices_from_worker` and `update_user_directory_from_worker` options. For now, this solves the deprecation, so we can have a peace of mind going forward. We're force-setting these worker counts to 0, so that we can clean up existing homeservers which use these worker types. In the future, these options will either be removed or repurposed (so that they transparently create more generic workers that handle user_dir/appservice loads). --- roles/matrix-synapse/defaults/main.yml | 13 ++++-- .../matrix-synapse/tasks/validate_config.yml | 13 +++++- .../templates/synapse/homeserver.yaml.j2 | 6 --- roles/matrix-synapse/vars/workers.yml | 42 ++++++++++++++++++- 4 files changed, 63 insertions(+), 11 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 23dfebf75..67c28b499 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -358,10 +358,13 @@ matrix_synapse_workers_presets: one-of-each: generic_workers_count: 1 pusher_workers_count: 1 - appservice_workers_count: 1 + # appservice workers are deprecated since Synapse v1.59. This will be removed. + appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 1 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. + # user_dir workers are deprecated since Synapse v1.59. This will be removed. + # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types user_dir_workers_count: 0 frontend_proxy_workers_count: 1 @@ -383,7 +386,9 @@ matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. -matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" +# appservice workers are deprecated since Synapse v1.59. This will be removed. +# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types +matrix_synapse_workers_appservice_workers_count: 0 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 # matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now. @@ -397,7 +402,9 @@ matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. -matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" +# user_dir workers are deprecated since Synapse v1.59. This will be removed. +# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types +matrix_synapse_workers_user_dir_workers_count: 0 matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 89107c0a6..bb8a2bcd0 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -12,13 +12,24 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" +- name: Fail if asking to configure deprecaed workers (appservice, userdir) + fail: + msg: >- + `{{ item }}` cannot be more than 0. + This type of worker has been deprecated since Synapse v1.59. + Please remove your `{{ item }}` configuration to solve this problem. + See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types + when: "vars[item]|int != 0" + with_items: + - "matrix_synapse_workers_appservice_workers_count" + - "matrix_synapse_workers_user_dir_workers_count" + - name: Fail if asking for more than 1 instance of single-instance workers fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item]|int > 1" with_items: - - "matrix_synapse_workers_appservice_workers_count" - "matrix_synapse_workers_pusher_workers_count" - "matrix_synapse_workers_federation_sender_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8ab985275..cce713300 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -352,9 +352,6 @@ worker_app: synapse.app.homeserver # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ # reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'appservice')|list %} -notify_appservices: false -{% endif %} {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'federation_sender')|list %} send_federation: false {% endif %} @@ -364,9 +361,6 @@ enable_media_repo: false {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'pusher')|list %} start_pushers: false {% endif %} -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'user_dir')|list %} -update_user_directory: false -{% endif %} daemonize: false {% endif %} diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 33bf585b3..91b289c7b 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -279,7 +279,7 @@ matrix_synapse_workers_generic_worker_endpoints: # run_background_tasks_on: background_worker # ``` - # You might also wish to investigate the `update_user_directory` and + # You might also wish to investigate the `update_user_directory_from_worker` and # `media_instance_running_background_jobs` settings. # An example for a dedicated background worker instance: @@ -288,6 +288,40 @@ matrix_synapse_workers_generic_worker_endpoints: # {{#include systemd-with-workers/workers/background_worker.yaml}} # ``` + # #### Updating the User Directory + + # You can designate one generic worker to update the user directory. + + # Specify its name in the shared configuration as follows: + + # ```yaml + # update_user_directory_from_worker: worker_name + # ``` + + # This work cannot be load-balanced; please ensure the main process is restarted + # after setting this option in the shared configuration! + + # This style of configuration supersedes the legacy `synapse.app.user_dir` + # worker application type. + + + # #### Notifying Application Services + + # You can designate one generic worker to send output traffic to Application Services. + + # Specify its name in the shared configuration as follows: + + # ```yaml + # notify_appservices_from_worker: worker_name + # ``` + + # This work cannot be load-balanced; please ensure the main process is restarted + # after setting this option in the shared configuration! + + # This style of configuration supersedes the legacy `synapse.app.appservice` + # worker application type. + + # pusher worker (no API endpoints) [ # Handles sending push notifications to sygnal and email. Doesn't handle any # REST endpoints itself, but you should set `start_pushers: False` in the @@ -305,6 +339,9 @@ matrix_synapse_workers_generic_worker_endpoints: # ] # appservice worker (no API endpoints) [ + # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the + # `notify_appservices_from_worker` option instead.](#notifying-application-services) + # Handles sending output traffic to Application Services. Doesn't handle any # REST endpoints itself, but you should set `notify_appservices: False` in the # shared configuration file to stop the main synapse sending appservice notifications. @@ -371,6 +408,9 @@ matrix_synapse_workers_media_repository_endpoints: # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately). matrix_synapse_workers_user_dir_endpoints: + # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the + # `update_user_directory_from_worker` option instead.](#updating-the-user-directory) + # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: From 246c43be1ea4e353eeaa3f97b45c0f265b4d6491 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 17:24:38 +0300 Subject: [PATCH 100/381] Upgrade Synapse (v1.59.1 -> v1.60.0) --- CHANGELOG.md | 35 ++++++++++++++++++++++++++ roles/matrix-synapse/defaults/main.yml | 6 +++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03ce5c7b5..4a56f6fc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +# 2022-05-31 + +## Synapse v1.60 upgrade may cause trouble and require manual intervention + +Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted. + +We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky. + +**If Synapse fails to start** after your next playbook run, you'll need to: + +- SSH into the Matrix server +- launch `/usr/local/bin/matrix-postgres-cli` +- switch to the `synapse` database: `\c synapse` +- run the following SQL query: + +```sql +BEGIN; +DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN ( + SELECT row_id, state_group, prev_state_group + FROM ( + SELECT + ctid AS row_id, + MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id, + state_group, + prev_state_group + FROM state_group_edges + ) AS t1 + WHERE row_id <> min_row_id +); +COMMIT; +``` + +You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` + + # 2022-04-25 ## buscarron bot support diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 67c28b499..a39235aeb 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.59.1 +matrix_synapse_version: v1.60.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -559,7 +559,9 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py" +# Using a fork for this until this gets merged to make it compatible with Synapse v1.60: https://github.com/digitalentity/matrix_encryption_disabler/pull/9 +# See: https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#new-signature-for-the-spam-checker-callback-check_event_for_spam +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/spantaleev/matrix_encryption_disabler/60b0e211281954f70f8202636cea8d6e27b83148/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 2c1da0ac2a3b2b72773b247a4272d45ab95607c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 May 2022 17:35:22 +0300 Subject: [PATCH 101/381] Switch matrix_encryption_disabler back to upstream repository Now that https://github.com/digitalentity/matrix_encryption_disabler/pull/9 has been merged, we can get the module from there. Continuation of 246c43be1ea4e3 --- roles/matrix-synapse/defaults/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a39235aeb..d0debe85f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -559,9 +559,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_enabled: false -# Using a fork for this until this gets merged to make it compatible with Synapse v1.60: https://github.com/digitalentity/matrix_encryption_disabler/pull/9 -# See: https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#new-signature-for-the-spam-checker-callback-check_event_for_spam -matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/spantaleev/matrix_encryption_disabler/60b0e211281954f70f8202636cea8d6e27b83148/matrix_e2ee_filter.py" +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/cdc37a07441acb7c2a3288bcb29b376658d5e766/matrix_e2ee_filter.py" # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] From 25fd7f0cff116c60e25692174531a1d316358afb Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 31 May 2022 20:32:10 +0300 Subject: [PATCH 102/381] update Honoroit 0.9.8 -> 0.9.9 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 709cd472b..292de0bf4 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.8 +matrix_bot_honoroit_version: v0.9.9 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Disable encryption +matrix_bot_honoroit_noencryption: false + # Max items in cache matrix_bot_honoroit_cachesize: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 7f1eef5b8..de8b9d848 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -8,6 +8,7 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} +HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} From 8ea7cd73cf12428acd80f4e575c6020050ed8930 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Jun 2022 09:36:48 +0300 Subject: [PATCH 103/381] Fix self-building for matrix-registration Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 Related to https://github.com/zeratax/matrix-registration/issues/93 This is a poor way to do things though. It may break again in the future. matrix-registration is a poorly maintained project and should likely be removed from the playbook. --- docs/configuring-playbook-matrix-registration.md | 2 ++ roles/matrix-registration/defaults/main.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/docs/configuring-playbook-matrix-registration.md b/docs/configuring-playbook-matrix-registration.md index b0240d3f9..2b4b07ff2 100644 --- a/docs/configuring-playbook-matrix-registration.md +++ b/docs/configuring-playbook-matrix-registration.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you. +**WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it. + > matrix-registration is a simple python application to have a token based matrix registration. Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account. diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index d924551a1..a5db3022d 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -7,6 +7,10 @@ matrix_registration_enabled: true matrix_registration_container_image_self_build: false matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration" matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}" +# Controls whether we'll be patching the dependencies in `setup.py` when self-building. +# Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`). +# This is an attempt to get matrix-registration in its current (outdated) version to build. +matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration" matrix_registration_config_path: "{{ matrix_registration_base_path }}/config" diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 6ff2de302..36cd0fd4a 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -68,6 +68,14 @@ register: matrix_registration_git_pull_results when: "matrix_registration_container_image_self_build|bool" +# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 +- name: Patch setup.py to allow self-built version to work + lineinfile: + path: "{{ matrix_registration_docker_src_files_path }}/setup.py" + regexp: 'flask-limiter' + line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",' + when: "matrix_registration_container_image_self_build|bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled|bool" + - name: Ensure matrix-registration Docker image is built docker_image: name: "{{ matrix_registration_docker_image }}" From c05e78fc9a6cf2db54575c831d831b25ff367e1b Mon Sep 17 00:00:00 2001 From: roughnecks Date: Thu, 2 Jun 2022 16:52:15 +0200 Subject: [PATCH 104/381] Fix string null in status_endpoint --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index c8318f961..fbd41be73 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -10,7 +10,7 @@ homeserver: # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. - status_endpoint: "null" + status_endpoint: null appservice: # The address that the homeserver can use to connect to this appservice. From fc38f4a6a90541f8d610ce1b2d3444266e0a50df Mon Sep 17 00:00:00 2001 From: Ruben Hias Date: Mon, 6 Jun 2022 11:27:10 +0200 Subject: [PATCH 105/381] Updated mautrix-googlechat to v0.3.3 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index bdedef07c..dd5b83689 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: v0.3.2 +matrix_mautrix_googlechat_version: v0.3.3 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From 4a72c90a6b1286f9e2206c7b07b0338cc61f4f14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 7 Jun 2022 14:34:02 +0300 Subject: [PATCH 106/381] Upgrade Element (v1.10.13 -> v1.10.14) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index b0625dba8..86b0ee6ad 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.13 +matrix_client_element_version: v1.10.14 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 12b28a47494f4b3b09dc625f5581ea05cdb66e8a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:13:53 +0300 Subject: [PATCH 107/381] Upgrade Hookshot (1.7.0 -> 1.7.2) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index ecc997708..cdfde23dc 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.0 +matrix_hookshot_version: 1.7.2 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 959a6ac0b1a7aedf97d775788d2e9feabebd1f9c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:42:04 +0300 Subject: [PATCH 108/381] Upgrade devture/ansible version and documen nsenter usage Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1772 --- docs/ansible.md | 51 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 50cf83ed3..5802e8cb1 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting ## Using Ansible via Docker -Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). +Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). -Here's a sample command to get you started (run this from the playbook's directory): +This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook. + +There are 2 ways to go about it: + +- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) +- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server) + + +### Running Ansible in a container on the Matrix server itself + +To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. +Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it: + +- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker +- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around + +Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md). + +You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH. +Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...` + +Run this from the playbook's directory: + +```bash +docker run -it --rm \ +--privileged \ +--pid=host \ +-w /work \ +-v `pwd`:/work \ +--entrypoint=/bin/sh \ +docker.io/devture/ansible:2.13.0-r0 +``` + +Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. +The `/work` directory contains the playbook's code. + +You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. + + +### Running Ansible in a container on another computer (not the Matrix server) + +Run this from the playbook's directory: ```bash docker run -it --rm \ @@ -51,7 +92,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.11.6-r1 +docker.io/devture/ansible:2.13.0-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook` commands as per normal now. +You can execute `ansible-playbook ...` commands as per normal now. -### If you don't use SSH keys for authentication +#### If you don't use SSH keys for authentication If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`). To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run: From c05f47666f3544a5410d3e5e1c9882755700ebdb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:47:04 +0300 Subject: [PATCH 109/381] Announce the ability to run Ansible in a container on the Matrix server Continuation of 959a6ac0b1a7a --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a56f6fc8..6f9fe2aaa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# 2022-06-09 + +## Running Ansible in a container can now happen on the Matrix server itself + +If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself). + + # 2022-05-31 ## Synapse v1.60 upgrade may cause trouble and require manual intervention From 8cc39c5eb5b6d238496d100886c9085d2c8edc15 Mon Sep 17 00:00:00 2001 From: Kai Biebel <38378574+seclution@users.noreply.github.com> Date: Thu, 9 Jun 2022 14:09:47 +0200 Subject: [PATCH 110/381] update PIP install-link --- docs/ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ansible.md b/docs/ansible.md index 5802e8cb1..bd1fe9273 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff - by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website. -- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`). +- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`). If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path. From 99c24ef0e84c9a773a2377a94f06969a6c5c5144 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 20:52:46 +0300 Subject: [PATCH 111/381] Upgrade Hookshot (1.7.2 -> 1.7.3) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index cdfde23dc..3a2d5bc94 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.2 +matrix_hookshot_version: 1.7.3 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 39914881a7cd997d6c01578a33ee99e073479d57 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 07:55:44 +0200 Subject: [PATCH 112/381] whatsapp bridge: disable logging to external files The same logs still go to the systemd journal. --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index fbd41be73..cfecc2cf0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -211,7 +211,8 @@ logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. - file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" + # empy/null = journal logging only + file_name_format: # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" # Log file permissions. From 6b94ccbcff3b133688c5d461781e3f7634f90742 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 08:05:11 +0200 Subject: [PATCH 113/381] whatsapp bridge: add matrix_mautrix_whatsapp_log_level Fixes #1873 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e7b5e6f6d..4ffca69fe 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -128,3 +128,7 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_whatsapp_log_level: 'debug' diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index cfecc2cf0..d73718eaa 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -221,4 +221,4 @@ logging: timestamp_format: "Jan _2, 2006 15:04:05" # Minimum severity for log messages. # Options: debug, info, warn, error, fatal - print_level: debug + print_level: {{ matrix_mautrix_whatsapp_log_level }} From cebbe0beecd0e225c5bf2df62df2dd243c34d80e Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sat, 11 Jun 2022 08:11:28 +0200 Subject: [PATCH 114/381] whatsapp bridge: set the default log level to warning Debug logs are inappropriate for production use. --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 4ffca69fe..5be700516 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -131,4 +131,4 @@ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_ # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal -matrix_mautrix_whatsapp_log_level: 'debug' +matrix_mautrix_whatsapp_log_level: 'warn' From a3d19ad31815e97fa7027408093cf03fe2434bed Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Sun, 12 Jun 2022 21:29:43 +0000 Subject: [PATCH 115/381] Add Go Skype Bridge Based on mautrix-whatsapp, as that's what the bridge software is based on. --- ...iguring-playbook-bridge-go-skype-bridge.md | 23 ++ docs/configuring-playbook.md | 2 + group_vars/matrix_servers | 44 ++++ .../defaults/main.yml | 132 ++++++++++ .../tasks/init.yml | 21 ++ .../tasks/main.yml | 23 ++ .../tasks/setup_install.yml | 147 +++++++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 10 + .../templates/config.yaml.j2 | 238 ++++++++++++++++++ .../systemd/matrix-go-skype-bridge.service.j2 | 43 ++++ setup.yml | 1 + 12 files changed, 709 insertions(+) create mode 100644 docs/configuring-playbook-bridge-go-skype-bridge.md create mode 100644 roles/matrix-bridge-go-skype-bridge/defaults/main.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/init.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/main.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 diff --git a/docs/configuring-playbook-bridge-go-skype-bridge.md b/docs/configuring-playbook-bridge-go-skype-bridge.md new file mode 100644 index 000000000..1eec9e723 --- /dev/null +++ b/docs/configuring-playbook-bridge-go-skype-bridge.md @@ -0,0 +1,23 @@ +# Setting up Go Skype Bridge (optional) + +The playbook can install and configure +[go-skype-bridge](https://github.com/Sorunome/go-skype-bridge) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Skype](https://www.skype.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_go_skype_bridge_enabled: true +``` + + +## Usage + +Once the bot is enabled, you need to start a chat with `Skype Puppet Bridge` +with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Send `help` to the bot to see the commands available. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 16a7aeeb6..774e54d12 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -134,6 +134,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional) +- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8788ba10c..f727da55f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -252,6 +252,44 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge # ###################################################################### +###################################################################### +# +# matrix-bridge-go-skype-bridge +# +###################################################################### + +# We don't enable bridges by default. +matrix_go_skype_bridge_enabled: false + +matrix_go_skype_bridge_container_image_self_build: true + +matrix_go_skype_bridge_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}" + +matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}" + +matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-go-skype-bridge +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -1770,6 +1808,12 @@ matrix_postgres_additional_databases: | 'password': matrix_beeper_linkedin_database_password, }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_go_skype_bridge_database_name, + 'username': matrix_go_skype_bridge_database_username, + 'password': matrix_go_skype_bridge_database_password, + }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml new file mode 100644 index 000000000..95213a00d --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -0,0 +1,132 @@ +--- +# Go Skype Bridge is a Matrix <-> Skype bridge +# See: https://github.com/kelaresg/go-skype-bridge + +matrix_go_skype_bridge_enabled: true + +matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" +matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" + +matrix_go_skype_bridge_version: latest +matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" +matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" +matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" + +matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge" +matrix_go_skype_bridge_config_path: "{{ matrix_go_skype_bridge_base_path }}/config" +matrix_go_skype_bridge_data_path: "{{ matrix_go_skype_bridge_base_path }}/data" +matrix_go_skype_bridge_docker_src_files_path: "{{ matrix_go_skype_bridge_base_path }}/docker-src" + +matrix_go_skype_bridge_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_go_skype_bridge_homeserver_domain: "{{ matrix_domain }}" +matrix_go_skype_bridge_appservice_address: 'http://matrix-go-skype-bridge:8080' + +# A list of extra arguments to pass to the container +matrix_go_skype_bridge_container_extra_arguments: [] + +# List of systemd services that matrix-go-skype-bridge.service depends on. +matrix_go_skype_bridge_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-go-skype-bridge.service wants +matrix_go_skype_bridge_systemd_wanted_services_list: [] + +matrix_go_skype_bridge_appservice_token: '' +matrix_go_skype_bridge_homeserver_token: '' + +matrix_go_skype_bridge_appservice_bot_username: skypebridgebot + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_go_skype_bridge_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_go_skype_bridge_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_go_skype_bridge_database_*` variables +matrix_go_skype_bridge_database_engine: 'sqlite' + +matrix_go_skype_bridge_sqlite_database_path_local: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" +matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge.db" + +matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge' +matrix_go_skype_bridge_database_password: 'some-password' +matrix_go_skype_bridge_database_hostname: 'matrix-postgres' +matrix_go_skype_bridge_database_port: 5432 +matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' + +matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable' + +matrix_go_skype_bridge_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_go_skype_bridge_database_engine] +}}" + +matrix_go_skype_bridge_appservice_database_uri: "{{ + { + 'sqlite': matrix_go_skype_bridge_sqlite_database_path_in_container, + 'postgres': matrix_go_skype_bridge_database_connection_string, + }[matrix_go_skype_bridge_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_go_skype_bridge_login_shared_secret: '' +matrix_go_skype_bridge_bridge_login_shared_secret_map: + "{{ {matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_login_shared_secret} if matrix_go_skype_bridge_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_go_skype_bridge_bridge_double_puppet_server_map: + "{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}" + +# Default go-skype-bridge configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_go_skype_bridge_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_go_skype_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_go_skype_bridge_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_go_skype_bridge_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_go_skype_bridge_configuration_yaml`. + +matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml|from_yaml if matrix_go_skype_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`. +matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml|from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" + +matrix_go_skype_bridge_registration_yaml: | + id: skype + url: {{ matrix_go_skype_bridge_appservice_address }} + as_token: "{{ matrix_go_skype_bridge_appservice_token }}" + hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_go_skype_bridge_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml|from_yaml }}" + +# Enable End-to-bridge encryption +matrix_go_skype_bridge_bridge_encryption_allow: false +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_go_skype_bridge_log_level: 'warn' diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml new file mode 100644 index 000000000..452d835b7 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}" + when: matrix_go_skype_bridge_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments|default([]) + + + ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files|default([]) + + + ["/matrix-go-skype-bridge-registration.yaml"] + }} + when: matrix_go_skype_bridge_enabled|bool diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml new file mode 100644 index 000000000..456ea53cd --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_go_skype_bridge_enabled|bool" + tags: + - setup-all + - setup-go-skype-bridge diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml new file mode 100644 index 000000000..c884625ba --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -0,0 +1,147 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_go_skype_bridge_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" + register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" + dst: "{{ matrix_go_skype_bridge_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_go_skype_bridge_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-go-skype-bridge.service'] + pgloader_options: ['--with "quote identifiers"'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_go_skype_bridge_requires_restart: true + when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_go_skype_bridge_database_engine == 'postgres'" + + +- name: Ensure Go Skype Bridge paths exists + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_go_skype_bridge_base_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_data_path }}", when: true} + - {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"} + when: item.when|bool + +- name: Ensure Go Skype Bridge image is pulled + docker_image: + name: "{{ matrix_go_skype_bridge_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}" + when: not matrix_go_skype_bridge_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure Go Skype Bridge repository is present on self-build + git: + repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}" + dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}" + version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_go_skype_bridge_git_pull_results + when: "matrix_go_skype_bridge_container_image_self_build|bool" + +- name: Ensure Go Skype Bridge Docker image is built + docker_image: + name: "{{ matrix_go_skype_bridge_docker_image }}" + source: build + force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_go_skype_bridge_docker_src_files_path }}" + pull: true + when: "matrix_go_skype_bridge_container_image_self_build|bool" + +- name: Check if an old database file exists + stat: + path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db" + register: matrix_go_skype_bridge_stat_database + +- name: Check if an old matrix state file exists + stat: + path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json" + register: matrix_go_skype_bridge_stat_mx_state + +- name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped + service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true + failed_when: false + when: "matrix_go_skype_bridge_stat_database.stat.exists" + +- name: (Data relocation) Move go-skype-bridge database file to ./data directory + command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" + when: "matrix_go_skype_bridge_stat_database.stat.exists" + +- name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory + command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json" + when: "matrix_go_skype_bridge_stat_mx_state.stat.exists" + +- name: Ensure go-skype-bridge config.yaml installed + copy: + content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure go-skype-bridge registration.yaml installed + copy: + content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-go-skype-bridge.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service" + mode: 0644 + register: matrix_go_skype_bridge_systemd_service_result + +- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation + service: + daemon_reload: true + when: "matrix_go_skype_bridge_systemd_service_result.changed" + +- name: Ensure matrix-go-skype-bridge.service restarted, if necessary + service: + name: "matrix-go-skype-bridge.service" + state: restarted + when: "matrix_go_skype_bridge_requires_restart|bool" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml new file mode 100644 index 000000000..19acff857 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-go-skype-bridge service + stat: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + register: matrix_go_skype_bridge_service_stat + +- name: Ensure matrix-go-skype-bridge is stopped + service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true + when: "matrix_go_skype_bridge_service_stat.stat.exists" + +- name: Ensure matrix-go-skype-bridge.service doesn't exist + file: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + state: absent + when: "matrix_go_skype_bridge_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal + service: + daemon_reload: true + when: "matrix_go_skype_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml new file mode 100644 index 000000000..7e9f3dafb --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_go_skype_bridge_appservice_token" + - "matrix_go_skype_bridge_homeserver_token" diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 new file mode 100644 index 000000000..fb50b0dd4 --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -0,0 +1,238 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_go_skype_bridge_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_go_skype_bridge_homeserver_domain }} + # If you don’t know what this is, no need to modify(for parse "mention user/reply message, etc") + server_name: matrix.to + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_go_skype_bridge_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_go_skype_bridge_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + uri: {{ matrix_go_skype_bridge_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision/v1 + # Shared secret for authentication. If set to "disable", the provisioning API will be disabled. + shared_secret: disable + + # The unique ID of this appservice. + id: skype + # Appservice bot details. + bot: + # Username of the appservice bot. + username: skypebridgebot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Skype bridge bot + avatar: mxc://matrix.org/kGQUDQyPiwbRXPFkjoBrPyhC + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_go_skype_bridge_appservice_token }}" + hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Skype users. + # {{ '{{.}}' }} is replaced with the phone number of the Skype user. + username_template: {{ 'skype-{{.}}' }} + # Displayname template for Skype users. + # {{ '{{.Notify}}' }} - nickname set by the Skype user + # {{ '{{.Jid}}' }} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{ '{{.Name}}' }} - display name from contact list + # {{ '{{.Short}}' }} - short display name from contact list + # To use multiple if's, you need to use: {{ '{{else if .Name}}' }}, for example: + # "{{ '{{if .Notify}}' }}{{ '{{.Notify}}' }}{{ '{{else if .Name}}' }}{{ '{{.Name}}' }}{{ '{{else}}' }}{{ '{{.Jid}}' }}{{ '{{end}}' }} (WA)" + displayname_template: "{{ '{{if .DisplayName}}' }}{{ '{{.DisplayName}}' }}{{ '{{else}}' }}{{ '{{.PersonId}}' }}{{ '{{end}}' }} (Skype)" + # Localpart template for per-user room grouping community IDs. + # On startup, the bridge will try to create these communities, add all of the specific user's + # portals to the community, and invite the Matrix user to it. + # (Note that, by default, non-admins might not have your homeserver's permission to create + # communities.) + # {{ '{{.Localpart}}' }} is the MXID localpart and {{ '{{.Server}}' }} is the MXID server part of the user. + community_template: skype-{{ '{{.Localpart}}' }}={{ '{{.Server}}' }} + + # Skype connection timeout in seconds. + connection_timeout: 20 + # If Skype doesn't respond within connection_timeout, should the bridge try to fetch the message + # to see if it was actually bridged? Use this if you have problems with sends timing out but actually + # succeeding. + fetch_message_on_timeout: false + # Whether or not the bridge should send a read receipt from the bridge bot when a message has been + # sent to Skype. If fetch_message_on_timeout is enabled, a successful post-timeout fetch will + # trigger a read receipt too. + delivery_receipts: false + # Number of times to regenerate QR code when logging in. + # The regenerated QR code is sent as an edit and essentially multiplies the login timeout (20 seconds) + login_qr_regen_count: 2 + # Maximum number of times to retry connecting on connection error. + max_connection_attempts: 3 + # Number of seconds to wait between connection attempts. + # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts + connection_retry_delay: -1 + # Whether or not the bridge should send a notice to the user's management room when it retries connecting. + # If false, it will only report when it stops retrying. + report_connection_retry: true + # Maximum number of seconds to wait for chats to be sent at startup. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + chat_list_wait: 30 + # Maximum number of seconds to wait to sync portals before force unlocking message processing. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + portal_sync_wait: 600 + + # Whether or not to send call start/end notices to Matrix. + call_notices: + start: true + end: true + + # Number of chats to sync for new users. + # Since some of the obtained conversations are not the conversations that the user needs to see, + # the actual number of conversations displayed on the matrix client will be slightly less than the set value + initial_chat_sync_count: 10 + # Number of old messages to fill when creating new portal rooms. + initial_history_fill_count: 20 + # Whether or not notifications should be turned off while filling initial history. + # Only applicable when using double puppeting. + initial_history_disable_notifications: false + # Maximum number of chats to sync when recovering from downtime. + # Set to -1 to sync all new chats during downtime. + recovery_chat_sync_limit: -1 + # Whether or not to sync history when recovering from downtime. + recovery_history_backfill: true + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # sync contact, Non-martix-standard parameter, defaults to false + sync_contact: false + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_go_skype_bridge_homeserver_domain }}": {{ matrix_go_skype_bridge_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_go_skype_bridge_bridge_login_shared_secret_map|to_json }} + + # Whether or not to invite own Skype user's Matrix puppet into private + # chat portals when backfilling if needed. + # This always uses the default puppet instead of custom puppets due to + # rate limits and timestamp massaging. + invite_own_puppet_for_backfilling: true + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This can be useful if the previous field works fine, + # but causes room avatar/name bugs. + private_chat_portal_meta: true + + # Whether or not thumbnails from Skype should be sent. + # They're disabled by default due to very low resolution. + Skype_thumbnail: false + + # Allow invite permission for user. User can invite any bots to room with Skype + # users (private chat and groups) + allow_user_invite: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!wa" + + # End-to-bridge encryption support options. This requires login_shared_secret to be configured + # in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_go_skype_bridge_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + # It is recommended to also set private_chat_portal_meta to true when using this. + default: {{ matrix_go_skype_bridge_bridge_encryption_default|to_json }} + + puppet_id: + # when set to true, the matrixid of the contact (puppet) from the bridge to the matrix will be encrypted into another string + allow: false + # 8 characters + key: '12dsf323' + # Use the username_template prefix. (Warning: At present, username_template cannot be too complicated, otherwise this function may cause unknown errors) + username_template_prefix: 'skype-' + + # Permissions for using the bridge. + # Permitted values: + # relaybot - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Skype account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_go_skype_bridge_homeserver_domain }}": user + + relaybot: + # Whether or not relaybot support is enabled. + enabled: false + # The management room for the bot. This is where all status notifications are posted and + # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting + # the command prefix completely like in user management rooms is not possible. + management: '!foo:example.com' + # List of users to invite to all created rooms that include the relaybot. + invites: [] + # The formats to use when sending messages to Skype via the relaybot. + message_formats: + m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.notice: "{{ '{{ .Sender.Displayname }}' }}:: {{ '{{ .Message }}' }}" + m.emote: "* {{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.file: "{{ '{{ .Sender.Displayname }}' }}: sent a file" + m.image: "{{ '{{ .Sender.Displayname }}' }}: sent an image" + m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" + m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" + m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" + +# Logging config. +logging: + # The directory for log files. Will be created if not found. + directory: ./logs + # Available variables: .Date for the file date and .Index for different log files on the same day. + # empy/null = journal logging only + file_name_format: + # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants + file_date_format: "2006-01-02" + # Log file permissions. + file_mode: 0600 + # Timestamp format for log entries in the Go time format. + timestamp_format: "Jan _2, 2006 15:04:05" + # Minimum severity for log messages. + # Options: debug, info, warn, error, fatal + print_level: {{ matrix_go_skype_bridge_log_level }} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 new file mode 100644 index 000000000..fe5ab2d6f --- /dev/null +++ b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Go Skype Bridge bridge +{% for service in matrix_go_skype_bridge_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_go_skype_bridge_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_go_skype_bridge_config_path }}:/config:z \ + -v {{ matrix_go_skype_bridge_data_path }}:/data:z \ + --workdir=/data \ + {% for arg in matrix_go_skype_bridge_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_go_skype_bridge_docker_image }} \ + /usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-go-skype-bridge + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index ce36d1cec..5ea7e5a7e 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc - matrix-bridge-beeper-linkedin + - matrix-bridge-go-skype-bridge - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-twitter - matrix-bridge-mautrix-hangouts From 5e9e8f9e29e2d3afc567a73ea933ad71c5094444 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 13 Jun 2022 08:02:31 +0300 Subject: [PATCH 116/381] Announce go-skype-bridge support --- CHANGELOG.md | 11 +++++++++++ docs/configuring-playbook-bridge-mx-puppet-skype.md | 2 ++ docs/configuring-playbook.md | 2 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f9fe2aaa..0e90accaf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2022-06-13 + +## go-skype-bridge bridging support + +Thanks to [CyberShadow](https://github.com/CyberShadow), the playbook can now install the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) bridge for bridging Matrix to [Skype](https://www.skype.com/). + +See our [Setting up Go Skype Bridge](docs/configuring-playbook-bridge-go-skype-bridge.md) documentation to get started. + +The playbook has supported [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridging (see [Setting up MX Puppet Skype bridging](docs/configuring-playbook-bridge-mx-puppet-skype.md)) since [2020-04-09](#2020-04-09), but `mx-puppet-skype` is reportedly broken. + + # 2022-06-09 ## Running Ansible in a container can now happen on the Matrix server itself diff --git a/docs/configuring-playbook-bridge-mx-puppet-skype.md b/docs/configuring-playbook-bridge-mx-puppet-skype.md index cca5e3059..ff4e636ee 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-skype.md +++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md @@ -1,5 +1,7 @@ # Setting up MX Puppet Skype (optional) +**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this. + The playbook can install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 774e54d12..3bfb01bdc 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) +- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) From d6a38810924b3f92a23fe75d2cb3381d37bbcc50 Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Mon, 13 Jun 2022 06:40:15 +0000 Subject: [PATCH 117/381] docs/configuring-playbook-bridge-go-skype-bridge: Fixups Fixup for #1877. --- docs/configuring-playbook-bridge-go-skype-bridge.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-go-skype-bridge.md b/docs/configuring-playbook-bridge-go-skype-bridge.md index 1eec9e723..a7a4fbc80 100644 --- a/docs/configuring-playbook-bridge-go-skype-bridge.md +++ b/docs/configuring-playbook-bridge-go-skype-bridge.md @@ -1,7 +1,7 @@ # Setting up Go Skype Bridge (optional) The playbook can install and configure -[go-skype-bridge](https://github.com/Sorunome/go-skype-bridge) for you. +[go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you. See the project page to learn what it does and why it might be useful to you. @@ -16,7 +16,7 @@ matrix_go_skype_bridge_enabled: true ## Usage -Once the bot is enabled, you need to start a chat with `Skype Puppet Bridge` +Once the bot is enabled, you need to start a chat with `Skype bridge bot` with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). From b2f9ede87c6cf1d5b43f0b36c129cdbfe62bfcc8 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 14 Jun 2022 13:45:46 +0000 Subject: [PATCH 118/381] Update Element v1.10.14 -> v1.10.15 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 86b0ee6ad..083621f2f 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.14 +matrix_client_element_version: v1.10.15 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 37b584ef5825fd7b435f7c542fe2d53b47ef83f9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jun 2022 16:44:25 +0300 Subject: [PATCH 119/381] Upgrade matrix-corporal (2.2.3 -> 2.3.0) matrix-corporal 2.3.0 supports Synapse v1.61.0 (which removed communities/groups support). --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 66896e0e5..bd91564ab 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.3 +matrix_corporal_version: 2.3.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 6a573399aea8e0236d6807a4e784f4a0ef4a7f3b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Jun 2022 16:45:21 +0300 Subject: [PATCH 120/381] Upgrade Synapse (v1.60.0 -> v1.61.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- roles/matrix-synapse/vars/workers.yml | 53 ++++++++++++++------------ 2 files changed, 29 insertions(+), 26 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d0debe85f..29cf00b55 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.60.0 +matrix_synapse_version: v1.61.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 91b289c7b..e535d2ccc 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -29,9 +29,8 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ + - ^/_matrix/federation/v1/hierarchy/ # Inbound federation transaction request - ^/_matrix/federation/v1/send/ @@ -43,15 +42,14 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ + - ^/_matrix/client/v1/rooms/.*/hierarchy$ + - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ - ^/_matrix/client/(r0|v3|unstable)/devices$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(r0|v3|unstable)/joined_groups$ - - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ - - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ @@ -75,31 +73,27 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - # These appear to be conditional and should not be enabled by default. - # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. - # For now, they've been commented out manually. - # - # # Device requests - # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # # Account data requests - # - ^/_matrix/client/(r0|v3|unstable)/.*/tags - # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # # Receipts requests - # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # # Presence requests - # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ +# These appear to be conditional and should not be enabled by default. +# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. +# For now, they've been commented out manually. +# # Account data requests +# - ^/_matrix/client/(r0|v3|unstable)/.*/tags +# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data +# +# # Receipts requests +# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt +# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers +# +# # Presence requests +# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # User directory search requests + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ # Additionally, the following REST endpoints can be handled for GET requests: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/federation/v1/groups/ # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ - # ^/_matrix/client/(r0|v3|unstable)/groups/ # Pagination requests can also be handled, but all requests for a given # room must be routed to the same instance. Additionally, care must be taken to @@ -301,6 +295,15 @@ matrix_synapse_workers_generic_worker_endpoints: # This work cannot be load-balanced; please ensure the main process is restarted # after setting this option in the shared configuration! + # User directory updates allow REST endpoints matching the following regular + # expressions to work: + + # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually + # ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + + # The above endpoints can be routed to any worker, though you may choose to route + # it to the chosen user directory worker. + # This style of configuration supersedes the legacy `synapse.app.user_dir` # worker application type. From 7b0e5ef9955cc82802cd97bcefefc4fcd64abd91 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:55:11 +0000 Subject: [PATCH 121/381] Update mautrix-whatsapp 0.4.0 -> 0.5.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 5be700516..6e95eeb7c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.4.0 +matrix_mautrix_whatsapp_version: v0.5.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 5eff67371da7f49fcad0da570371374c674ebe9a Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 17 Jun 2022 14:32:17 +0300 Subject: [PATCH 122/381] add synapse media_retention --- roles/matrix-synapse/defaults/main.yml | 8 ++++++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b55..b7ea94f3c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -86,6 +86,14 @@ matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" matrix_synapse_max_upload_size_mb: 50 +# Controls whether local media should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_local_media_lifetime: +# Controls whether remote media cache (media that is downloaded from other homeservers) +# should be removed under certain conditions, typically for the purpose of saving space. +# should be empty to disable +matrix_synapse_media_retention_remote_media_lifetime: + # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce713300..1b4edb291 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1048,6 +1048,14 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" +media_retention: +{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} + local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" +{% endif %} +{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} + remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" +{% endif %} + # Maximum number of pixels that will be thumbnailed # #max_image_pixels: 32M From 323f5aa60d3be35bb8cf21813b0ab299a19a5fd9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:25:49 +0300 Subject: [PATCH 123/381] Synchronize homeserver.yaml config with the one from Synapse 1.61.0 --- roles/matrix-synapse/defaults/main.yml | 3 --- roles/matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 10 ---------- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 29cf00b55..5cf82ef1c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -215,9 +215,6 @@ matrix_synapse_recaptcha_private_key: '' # Disabling this option will not delete any tokens previously generated. matrix_synapse_registration_requires_token: false -# Allows non-server-admin users to create groups on this server -matrix_synapse_enable_group_creation: false - # A list of 3PID types which users must supply when registering (possible values: email, msisdn). matrix_synapse_registrations_require_3pid: [] diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index bb8a2bcd0..ab0ca3a7e 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -60,6 +60,7 @@ - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} + - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cce713300..d9a2974f4 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2600,16 +2600,6 @@ spam_checker: {{ matrix_synapse_spam_checker|to_json }} encryption_enabled_by_default_for_room_type: {{ matrix_synapse_encryption_enabled_by_default_for_room_type|to_json }} -# Uncomment to allow non-server-admin users to create groups on this server -# -enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }} - -# If enabled, non server admins can only create groups with local parts -# starting with this prefix -# -#group_creation_prefix: "unofficial_" - - # User Directory configuration # From 5987589436c7ed86897140f53eb8e1b1528c1317 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:30:22 +0300 Subject: [PATCH 124/381] Use |to_json --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1b4edb291..20b8135ab 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1050,10 +1050,10 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: {% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} - local_media_lifetime: "{{ matrix_synapse_media_retention_local_media_lifetime }}" + local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} {% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} - remote_media_lifetime: "{{ matrix_synapse_media_retention_remote_media_lifetime }}" + remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} # Maximum number of pixels that will be thumbnailed From 38027e72f6d541f46991eec4ea4ff6d40ae4aa90 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Jun 2022 15:45:25 +0300 Subject: [PATCH 125/381] Fix "object of type 'NoneType' has no len()" error Fixup for 5eff67371da7f49fc - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1884 --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d1f134079..c2364650d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1049,10 +1049,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" media_retention: -{% if matrix_synapse_media_retention_local_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_local_media_lifetime %} local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }} {% endif %} -{% if matrix_synapse_media_retention_remote_media_lifetime|length > 0 %} +{% if matrix_synapse_media_retention_remote_media_lifetime %} remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }} {% endif %} From f6a73231ab64629a11aea445c854819cff06db75 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 18 Jun 2022 16:13:08 +0200 Subject: [PATCH 126/381] Synapse workers should respect X-Forwarded headers Currently, Synapse workers ignore the X-Forwarded headers, which leads to internal Docker IP addresses randomly appearing in the users' device list. This adds the `x_forwarded: true` option to the worker config, fixing the issue. --- roles/matrix-synapse/templates/synapse/worker.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 40714f442..239de1f21 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -26,6 +26,7 @@ worker_listeners: {% if http_resources|length > 0 %} - type: http bind_addresses: ['::'] + x_forwarded: true port: {{ matrix_synapse_worker_details.port }} resources: - names: {{ http_resources|to_json }} From f57aed8e015593d084518c1dbe27f6f4bd9457de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 20 Jun 2022 21:32:03 +0200 Subject: [PATCH 127/381] Add a setting to make nginx forward node_exporter and postgres_exporter --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 4abcd40a0..8d17d64c4 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,6 +45,19 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} + {% if matrix_nginx_proxy_node_exporter_reverse_enabled %} + location /node-exporter/ { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-prometheus-node-exporter:9100/; + } + {% endif %} + {% if matrix_nginx_proxy_postgres_exporter_reverse_enabled %} + location /postgres-exporter/ { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-prometheus-postgres-exporter:9187/; + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} From 970afa4578b78951af7fded07fd9495990b2260c Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 21 Jun 2022 00:02:17 +0300 Subject: [PATCH 128/381] Update Buscarron 1.1.0 -> 1.2.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 8 +++++++- roles/matrix-bot-buscarron/templates/env.j2 | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index c2b44fa11..56686f42f 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.1.0 +matrix_bot_buscarron_version: v1.2.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -76,6 +76,9 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" # forms configuration matrix_bot_buscarron_forms: [] +# Disable encryption +matrix_bot_buscarron_noencryption: + # Sentry DSN matrix_bot_buscarron_sentry: @@ -88,6 +91,9 @@ matrix_bot_buscarron_spam_hosts: [] # spam email addresses matrix_bot_buscarron_spam_emails: [] +# spam email localparts +matrix_bot_buscarron_spam_localparts: [] + # Ban duration in hours matrix_bot_buscarron_ban_duration: 24 diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 index 876072e17..42da0d349 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -5,6 +5,7 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} @@ -12,10 +13,12 @@ BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} +BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} From fff4b9116c8fdf608669c543af3a5fa279a2751e Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Wed, 22 Jun 2022 10:10:41 +0200 Subject: [PATCH 129/381] Use prebuilt ARM images for coturn / synapse-admin * synapse-admin arm64 builds available since 2021-12-17 v.0.8.4 [awesometechnologies/synapse-admin:0.8.5](https://hub.docker.com/layers/synapse-admin/awesometechnologies/synapse-admin/0.8.5/images/sha256-eb54b8660c4641641b8acd08fd2dfc94ecc3fc604860f9e8b286a38008e3f3b6?context=explore) * coturn arm32/arm64 builds available since 2021-04-15 v.4.5.2-r0-alpine [coturn/coturn:4.5.2-r12](https://hub.docker.com/layers/coturn/coturn/coturn/4.5.2-r12/images/sha256-94887581bb1093085033be0494c3a651bd40034afba1867ddc78b8ba32dc2faf?context=explore) --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f727da55f..19cde0af0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1260,7 +1260,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -2196,7 +2196,7 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" -matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" ###################################################################### # From 5963a387f06cf11eefa17b2e49f53a8b9c10169c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:43:55 +0300 Subject: [PATCH 130/381] Upgrade Postgres (14.3 -> 14.4) --- roles/matrix-postgres/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index bb8202173..b6cbc2055 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -27,7 +27,7 @@ matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }} matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.4{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From f943e82384c2707f0ec45618352884901e819a21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 14:44:12 +0300 Subject: [PATCH 131/381] Upgrade Certbot (1.27 -> 1.28) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 64e2e06bf..466825c96 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From f4cf7b9cc190e00b4b7188659a0d24e856b20cfa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:17:51 +0300 Subject: [PATCH 132/381] Remove unused variable (matrix_nginx_proxy_synapse_workers_enabled_list) definition --- roles/matrix-nginx-proxy/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 466825c96..f3ec27baa 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -218,7 +218,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_synapse_workers_enabled_list: [] matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. # Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. From 2e68c9963ba4ab8b1e7d644a9185717012edfe06 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 22:50:43 +0300 Subject: [PATCH 133/381] Fix matrix-prometheus-postgres-exporter port number in some comments --- roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index c96a6ea84..9ad60405f 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -29,14 +29,14 @@ matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). +# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) +# - or listens on a loopback interface only (--net=host and 127.0.0.1:9187), which is not reachable from another container (like `matrix-prometheus`) # # Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, # but that's trickier to accomplish and won't necessarily work (hasn't been tested). From a3a6e14f7b730bdf0534f8821966b68d2c49cb1d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Jun 2022 23:04:27 +0300 Subject: [PATCH 134/381] Add matrix_nginx_proxy_proxy_synapse_metrics_addr_{with,sans}_container variables to defaults We redefine these variables in `group_vars/matrix_servers`, but it's better to have some defaults in the role as well. --- roles/matrix-nginx-proxy/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f3ec27baa..6fb7217e3 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -225,6 +225,8 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" +matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From ba51997f7b0c72755b19aeafc2db51ce90fc2112 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:44:11 +0300 Subject: [PATCH 135/381] (BC Break) Redo how metrics are exposed to external Prometheus servers --- CHANGELOG.md | 29 +++++++ docs/configuring-playbook-bridge-hookshot.md | 15 +++- ...configuring-playbook-prometheus-grafana.md | 85 +++++++++---------- ...onfiguring-playbook-prometheus-postgres.md | 8 +- group_vars/matrix_servers | 18 ++-- .../matrix-bridge-hookshot/defaults/main.yml | 13 ++- roles/matrix-bridge-hookshot/tasks/init.yml | 25 ++---- .../tasks/validate_config.yml | 13 +++ roles/matrix-nginx-proxy/defaults/main.yml | 66 +++++++++++--- .../tasks/nginx-proxy/setup_metrics_auth.yml | 53 ++++++++++++ .../tasks/setup_nginx_proxy.yml | 31 +++---- .../tasks/validate_config.yml | 23 +++++ .../nginx/conf.d/matrix-domain.conf.j2 | 13 +++ .../nginx/conf.d/matrix-synapse.conf.j2 | 39 --------- .../nginx/matrix-synapse-metrics-htpasswd.j2 | 3 - .../defaults/main.yml | 7 ++ .../tasks/init.yml | 36 ++++++++ .../defaults/main.yml | 6 ++ .../tasks/init.yml | 36 ++++++++ roles/matrix-synapse/defaults/main.yml | 8 ++ roles/matrix-synapse/tasks/init.yml | 60 +++++++++++++ .../tasks/synapse/setup_install.yml | 9 ++ .../tasks/synapse/setup_uninstall.yml | 6 ++ .../external_prometheus.yml.example.j2 | 18 ++-- setup.yml | 2 +- 25 files changed, 453 insertions(+), 169 deletions(-) create mode 100644 roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml delete mode 100644 roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 rename roles/{matrix-nginx-proxy/templates => matrix-synapse/templates/synapse}/prometheus/external_prometheus.yml.example.j2 (51%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e90accaf..3c5fdac53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,32 @@ +# 2022-06-23 + +## (Potential Backward Compatibility Break) Changes around metrics collection + +**TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below. + +**Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all). + +**The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. + +**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that: +1. **Metrics may not be enabled by default anymore**: + - If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network. + - **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below. +2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. +3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`. + +**If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`. + +**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`. + +**If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that: + +1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them. +2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation +3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` +4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). + + # 2022-06-13 ## go-skype-bridge bridging support diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index f47f24c0e..3e8a54a20 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -14,7 +14,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. @@ -32,8 +32,8 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | -| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). @@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics -If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). +Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them. + +To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however. + +**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to: + +- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature) +- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true` ### Collision with matrix-appservice-webhooks diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index f178def20..e1b826430 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -9,8 +9,12 @@ Remember to add `stats.` to DNS as described in [Configuring DNS](c ```yaml matrix_prometheus_enabled: true +# You can remove this, if unnecessary. matrix_prometheus_node_exporter_enabled: true +# You can remove this, if unnecessary. +matrix_prometheus_postgres_exporter_enabled: true + matrix_grafana_enabled: true matrix_grafana_anonymous_access: false @@ -34,6 +38,7 @@ Name | Description -----|---------- `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures +`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. `matrix_grafana_default_admin_user`
`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here @@ -48,28 +53,54 @@ Most of our docker containers run with limited system access, but the `prometheu ## Collecting metrics to an external Prometheus server -If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation. +**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly". -To do this, you may be interested in the following variables: +When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network. + +The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below. + +The following variables may be of interest: Name | Description -----|---------- +`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with +`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead. `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) -`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics` -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`) -`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx. -`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`) +`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). +`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) +`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) +`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` +`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below) -### Collecting worker metrics to an external Prometheus server +Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations: +```nginx +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: + - 'location /metrics/another-service { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-another-service:9100/metrics; + }' +``` -If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). -The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. + +### Collecting Synapse worker metrics to an external Prometheus server + +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. + +The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: ```yaml scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics + metrics_path: /metrics/synapse/main-process scheme: https basic_auth: username: prometheus @@ -80,7 +111,7 @@ scrape_configs: job: "master" index: 1 - job_name: 'synapse-generic_worker-1' - metrics_path: /_synapse-worker-generic_worker-18111/metrics + metrics_path: /metrics/synapse/worker/generic_worker-18111 scheme: https basic_auth: username: prometheus @@ -92,38 +123,6 @@ scrape_configs: index: 18111 ``` -### Collecting system and Postgres metrics to an external Prometheus server (advanced) - -When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats. - -It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network. - -Use the following variables in addition to the ones mentioned above: - -Name | Description ------|---------- -`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy -`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain -`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter -`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter -`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below) - -```nginx -matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: - - 'location /node-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-node-exporter:9100/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' - - 'location /postgres-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-postgres-exporter:9187/; - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - }' -``` -You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187. ## More information diff --git a/docs/configuring-playbook-prometheus-postgres.md b/docs/configuring-playbook-prometheus-postgres.md index 34407aaed..6fd13a9e9 100644 --- a/docs/configuring-playbook-prometheus-postgres.md +++ b/docs/configuring-playbook-prometheus-postgres.md @@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv ```yaml matrix_prometheus_postgres_exporter_enabled: true - -# the role creates a postgres user as credential. You can configure these if required: -matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' -matrix_prometheus_postgres_exporter_database_password: 'some-password' - ``` ## What does it do? @@ -20,7 +15,8 @@ Name | Description -----|---------- `matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' `matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' -`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. +`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook +`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) ## More information diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 19cde0af0..394e26dc9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -711,8 +711,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" -matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" -matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled. +# +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_hookshot_metrics_enabled` +# - `matrix_hookshot_metrics_proxying_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}" matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" @@ -1586,13 +1591,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" -# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore. -# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public. -# A local Prometheus can consume them over the container network. -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" - matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" @@ -1614,8 +1612,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" -matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}" - matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 3a2d5bc94..5d618a6ea 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -29,13 +29,20 @@ matrix_hookshot_public_endpoint: /hookshot matrix_hookshot_appservice_port: 9993 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" -# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc -matrix_hookshot_metrics_enabled: true +# Controls whether metrics are enabled in the bridge configuration. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`. +matrix_hookshot_metrics_enabled: false + +# Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_hookshot_metrics_proxying_enabled: false + # There is no need to edit ports. # Read the documentation to learn about using hookshot metrics with external Prometheus # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_metrics_port: 9001 -matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_webhook_port: 9000 diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 14bbcbb32..96d5740a7 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -103,11 +103,10 @@ [matrix_hookshot_matrix_nginx_proxy_configuration] }} - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | - {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} - location {{ matrix_hookshot_metrics_endpoint }} { + matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/hookshot { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; @@ -117,24 +116,18 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; {% endif %} - proxy_set_header Host $host; - {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; - {% endif %} } - {% endif %} + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) set_fact: - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} - tags: - - always + when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool when: matrix_hookshot_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml index 5da8809ee..b96223323 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -57,3 +57,16 @@ when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" with_items: - "matrix_hookshot_provisioning_secret" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot, + which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`. + + We now recommend exposing Hookshot metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_hookshot_proxy_metrics + - matrix_hookshot_metrics_endpoint + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6fb7217e3..f19eb4ab0 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,58 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) +# If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. +# This is only useful when an external Prometheus will be collecting metrics. +# +# To control what kind of metrics are exposed under `/metrics/` (e.g `/metrics/node-exporter`, `/metrics/postgres-exporter`, etc.), +# use `matrix_SERVICE_metrics_proxying_enabled` variables in each respective role. +# Roles inject themselves into the matrix-nginx-proxy configuration. +# +# To protect the metrics endpoints, see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` +matrix_nginx_proxy_proxy_matrix_metrics_enabled: false + +# Controls whether Basic Auth is enabled for all `/metrics/*` endpoints. +# +# You can provide the Basic Auth credentials in 2 ways: +# 1. A single username/password pair using `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` +# 2. Using raw content (`htpasswd`-generated file) provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled: false + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` specify +# the Basic Auth username/password for protecting `/metrics/*` endpoints. +# Alternatively, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username: "" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password: "" + +# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` value will be written verbatim to the htpasswd file protecting `/metrics/*` endpoints. +# Use this when a single username/password is not enough and you'd like to get more control over credentials. +# +# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. +# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` +# The whole thing is needed here. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "" + +# Specifies the path to the htpasswd file holding the htpasswd credentials for protecting `/metrics/*` endpoints +# This is not meant to be modified. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + +# Specifies the Apache container image to use +# when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. +# This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. +# To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. +# Learn more in: `roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" +matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" + +# A list of strings containing additional configuration blocks to add to the `location /metrics` configuration (matrix-domain.conf). +# Do not modify `matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks` and `matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks`. +# If you'd like to inject your own configuration blocks, use `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`. +matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks: "{{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks + matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks }}" +matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: [] +matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: [] + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -216,18 +268,6 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" -# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) -matrix_nginx_proxy_proxy_synapse_metrics: false -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false -# The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. -# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. -# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` -# The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" -matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:9100" -matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:9100" - # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-proxy:12080" @@ -260,8 +300,6 @@ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: | (['/_synapse/oidc'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled else []) + (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else []) - + - (['/_synapse.*/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else []) }} # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml new file mode 100644 index 000000000..55163c945 --- /dev/null +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -0,0 +1,53 @@ +# When we're dealing with raw htpasswd content, we just store it in the file directly. +- name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content }}" + dest: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + when: not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username + +# Alternatively, we need to use the `htpasswd` tool to generate the htpasswd file. +# There's an Ansible module that helps with that, but it requires passlib (a Python module) to be installed on the server. +# See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module +# We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. +# As a workaround, we run `htpasswd` from an Apache container image. +- block: + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" + + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent + when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a559e1090..0da9e52c7 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -31,23 +31,9 @@ mode: 0644 when: matrix_nginx_proxy_enabled|bool -- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI) - template: - src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2" - dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0400 - when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool" - -- name: Generate sample prometheus.yml for external scraping - template: - src: "{{ role_path }}/templates/prometheus/external_prometheus.yml.example.j2" - dest: "{{ matrix_base_data_path }}/external_prometheus.yml.example" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0644 - when: matrix_nginx_proxy_proxy_synapse_metrics|bool +- name: Setup metrics + include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" + when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool - name: Ensure Matrix nginx-proxy configured (generic) template: @@ -324,10 +310,15 @@ file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool" -- name: Ensure sample prometheus.yml for external scraping is deleted +# This file is now generated by the matrix-synapse role and saved in the Synapse directory +- name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted file: path: "{{ matrix_base_data_path }}/external_prometheus.yml.example" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics|bool" + +- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs) + file: + path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" + state: absent + when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 0de93873f..c6697e935 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -27,6 +27,14 @@ `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" +- name: Fail if Basic Auth enabled for metrics, but no credentials supplied + fail: + msg: | + Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: + - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) + - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) + when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" + - block: - name: (Deprecation) Catch and report renamed settings fail: @@ -36,6 +44,7 @@ with_items: - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} + - {'old': 'matrix_nginx_proxy_proxy_synapse_workers_enabled_list', 'new': ''} when: "item.old in vars" - name: Fail if required variables are undefined @@ -49,3 +58,17 @@ - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + +- name: (Deprecation) Catch and report old metrics usage + fail: + msg: >- + Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse, + which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`. + + We now recommend exposing Synapse metrics in another way, from another URL. + Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 + with_items: + - matrix_nginx_proxy_proxy_synapse_metrics + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled + - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key + when: "item in vars" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 4abcd40a0..2895ba14a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,6 +45,19 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} + location /metrics { + {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path }}; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 9a1576d48..69f13a1aa 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -145,45 +145,6 @@ server { {{- configuration_block }} {% endfor %} - {% if matrix_nginx_proxy_proxy_synapse_metrics %} - location /_synapse/metrics { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - - {% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_proxy_synapse_metrics %} - {% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} - {% if worker.metrics_port != 0 %} - location /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; - proxy_pass http://$backend/_synapse/metrics; - proxy_set_header Host $host; - - {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; - {% endif %} - } - {% endif %} - {% endfor %} - {% endif %} - {# Everything else just goes to the API server ##} location / { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 b/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 deleted file mode 100644 index 1a7247ace..000000000 --- a/roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# User and password for protecting /_synapse/metrics URI -prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }} diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 5e50a1d77..1a086b311 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -17,10 +17,17 @@ matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service # List of systemd services that matrix-prometheus.service wants matrix_prometheus_node_exporter_systemd_wanted_services_list: [] +# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_node_exporter_metrics_proxying_enabled: false + # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index db44a7ab9..d08340a83 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + location /metrics/node-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-node-exporter:9100"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 9ad60405f..8c3f435e6 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -28,11 +28,17 @@ matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres' matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' +# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # # Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. # +# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. +# # Official recommendations are to run this container with `--net=host`, # but we don't do that, since it: # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index ddea23ab1..996cc975d 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -3,3 +3,39 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + location /metrics/postgres-exporter { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-postgres-exporter:9187"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + {# This may be implemented in the future. #} + return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + {% endif %} + } + + - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + }} + when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 50e843027..848d8beb6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -334,6 +334,14 @@ matrix_url_preview_accept_language: ['en-US', 'en'] matrix_synapse_metrics_enabled: false matrix_synapse_metrics_port: 9100 +# Controls whether Synapse metrics should be proxied (exposed) on: +# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process +# - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process +# +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_synapse_metrics_proxying_enabled: false + # Enable the Synapse manhole # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md matrix_synapse_manhole_enabled: false diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 880650492..ffaec05fd 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -25,3 +25,63 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_synapse_nginx_metrics_configuration_block: | + location /metrics/synapse/main-process { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse:{{ matrix_synapse_metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_synapse_metrics_port }}/_synapse/metrics; + {% endif %} + } + + - name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_nginx_metrics_configuration_block] + }} + + - name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_synapse_worker_nginx_metrics_configuration_block: | + {% for worker in matrix_synapse_workers_enabled_list %} + {% if worker.metrics_port != 0 %} + location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + proxy_pass http://$backend/_synapse/metrics; + proxy_set_header Host $host; + } + {% endif %} + {% endfor %} + when: matrix_synapse_workers_enabled_list|length > 0 + + - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) + set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + + + [matrix_synapse_worker_nginx_metrics_configuration_block] + }} + when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_enabled|bool and matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 2302a6f23..1aaaf7b3f 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -119,3 +119,12 @@ src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0755 + +- name: Generate sample prometheus.yml for external scraping + template: + src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2" + dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + when: matrix_synapse_metrics_proxying_enabled|bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 911d12851..1d4fe7ad2 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -29,3 +29,9 @@ docker_image: name: "{{ matrix_synapse_docker_image }}" state: absent + +- name: Ensure sample prometheus.yml for external scraping is deleted + file: + path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + state: absent + when: "not matrix_synapse_metrics_proxying_enabled|bool" diff --git a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 similarity index 51% rename from roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 rename to roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index cbb2e6f33..b194c3c2d 100644 --- a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -11,29 +11,29 @@ rule_files: scrape_configs: - job_name: 'synapse' - metrics_path: /_synapse/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/main-process + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "master" index: "0" -{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} +{% for worker in matrix_synapse_workers_enabled_list %} - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics - scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }} -{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} + metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} +{% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: username: prometheus password_file: /path/to/your/passwordfile.pwd {% endif %} static_configs: - - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] + - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: job: "{{ worker.type }}" index: "{{ worker.instanceId }}" diff --git a/setup.yml b/setup.yml index 5ea7e5a7e..27aac7a72 100755 --- a/setup.yml +++ b/setup.yml @@ -47,6 +47,7 @@ - matrix-dendrite - matrix-synapse-admin - matrix-prometheus-node-exporter + - matrix-prometheus-postgres-exporter - matrix-prometheus - matrix-grafana - matrix-registration @@ -63,6 +64,5 @@ - matrix-coturn - matrix-aux - matrix-postgres-backup - - matrix-prometheus-postgres-exporter - matrix-backup-borg - matrix-common-after From 9aab7f9c37f546a22a7b54c1a34bc6a3e519834a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 17:57:53 +0300 Subject: [PATCH 136/381] Make yamllint happy Fixup for ba51997f7b0 --- .../matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 55163c945..1d39b8d6c 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -1,3 +1,5 @@ +--- + # When we're dealing with raw htpasswd content, we just store it in the file directly. - name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) copy: From 1727ecd888317db71f7e35f4e022ef728bdf854c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 18:00:32 +0300 Subject: [PATCH 137/381] Make yamllint happy (take 2) > Error: 19:3 error wrong indentation: expected 4 but found 2 (indentation) --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 1d39b8d6c..35dabefa7 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -16,40 +16,40 @@ # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. # As a workaround, we run `htpasswd` from an Apache container image. - block: - - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - docker_image: - name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + docker_image: + name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" - # We store the password in a file and make the `htpasswd` tool read it from there, - # as opposed to passing it directly on stdin (which will expose it to other processes on the server). - - name: Store metrics password in a temporary file - copy: - content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" - dest: "/tmp/matrix-nginx-proxy-metrics-password" - mode: 0400 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" + # We store the password in a file and make the `htpasswd` tool read it from there, + # as opposed to passing it directly on stdin (which will expose it to other processes on the server). + - name: Store metrics password in a temporary file + copy: + content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" + dest: "/tmp/matrix-nginx-proxy-metrics-password" + mode: 0400 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" - - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - command: - cmd: >- - {{ matrix_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network=none - --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data - --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro - --entrypoint=/bin/sh - {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} - -c - 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) + command: + cmd: >- + {{ matrix_host_command_docker }} run + --rm + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network=none + --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data + --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro + --entrypoint=/bin/sh + {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} + -c + 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' - - name: Delete temporary metrics password file - file: - path: /tmp/matrix-nginx-proxy-metrics-password - state: absent + - name: Delete temporary metrics password file + file: + path: /tmp/matrix-nginx-proxy-metrics-password + state: absent when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' From 37d7e75e9bf2499e64ef8c7847b99c4ae44e081b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Jun 2022 20:37:56 +0300 Subject: [PATCH 138/381] Add support for passing extra arguments to prometheus-node-exporter --- .../defaults/main.yml | 12 ++++++++++++ .../matrix-prometheus-node-exporter.service.j2 | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 1a086b311..a7f25c210 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -11,6 +11,18 @@ matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_n # A list of extra arguments to pass to the container matrix_prometheus_node_exporter_container_extra_arguments: [] +# A list of extra arguments to pass to the node_exporter process +# +# Example: +# matrix_prometheus_node_exporter_process_extra_arguments: +# - "--collector.systemd" +# - "--collector.logind" +# +# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. +# In fact, the systemd collector is exhibiting issues: +# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +matrix_prometheus_node_exporter_process_extra_arguments: [] + # List of systemd services that matrix-prometheus.service depends on matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service'] diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index e38b42e31..d0bfa4cce 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -32,7 +32,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod --pid=host \ --mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ {{ matrix_prometheus_node_exporter_docker_image }} \ - --path.rootfs=/host + --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' From d24cb7db6f9ed357ae4653174eccb9b44e0ace84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Thu, 23 Jun 2022 20:24:52 +0200 Subject: [PATCH 139/381] Initial maubot commit --- group_vars/matrix_servers | 27 ++++ roles/matrix-maubot/defaults/main.yml | 32 +++++ roles/matrix-maubot/tasks/init.yml | 5 + roles/matrix-maubot/tasks/main.yml | 23 ++++ roles/matrix-maubot/tasks/setup_install.yml | 73 ++++++++++ roles/matrix-maubot/tasks/setup_uninstall.yml | 36 +++++ roles/matrix-maubot/tasks/validate_config.yml | 11 ++ .../templates/config/config.yaml.j2 | 127 ++++++++++++++++++ .../systemd/matrix-maubot.service.j2 | 36 +++++ setup.yml | 1 + 10 files changed, 371 insertions(+) create mode 100644 roles/matrix-maubot/defaults/main.yml create mode 100644 roles/matrix-maubot/tasks/init.yml create mode 100644 roles/matrix-maubot/tasks/main.yml create mode 100644 roles/matrix-maubot/tasks/setup_install.yml create mode 100644 roles/matrix-maubot/tasks/setup_uninstall.yml create mode 100644 roles/matrix-maubot/tasks/validate_config.yml create mode 100644 roles/matrix-maubot/templates/config/config.yaml.j2 create mode 100644 roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f727da55f..4bfcaee5d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1053,6 +1053,33 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-maubot +# +###################################################################### + +# We don't enable bots by default. +matrix_maubot_enabled: false + +matrix_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_maubot_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + + +###################################################################### +# +# /matrix-maubot +# +###################################################################### + ###################################################################### # diff --git a/roles/matrix-maubot/defaults/main.yml b/roles/matrix-maubot/defaults/main.yml new file mode 100644 index 000000000..63603c505 --- /dev/null +++ b/roles/matrix-maubot/defaults/main.yml @@ -0,0 +1,32 @@ +--- + +matrix_maubot_enabled: true +matrix_maubot_container_image_self_build: false +matrix_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" +matrix_maubot_docker_src_files_path: "{{ matrix_maubot_base_path }}/docker-src" + +matrix_maubot_version: latest +matrix_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_maubot_version }}" +matrix_maubot_docker_image_force_pull: "{{ matrix_maubot_docker_image.endswith(':latest') }}" + +matrix_maubot_base_path: "{{ matrix_base_data_path }}/maubot" +matrix_maubot_data_path: "{{ matrix_maubot_base_path }}/data" + +matrix_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" + + + +matrix_maubot_logging_level: info +matrix_maubot_secret: '' +matrix_maubot_admin_user: '' +matrix_maubot_admin_password: '' +matrix_mau_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_maubot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_maubot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_maubot_systemd_wanted_services_list: [] diff --git a/roles/matrix-maubot/tasks/init.yml b/roles/matrix-maubot/tasks/init.yml new file mode 100644 index 000000000..3b62fbf3e --- /dev/null +++ b/roles/matrix-maubot/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}" + when: matrix_maubot_enabled|bool diff --git a/roles/matrix-maubot/tasks/main.yml b/roles/matrix-maubot/tasks/main.yml new file mode 100644 index 000000000..dbca98c39 --- /dev/null +++ b/roles/matrix-maubot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_maubot_enabled|bool" + tags: + - setup-all + - setup-maubot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_maubot_enabled|bool" + tags: + - setup-all + - setup-maubot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_maubot_enabled|bool" + tags: + - setup-all + - setup-maubot diff --git a/roles/matrix-maubot/tasks/setup_install.yml b/roles/matrix-maubot/tasks/setup_install.yml new file mode 100644 index 000000000..5d7019469 --- /dev/null +++ b/roles/matrix-maubot/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +- name: Ensure maubot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_maubot_base_path }}", when: true} + - - {path: "{{ matrix_maubot_data_path }}", when: true} + - {path: "{{ matrix_maubot_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure maubot configuration file created + template: + src: "{{ role_path }}/templates/config/config.yaml.j2" + dest: "{{ matrix_maubot_base_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure maubot image is pulled + docker_image: + name: "{{ matrix_maubot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_maubot_docker_image_force_pull }}" + when: "not matrix_maubot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure maubot repository is present on self-build + git: + repo: "{{ matrix_maubot_docker_repo }}" + dest: "{{ matrix_maubot_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_maubot_git_pull_results + when: "matrix_maubot_container_image_self_build|bool" + +- name: Ensure maubot image is built + docker_image: + name: "{{ matrix_maubot_docker_image }}" + source: build + force_source: "{{ matrix_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_maubot_docker_src_files_path }}" + pull: true + when: "matrix_maubot_container_image_self_build|bool" + +- name: Ensure matrix-maubot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-maubot.service" + mode: 0644 + register: matrix_maubot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-maubot.service installation + service: + daemon_reload: true + when: "matrix_maubot_systemd_service_result.changed|bool" + +- name: Ensure matrix-maubot.service restarted, if necessary + service: + name: "matrix-maubot.service" + state: restarted diff --git a/roles/matrix-maubot/tasks/setup_uninstall.yml b/roles/matrix-maubot/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1765eb032 --- /dev/null +++ b/roles/matrix-maubot/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-maubot service + stat: + path: "{{ matrix_systemd_path }}/matrix-maubot.service" + register: matrix_maubot_service_stat + +- name: Ensure matrix-maubot is stopped + service: + name: matrix-maubot + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_maubot_service_stat.stat.exists|bool" + +- name: Ensure matrix-maubot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-maubot.service" + state: absent + when: "matrix_maubot_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-maubot.service removal + service: + daemon_reload: true + when: "matrix_maubot_service_stat.stat.exists|bool" + +- name: Ensure Matrix maubot paths don't exist + file: + path: "{{ matrix_maubot_base_path }}" + state: absent + +- name: Ensure maubot Docker image doesn't exist + docker_image: + name: "{{ matrix_maubot_docker_image }}" + state: absent diff --git a/roles/matrix-maubot/tasks/validate_config.yml b/roles/matrix-maubot/tasks/validate_config.yml new file mode 100644 index 000000000..e23dc10c6 --- /dev/null +++ b/roles/matrix-maubot/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_maubot_secret + - matrix_maubot_admin_user + - matrix_maubot_admin_password diff --git a/roles/matrix-maubot/templates/config/config.yaml.j2 b/roles/matrix-maubot/templates/config/config.yaml.j2 new file mode 100644 index 000000000..9f72cfc0d --- /dev/null +++ b/roles/matrix-maubot/templates/config/config.yaml.j2 @@ -0,0 +1,127 @@ +# The full URI to the database. SQLite and Postgres are fully supported. +# Other DBMSes supported by SQLAlchemy may or may not work. +# Format examples: +# SQLite: sqlite:///filename.db +# Postgres: postgresql://username:password@hostname/dbname +database: sqlite:////data/maubot.db + +# Separate database URL for the crypto database. "default" means use the same database as above. +crypto_database: default + +# Additional arguments for asyncpg.create_pool() or sqlite3.connect() +# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool +# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect +# For sqlite, min_size is used as the connection thread pool size and max_size is ignored. +database_opts: + min_size: 1 + max_size: 10 +plugin_directories: + # The directory where uploaded new plugins should be stored. + upload: /data/plugins + # The directories from which plugins should be loaded. + # Duplicate plugin IDs will be moved to the trash. + load: + - /data/plugins + trash: /data/trash + +# Configuration for storing plugin databases +plugin_databases: + # The directory where SQLite plugin databases should be stored. + sqlite: /data/dbs + # The connection URL for plugin databases. If null, all plugins will get SQLite databases. + # If set, plugins using the new asyncpg interface will get a Postgres connection instead. + # Plugins using the legacy SQLAlchemy interface will always get a SQLite connection. + # + # To use the same connection pool as the default database, set to "default" + # (the default database above must be postgres to do this). + # + # When enabled, maubot will create separate Postgres schemas in the database for each plugin. + # To view schemas in psql, use `\dn`. To view enter and interact with a specific schema, + # use `SET search_path = name` (where `name` is the name found with `\dn`) and then use normal + # SQL queries/psql commands. + postgres: + # Maximum number of connections per plugin instance. + postgres_max_conns_per_plugin: 3 + # Overrides for the default database_opts when using a non-"default" postgres connection string. + postgres_opts: {} + +server: + # The IP and port to listen to. + hostname: 0.0.0.0 + port: 29316 + # Public base URL where the server is visible. + public_url: {{ matrix_maubot_bot_server }} + # The base management API path. + base_path: /_matrix/maubot/v1 + # The base path for the UI. + ui_base_path: /_matrix/maubot + # The base path for plugin endpoints. The instance ID will be appended directly. + plugin_base_path: /_matrix/maubot/plugin/ + # Override path from where to load UI resources. + # Set to false to using pkg_resources to find the path. + override_resource_path: /opt/maubot/frontend + # The base appservice API path. Use / for legacy appservice API and /_matrix/app/v1 for v1. + appservice_base_path: /_matrix/app/v1 + # The shared secret to sign API access tokens. + # Set to "generate" to generate and save a new token at startup. + unshared_secret: {{ matrix_maubot_secret }} + +# Known homeservers. This is required for the `mbc auth` command and also allows +# more convenient access from the management UI. This is not required to create +# clients in the management UI, since you can also just type the homeserver URL +# into the box there. +homeservers: + {{ matrix_domain }}: + # Client-server API URL + url: {{ matrix_maubot_bot_server }} + # registration_shared_secret from synapse config + # You can leave this empty if you don't have access to the homeserver. + # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. + secret: {{ matrix_registration_shared_secret }} +admins: + root: '' + {{ matrix_maubot_admin_user }}: {{ matrix_maubot_admin_password }} +api_features: + login: true + plugin: true + plugin_upload: true + instance: true + instance_database: true + client: true + client_proxy: true + client_auth: true + dev_open: true + log: true + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): maubot.lib.color_log.ColorFormatter + format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' + normal: + format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' + handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: normal + filename: /var/log/maubot.log + maxBytes: 10485760 + backupCount: 10 + console: + class: logging.StreamHandler + formatter: colored + loggers: + maubot: + level: DEBUG + mau: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [file, console] diff --git a/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 new file mode 100644 index 000000000..d09b8b723 --- /dev/null +++ b/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Maubot +{% for service in matrix_maubot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_maubot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ + --log-driver=none \ + --cap-drop=ALL \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --mount type=bind,src={{ matrix_maubot_base_path }},dst=/data \ + --network={{ matrix_docker_network }} \ + -p 29316:29316 \ + {{ matrix_maubot_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-maubot + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 5ea7e5a7e..0a0fdc61e 100755 --- a/setup.yml +++ b/setup.yml @@ -66,3 +66,4 @@ - matrix-prometheus-postgres-exporter - matrix-backup-borg - matrix-common-after + - matrix-maubot From 13166569985011d650526c129c9c062780c15dea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Thu, 23 Jun 2022 21:57:52 +0200 Subject: [PATCH 140/381] Rename to bot_maubot and fix permission error --- group_vars/matrix_servers | 6 +-- roles/matrix-bot-maubot/defaults/main.yml | 33 +++++++++++++++ .../tasks/init.yml | 2 +- .../tasks/main.yml | 12 +++--- .../tasks/setup_install.yml | 40 +++++++++---------- .../tasks/setup_uninstall.yml | 12 +++--- .../tasks/validate_config.yml | 5 +-- .../templates/config/config.yaml.j2 | 14 ++++--- .../systemd/matrix-maubot.service.j2 | 16 ++++---- roles/matrix-maubot/defaults/main.yml | 32 --------------- setup.yml | 2 +- 11 files changed, 89 insertions(+), 85 deletions(-) create mode 100644 roles/matrix-bot-maubot/defaults/main.yml rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/init.yml (74%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/main.yml (56%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/setup_install.yml (56%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/setup_uninstall.yml (68%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/validate_config.yml (66%) rename roles/{matrix-maubot => matrix-bot-maubot}/templates/config/config.yaml.j2 (91%) rename roles/{matrix-maubot => matrix-bot-maubot}/templates/systemd/matrix-maubot.service.j2 (68%) delete mode 100644 roles/matrix-maubot/defaults/main.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a15e38b49..ef4f4b07c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1065,11 +1065,11 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | ###################################################################### # We don't enable bots by default. -matrix_maubot_enabled: false +matrix_bot_maubot_enabled: false -matrix_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" +matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" -matrix_maubot_systemd_required_services_list: | +matrix_bot_maubot_systemd_required_services_list: | {{ ['docker.service'] + diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml new file mode 100644 index 000000000..5e7c58a22 --- /dev/null +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -0,0 +1,33 @@ +--- + +matrix_bot_maubot_enabled: true +matrix_bot_maubot_container_image_self_build: false +matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" +matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" + +matrix_bot_maubot_version: latest +matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" +matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" + +matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" +matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" +matrix_bot_maubot_container_data_dir: "/data" + +matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" + + + +matrix_bot_maubot_logging_level: info +matrix_bot_maubot_secret: '' +matrix_bot_maubot_admin_user: '' +matrix_bot_maubot_admin_password: '' +matrix_mau_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_bot_maubot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_bot_maubot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_bot_maubot_systemd_wanted_services_list: [] diff --git a/roles/matrix-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml similarity index 74% rename from roles/matrix-maubot/tasks/init.yml rename to roles/matrix-bot-maubot/tasks/init.yml index 3b62fbf3e..286c5f469 100644 --- a/roles/matrix-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -2,4 +2,4 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}" - when: matrix_maubot_enabled|bool + when: matrix_bot_maubot_enabled|bool diff --git a/roles/matrix-maubot/tasks/main.yml b/roles/matrix-bot-maubot/tasks/main.yml similarity index 56% rename from roles/matrix-maubot/tasks/main.yml rename to roles/matrix-bot-maubot/tasks/main.yml index dbca98c39..c67e25ee7 100644 --- a/roles/matrix-maubot/tasks/main.yml +++ b/roles/matrix-bot-maubot/tasks/main.yml @@ -5,19 +5,19 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_maubot_enabled|bool" + when: "run_setup|bool and matrix_bot_maubot_enabled|bool" tags: - setup-all - - setup-maubot + - setup-bot-maubot - import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_maubot_enabled|bool" + when: "run_setup|bool and matrix_bot_maubot_enabled|bool" tags: - setup-all - - setup-maubot + - setup-bot-maubot - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_maubot_enabled|bool" + when: "run_setup|bool and not matrix_bot_maubot_enabled|bool" tags: - setup-all - - setup-maubot + - setup-bot-maubot diff --git a/roles/matrix-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml similarity index 56% rename from roles/matrix-maubot/tasks/setup_install.yml rename to roles/matrix-bot-maubot/tasks/setup_install.yml index 5d7019469..368710798 100644 --- a/roles/matrix-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -4,30 +4,30 @@ file: path: "{{ item.path }}" state: directory - mode: 0750 + mode: 0755 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - {path: "{{ matrix_maubot_base_path }}", when: true} - - - {path: "{{ matrix_maubot_data_path }}", when: true} - - {path: "{{ matrix_maubot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_maubot_base_path }}", when: true} + - - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure maubot configuration file created template: src: "{{ role_path }}/templates/config/config.yaml.j2" - dest: "{{ matrix_maubot_base_path }}/config.yaml" + dest: "{{ matrix_bot_maubot_base_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - mode: 0640 + mode: "u=rwx" - name: Ensure maubot image is pulled docker_image: - name: "{{ matrix_maubot_docker_image }}" + name: "{{ matrix_bot_maubot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_maubot_docker_image_force_pull }}" - when: "not matrix_maubot_container_image_self_build|bool" + force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}" + when: "not matrix_bot_maubot_container_image_self_build|bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -35,37 +35,37 @@ - name: Ensure maubot repository is present on self-build git: - repo: "{{ matrix_maubot_docker_repo }}" - dest: "{{ matrix_maubot_docker_src_files_path }}" + repo: "{{ matrix_bot_maubot_docker_repo }}" + dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" become: true become_user: "{{ matrix_user_username }}" - register: matrix_maubot_git_pull_results - when: "matrix_maubot_container_image_self_build|bool" + register: matrix_bot_maubot_git_pull_results + when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure maubot image is built docker_image: - name: "{{ matrix_maubot_docker_image }}" + name: "{{ matrix_bot_maubot_docker_image }}" source: build - force_source: "{{ matrix_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" build: dockerfile: Dockerfile - path: "{{ matrix_maubot_docker_src_files_path }}" + path: "{{ matrix_bot_maubot_docker_src_files_path }}" pull: true - when: "matrix_maubot_container_image_self_build|bool" + when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure matrix-maubot.service installed template: src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-maubot.service" mode: 0644 - register: matrix_maubot_systemd_service_result + register: matrix_bot_maubot_systemd_service_result - name: Ensure systemd reloaded after matrix-maubot.service installation service: daemon_reload: true - when: "matrix_maubot_systemd_service_result.changed|bool" + when: "matrix_bot_maubot_systemd_service_result.changed|bool" - name: Ensure matrix-maubot.service restarted, if necessary service: diff --git a/roles/matrix-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml similarity index 68% rename from roles/matrix-maubot/tasks/setup_uninstall.yml rename to roles/matrix-bot-maubot/tasks/setup_uninstall.yml index 1765eb032..c9dea82a1 100644 --- a/roles/matrix-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -3,7 +3,7 @@ - name: Check existence of matrix-maubot service stat: path: "{{ matrix_systemd_path }}/matrix-maubot.service" - register: matrix_maubot_service_stat + register: matrix_bot_maubot_service_stat - name: Ensure matrix-maubot is stopped service: @@ -12,25 +12,25 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure matrix-maubot.service doesn't exist file: path: "{{ matrix_systemd_path }}/matrix-maubot.service" state: absent - when: "matrix_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-maubot.service removal service: daemon_reload: true - when: "matrix_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure Matrix maubot paths don't exist file: - path: "{{ matrix_maubot_base_path }}" + path: "{{ matrix_bot_maubot_base_path }}" state: absent - name: Ensure maubot Docker image doesn't exist docker_image: - name: "{{ matrix_maubot_docker_image }}" + name: "{{ matrix_bot_maubot_docker_image }}" state: absent diff --git a/roles/matrix-maubot/tasks/validate_config.yml b/roles/matrix-bot-maubot/tasks/validate_config.yml similarity index 66% rename from roles/matrix-maubot/tasks/validate_config.yml rename to roles/matrix-bot-maubot/tasks/validate_config.yml index e23dc10c6..6c9871e17 100644 --- a/roles/matrix-maubot/tasks/validate_config.yml +++ b/roles/matrix-bot-maubot/tasks/validate_config.yml @@ -6,6 +6,5 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: - - matrix_maubot_secret - - matrix_maubot_admin_user - - matrix_maubot_admin_password + - matrix_bot_maubot_secret + - matrix_bot_maubot_admins diff --git a/roles/matrix-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 similarity index 91% rename from roles/matrix-maubot/templates/config/config.yaml.j2 rename to roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 9f72cfc0d..5e44ff5f6 100644 --- a/roles/matrix-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -50,7 +50,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_maubot_bot_server }} + public_url: {{ matrix_bot_maubot_bot_server }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. @@ -64,7 +64,7 @@ server: appservice_base_path: /_matrix/app/v1 # The shared secret to sign API access tokens. # Set to "generate" to generate and save a new token at startup. - unshared_secret: {{ matrix_maubot_secret }} + unshared_secret: {{ matrix_bot_maubot_secret }} # Known homeservers. This is required for the `mbc auth` command and also allows # more convenient access from the management UI. This is not required to create @@ -73,14 +73,16 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: {{ matrix_maubot_bot_server }} + url: {{ matrix_bot_maubot_bot_server }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. secret: {{ matrix_registration_shared_secret }} -admins: - root: '' - {{ matrix_maubot_admin_user }}: {{ matrix_maubot_admin_password }} + +# List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password +# to prevent normal login. Root is a special user that can't have a password and will always exist. +admins: {{ matrix_bot_maubot_admins | combine( {"root": ""} ) }} + api_features: login: true plugin: true diff --git a/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 similarity index 68% rename from roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 rename to roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index d09b8b723..3a3c3a0cf 100644 --- a/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -1,11 +1,11 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Maubot -{% for service in matrix_maubot_systemd_required_services_list %} +{% for service in matrix_bot_maubot_systemd_required_services_list %} Requires={{ service }} After={{ service }} {% endfor %} -{% for service in matrix_maubot_systemd_wanted_services_list %} +{% for service in matrix_bot_maubot_systemd_wanted_services_list %} Wants={{ service }} {% endfor %} DefaultDependencies=no @@ -18,13 +18,15 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ --log-driver=none \ - --cap-drop=ALL \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --read-only \ - --mount type=bind,src={{ matrix_maubot_base_path }},dst=/data \ + -e UID={{ matrix_user_uid }} \ + -e GID={{ matrix_user_gid }} \ + -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} --network={{ matrix_docker_network }} \ -p 29316:29316 \ - {{ matrix_maubot_docker_image }} + {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' diff --git a/roles/matrix-maubot/defaults/main.yml b/roles/matrix-maubot/defaults/main.yml deleted file mode 100644 index 63603c505..000000000 --- a/roles/matrix-maubot/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -matrix_maubot_enabled: true -matrix_maubot_container_image_self_build: false -matrix_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" -matrix_maubot_docker_src_files_path: "{{ matrix_maubot_base_path }}/docker-src" - -matrix_maubot_version: latest -matrix_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_maubot_version }}" -matrix_maubot_docker_image_force_pull: "{{ matrix_maubot_docker_image.endswith(':latest') }}" - -matrix_maubot_base_path: "{{ matrix_base_data_path }}/maubot" -matrix_maubot_data_path: "{{ matrix_maubot_base_path }}/data" - -matrix_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" - - - -matrix_maubot_logging_level: info -matrix_maubot_secret: '' -matrix_maubot_admin_user: '' -matrix_maubot_admin_password: '' -matrix_mau_environment_variables_extension: '' - -# A list of extra arguments to pass to the container -matrix_maubot_container_extra_arguments: [] - -# List of systemd services that matrix-bot-matrix-registration-bot.service depends on -matrix_maubot_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-bot-matrix-registration-bot.service wants -matrix_maubot_systemd_wanted_services_list: [] diff --git a/setup.yml b/setup.yml index 433051c81..79c377413 100755 --- a/setup.yml +++ b/setup.yml @@ -66,4 +66,4 @@ - matrix-postgres-backup - matrix-backup-borg - matrix-common-after - - matrix-maubot + - matrix-bot-maubot From 569b52f0c1818d988aa0ebf0eb93a7ff9e37b503 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Jun 2022 08:33:17 +0300 Subject: [PATCH 141/381] Document how the systemd node-exporter collector can be made to work --- roles/matrix-prometheus-node-exporter/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index a7f25c210..d061d59cd 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -18,9 +18,10 @@ matrix_prometheus_node_exporter_container_extra_arguments: [] # - "--collector.systemd" # - "--collector.logind" # -# Note: the above is just an example. We have not confirmed that these collectors work when running in a container. -# In fact, the systemd collector is exhibiting issues: -# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory" +# Note: the above is just an example. Various collectors may require various tweaks to be able to run. +# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`: +# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`) +# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`) matrix_prometheus_node_exporter_process_extra_arguments: [] # List of systemd services that matrix-prometheus.service depends on From 4d40b61a51662d331f8ad0eaa5b798ccdbb4e501 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 11:50:52 +0200 Subject: [PATCH 142/381] Fix config error, add nginx --- roles/matrix-bot-maubot/defaults/main.yml | 2 + .../matrix-bot-maubot/tasks/setup_install.yml | 42 ++++++++++++++++++- .../systemd/matrix-maubot.service.j2 | 2 +- .../nginx/conf.d/matrix-domain.conf.j2 | 11 ----- setup.yml | 2 +- 5 files changed, 44 insertions(+), 15 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 5e7c58a22..7e86de6f0 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -11,7 +11,9 @@ matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.en matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" +matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" matrix_bot_maubot_container_data_dir: "/data" +matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 368710798..7c651ea28 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -9,18 +9,56 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - - - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure maubot configuration file created template: src: "{{ role_path }}/templates/config/config.yaml.j2" - dest: "{{ matrix_bot_maubot_base_path }}/config.yaml" + dest: "{{ matrix_bot_maubot_data_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: "u=rwx" +- name: Generate Maubot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-maubot:{{ matrix_bot_maubot_port }}/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + +- name: Register Maubot's proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled|bool and matrix_nginx_proxy_enabled is not defined" + + - name: Ensure maubot image is pulled docker_image: name: "{{ matrix_bot_maubot_docker_image }}" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index 3a3c3a0cf..8a7a09ed6 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -25,7 +25,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ - -p 29316:29316 \ + -p {{ matrix_bot_maubot_port }}:29316 \ {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 878a297d5..2895ba14a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,17 +45,6 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} - {% if matrix_nginx_proxy_node_exporter_reverse_enabled %} - location /node-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-node-exporter:9100/; - } - {% endif %} - {% if matrix_nginx_proxy_postgres_exporter_reverse_enabled %} - location /postgres-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-postgres-exporter:9187/; - } {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} location /metrics { {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} diff --git a/setup.yml b/setup.yml index 79c377413..38c32574a 100755 --- a/setup.yml +++ b/setup.yml @@ -39,6 +39,7 @@ - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-matrix-registration-bot + - matrix-bot-maubot - matrix-bot-buscarron - matrix-bot-honoroit - matrix-bot-go-neb @@ -66,4 +67,3 @@ - matrix-postgres-backup - matrix-backup-borg - matrix-common-after - - matrix-bot-maubot From d7eb2d097f17c27e22389b78a11637ff262ec6ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 11:58:10 +0200 Subject: [PATCH 143/381] Fix yamllint (emptylines) --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 7e86de6f0..7867ec6cd 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -18,7 +18,6 @@ matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" - matrix_bot_maubot_logging_level: info matrix_bot_maubot_secret: '' matrix_bot_maubot_admin_user: '' From 8806598f51a325787c5f3ce764a6213a38902efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 12:29:06 +0200 Subject: [PATCH 144/381] Add option to proxy management UI (now defaults to false) --- roles/matrix-bot-maubot/defaults/main.yml | 1 + roles/matrix-bot-maubot/tasks/setup_install.yml | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 7867ec6cd..33556abe7 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -16,6 +16,7 @@ matrix_bot_maubot_container_data_dir: "/data" matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_proxy_management_interface: False matrix_bot_maubot_logging_level: info diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 7c651ea28..22854ffbd 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -39,6 +39,7 @@ proxy_set_header Connection "upgrade"; {% endif %} } + when: matrix_bot_maubot_proxy_management_interface|bool - name: Register Maubot's proxying configuration with matrix-nginx-proxy set_fact: @@ -48,6 +49,7 @@ + [matrix_bot_maubot_matrix_nginx_proxy_configuration] }} + when: matrix_bot_maubot_proxy_management_interface|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used debug: @@ -56,7 +58,7 @@ reverse proxy. Please make sure that you're proxying the `/_matrix/maubot` URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" - name: Ensure maubot image is pulled From 0ea146930be1923c11daecc9af9461f1462766a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 12:39:51 +0200 Subject: [PATCH 145/381] Make exposing management UI configurable --- roles/matrix-bot-maubot/defaults/main.yml | 1 + .../templates/systemd/matrix-maubot.service.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 33556abe7..0d141a2c6 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,6 +17,7 @@ matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: False +matrix_bot_maubot_expose_management_interface: True matrix_bot_maubot_logging_level: info diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index 8a7a09ed6..e94696f7b 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -25,7 +25,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ + {% if matrix_bot_maubot_expose_management_interface|bool %} -p {{ matrix_bot_maubot_port }}:29316 \ + {% endif %} {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' From 2f1d78fa48de548fe8ce9452c91dfa8662733422 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 12:45:19 +0200 Subject: [PATCH 146/381] Make true and false lowercase --- roles/matrix-bot-maubot/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 0d141a2c6..438c8f465 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -16,8 +16,8 @@ matrix_bot_maubot_container_data_dir: "/data" matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" -matrix_bot_maubot_proxy_management_interface: False -matrix_bot_maubot_expose_management_interface: True +matrix_bot_maubot_proxy_management_interface: false +matrix_bot_maubot_expose_management_interface: true matrix_bot_maubot_logging_level: info From 2309a61cb0d4a3a8d51ba53404a0b4b1b163ed73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 13:15:34 +0200 Subject: [PATCH 147/381] Fix minor naming issue --- roles/matrix-bot-maubot/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 438c8f465..bcac2e9ea 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -29,8 +29,8 @@ matrix_mau_environment_variables_extension: '' # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] -# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +# List of systemd services that matrix-bot-maubot.service depends on matrix_bot_maubot_systemd_required_services_list: ['docker.service'] -# List of systemd services that matrix-bot-matrix-registration-bot.service wants +# List of systemd services that matrix-bot-maubot.service wants matrix_bot_maubot_systemd_wanted_services_list: [] From d5c82a52219c25311a40f45f89892d81152203da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:36:53 +0200 Subject: [PATCH 148/381] Remove logging to /var/log and make readonly --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 8 +------- .../templates/systemd/matrix-maubot.service.j2 | 3 ++- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 5e44ff5f6..86f0076db 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -108,12 +108,6 @@ logging: normal: format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: normal - filename: /var/log/maubot.log - maxBytes: 10485760 - backupCount: 10 console: class: logging.StreamHandler formatter: colored @@ -126,4 +120,4 @@ logging: level: INFO root: level: DEBUG - handlers: [file, console] + handlers: [console] diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index e94696f7b..a4e6d7500 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -20,9 +20,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ --log-driver=none \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ + --read-only \ -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \ {% for arg in matrix_bot_maubot_container_extra_arguments %} - {{ arg }} \ + {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_expose_management_interface|bool %} From 5f6ad0f603693d4ea8b31298fe4b8c42d004c724 Mon Sep 17 00:00:00 2001 From: nono-lqdn Date: Fri, 24 Jun 2022 17:45:52 +0200 Subject: [PATCH 149/381] Added a note on managing the basic_auth password on external prometheus servers --- CHANGELOG.md | 1 + docs/configuring-playbook-prometheus-grafana.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c5fdac53..2779b3698 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index e1b826430..b2878c12b 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,6 +90,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server @@ -130,4 +131,3 @@ scrape_configs: - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2) - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) - From 6ed105b83071dd6edae569f19d2c551f3eb418a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:54:57 +0200 Subject: [PATCH 150/381] Rename service from matrix-maubot to matrix-bot-maubot --- roles/matrix-bot-maubot/tasks/init.yml | 2 +- roles/matrix-bot-maubot/tasks/setup_install.yml | 12 ++++++------ ...aubot.service.j2 => matrix-bot-maubot.service.j2} | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) rename roles/matrix-bot-maubot/templates/systemd/{matrix-maubot.service.j2 => matrix-bot-maubot.service.j2} (97%) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 286c5f469..6f55c7472 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -1,5 +1,5 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 22854ffbd..dd48a0f0e 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -95,19 +95,19 @@ pull: true when: "matrix_bot_maubot_container_image_self_build|bool" -- name: Ensure matrix-maubot.service installed +- name: Ensure matrix-bot-maubot.service installed template: - src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-maubot.service" + src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" mode: 0644 register: matrix_bot_maubot_systemd_service_result -- name: Ensure systemd reloaded after matrix-maubot.service installation +- name: Ensure systemd reloaded after matrix-bot-maubot.service installation service: daemon_reload: true when: "matrix_bot_maubot_systemd_service_result.changed|bool" -- name: Ensure matrix-maubot.service restarted, if necessary +- name: Ensure matrix-bot-maubot.service restarted, if necessary service: - name: "matrix-maubot.service" + name: "matrix-bot-maubot.service" state: restarted diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 similarity index 97% rename from roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 rename to roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index a4e6d7500..1cfe4c343 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -35,7 +35,7 @@ ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' Restart=always RestartSec=30 -SyslogIdentifier=matrix-maubot +SyslogIdentifier=matrix-bot-maubot [Install] WantedBy=multi-user.target From ba0caf395a01fcf21124ce46dd4cade3c05ebf23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:58:50 +0200 Subject: [PATCH 151/381] Create dckr-src file path only when neccessary Co-authored-by: Slavi Pantaleev --- roles/matrix-bot-maubot/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index dd48a0f0e..3b2ce5b74 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -10,7 +10,7 @@ with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} when: "item.when|bool" - name: Ensure maubot configuration file created From 6d1650c83466bdc41ec325ef6efed79bf0c5d8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:59:45 +0200 Subject: [PATCH 152/381] Remove config dir Co-authored-by: Slavi Pantaleev --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index bcac2e9ea..54d50b845 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -13,7 +13,6 @@ matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" matrix_bot_maubot_container_data_dir: "/data" -matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false From 2f167f21227054b6a94990b724c8a2afec537e58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:01:51 +0200 Subject: [PATCH 153/381] Rename docker container to matrix-bot-maubot --- .../templates/systemd/matrix-bot-maubot.service.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 1cfe4c343..c74153992 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -13,10 +13,10 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ @@ -31,8 +31,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ {% endif %} {{ matrix_bot_maubot_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-maubot From 8e9d1657876cda603a0f3d96b75f252c1be37856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:06:06 +0200 Subject: [PATCH 154/381] Another rename to matrix-bot-maubot No functionality changed --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ef4f4b07c..79df3cf16 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1060,7 +1060,7 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | ###################################################################### # -# matrix-maubot +# matrix-bot-maubot # ###################################################################### @@ -1081,7 +1081,7 @@ matrix_bot_maubot_systemd_required_services_list: | ###################################################################### # -# /matrix-maubot +# /matrix-bot-maubot # ###################################################################### From a289116140920ae8ac19d6ccb734003ca42ac2a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:07:09 +0200 Subject: [PATCH 155/381] Use tagged release Co-authored-by: Slavi Pantaleev --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 54d50b845..b38f71c7d 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_maubot_container_image_self_build: false matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" -matrix_bot_maubot_version: latest +matrix_bot_maubot_version: v0.3.1 matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" From 90447a283924d20c3268d8b9ed627964cf004e98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:19:23 +0200 Subject: [PATCH 156/381] Use correct registration secret --- group_vars/matrix_servers | 8 ++++++++ roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 79df3cf16..1705bdebb 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1078,6 +1078,14 @@ matrix_bot_maubot_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} +matrix_bot_maubot_registration_shared_secret: |- + {{ + { + 'synapse': matrix_synapse_registration_shared_secret, + 'dendrite': matrix_dendrite_registration_shared_secret, + }[matrix_homeserver_implementation] + }} + ###################################################################### # diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 86f0076db..2797c03fe 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -77,7 +77,7 @@ homeservers: # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. - secret: {{ matrix_registration_shared_secret }} + secret: {{ matrix_bot_maubot_registration_shared_secret|to_json }} # List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password # to prevent normal login. Root is a special user that can't have a password and will always exist. From 7baf477c160b31abe7c8ae8993d68108d4e6ad99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:21:13 +0200 Subject: [PATCH 157/381] Remove unnecessary variable The /data is hardcoded in the container --- roles/matrix-bot-maubot/defaults/main.yml | 1 - .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index b38f71c7d..6e4219f56 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -12,7 +12,6 @@ matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.en matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" -matrix_bot_maubot_container_data_dir: "/data" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index c74153992..89c91d5f2 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -21,7 +21,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ --read-only \ - -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \ + -v {{ matrix_bot_maubot_data_path }}:/data:z \ {% for arg in matrix_bot_maubot_container_extra_arguments %} {{ arg }} \ {% endfor %} From 64fbc5ff87c45ab3c87b75d21962f123853dc808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 08:50:22 +0200 Subject: [PATCH 158/381] Replace spaces with tabs --- .../templates/systemd/matrix-bot-maubot.service.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 89c91d5f2..df66d321d 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -17,19 +17,19 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ - --log-driver=none \ + --log-driver=none \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ --read-only \ -v {{ matrix_bot_maubot_data_path }}:/data:z \ - {% for arg in matrix_bot_maubot_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_expose_management_interface|bool %} -p {{ matrix_bot_maubot_port }}:29316 \ {% endif %} - {{ matrix_bot_maubot_docker_image }} + {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From a295ec3e3d9b1f75d213d3c9942daec52d57c7be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 09:44:24 +0200 Subject: [PATCH 159/381] Change to matrix_bot_maubot_bot_server_public This shall indicate that the public url of maubot is here configured the same as matrix_server_fqn_matrix but this must not be the case. In the config I used the matrix fqnd directly as this part of the config is directly bound to the homeserver we want to connect to (but can not use the internal) --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 6e4219f56..dd777a7bd 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -13,7 +13,7 @@ matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" -matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 2797c03fe..298603404 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -50,7 +50,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_bot_maubot_bot_server }} + public_url: {{ matrix_bot_maubot_bot_server_public }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. @@ -73,7 +73,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: {{ matrix_bot_maubot_bot_server }} + url: {{ matrix_server_fqn_matrix }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. From 2e5ad5cbe97d550b76c77f1597d6322b517d1d2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 09:46:19 +0200 Subject: [PATCH 160/381] Remove unused variable --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index dd777a7bd..9d2730539 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -18,7 +18,6 @@ matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true -matrix_bot_maubot_logging_level: info matrix_bot_maubot_secret: '' matrix_bot_maubot_admin_user: '' matrix_bot_maubot_admin_password: '' From 9ed70188dd8cb08d25bee55edfc2e887d8ab0f6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 09:47:32 +0200 Subject: [PATCH 161/381] Use safer |to_json --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 298603404..1a45b91a0 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -64,7 +64,7 @@ server: appservice_base_path: /_matrix/app/v1 # The shared secret to sign API access tokens. # Set to "generate" to generate and save a new token at startup. - unshared_secret: {{ matrix_bot_maubot_secret }} + unshared_secret: {{ matrix_bot_maubot_secret|to_json }} # Known homeservers. This is required for the `mbc auth` command and also allows # more convenient access from the management UI. This is not required to create From 83f1574a085831ac58d22de6cffb5d4f1569e5fc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 Jun 2022 18:59:28 +0300 Subject: [PATCH 162/381] Upgrade exim-relay (4.95-r0-2 -> 4.95-r0-4) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 682126d28..6d3bb2e24 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0-2 +matrix_mailer_version: 4.95-r0-4 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From b784f88af5cb8f3883ade58fee175cb76f892f66 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:06:35 +0000 Subject: [PATCH 163/381] Update Grafana (8.5.3 -> 9.0.1) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 991cb19d6..618eaef73 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.5.3 +matrix_grafana_version: 9.0.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From c793fc5ff0a47d078022751fd2be588a2782187f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 25 Jun 2022 18:07:30 +0000 Subject: [PATCH 164/381] Update Prometheus (v2.33.3 -> v2.36.2) --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 843a90e8a..cb1e6c014 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.33.3 +matrix_prometheus_version: v2.36.2 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 574f57c82cb44a6dce204fbdfda197753d8752de Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 08:41:22 +0300 Subject: [PATCH 165/381] expose prometheus process args --- roles/matrix-prometheus/defaults/main.yml | 7 +++++++ .../templates/systemd/matrix-prometheus.service.j2 | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index cb1e6c014..ffe2ddc0e 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,6 +26,13 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 8de57201c..296a3adf0 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} + {{ matrix_prometheus_docker_image }} \ + {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 1542e8bca036360c6eb3d2cdaa5415e7eacb805f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 26 Jun 2022 06:59:46 +0000 Subject: [PATCH 166/381] Update roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 Co-authored-by: Slavi Pantaleev --- .../templates/systemd/matrix-prometheus.service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 296a3adf0..57969f8a6 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,8 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} \ - {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From c71fea70d334506571dd268824e09f05b5f80acf Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 12:01:57 +0300 Subject: [PATCH 167/381] matrix-prometheus feedback --- roles/matrix-prometheus/defaults/main.yml | 10 ++++++++-- .../templates/systemd/matrix-prometheus.service.j2 | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index ffe2ddc0e..28395bd9d 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -26,13 +26,19 @@ matrix_prometheus_systemd_wanted_services_list: [] # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. matrix_prometheus_container_http_host_bind_port: '' -# A list of extra arguments to pass to the prometheus process -matrix_prometheus_process_extra_arguments: +# A list of default arguments to pass to the prometheus process +matrix_prometheus_process_default_arguments: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" +# A list of extra arguments to pass to the prometheus process +matrix_prometheus_process_extra_arguments: [] + +# holds the final list of process arguments +matrix_prometheus_process_arguments: "{{ matrix_prometheus_process_default_arguments + matrix_prometheus_process_extra_arguments }}" + # Tells whether the "synapse" scraper configuration is enabled. matrix_prometheus_scraper_synapse_enabled: false diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 57969f8a6..56e13c134 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% for arg in matrix_prometheus_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_extra_arguments|join(' ') }} + {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' From 5801017df0b1005c6513bce4bfa2a3c11e36309c Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:16:09 +0300 Subject: [PATCH 168/381] mx-puppet-bridges - set log level = warn, set presence interval = 5s --- .../matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 | 4 ++-- .../matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 | 2 +- .../templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 | 4 ++-- roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 index edb0c280b..a1c0cc486 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -25,7 +25,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -117,7 +117,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 index a9ab77012..357baec74 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 index 1c4bb1bd0..57c5b0f0e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -18,7 +18,7 @@ presence: # Bridge Instagram online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -61,7 +61,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 index 1d6d48280..647f8fc78 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 @@ -29,7 +29,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Optionally, you can apply filters to the console logging #console: # level: info @@ -80,7 +80,7 @@ presence: # Bridge online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 # if the im.vector.user_status state setting should be diabled #disableStatusState: false # A blacklist of remote user IDs for the im.vector.user_status state setting diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index c7497a84c..b84fe221b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -32,7 +32,7 @@ presence: # Bridge Discord online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -75,7 +75,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 index fd59471d4..0919907dc 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -78,7 +78,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 index 1d269057e..5418ccaf4 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -28,7 +28,7 @@ presence: # Bridge Twitter online/offline status enabled: true # How often to send status to the homeserver in milliseconds - interval: 500 + interval: 5000 provisioning: # Regex of Matrix IDs allowed to use the puppet bridge @@ -71,7 +71,7 @@ logging: # Log level of console output # Allowed values starting with most verbose: # silly, debug, verbose, info, warn, error - console: info + console: warn # Date and time formatting lineDateFormat: MMM-D HH:mm:ss.SSS # Logging files From 2689a0981a820138b05218b27cf4e5178d08d64b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:31:51 +0300 Subject: [PATCH 169/381] mautrix-based bridges - set log level = warn(ing) --- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 10 +++++----- .../templates/config.yaml.j2 | 6 +++--- .../templates/config.yaml.j2 | 8 ++++---- .../templates/config.yaml.j2 | 6 +++--- 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 4fb6b055a..77a73a96f 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -256,12 +256,12 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [ console] diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index c3cb1932e..d4823c424 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -250,11 +250,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index e2af88308..657323437 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 7ff7d539d..a8a52b7c9 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -135,11 +135,11 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING hangups: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index cb74d5c11..a4ba96d6f 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -216,13 +216,13 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING mauigpapi: - level: DEBUG + level: WARNING paho: - level: INFO + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index b831fe9a1..47671af5e 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: {{ matrix_mautrix_signal_log_level }} + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 6569ce87a..177c5f0a7 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -401,11 +401,11 @@ logging: formatter: precise loggers: mau: - level: DEBUG + level: WARNING telethon: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f0ae69b25..d0aec60f6 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -195,9 +195,9 @@ logging: formatter: colored loggers: mau: - level: DEBUG + level: WARNING aiohttp: - level: INFO + level: WARNING root: - level: DEBUG + level: WARNING handlers: [console] From d426dbbc32614aa9e2c65c2ceb2d0fbbf9f29737 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 20:41:23 +0300 Subject: [PATCH 170/381] missing var --- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index e622522de..5b84643c4 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -25,6 +25,8 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url } matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" +matrix_beeper_linkedin_bridge_presence: true + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] From 55d8e3dfddb6a8c66ac65ad5923e35d32b1ab102 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:03:21 +0300 Subject: [PATCH 171/381] mautrix-based bridges: add matrix_admin --- roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 3 +++ .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 3 +++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 3 +++ 10 files changed, 30 insertions(+) diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 77a73a96f..7310676d8 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,6 +238,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index fb50b0dd4..f3dd7c29a 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,6 +199,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index d4823c424..7dca6aff1 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,6 +203,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 657323437..b7b908322 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,6 +119,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index a8a52b7c9..5b7bd8be4 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,6 +116,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index a4ba96d6f..c0965ad29 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 47671af5e..2c49c833d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,6 +225,9 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 177c5f0a7..40549721f 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,6 +291,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index d0aec60f6..debddc4b6 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,6 +175,9 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user + {% if matrix_admin is defined and matrix_admin|length %} + '{{ matrix_admin }}': admin + {% endif %} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d73718eaa..d3b26ba61 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,6 +187,9 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user + {% if matrix_admin is defined and matrix_admin|length %} + "{{ matrix_admin }}": admin + {% endif %} # Settings for relay mode relay: From ed8ef0d1f871b2b671a75a1af8786d2c27f7bc8b Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:09:31 +0300 Subject: [PATCH 172/381] mautrix-telegram: update defaults --- .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 40549721f..b22882578 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -105,11 +105,11 @@ bridge: # synced when they send messages. The maximum is 10000, after which the Telegram server # will not send any more members. # Defaults to no local limit (-> limited to 10000 by server) - max_initial_member_sync: -1 + max_initial_member_sync: 10 # Whether or not to sync the member list in channels. # If no channel admins have logged into the bridge, the bridge won't be able to sync the member # list regardless of this setting. - sync_channel_members: true + sync_channel_members: false # Whether or not to skip deleted members when syncing members. skip_deleted_members: true # Whether or not to automatically synchronize contacts and chats of Matrix users logged into @@ -204,7 +204,7 @@ bridge: # been sent to Telegram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From cd88c06994c881f9be24bf700ae55c535ffe7d5a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:16:43 +0300 Subject: [PATCH 173/381] mautrix-twitter: update defaults --- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index debddc4b6..2b3b41407 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -149,7 +149,7 @@ bridge: # been sent to Twitter. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Whether or not non-fatal polling errors should send notices to the notice room. temporary_disconnect_notices: true # Number of seconds to sleep more than the previous error when a polling error occurs. From 00192f6e94b349750545861f0c251ac6821f606a Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 26 Jun 2022 21:19:56 +0300 Subject: [PATCH 174/381] mautrix-instagram, mautrix-signal: set delivery_error_reports: true --- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index c0965ad29..9ac7e2e37 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -166,7 +166,7 @@ bridge: # been sent to Instagram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2c49c833d..3ca35b2f9 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -177,7 +177,7 @@ bridge: # Note that this is not related to Signal delivery receipts. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) - delivery_error_reports: false + delivery_error_reports: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. From 44f2234c9947549bd88066b03ba36d350dfffbee Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 27 Jun 2022 10:34:04 +0300 Subject: [PATCH 175/381] define matrix_admin in matrix-base --- roles/matrix-base/defaults/main.yml | 3 +++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 11 files changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 645563781..d303bf15b 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -8,6 +8,9 @@ # Example value: example.com matrix_domain: ~ +# The optional matrix admin MXID, used in bridges' configs to set bridge admin user +matrix_admin: '' + # This will contain the homeserver implementation that is in use. # Valid values: synapse, dendrite # diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 7310676d8..6b33ffeac 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -238,7 +238,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index f3dd7c29a..6f7277fea 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -199,7 +199,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 7dca6aff1..2555e9855 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -203,7 +203,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index b7b908322..db4394b7f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -119,7 +119,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 5b7bd8be4..07f5b2d78 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -116,7 +116,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 9ac7e2e37..994a39a74 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} # Provisioning API part of the web server for automated portal creation and fetching information. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 3ca35b2f9..53aa550d6 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -225,7 +225,7 @@ bridge: # mxid - Specific user permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index b22882578..20055ab7d 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -291,7 +291,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 2b3b41407..6b32d47bf 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -175,7 +175,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} '{{ matrix_admin }}': admin {% endif %} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d3b26ba61..b9862e948 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -187,7 +187,7 @@ bridge: # mxid - Specific user permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin is defined and matrix_admin|length %} + {% if matrix_admin %} "{{ matrix_admin }}": admin {% endif %} From e27ecd6e76f0044f2a94d1e05cf3e5cc2d0accbb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 27 Jun 2022 11:02:10 +0300 Subject: [PATCH 176/381] Add matrix_admin example --- roles/matrix-base/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index d303bf15b..4d63fc56f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,6 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user +# Example value: "@someone:{{ matrix_admin }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 23ed70a6bb02f371e57989c85de7594eeb40b002 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 27 Jun 2022 11:38:21 +0000 Subject: [PATCH 177/381] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 4d63fc56f..6b717f80f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -9,7 +9,7 @@ matrix_domain: ~ # The optional matrix admin MXID, used in bridges' configs to set bridge admin user -# Example value: "@someone:{{ matrix_admin }}" +# Example value: "@someone:{{ matrix_domain }}" matrix_admin: '' # This will contain the homeserver implementation that is in use. From 5b38ee537144f32721a6a43153341cc5c93172c0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:27:57 +0000 Subject: [PATCH 178/381] add missing retry to the apache docker image pull --- .../tasks/nginx-proxy/setup_metrics_auth.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 35dabefa7..046746df2 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # We store the password in a file and make the `htpasswd` tool read it from there, # as opposed to passing it directly on stdin (which will expose it to other processes on the server). From e36894f93b808a7219424605d9ecd79ac0b173a7 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 03:35:12 -0800 Subject: [PATCH 179/381] Update configuring-playbook-bridge-mautrix-facebook.md Logging in from the IP address is no longer always enough, but 2FA seems to work eventually --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 1845682f2..bb8d1430c 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -91,3 +91,5 @@ Once connected, you should be able to verify that you're browsing the web throug Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/). Once logged in, proceed to [set up bridging](#usage). + +If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change From bff35926dc24704e1eed7acea83c803fb865dcdc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:13:14 +0300 Subject: [PATCH 180/381] Upgrade Synapse (v1.61.0 -> v1.61.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 848d8beb6..43ee9e579 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.0 +matrix_synapse_version: v1.61.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 75746943be412a7197bdf7be0550273d925e22db Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 28 Jun 2022 17:51:06 +0300 Subject: [PATCH 181/381] Update README.md to include Go Skype Bridge Update README.md to include Go Skype Bridge, added in #1877 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 26f109404..1d58eed01 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation +- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation + - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation From c614b61e01e1ec1de5b86cd265b3b36e9c5b3b4d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:53:57 +0300 Subject: [PATCH 182/381] Fix mautrix-signal permissions configuration Fixup for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ad0752e34..61f8695d9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -99,6 +99,9 @@ matrix_mautrix_signal_relaybot_enabled: false matrix_mautrix_signal_bridge_permissions: | '*': relay '{{ matrix_mautrix_signal_homeserver_domain }}': user + {% if matrix_admin %} + "{{ matrix_admin }}": admin + {% endif %} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 53aa550d6..c5fbba8eb 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,11 +223,8 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: + permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From c15bf2e0194e63f30df700b2465960d91120f811 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Jun 2022 08:42:13 +0300 Subject: [PATCH 183/381] Upgrade Grafana (9.0.1 -> 9.0.2) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 618eaef73..7765ae48c 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.1 +matrix_grafana_version: 9.0.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 523a7b4a6e428eb21efb343463d576152ade1cc9 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 23:38:08 -0800 Subject: [PATCH 184/381] Update configuring-playbook-own-webserver.md Adding a bit on how to bind the synapse ports if the webserver isn't in the same docker network, or on a different machine. --- docs/configuring-playbook-own-webserver.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index c7e56f146..155b5995e 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. +If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) +'''yaml +# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. +matrix_synapse_container_client_api_host_bind_port: '' +matrix_synapse_container_federation_api_plain_host_bind_port: '' +''' + + ### Using your own external Apache webserver From 6cc92854df7d81068fb13057e8751b6f488deebe Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Wed, 29 Jun 2022 12:37:29 +0000 Subject: [PATCH 185/381] enable setting database URL --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 1a45b91a0..eb9e7abfa 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -3,10 +3,12 @@ # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgresql://username:password@hostname/dbname -database: sqlite:////data/maubot.db +database: {{ matrix_bot_maubot_storage_database|to_json }} # Separate database URL for the crypto database. "default" means use the same database as above. -crypto_database: default +crypto_database: + type: default + postgres_uri: {{ matrix_bot_maubot_storage_database|to_json }} # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool From 320978cdf50baed5a0c4c9e82ba08cafeff91179 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Wed, 29 Jun 2022 13:17:03 +0000 Subject: [PATCH 186/381] Enable setting database URI and other things --- roles/matrix-bot-maubot/defaults/main.yml | 8 +++----- roles/matrix-bot-maubot/tasks/setup_install.yml | 16 ++++++++-------- .../templates/config/config.yaml.j2 | 4 ++-- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 9d2730539..210fb1939 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,11 +17,9 @@ matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true - -matrix_bot_maubot_secret: '' -matrix_bot_maubot_admin_user: '' -matrix_bot_maubot_admin_password: '' -matrix_mau_environment_variables_extension: '' +matrix_bot_database_uri: 'sqlite:///data/maubot.db' +matrix_bot_maubot_port: 29316 +matrix_bot_maubot_secret: 'generate' # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 3b2ce5b74..6d9aec87e 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -26,15 +26,15 @@ matrix_bot_maubot_matrix_nginx_proxy_configuration: | location ~ ^/(_matrix/maubot/.*) { {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-maubot:{{ matrix_bot_maubot_port }}/$1"; - proxy_pass http://$backend; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:29316/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; {% endif %} diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index eb9e7abfa..aa9a2045f 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -3,12 +3,12 @@ # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgresql://username:password@hostname/dbname -database: {{ matrix_bot_maubot_storage_database|to_json }} +database: {{ matrix_bot_maubot_database_uri|to_json }} # Separate database URL for the crypto database. "default" means use the same database as above. crypto_database: type: default - postgres_uri: {{ matrix_bot_maubot_storage_database|to_json }} + postgres_uri: {{ matrix_bot_maubot_database_uri|to_json }} # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool From 6a99b3d5323a25b3f9a289b2b0d90675ff1d180b Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 29 Jun 2022 15:09:29 +0000 Subject: [PATCH 187/381] Fix Hydrogen self check Thanks to Julian for pointing this out --- roles/matrix-client-hydrogen/tasks/main.yml | 7 +++++++ roles/matrix-client-hydrogen/tasks/self_check.yml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 13d157ccf..d027fe660 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -21,3 +21,10 @@ tags: - setup-all - setup-client-hydrogen + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index 28af9c789..0c6642318 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}" + matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json" - name: Check Hydrogen uri: From 9cf2b37352f940bdfeb4208be88d67c5b245ee62 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 00:43:01 -0800 Subject: [PATCH 188/381] Update configuring-playbook-bridge-mautrix-instagram.md Copy/Pasting from docs/configuring-playbook-bridge-mautrix-facebook.md but with the relevant variable names changed to add turning on encryption and a puppet admin. --- ...uring-playbook-bridge-mautrix-instagram.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 38d107d0e..08b35d1d2 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -7,6 +7,27 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i ```yaml matrix_mautrix_instagram_enabled: true ``` +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. + ## Usage From 3fbff1a78909170426ce15ad9b81a3fdc5b3b9e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 11:57:01 +0300 Subject: [PATCH 189/381] Mention matrix_admin Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- docs/configuring-playbook-bridge-mautrix-instagram.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 08b35d1d2..cbfdcb0b5 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -20,13 +20,18 @@ matrix_mautrix_instagram_configuration_extension_yaml: | If you would like to be able to administrate the bridge from your account it can be configured like this: ```yaml +# The easy way. The specified Matrix user ID will be made an admin of all bridges +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" + +# OR: +# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins. matrix_mautrix_instagram_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage From 95ca182ab50bc3cf04e56d7ae1cc57cb49e59265 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 12:08:37 +0300 Subject: [PATCH 190/381] Remove outdated logging configuration from Dimension Related to https://github.com/turt2live/matrix-dimension/commit/123a45bb217126875a5a9aaabbe22c5f8f66727a Provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1879 Not sure how bot-sdk's logging level can be adjusted. Seems like Dimension now hardcodes `LogService.setLevel(LogLevel.DEBUG);` in its startup code. --- roles/matrix-dimension/templates/config.yaml.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 index 39721d71f..592c65ac8 100644 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -73,13 +73,3 @@ dimension: # This is where Dimension is accessible from clients. Be sure to set this # to your own Dimension instance. publicUrl: "https://{{ matrix_server_fqn_dimension }}" - -# Settings for controlling how logging works -logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 From 60c14c3550b41174dae723048b48ac011541cc45 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 03:46:24 -0800 Subject: [PATCH 191/381] Update configuring-playbook-own-webserver.md Fixing code block formatting --- docs/configuring-playbook-own-webserver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 155b5995e..76fa2d8b3 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -58,11 +58,11 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -'''yaml +```yaml # Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' matrix_synapse_container_federation_api_plain_host_bind_port: '' -''' +``` From 84346cae9cb4f2633a3acee3b1425900cc32fa67 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 21:28:38 -0800 Subject: [PATCH 192/381] Update configuring-playbook-bridge-mautrix-facebook.md Adding the defaults in addition to template, switching YOUR_DOMAIN to {{ matrix_domain }}, and giving example of the two combined, as the playbook gives a warning about things being defined twice, so only using the last one in the vars.yml --- ...nfiguring-playbook-bridge-mautrix-facebook.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index bb8d1430c..926c6f024 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can matrix_mautrix_facebook_configuration_extension_yaml: | bridge: permissions: - '@YOUR_USERNAME:YOUR_DOMAIN': admin + '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure. +Using both would look like + +```yaml +matrix_mautrix_facebook_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. ## Set up Double Puppeting From 4ca0d23b813e1f8f6123bd9cd5db233869f5e8be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 08:42:23 +0300 Subject: [PATCH 193/381] FIx code blocks --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 926c6f024..4429f0042 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting From 02cc201f14afb6480b55d86eac918474db0875e7 Mon Sep 17 00:00:00 2001 From: freiit Date: Fri, 1 Jul 2022 12:28:10 +0200 Subject: [PATCH 194/381] Add configuration instruction for AWS CloundFront --- docs/configuring-well-known.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a519343b..36e53996b 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -168,6 +168,11 @@ backend matrix-backend /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! ``` +**For AWS CloudFront** + + 1. Add a custom origin with matrix. to your distribution + 1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin. + Make sure to: - **replace `DOMAIN`** in the server configuration with your actual domain name From 06e51b06f1b6d442a78d0a3343df521d75637596 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 03:22:02 -0800 Subject: [PATCH 195/381] Adding logging variable for facebook and setting it's default (#1909) Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index d14698631..06bde727e 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -128,3 +128,6 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" + +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: DEBUG diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 2555e9855..f1d59b1ad 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -253,11 +253,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} handlers: [console] From 71006393e0a2c9e62213f8849eed7349c4f3bc94 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:31:28 +0300 Subject: [PATCH 196/381] Default mautrix-facebook to WARNING loggers by default Overlooked in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 06bde727e..778f31fca 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -130,4 +130,4 @@ matrix_mautrix_facebook_registration_yaml: | matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" # Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: DEBUG +matrix_mautrix_facebook_logging_level: WARNING From a6a5f79a6fe5509fd1dd620079b61b9dd9011b14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:32:42 +0300 Subject: [PATCH 197/381] Relocate matrix_mautrix_facebook_logging_level in defaults/main.yml Improvement to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 778f31fca..5acc1ec7c 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -89,6 +89,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -128,6 +131,3 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" - -# Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: WARNING From 1c8f21c738d33e17da277cdbac7e3710d568fbd8 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 04:05:28 -0800 Subject: [PATCH 198/381] Adding logging configuration and default to the rest of the mautrixes that don't have them --- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-hangouts/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 12 ++++++------ roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- .../matrix-bridge-mautrix-telegram/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- 12 files changed, 42 insertions(+), 24 deletions(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index dd5b83689..d0d90614b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_googlechat_login_shared_secret: '' matrix_mautrix_googlechat_appservice_bot_username: googlechatbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_googlechat_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index db4394b7f..864e3e1b1 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -141,11 +141,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 911c81c6d..f4f67a587 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -75,6 +75,9 @@ matrix_mautrix_hangouts_login_shared_secret: '' matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_hangouts_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 07f5b2d78..d207681e8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 4ae2d374d..a227b0856 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -68,6 +68,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_instagram_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 994a39a74..99ceee0e0 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -135,7 +135,7 @@ bridge: # Whether or not the bridge should backfill chats when reconnecting. resync: true # Should even disconnected users be reconnected? - always: false + always: false # End-to-bridge encryption support options. These require matrix-nio to be installed with pip # and login_shared_secret to be configured in order to get a device for the bridge bot. # @@ -219,13 +219,13 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} mauigpapi: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 61f8695d9..d35e12afe 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -57,6 +57,9 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_signal_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_signal_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index c5fbba8eb..0044a0fc8 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 65a446e00..4708266a8 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -43,6 +43,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_telegram_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_telegram_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 20055ab7d..276bd4619 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -404,11 +404,11 @@ logging: formatter: precise loggers: mau: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} telethon: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b2e292ffc..b32f57ef0 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -66,6 +66,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt matrix_mautrix_twitter_appservice_bot_username: twitterbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_twitter_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 6b32d47bf..f9bc89417 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -198,9 +198,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} handlers: [console] From c3f85ae827af0e942b5e9dc68e30649316050de4 Mon Sep 17 00:00:00 2001 From: Kabir Kwatra Date: Fri, 1 Jul 2022 07:56:09 -0700 Subject: [PATCH 199/381] feat(jitsi+arm64): Enable Jitsi on arm64 fixes spantaleev/matrix-docker-ansible-deploy#1889 Support for arm64 images tracked in jitsi/docker-jitsi-meet#1214 and added in jitsi/docker-jitsi-meet#1269 --- roles/matrix-jitsi/defaults/main.yml | 2 +- roles/matrix-jitsi/tasks/init.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index c32682678..70dc035d8 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7001 +matrix_jitsi_version: stable-7439-2 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index c4ed61a6c..58567d925 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -7,4 +7,4 @@ - name: Fail if on an unsupported architecture fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' + when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] From 2e4fad61944a7d2f5082c9f4e19e23cf30c23f67 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 2 Jul 2022 15:02:35 +0300 Subject: [PATCH 200/381] Use 127.0.0.1 instead of localhost for federation API when nginx disabled `localhost` may resolve to `::1` on some IPv6-enabled systems, which will not work, because we only potentially expose container ports on `127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`), not on `::1`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914 --- group_vars/matrix_servers | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 394e26dc9..8d3922764 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1578,7 +1578,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f19eb4ab0..195b16fd9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -311,7 +311,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "" # Controls whether proxying for the Matrix Federation API should be done. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088" -matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088" +matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088" matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem" From ec9f8e29319e6150eb6daa6417fa1afab7078b70 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 21 Jun 2022 14:31:21 +0100 Subject: [PATCH 201/381] Add a role to install 'ntfy' push-notification server. This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with simple configuration, and plumbing to add the role to the playbook. TODO: documentation, self-check, database persistence. --- group_vars/matrix_servers | 19 ++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-ntfy.conf.j2 | 100 ++++++++++++++++++ roles/matrix-ntfy/README.md | 40 +++++++ roles/matrix-ntfy/defaults/main.yml | 16 +++ roles/matrix-ntfy/tasks/init.yml | 5 + roles/matrix-ntfy/tasks/main.yml | 10 ++ roles/matrix-ntfy/tasks/setup.yml | 58 ++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 37 +++++++ setup.yml | 1 + 12 files changed, 309 insertions(+) create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 create mode 100644 roles/matrix-ntfy/README.md create mode 100644 roles/matrix-ntfy/defaults/main.yml create mode 100644 roles/matrix-ntfy/tasks/init.yml create mode 100644 roles/matrix-ntfy/tasks/main.yml create mode 100644 roles/matrix-ntfy/tasks/setup.yml create mode 100644 roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d3922764..1c30405dd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,6 +1552,7 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}" +matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -1634,6 +1635,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-sygnal.service'] if matrix_sygnal_enabled else []) + + (['matrix-ntfy.service'] if matrix_ntfy_enabled else []) + + (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) @@ -1667,6 +1670,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for @@ -1960,6 +1965,20 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### +###################################################################### +# +# matrix-ntfy +# +###################################################################### + +matrix_ntfy_enabled: false + +###################################################################### +# +# /matrix-ntfy +# +###################################################################### + ###################################################################### # # matrix-redis diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 6b717f80f..9b6d45f84 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,6 +59,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}" # This is where you access the Sygnal push gateway. matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" +# This is where you access the ntfy push notification service. +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" + matrix_federation_public_port: 8448 # The architecture that your server runs. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 195b16fd9..f9b7a019f 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying the ntfy domain should be done. +matrix_nginx_proxy_proxy_ntfy_enabled: false +matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" + # Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) # If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. # This is only useful when an external Prometheus will be collecting metrics. @@ -365,6 +369,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf). matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf). +matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 0da9e52c7..70541fdc1 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -138,6 +138,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_sygnal_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_ntfy_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" @@ -288,6 +295,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 new file mode 100644 index 000000000..39818c1a7 --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -0,0 +1,100 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + +{% for configuration_block in matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-ntfy:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:80; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md new file mode 100644 index 000000000..8b4f760a1 --- /dev/null +++ b/roles/matrix-ntfy/README.md @@ -0,0 +1,40 @@ +# A role to install the [ntfy](https://ntfy.sh) push-notification server. + +The ntfy server and clients implement self-hosted support push notifications +from Matrix (and other) servers to Android (and other) clients, using the +[UnifiedPush](https://unifiedpush.org) standard. + +This role installs ntfy server in Docker. It is intended to support push +notifications, via UnifiedPush, from the Matrix and Matrix-related services +that are installed alongside it to any clients that support UnifiedPush. + +This role is not intended to support other features of the ntfy server and +clients. + + +# Using the ntfy role + +Configure the role by adding settings in your Ansible inventory. + +The only required setting is to enable ntfy: + + matrix_ntfy_enabled: true + +The default domain for ntfy is `ntfy.`. This can be changed +with the `matrix_server_fqn_ntfy` variable: + + matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" + +Other ntfy settings can be configured by adding extra arguments to the +docker run command, e.g.: + + matrix_ntfy_container_extra_arguments: + - '--env=NTFY_LOG_LEVEL=DEBUG' + + +# TODO + +- Documentation. +- Self-check. +- Mount the ntfy database to disk so subscriptions persist across restarts. +- Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml new file mode 100644 index 000000000..19e8af8f7 --- /dev/null +++ b/roles/matrix-ntfy/defaults/main.yml @@ -0,0 +1,16 @@ +--- +matrix_ntfy_enabled: true + +matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" + +matrix_ntfy_version: v1.27.2 +matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" +matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" + +# Controls whether the container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. +matrix_ntfy_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_ntfy_container_extra_arguments: [] diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/matrix-ntfy/tasks/init.yml new file mode 100644 index 000000000..e2622655e --- /dev/null +++ b/roles/matrix-ntfy/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" + when: matrix_ntfy_enabled|bool diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml new file mode 100644 index 000000000..3f3975f58 --- /dev/null +++ b/roles/matrix-ntfy/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup.yml" + tags: + - setup-all + - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml new file mode 100644 index 000000000..c06195ec9 --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -0,0 +1,58 @@ +--- +# +# Tasks related to setting up matrix-ntfy +# + +- name: Ensure matrix-ntfy image is pulled + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" + when: "matrix_ntfy_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-ntfy.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" + mode: 0644 + register: matrix_ntfy_systemd_service_result + when: matrix_ntfy_enabled|bool + +- name: Ensure systemd reloaded after matrix-ntfy.service installation + service: + daemon_reload: true + when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" + +# +# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) +# + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 new file mode 100644 index 000000000..85d032778 --- /dev/null +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-ntfy +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + {% for arg in matrix_ntfy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_ntfy_container_http_host_bind_port %} + -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ + {% endif %} + --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + {{ matrix_ntfy_docker_image }} \ + serve --behind-proxy + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ntfy + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 27aac7a72..c99da4d16 100755 --- a/setup.yml +++ b/setup.yml @@ -60,6 +60,7 @@ - matrix-etherpad - matrix-email2matrix - matrix-sygnal + - matrix-ntfy - matrix-nginx-proxy - matrix-coturn - matrix-aux From 2a516a16fbfd71339609df855ac48dc44cfd8af3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 24 Jun 2022 22:20:51 +0100 Subject: [PATCH 202/381] matrix-ntfy: enable WebSocket proxying --- .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 39818c1a7..e095e7213 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -27,6 +27,8 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:80; {% endif %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; From 85b12b74a75d2e4360948843325238edac16cffd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 27 Jun 2022 22:20:02 +0100 Subject: [PATCH 203/381] matrix-ntfy: documentation --- docs/configuring-dns.md | 3 + docs/configuring-playbook-ntfy.md | 62 +++++++++++++++++++ docs/configuring-playbook-ssl-certificates.md | 1 + docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + roles/matrix-ntfy/README.md | 35 ----------- roles/matrix-ntfy/defaults/main.yml | 2 +- 7 files changed, 71 insertions(+), 36 deletions(-) create mode 100644 docs/configuring-playbook-ntfy.md diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 666f8a63d..aec3c2539 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -36,6 +36,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `stats` | - | - | - | `matrix.` | | CNAME | `goneb` | - | - | - | `matrix.` | | CNAME | `sygnal` | - | - | - | `matrix.` | +| CNAME | `ntfy` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | | CNAME | `buscarron` | - | - | - | `matrix.` | @@ -57,6 +58,8 @@ The `goneb.` subdomain may be necessary, because this playbook coul The `sygnal.` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.` DNS record. +The `ntfy.` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.` DNS record. + The `hydrogen.` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.` DNS record. The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md new file mode 100644 index 000000000..03684b9c8 --- /dev/null +++ b/docs/configuring-playbook-ntfy.md @@ -0,0 +1,62 @@ +# Setting up ntfy (optional) + +The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you. + +Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices. + +This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features. + +**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enabling it is the only required setting +matrix_ntfy_enabled: true + +# Some other options +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" +matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +``` + +For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. + +For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). + + +## Installing + +Don't forget to add `ntfy.` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook. + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.) + +Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app. + +If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". + +If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below. + + +## Troubleshooting + +First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app. + +Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`. + +To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL. + +If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app. + +The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device. diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index eae584e72..30a8f0b87 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -74,6 +74,7 @@ By default, it obtains certificates for: - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). - possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). - possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). +- possibly for `ntfy.`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3bfb01bdc..f71a23f5c 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -168,3 +168,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Other specialized services - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) + +- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index bf5885e06..25005d5ac 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -109,3 +109,5 @@ These services are not part of our default installation, but can be enabled by [ - [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards) - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix + +- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 8b4f760a1..2a5301f7f 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,40 +1,5 @@ -# A role to install the [ntfy](https://ntfy.sh) push-notification server. - -The ntfy server and clients implement self-hosted support push notifications -from Matrix (and other) servers to Android (and other) clients, using the -[UnifiedPush](https://unifiedpush.org) standard. - -This role installs ntfy server in Docker. It is intended to support push -notifications, via UnifiedPush, from the Matrix and Matrix-related services -that are installed alongside it to any clients that support UnifiedPush. - -This role is not intended to support other features of the ntfy server and -clients. - - -# Using the ntfy role - -Configure the role by adding settings in your Ansible inventory. - -The only required setting is to enable ntfy: - - matrix_ntfy_enabled: true - -The default domain for ntfy is `ntfy.`. This can be changed -with the `matrix_server_fqn_ntfy` variable: - - matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" - -Other ntfy settings can be configured by adding extra arguments to the -docker run command, e.g.: - - matrix_ntfy_container_extra_arguments: - - '--env=NTFY_LOG_LEVEL=DEBUG' - - # TODO -- Documentation. - Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 19e8af8f7..2df796742 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -12,5 +12,5 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. matrix_ntfy_container_http_host_bind_port: '' -# A list of extra arguments to pass to the container +# A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] From 763586e878fbf78b07ea3ef0fa31199bab0e4235 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Wed, 29 Jun 2022 10:48:40 +0100 Subject: [PATCH 204/381] matrix-ntfy: add self-check --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/main.yml | 7 +++++++ roles/matrix-ntfy/tasks/self_check.yml | 25 +++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-ntfy/tasks/self_check.yml diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 2a5301f7f..41f83f662 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,5 +1,4 @@ # TODO -- Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 2df796742..916591e7b 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -14,3 +14,6 @@ matrix_ntfy_container_http_host_bind_port: '' # A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] + +# Controls whether the self-check feature should validate SSL certificates. +matrix_ntfy_self_check_validate_certificates: true diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index 3f3975f58..b2abac665 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -8,3 +8,10 @@ tags: - setup-all - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_ntfy_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml new file mode 100644 index 000000000..324a2d952 --- /dev/null +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -0,0 +1,25 @@ +--- + +# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax. +# Expect an empty response (because we query 'since=1s'). + +- set_fact: + matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + +- name: Check ntfy + uri: + url: "{{ matrix_ntfy_url_endpoint_public }}" + follow_redirects: none + validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}" + register: matrix_ntfy_self_check_result + check_mode: false + ignore_errors: true + +- name: Fail if ntfy not working + fail: + msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}" + when: "matrix_ntfy_self_check_result.failed" + +- name: Report working ntfy + debug: + msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)" From 3866fff5a830d75575ae959dd28a2374ffad31b1 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:35:53 +0100 Subject: [PATCH 205/381] matrix-ntfy: persist cache on disk --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 1 + roles/matrix-ntfy/tasks/setup.yml | 11 +++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 41f83f662..26da0a42b 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,4 +1,3 @@ # TODO -- Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 916591e7b..5dff2ec3b 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml index c06195ec9..9a2c15596 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -15,6 +15,17 @@ delay: "{{ matrix_container_retries_delay }}" until: result is not failed +- name: Ensure matrix-ntfy paths exists + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_data_path }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 85d032778..78963a082 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,6 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ + --env NTFY_CACHE_FILE=/data/cache.db \ --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From 408e2e9b4ee97802422a67405f28a3ac14c271cd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:37:45 +0100 Subject: [PATCH 206/381] matrix-ntfy: remove almost-empty README.md --- roles/matrix-ntfy/README.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 roles/matrix-ntfy/README.md diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md deleted file mode 100644 index 26da0a42b..000000000 --- a/roles/matrix-ntfy/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# TODO - -- Authentication? From efe1f21f05c483aa785a707eea454ecaed4c8daf Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 14:51:55 +0100 Subject: [PATCH 207/381] matrix-ntfy: fix and separate out uninstall tasks --- roles/matrix-ntfy/tasks/main.yml | 9 ++++- .../tasks/{setup.yml => setup_install.yml} | 36 +------------------ roles/matrix-ntfy/tasks/setup_uninstall.yml | 36 +++++++++++++++++++ 3 files changed, 45 insertions(+), 36 deletions(-) rename roles/matrix-ntfy/tasks/{setup.yml => setup_install.yml} (53%) create mode 100644 roles/matrix-ntfy/tasks/setup_uninstall.yml diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index b2abac665..5dd0d172a 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -4,7 +4,14 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_ntfy_enabled|bool" + tags: + - setup-all + - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_ntfy_enabled|bool" tags: - setup-all - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup_install.yml similarity index 53% rename from roles/matrix-ntfy/tasks/setup.yml rename to roles/matrix-ntfy/tasks/setup_install.yml index 9a2c15596..b674d3208 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -1,7 +1,4 @@ --- -# -# Tasks related to setting up matrix-ntfy -# - name: Ensure matrix-ntfy image is pulled docker_image: @@ -9,7 +6,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" - when: "matrix_ntfy_enabled|bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -32,38 +28,8 @@ dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result - when: matrix_ntfy_enabled|bool - name: Ensure systemd reloaded after matrix-ntfy.service installation service: daemon_reload: true - when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) -# - -- name: Check existence of matrix-ntfy service - stat: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - register: matrix_ntfy_service_stat - -- name: Ensure matrix-ntfy is stopped - service: - name: matrix-ntfy - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure matrix-ntfy.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - state: absent - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-ntfy.service removal - service: - daemon_reload: true - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + when: "matrix_ntfy_systemd_service_result.changed" diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/matrix-ntfy/tasks/setup_uninstall.yml new file mode 100644 index 000000000..e63caa9a7 --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy path doesn't exist + file: + path: "{{ matrix_ntfy_base_path }}" + state: absent + +- name: Ensure ntfy Docker image doesn't exist + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + state: absent From e119512c5928ded244ef629fbf8ef37f7694c4b3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 15:27:23 +0100 Subject: [PATCH 208/381] matrix-ntfy: add variable 'matrix_ntfy_base_url' --- roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/self_check.yml | 2 +- roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 5dff2ec3b..6c540beba 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -8,6 +8,9 @@ matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" +# Public facing base URL of the ntfy service +matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" + # Controls whether the container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml index 324a2d952..e91047341 100644 --- a/roles/matrix-ntfy/tasks/self_check.yml +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -4,7 +4,7 @@ # Expect an empty response (because we query 'since=1s'). - set_fact: - matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s" - name: Check ntfy uri: diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 78963a082..5bb28470a 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -25,7 +25,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% endif %} --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From e60d20dc6a6ca11efb58ba8993e307e0912a164e Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 21:30:29 +0100 Subject: [PATCH 209/381] matrix-ntfy: store settings in a config file --- docs/configuring-playbook-ntfy.md | 5 ++-- roles/matrix-ntfy/defaults/main.yml | 23 +++++++++++++++++++ roles/matrix-ntfy/tasks/setup_install.yml | 9 ++++++++ .../matrix-ntfy/templates/ntfy/server.yml.j2 | 3 +++ .../templates/systemd/matrix-ntfy.service.j2 | 5 ++-- 5 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 roles/matrix-ntfy/templates/ntfy/server.yml.j2 diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 03684b9c8..56c859f30 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -19,12 +19,13 @@ matrix_ntfy_enabled: true # Some other options matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" -matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +matrix_ntfy_configuration_extension_yaml: | + log_level: DEBUG ``` For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. -For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). +For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). ## Installing diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 6c540beba..4f0e2e55d 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 @@ -21,3 +22,25 @@ matrix_ntfy_container_extra_arguments: [] # Controls whether the self-check feature should validate SSL certificates. matrix_ntfy_self_check_validate_certificates: true + +# Default ntfy configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}" + +matrix_ntfy_configuration_extension_yaml: | + # Your custom YAML configuration for ntfy goes here. + # This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_ntfy_configuration_yaml`. + +matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml|from_yaml if matrix_ntfy_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final ntfy configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. +matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml|from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/matrix-ntfy/tasks/setup_install.yml index b674d3208..461d31763 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -20,8 +20,17 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_config_dir_path }}" - "{{ matrix_ntfy_data_path }}" +- name: Ensure matrix-ntfy config installed + copy: + content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 new file mode 100644 index 000000000..4cafcd62a --- /dev/null +++ b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -0,0 +1,3 @@ +base_url: {{ matrix_ntfy_base_url }} +behind_proxy: true +cache_file: /data/cache.db diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 5bb28470a..da292e5ce 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,11 +23,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ - serve --behind-proxy + serve ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' From 097c23c0b626b4e75e3096b4dcd5ae977141a038 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Mon, 4 Jul 2022 22:53:43 +0200 Subject: [PATCH 210/381] bots: make command_prefix configurable --- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 ++ roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 ++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 22 files changed, 33 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 76b153e75..0fdf8a415 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -17,6 +17,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data" matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store" +matrix_bot_matrix_reminder_bot_command_prefix: "!" + # A list of extra arguments to pass to the container matrix_bot_matrix_reminder_bot_container_extra_arguments: [] diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 index 596439584..338bffba0 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 @@ -1,5 +1,5 @@ # The string to prefix bot commands with -command_prefix: "!" +command_prefix: "{{ matrix_bot_matrix_reminder_bot_command_prefix }}" # Options for connecting to the bot's Matrix account matrix: diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 5b84643c4..514cfb142 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true +matrix_beeper_linkedin_command_prefix: "!li" + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 6b33ffeac..e07295497 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -226,7 +226,7 @@ bridge: # The prefix for commands. Only required in non-management rooms. - command_prefix: "!li" + command_prefix: "{{ matrix_beeper_linkedin_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 95213a00d..b6b4db346 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -36,6 +36,8 @@ matrix_go_skype_bridge_homeserver_token: '' matrix_go_skype_bridge_appservice_bot_username: skypebridgebot +matrix_go_skype_bridge_command_prefix: "!skype" + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_go_skype_bridge_federate_rooms: true diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 6f7277fea..56e37f84c 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -165,7 +165,7 @@ bridge: allow_user_invite: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}" # End-to-bridge encryption support options. This requires login_shared_secret to be configured # in order to get a device for the bridge bot. diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5acc1ec7c..22d7fda67 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -17,6 +17,8 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" +matrix_mautrix_facebook_command_prefix: "!fb" + # Whether or not the public-facing endpoints should be enabled (web-based login) matrix_mautrix_facebook_appservice_public_enabled: true diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index f1d59b1ad..4b27e66a4 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -86,7 +86,7 @@ bridge: - first_name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" + command_prefix: "{{ matrix_mautrix_facebook_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index d0d90614b..2077d210d 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_ur matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080' +matrix_mautrix_googlechat_command_prefix: "!gc" + # Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 864e3e1b1..ad86219cb 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_googlechat_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index f4f67a587..31fec1005 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' +matrix_mautrix_hangouts_command_prefix: "!HO" + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index d207681e8..6dca06ff5 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_hangouts_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a227b0856..79ff1bf0f 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330' +matrix_mautrix_instagram_command_prefix: "!ig" + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 99ceee0e0..11b1d9977 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -176,7 +176,7 @@ bridge: unimportant_bridge_notices: true # The prefix for commands. Only required in non-management rooms. - command_prefix: "!ig" + command_prefix: "{{ matrix_mautrix_instagram_command_prefix }}" # Permissions for using the bridge. # Permitted values: # user - Use the bridge with puppeting. diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index d35e12afe..4375c422e 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -30,6 +30,8 @@ matrix_mautrix_signal_homeserver_address: '' matrix_mautrix_signal_homeserver_domain: '' matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' +matrix_mautrix_signal_command_prefix: "!signal" + # Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0044a0fc8..f0644ee26 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -197,7 +197,7 @@ bridge: shared_secret: generate # The prefix for commands. Only required in non-management rooms. - command_prefix: "!signal" + command_prefix: "{{ matrix_mautrix_signal_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 4708266a8..e3ee2fe95 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config" matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data" +matrix_mautrix_telegram_command_prefix: "!tg" + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 276bd4619..19bacbde8 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -276,7 +276,7 @@ bridge: list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tg" + command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b32f57ef0..291bd6a55 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url } matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' +matrix_mautrix_twitter_command_prefix: "!tw" + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f9bc89417..b59864f11 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -163,7 +163,7 @@ bridge: resend_bridge_info: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tw" + command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6e95eeb7c..ef5d10656 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" +matrix_mautrix_whatsapp_command_prefix: "!wa" + # A list of extra arguments to pass to the container matrix_mautrix_whatsapp_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b9862e948..544e10ad2 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -139,7 +139,7 @@ bridge: federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. From 5a0e977df84064d6c91b9fa308f5df6d6e1f7187 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Jul 2022 09:46:26 +0300 Subject: [PATCH 211/381] Announce ntfy role --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2779b3698..65e57a7f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-05 + +## Ntfy push notifications support + +Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you. + +See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started. + + # 2022-06-23 ## (Potential Backward Compatibility Break) Changes around metrics collection @@ -26,7 +35,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). -**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 From 95fd21552118093585fa9284801aa14d30be439b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:11:52 +0000 Subject: [PATCH 212/381] Update element 1.10.15 -> 1.11.0 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 083621f2f..aacc2f11f 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.15 +matrix_client_element_version: v1.11.0 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From fe347c85d9a4f6396c391a92ba0e181610a58321 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:20:48 +0000 Subject: [PATCH 213/381] Update Synapse 1.61.1 -> 1.62.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 43ee9e579..1925ffc29 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.1 +matrix_synapse_version: v1.62.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 90269092bf47604dce572c42bc7ea0fe1e06e982 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 6 Jul 2022 11:57:24 +0200 Subject: [PATCH 214/381] signald: 0.18.5 -> 0.20.0 https://gitlab.com/signald/signald/-/blob/main/releases/0.19.0.md https://gitlab.com/signald/signald/-/blob/main/releases/0.19.1.md https://gitlab.com/signald/signald/-/blob/main/releases/0.20.0.md --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 4375c422e..6b0f41d72 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.5 +matrix_mautrix_signal_daemon_version: 0.20.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 95959ff20b6d0062f7f29c0b3992dad963aee2b2 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Wed, 6 Jul 2022 20:54:03 -0800 Subject: [PATCH 215/381] Changed whatsapp logging variable name to match (#1920) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1912 Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 8 ++++---- .../tasks/validate_config.yml | 10 ++++++++++ .../templates/config.yaml.j2 | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index ef5d10656..e0af254d0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -39,6 +39,10 @@ matrix_mautrix_whatsapp_homeserver_token: '' matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_whatsapp_logging_level: 'warn' + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_whatsapp_federate_rooms: true @@ -130,7 +134,3 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" - -# Minimum severity of journal log messages. -# Options: debug, info, warn, error, fatal -matrix_mautrix_whatsapp_log_level: 'warn' diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index c983c4cce..9b0a725c9 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -8,3 +8,13 @@ with_items: - "matrix_mautrix_whatsapp_appservice_token" - "matrix_mautrix_whatsapp_homeserver_token" + + +- name: (Deprecation) Catch and report renamed settings + fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_mautrix_whatsapp_log_level', 'new': 'matrix_mautrix_whatsapp_logging_level'} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 544e10ad2..81be5d80f 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -224,4 +224,4 @@ logging: timestamp_format: "Jan _2, 2006 15:04:05" # Minimum severity for log messages. # Options: debug, info, warn, error, fatal - print_level: {{ matrix_mautrix_whatsapp_log_level }} + print_level: {{ matrix_mautrix_whatsapp_logging_level }} From b6223a792648ad999d8569558b92226aa703950f Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 5 Jul 2022 21:00:55 +0100 Subject: [PATCH 216/381] matrix-ntfy: list in playbook's README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1d58eed01..4347b1280 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation +- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation + - (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation From 25b343c8c8da5aa695bb0dc7c197fe866e27b65e Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 5 Jul 2022 21:11:15 +0100 Subject: [PATCH 217/381] matrix-ntfy: without nginx, bind to 127.0.0.1:2586 --- group_vars/matrix_servers | 2 ++ .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 +- roles/matrix-ntfy/defaults/main.yml | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1c30405dd..25d0a0e13 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1973,6 +1973,8 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable matrix_ntfy_enabled: false +matrix_ntfy_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:2586' }}" + ###################################################################### # # /matrix-ntfy diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index e095e7213..988b3b355 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -25,7 +25,7 @@ proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:80; + proxy_pass http://127.0.0.1:2586; {% endif %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 4f0e2e55d..d5fc3fbad 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -12,9 +12,9 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Public facing base URL of the ntfy service matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" -# Controls whether the container exposes its HTTP port (tcp/8080 in the container). +# Controls whether the container exposes its HTTP port (tcp/80 in the container). # -# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. +# Takes an ":" or "" value (e.g. "127.0.0.1:2586"), or empty string to not expose. matrix_ntfy_container_http_host_bind_port: '' # A list of extra arguments to pass to the container (`docker run` command) From 9ea0879a637a761d5c8c77656204c0d0d536d1be Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Wed, 6 Jul 2022 14:03:43 +0100 Subject: [PATCH 218/381] matrix-ntfy: document ntfy & schildichat app settings --- docs/configuring-playbook-ntfy.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 56c859f30..fb23ee693 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -41,9 +41,28 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.) +To make use of your ntfy installation, on Android for example, you need two things: -Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app. +* the `ntfy` app +* a UnifiedPush-compatible matrix app + +You need to install the `ntfy` app on each device on which you want to receive push notifications through your ntfy server. The `ntfy` app will provide UnifiedPush notifications to any number of UnifiedPush-compatible messaging apps installed on the same device. + +### Setting up the `ntfy` Android app + +1. Install the [ntfy Android app](https://ntfy.sh/docs/subscribe/phone/) from F-droid or Google Play. +2. In its Settings -> `General: Default server`, enter your ntfy server URL, such as `https://ntfy.DOMAIN`. +3. In its Settings -> `Advanced: Connection protocol`, choose `WebSockets`. + +That is all you need to do in the ntfy app. It has many other features, but for our purposes you can ignore them. In particular you do not need to follow any instructions about subscribing to a notification topic as UnifiedPush will do that automatically. + +### Setting up a UnifiedPush-compatible matrix app + +Install any UnifiedPush-enabled matrix app on that same device. The matrix app will learn from the `ntfy` app that you have configured UnifiedPush on this device, and then it will tell your matrix server to use it. + +Steps needed for specific matrix apps: + +* SchildiChat: enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`. If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". From 5bcf83628368a1f94407a3bda33e1088a43a920b Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 8 Jul 2022 13:18:30 +0100 Subject: [PATCH 219/381] matrix-ntfy: more detailed usage docs for SchildiChat --- docs/configuring-playbook-ntfy.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index fb23ee693..57dfb3b28 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -62,7 +62,16 @@ Install any UnifiedPush-enabled matrix app on that same device. The matrix app w Steps needed for specific matrix apps: -* SchildiChat: enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`. +* FluffyChat-android: + - Should auto-detect and use it. No manual settings. + +* SchildiChat-android: + 1. enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`. + 2. choose `Settings` -> `Notifications` -> `UnifiedPush: Re-register push distributor`. *(For info, a more complex alternative to achieve the same is: delete the relevant unifiedpush registration in `ntfy` app, force-close SchildiChat, re-open it.)* + 3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section. + +* Element-android v1.4.26+: + - [not yet documented; should auto-detect and use it?] If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". @@ -75,7 +84,9 @@ First check that the matrix client app you are using supports UnifiedPush. There Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`. -To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL. +To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. + +In the "Notification Targets" screen in Element-Android or SchildiChat, two relevant URLs are shown, "push\_key" and "Url", and both should begin with your ntfy server's URL. If "push\_key" shows your server but "Url" shows an external server such as `up.schildi.chat` then push notifications will still work but are being routed through that external server before they reach your ntfy server. To rectify that, in SchildiChat (at least around version 1.4.20.sc55) you must enable the `Force custom push gateway` setting as described in the "Usage" section above. If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app. From b5c7fd6051a2d109725d52352841efbdda2d3647 Mon Sep 17 00:00:00 2001 From: Chirayu Desai <952062+chirayudesai@users.noreply.github.com> Date: Fri, 8 Jul 2022 19:26:35 +0530 Subject: [PATCH 220/381] mjolnir: v1.5.0 https://github.com/matrix-org/mjolnir/releases/tag/v1.5.0 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index dd2483794..714cd0d36 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.4.2" +matrix_bot_mjolnir_version: "v1.5.0" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 87f437968d87d94e32ff8df1552a274172076b51 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 8 Jul 2022 07:06:37 -0800 Subject: [PATCH 221/381] Creating generic mautrix bridge doc (#1912) * Creating generic mautrix bridge doc Not a huge fan of how it turned out at all, not sure how to make it better. * Rename configuring-playbook-bridge-mautrix-Generic.md to configuring-playbook-bridges.md * accepting suggested edits after rename mess * Adding log level configuration * Update docs/configuring-playbook-bridges.md Co-authored-by: Slavi Pantaleev * Rename configuring-playbook-bridges.md to configuring-playbook-mautrix-bridges.md Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- docs/configuring-playbook-mautrix-bridges.md | 111 +++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 docs/configuring-playbook-mautrix-bridges.md diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md new file mode 100644 index 000000000..1cd76f963 --- /dev/null +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -0,0 +1,111 @@ +# Setting up a Generic Mautrix Bridge (optional) + +The playbook can install and configure various [mautrix](https://github.com/mautrix) bridges (twitter, facebook, instagram, signal, hangouts, googlechat, etc.), as well as many other (non-mautrix) bridges. +This is a common guide for configuring mautrix bridges. + +You can see each bridge's features at in the `ROADMAP.md` file in its corresponding [mautrix](https://github.com/mautrix) repository. + +To enable a bridge add: + + +```yaml +# Replace SERVICENAME with one of: twitter, facebook, instagram, .. +matrix_mautrix_SERVICENAME_enabled: true +``` + +to your `vars.yml` + +There are some additional things you may wish to configure about the bridge before you continue. Each bridge may have additional requirements besides `_enabled: true`. For example, the mautrix-telegram bridge (our documentation page about it is [here](configuring-playbook-bridge-mautrix-telegram.md)) requires the `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash` variables to be defined. Refer to each bridge's individual documentation page for details about enabling bridges. + +You can add + +```yaml +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" +``` +to `vars.yml` to **configure a user as an administrator for all bridges**. +**Alternatively** (more verbose, but allows multiple admins to be configured), you can do the same on a per-bridge basis with: + +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin +``` + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + + +You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this: + +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +## Setting the bot's username + +```yaml +matrix_mautrix_SERVICENAME_appservice_bot_username: "BOTNAME" +``` + +Can be used to set the username for the bridge. + +## Discovering additional configuration options + +You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure. + + +## Set up Double Puppeting + +To set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) + +please do so automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook by adding + +```yaml +matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true +matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE +``` + +You should generate a strong shared secret with a command like this: pwgen -s 64 1 + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +## Controlling the logging level + +```yaml +matrix_mautrix_SERVICENAME_logging_level: WARN +``` + +to `vars.yml` to control the logging level, where you may replace WARN with one of the following to control the verbosity of the logs generated: TRACE, DEBUG, INFO, WARN, ERROR, or FATAL. + +If you have issues with a service, and are requesting support, the higher levels of logging will generally be more helpful. + + +## Usage + +You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html . + +If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. + + + +## Troubleshooting + +For troubleshooting information with a specific bridge, please see the playbook documentation about it (some other document in in `docs/`) and the upstream ([mautrix](https://github.com/mautrix)) bridge documentation for that specific bridge. +Reporting bridge bugs should happen upstream, in the corresponding mautrix repository, not to us. From 59806ec3ea6287e2bbe896e8aa161f7f77d9c5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:25:35 +0200 Subject: [PATCH 222/381] Fix typo in variable name --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 210fb1939..d15a451fa 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,7 +17,7 @@ matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true -matrix_bot_database_uri: 'sqlite:///data/maubot.db' +matrix_bot_maubot_database_uri: 'sqlite:////data/maubot.db' matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' From 07cfd3ba090f301bf9cff48870424507af76ea4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:39:23 +0200 Subject: [PATCH 223/381] Use custom invocation instead of provided script --- roles/matrix-bot-maubot/tasks/setup_install.yml | 3 +++ .../templates/systemd/matrix-bot-maubot.service.j2 | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 6d9aec87e..de47ecd4e 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -10,6 +10,9 @@ with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true } + - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true } + - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true } - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} when: "item.when|bool" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index df66d321d..cde18e4dc 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -29,7 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% if matrix_bot_maubot_expose_management_interface|bool %} -p {{ matrix_bot_maubot_port }}:29316 \ {% endif %} - {{ matrix_bot_maubot_docker_image }} + {{ matrix_bot_maubot_docker_image }} \ + python3 -m maubot -c /data/config.yaml ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From 4ab516fca8cc3747df2f82e5be6e702f7fe95ed7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:42:18 +0200 Subject: [PATCH 224/381] Fix linter --- roles/matrix-bot-maubot/tasks/setup_install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index de47ecd4e..56d8c6a88 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -10,9 +10,9 @@ with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true } - - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true } - - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true } + - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true} - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} when: "item.when|bool" From 9ee5785704aa8a12a83b4e2cfcd650785b6e4aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:44:11 +0200 Subject: [PATCH 225/381] Add postgres to service dependencies --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1705bdebb..4cc380df6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1075,6 +1075,8 @@ matrix_bot_maubot_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} From 135096e53a155a9eb9f68b9c43d7306ec94acb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:55:49 +0200 Subject: [PATCH 226/381] Add defaults --- group_vars/matrix_servers | 9 +++++++++ roles/matrix-bot-maubot/defaults/main.yml | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4cc380df6..be09c7bae 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1088,6 +1088,9 @@ matrix_bot_maubot_registration_shared_secret: |- }[matrix_homeserver_implementation] }} +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" ###################################################################### # @@ -1805,6 +1808,12 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_maubot_database_name, + 'username': matrix_bot_maubot_database_username, + 'password': matrix_bot_maubot_database_password, + }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_bot_buscarron_database_name, 'username': matrix_bot_buscarron_database_username, diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index d15a451fa..294cd8684 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,7 +17,16 @@ matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true -matrix_bot_maubot_database_uri: 'sqlite:////data/maubot.db' +matrix_bot_maubot_database_engine: sqlite +matrix_bot_maubot_sqlite_database_path_local: "{{ matrix_bot_maubot_data_path }}/maubot.db" +matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db" + +matrix_bot_maubot_database_username: matrix_bot_maubot +matrix_bot_maubot_database_password: ~ +matrix_bot_maubot_database_hostname: 'matrix-postgres' +matrix_bot_maubot_database_port: 5432 +matrix_bot_maubot_database_name: matrix_bot_maubot + matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' From a842e9cd1d71be6ef4b23ec5a2b9c52405baaecd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 13:00:17 +0200 Subject: [PATCH 227/381] Fix uninstall (did not remove service) --- roles/matrix-bot-maubot/tasks/setup_uninstall.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index c9dea82a1..0346b7e7c 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -5,22 +5,22 @@ path: "{{ matrix_systemd_path }}/matrix-maubot.service" register: matrix_bot_maubot_service_stat -- name: Ensure matrix-maubot is stopped +- name: Ensure matrix-bot-maubot is stopped service: - name: matrix-maubot + name: matrix-bot-maubot state: stopped enabled: false daemon_reload: true register: stopping_result when: "matrix_bot_maubot_service_stat.stat.exists|bool" -- name: Ensure matrix-maubot.service doesn't exist +- name: Ensure matrix-bot-maubot.service doesn't exist file: - path: "{{ matrix_systemd_path }}/matrix-maubot.service" + path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" state: absent when: "matrix_bot_maubot_service_stat.stat.exists|bool" -- name: Ensure systemd reloaded after matrix-maubot.service removal +- name: Ensure systemd reloaded after matrix-bot-maubot.service removal service: daemon_reload: true when: "matrix_bot_maubot_service_stat.stat.exists|bool" From bcd7ec714b4817bf1a3bde5eac48f9f2418b51c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 13:00:28 +0200 Subject: [PATCH 228/381] Add postgres configuration --- roles/matrix-bot-maubot/defaults/main.yml | 1 + .../templates/config/config.yaml.j2 | 24 +++---------------- 2 files changed, 4 insertions(+), 21 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 294cd8684..21a7a2ec1 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -26,6 +26,7 @@ matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot +matrix_bot_maubot_database_uri: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index aa9a2045f..157d76c34 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -6,9 +6,8 @@ database: {{ matrix_bot_maubot_database_uri|to_json }} # Separate database URL for the crypto database. "default" means use the same database as above. -crypto_database: - type: default - postgres_uri: {{ matrix_bot_maubot_database_uri|to_json }} +crypto_database: + type: default # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool @@ -28,24 +27,7 @@ plugin_directories: # Configuration for storing plugin databases plugin_databases: - # The directory where SQLite plugin databases should be stored. - sqlite: /data/dbs - # The connection URL for plugin databases. If null, all plugins will get SQLite databases. - # If set, plugins using the new asyncpg interface will get a Postgres connection instead. - # Plugins using the legacy SQLAlchemy interface will always get a SQLite connection. - # - # To use the same connection pool as the default database, set to "default" - # (the default database above must be postgres to do this). - # - # When enabled, maubot will create separate Postgres schemas in the database for each plugin. - # To view schemas in psql, use `\dn`. To view enter and interact with a specific schema, - # use `SET search_path = name` (where `name` is the name found with `\dn`) and then use normal - # SQL queries/psql commands. - postgres: - # Maximum number of connections per plugin instance. - postgres_max_conns_per_plugin: 3 - # Overrides for the default database_opts when using a non-"default" postgres connection string. - postgres_opts: {} + type: default server: # The IP and port to listen to. From 05c1333ebb8ff1c7863ff00edb9348c42e15c024 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 13:44:41 +0200 Subject: [PATCH 229/381] Restrict permissions of container --- .../templates/systemd/matrix-bot-maubot.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index cde18e4dc..b01139d2d 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -18,9 +18,9 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ - -e UID={{ matrix_user_uid }} \ - -e GID={{ matrix_user_gid }} \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ + --cap-drop=ALL \ -v {{ matrix_bot_maubot_data_path }}:/data:z \ {% for arg in matrix_bot_maubot_container_extra_arguments %} {{ arg }} \ From f64c1329271d52cbb1b9d7a2ea60c82b19a56460 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 09:51:27 +0200 Subject: [PATCH 230/381] Make database switchable --- roles/matrix-bot-maubot/defaults/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 21a7a2ec1..50e10bfd2 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -26,7 +26,15 @@ matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot -matrix_bot_maubot_database_uri: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' + +matrix_bot_maubot_database_connection_string: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' + +matrix_bot_maubot_database_uri: "{{ + { + 'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container), + 'postgres': matrix_bot_maubot_database_connection_string, + }[matrix_bot_maubot_database_engine] + }}" matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' From 27b1835ed47af91b253ab3d399b030a833641cf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 10:06:17 +0200 Subject: [PATCH 231/381] Fix uninstall (for real this time) --- roles/matrix-bot-maubot/tasks/setup_uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index 0346b7e7c..f1d2fca26 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-maubot service stat: - path: "{{ matrix_systemd_path }}/matrix-maubot.service" + path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" register: matrix_bot_maubot_service_stat - name: Ensure matrix-bot-maubot is stopped From 2e15bd85ea3e61090598ad6ae9c1d8a4b6eaac20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 10:09:55 +0200 Subject: [PATCH 232/381] Rename with addition "unshared" --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- roles/matrix-bot-maubot/tasks/validate_config.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 50e10bfd2..a003e65df 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -37,7 +37,7 @@ matrix_bot_maubot_database_uri: "{{ }}" matrix_bot_maubot_port: 29316 -matrix_bot_maubot_secret: 'generate' +matrix_bot_maubot_unshared_secret: 'generate' # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] diff --git a/roles/matrix-bot-maubot/tasks/validate_config.yml b/roles/matrix-bot-maubot/tasks/validate_config.yml index 6c9871e17..18070160a 100644 --- a/roles/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/matrix-bot-maubot/tasks/validate_config.yml @@ -6,5 +6,5 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: - - matrix_bot_maubot_secret + - matrix_bot_maubot_unshared_secret - matrix_bot_maubot_admins diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 157d76c34..3c844be39 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -48,7 +48,7 @@ server: appservice_base_path: /_matrix/app/v1 # The shared secret to sign API access tokens. # Set to "generate" to generate and save a new token at startup. - unshared_secret: {{ matrix_bot_maubot_secret|to_json }} + unshared_secret: {{ matrix_bot_maubot_unshared_secret|to_json }} # Known homeservers. This is required for the `mbc auth` command and also allows # more convenient access from the management UI. This is not required to create From 07fdb09f69e51f46c0d1dff080f108dcc3f5bc17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 10:10:30 +0200 Subject: [PATCH 233/381] Rename with addition "url" --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index a003e65df..937320216 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -13,7 +13,7 @@ matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" -matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_bot_server_public_url: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 3c844be39..559dc02ce 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -34,7 +34,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_bot_maubot_bot_server_public }} + public_url: {{ matrix_bot_maubot_bot_server_public_url }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. From e62632bf5dc1544994cf7c5ac6bfdeb1f51b952e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 11:04:49 +0200 Subject: [PATCH 234/381] Change from spaces to tabs --- .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index b01139d2d..4ba1ac5d0 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -18,7 +18,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ --cap-drop=ALL \ -v {{ matrix_bot_maubot_data_path }}:/data:z \ From ffa20357ea7dd1e703f6caca70a747de1f4999c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 13:33:29 +0200 Subject: [PATCH 235/381] Use http_bin_port and make networking clearer --- roles/matrix-bot-maubot/defaults/main.yml | 14 ++++++++++++++ roles/matrix-bot-maubot/tasks/setup_install.yml | 2 +- .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 937320216..d5be023f9 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -36,6 +36,20 @@ matrix_bot_maubot_database_uri: "{{ }[matrix_bot_maubot_database_engine] }}" + +# Defines the port number where the management interface is +# To actually expose the management interface outside of the container, use `matrix_bot_maubot_management_interface_http_bind_port` +matrix_bot_maubot_management_interface_port: 29316 + +# Controls whether the maubot container exposes its HTTP management interface port (tcp/29316 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:29316"), or empty string to not expose. +# If you'll be setting this at all, it should be defined in terms of `matrix_bot_maubot_management_interface_port`. +# Example: +# matrix_bot_maubot_management_interface_http_bind_port: "127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}" +matrix_bot_maubot_management_interface_http_bind_port: '' + + matrix_bot_maubot_port: 29316 matrix_bot_maubot_unshared_secret: 'generate' diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 56d8c6a88..b4b03165b 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -37,7 +37,7 @@ proxy_set_header Connection "upgrade"; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; {% endif %} diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 4ba1ac5d0..497c25a6b 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -27,7 +27,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_expose_management_interface|bool %} - -p {{ matrix_bot_maubot_port }}:29316 \ + -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /data/config.yaml From acf53f604baa7b99aee601a7a16808f3ed77d79b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 14:48:00 +0200 Subject: [PATCH 236/381] Fix homserver configuration url --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 559dc02ce..d542fe914 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -57,7 +57,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: {{ matrix_server_fqn_matrix }} + url: "https://{{ matrix_server_fqn_matrix }}" # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. From 29b336f0a8648b8f79abe624345812742b64a302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 11 Jul 2022 13:28:23 +0200 Subject: [PATCH 237/381] Add docs Unrelated to the original branch I added the matrix-registration bot as it was missing in the readme --- README.md | 4 ++++ docs/configuring-playbook.md | 2 ++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 26f109404..f32b82335 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,10 @@ Using this playbook, you can get the following services configured on your serve - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation +- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation + +- (optional) [matrix-maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-matrix-maubot.md](docs/configuring-playbook-bot-matrix-maubot.md) for setup documentation + - (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3bfb01bdc..bba1b2e96 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -149,6 +149,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) +- [Setting up maubot](configuring-playbook-bot-maubot.md) - a plugin-based Matrix bot system (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) From da24f8ec8551811b287c5855a0c20aaaa02e59d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Jul 2022 16:37:46 +0000 Subject: [PATCH 238/381] Bump frenck/action-yamllint from 1.1.2 to 1.2.0 Bumps [frenck/action-yamllint](https://github.com/frenck/action-yamllint) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/frenck/action-yamllint/releases) - [Commits](https://github.com/frenck/action-yamllint/compare/v1.1.2...v1.2.0) --- updated-dependencies: - dependency-name: frenck/action-yamllint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index f58fe75f9..2d9cd667c 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,4 +13,4 @@ jobs: - name: ⤵️ Check out configuration from GitHub uses: actions/checkout@v3 - name: 🚀 Run yamllint - uses: frenck/action-yamllint@v1.1.2 + uses: frenck/action-yamllint@v1.2.0 From 3b85a9a9943c9e0d846c1ecaaf3c35caf407a468 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 Jul 2022 20:25:32 +0300 Subject: [PATCH 239/381] Upgrade hookshot (1.7.3 -> 1.8.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 5d618a6ea..abe266682 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.7.3 +matrix_hookshot_version: 1.8.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 1ffc0d963b5089b10dbbcf21140b1b56003c9294 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 12 Jul 2022 01:15:12 +0200 Subject: [PATCH 240/381] Add maubot configuration docs --- docs/configuring-playbook-bot-maubot.md | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 docs/configuring-playbook-bot-maubot.md diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md new file mode 100644 index 000000000..1fbe8d173 --- /dev/null +++ b/docs/configuring-playbook-bot-maubot.md @@ -0,0 +1,62 @@ +# Setting up maubot (optional) + +The playbook can install and configure [maubot](https://github.com/maubot/maubot) for you. + +After setting up maubot, you can use the web management interface to make it do things. +The default location of the management interface is `matrix./_matrix/maubot/` + +See the project's [documentation](https://docs.mau.fi/maubot/usage/basic.html) to learn what it +does and why it might be useful to you. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_maubot_enabled: true +matrix_bot_maubot_admins: + - yourusername: securepassword +``` + +You can add multiple admins. + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + +## Usage + +You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. +To add a client you first need to create an account and obtain a valid access token. + +## Registering the bot user + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +## Obtaining an admin access token + +This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)) or by logging into Element/Schildichat with the bot account +(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom. +You can expand "Access token" to copy it. + +![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) + +**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. + + + + + + + From 6b7191c9393fe74d9a10455731584c2e689a212b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 12 Jul 2022 01:22:20 +0200 Subject: [PATCH 241/381] Fix tabs issue for real --- .../systemd/matrix-bot-maubot.service.j2 | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 497c25a6b..594356676 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -17,20 +17,20 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --read-only \ - --cap-drop=ALL \ - -v {{ matrix_bot_maubot_data_path }}:/data:z \ - {% for arg in matrix_bot_maubot_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_bot_maubot_expose_management_interface|bool %} - -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ - {% endif %} - {{ matrix_bot_maubot_docker_image }} \ - python3 -m maubot -c /data/config.yaml + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --cap-drop=ALL \ + -v {{ matrix_bot_maubot_data_path }}:/data:z \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_bot_maubot_expose_management_interface|bool %} + -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ + {% endif %} + {{ matrix_bot_maubot_docker_image }} \ + python3 -m maubot -c /data/config.yaml ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From e4caf3fa814c361f6e018b139a577b1238e97c0b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Jul 2022 11:35:38 +0300 Subject: [PATCH 242/381] Add note about signald (0.19.0+) upgrade Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921 --- CHANGELOG.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65e57a7f6..184476fe2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,37 @@ +# 2022-07-14 + +## mautrix-signal upgrade requires manual data migration + +In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`. + +Back in the `v0.19.0` released of signald (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem). + +If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded using a `--migrate-data` command when you're upgrading mautrix-signal and signald. + +We don't have a test setup running signald with actual data in it, so we're not sure what the best way to upgrade is. You could try the following steps: + +1. Update the playbook's source code +2. Do a full install (update), but tell Ansible to stop all services (note the `stop` tag): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,stop` +3. Start Postgres manually by running this **on the server**: `systemctl start matrix-postgres` +4. Run the following migration command **on the server**: + +```sh +/usr/bin/env docker run --rm --name matrix-mautrix-signal-daemon \ +--log-driver=none \ +--user=997:1002 \ +--cap-drop=ALL \ +--network=matrix \ +-v /matrix/mautrix-signal/signald:/signald:z \ +docker.io/signald/signald:0.20.0 \ +--migrate-data +``` + +If you're doing this upgrade in the future, you may need to adjust the Signald version in the command above to match the up-to-date value of `matrix_mautrix_signal_daemon_version`, as seen in `roles/matrix-bridge-mautrix-signal/defaults/main.yml`. As of 2022-07-14, the signald version is `v0.20.0` + +5. Start all services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` +6. Tell us how this upgrade went in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) + + # 2022-07-05 ## Ntfy push notifications support From a1d0b584710934df10a6d68f5545f6a47f29a610 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Jul 2022 11:50:18 +0300 Subject: [PATCH 243/381] Try to do the signald (0.19.0) data migration automatically Improvement over e4caf3fa814c361f6. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921 --- CHANGELOG.md | 29 ++++--------------- .../matrix-mautrix-signal-daemon.service.j2 | 10 +++++++ 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 184476fe2..6e528bcf0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,35 +1,16 @@ # 2022-07-14 -## mautrix-signal upgrade requires manual data migration +## signald (0.19.0+) upgrade requires data migration In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`. -Back in the `v0.19.0` released of signald (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem). +Back in the [`v0.19.0` released of signald](https://gitlab.com/signald/signald/-/blob/main/releases/0.19.0.md) (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem). -If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded using a `--migrate-data` command when you're upgrading mautrix-signal and signald. +If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded. -We don't have a test setup running signald with actual data in it, so we're not sure what the best way to upgrade is. You could try the following steps: +We attempt to do this data migration automatically every time Signald starts (`matrix-mautrix-signal-daemon.service`) using a `ExecStartPre` systemd unit definition. -1. Update the playbook's source code -2. Do a full install (update), but tell Ansible to stop all services (note the `stop` tag): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,stop` -3. Start Postgres manually by running this **on the server**: `systemctl start matrix-postgres` -4. Run the following migration command **on the server**: - -```sh -/usr/bin/env docker run --rm --name matrix-mautrix-signal-daemon \ ---log-driver=none \ ---user=997:1002 \ ---cap-drop=ALL \ ---network=matrix \ --v /matrix/mautrix-signal/signald:/signald:z \ -docker.io/signald/signald:0.20.0 \ ---migrate-data -``` - -If you're doing this upgrade in the future, you may need to adjust the Signald version in the command above to match the up-to-date value of `matrix_mautrix_signal_daemon_version`, as seen in `roles/matrix-bridge-mautrix-signal/defaults/main.yml`. As of 2022-07-14, the signald version is `v0.20.0` - -5. Start all services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` -6. Tell us how this upgrade went in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) +Keep an eye on your Signal bridge and let us know (in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921)) if you experience any trouble! # 2022-07-05 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 0ee05d7d7..d6be37e98 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -21,6 +21,16 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 +# Migration task required by the 0.19.0 upgrade +ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ + {{ matrix_mautrix_signal_daemon_docker_image }} \ + --migrate-data + # We can't use `--read-only` for this bridge. ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ From e94ec75e1a38db92a7437dda0b05d9bff1aa2efb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 14 Jul 2022 16:57:59 +0300 Subject: [PATCH 244/381] Remove matrix-bridge-mx-puppet-skype role --- CHANGELOG.md | 17 +++ README.md | 2 - ...iguring-playbook-bridge-mx-puppet-skype.md | 31 +--- docs/configuring-playbook.md | 2 +- docs/container-images.md | 2 - docs/self-building.md | 1 - group_vars/matrix_servers | 44 ------ roles/matrix-base/tasks/sanity_check.yml | 10 ++ .../defaults/main.yml | 112 --------------- .../tasks/init.yml | 28 ---- .../tasks/main.yml | 23 --- .../tasks/setup_install.yml | 135 ------------------ .../tasks/setup_uninstall.yml | 25 ---- .../tasks/validate_config.yml | 10 -- .../templates/config.yaml.j2 | 118 --------------- .../systemd/matrix-mx-puppet-skype.service.j2 | 43 ------ setup.yml | 1 - 17 files changed, 30 insertions(+), 574 deletions(-) delete mode 100644 roles/matrix-bridge-mx-puppet-skype/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e528bcf0..c8d31abae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # 2022-07-14 +## mx-puppet-skype removal + +The playbook no longer includes the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge, because it has been broken and unmaintaned for a long time. Users that have `matrix_mx_puppet_skype_enabled` in their configuration files will encounter an error when running the playbook until they remove references to this bridge from their configuration. + +To completely clean up your server from `mx-puppet-skype`'s presence on it: + +- ensure your Ansible configuration (`vars.yml` file) no longer contains `matrix_mx_puppet_skype_*` references +- stop and disable the systemd service (run `systemctl disable --now matrix-mx-puppet-skype` on the server) +- delete the systemd service (run `rm /etc/systemd/system/matrix-mx-puppet-skype.service` on the server) +- delete `/matrix/mx-puppet-skype` (run `rm -rf /matrix/mx-puppet-skype` on the server) +- drop the `matrix_mx_puppet_skype` database (run `/usr/local/bin/matrix-postgres-cli` on the server, and execute the `DROP DATABASE matrix_mx_puppet_skype;` query there) + +If you still need bridging to [Skype](https://www.skype.com/), consider switching to [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) instead. See [Setting up Go Skype Bridge bridging](docs/configuring-playbook-bridge-go-skype-bridge.md). + +If you think this is a mistake and `mx-puppet-skype` works for you (or you get it to work somehow), let us know and we may reconsider this removal. + + ## signald (0.19.0+) upgrade requires data migration In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`. diff --git a/README.md b/README.md index 4347b1280..251df0436 100644 --- a/README.md +++ b/README.md @@ -79,8 +79,6 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation -- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation - - (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation diff --git a/docs/configuring-playbook-bridge-mx-puppet-skype.md b/docs/configuring-playbook-bridge-mx-puppet-skype.md index ff4e636ee..c80b1af82 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-skype.md +++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md @@ -1,32 +1,5 @@ # Setting up MX Puppet Skype (optional) -**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this. +The playbook used to be able to install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype), but no longer includes this component, because it has been broken and unmaintaned for a long time. -The playbook can install and configure -[mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you. - -See the project page to learn what it does and why it might be useful to you. - -To enable the [Skype](https://www.skype.com/) bridge just use the following -playbook configuration: - - -```yaml -matrix_mx_puppet_skype_enabled: true -``` - - -## Usage - -Once the bot is enabled you need to start a chat with `Skype Puppet Bridge` with -the handle `@_skypepuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base -domain, not the `matrix.` domain). - -Send `link ` to the bridge bot to link your skype account. - -Once logged in, send `list` to the bot user to list the available rooms. - -Clicking rooms in the list will result in you receiving an invitation to the -bridged room. - -Also send `help` to the bot to see the commands available. +Bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index f71a23f5c..c7804d395 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative +- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) instead - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index 25005d5ac..a587d932f 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -68,8 +68,6 @@ These services are not part of our default installation, but can be enabled by [ - [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) (optional) -- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional) - - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional) - [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional) diff --git a/docs/self-building.md b/docs/self-building.md index 9cb5bf2a5..ab6e17d3a 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -33,7 +33,6 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-telegram` - `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-whatsapp` -- `matrix-bridge-mx-puppet-skype` - `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` - `matrix-bot-honoroit` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 25d0a0e13..221662c5d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -729,44 +729,6 @@ matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else # ###################################################################### -###################################################################### -# -# matrix-bridge-mx-puppet-skype -# -###################################################################### - -# We don't enable bridges by default. -matrix_mx_puppet_skype_enabled: false - -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" - -matrix_mx_puppet_skype_systemd_required_services_list: | - {{ - ['docker.service'] - + - ['matrix-' + matrix_homeserver_implementation + '.service'] - + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) - + - (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) - }} - -matrix_mx_puppet_skype_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.tok') | to_uuid }}" - -matrix_mx_puppet_skype_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.tok') | to_uuid }}" - -matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" - -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}" - -###################################################################### -# -# /matrix-bridge-mx-puppet-skype -# -###################################################################### - ###################################################################### # @@ -1863,12 +1825,6 @@ matrix_postgres_additional_databases: | 'password': matrix_mautrix_whatsapp_database_password, }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else []) + - ([{ - 'name': matrix_mx_puppet_skype_database_name, - 'username': matrix_mx_puppet_skype_database_username, - 'password': matrix_mx_puppet_skype_database_password, - }] if (matrix_mx_puppet_skype_enabled and matrix_mx_puppet_skype_database_engine == 'postgres' and matrix_mx_puppet_skype_database_hostname == 'matrix-postgres') else []) - + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index f78510d77..98fa2738f 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -79,3 +79,13 @@ when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or (ansible_architecture.startswith("armv") and matrix_architecture != "arm32") + +- name: Fail if encountering usage of removed role (mx-puppet-skype) + fail: + msg: >- + Your configuration seems to include a reference to `matrix_mx_puppet_skype_enabled`. Are you trying to install the mx-puppet-skype bridge? + The playbook no longer includes a role for installing mx-puppet-skype, because the mx-puppet-bridge is unmaintained and has been reported as broken for a long time. + To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration. + To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal. + If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`. + when: "'matrix_mx_puppet_skype_enabled' in vars" diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml deleted file mode 100644 index 905e50863..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -# Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-skype - -matrix_mx_puppet_skype_enabled: true - -matrix_mx_puppet_skype_container_image_self_build: false -matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git" - -matrix_mx_puppet_skype_version: latest -matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:{{ matrix_mx_puppet_skype_version }}" -matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_skype_base_path: "{{ matrix_base_data_path }}/mx-puppet-skype" -matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/config" -matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data" -matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src" - -matrix_mx_puppet_skype_appservice_port: "8438" - -matrix_mx_puppet_skype_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_skype_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_skype_provisioning_blacklist: [] - -# Same as provisioning -matrix_mx_puppet_skype_relay_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Same as provisioning -matrix_mx_puppet_skype_relay_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_skype_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-skype.service depends on. -matrix_mx_puppet_skype_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-skype.service wants -matrix_mx_puppet_skype_systemd_wanted_services_list: [] - -matrix_mx_puppet_skype_appservice_token: '' -matrix_mx_puppet_skype_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_skype_login_shared_secret: '' - -# Database configuration, role default is `sqlite` but playbook default is `postgres` -matrix_mx_puppet_skype_database_engine: sqlite - -matrix_mx_puppet_skype_sqlite_database_path_local: "{{ matrix_mx_puppet_skype_data_path }}/database.db" -matrix_mx_puppet_skype_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_skype_database_username: matrix_mx_puppet_skype -matrix_mx_puppet_skype_database_password: ~ -matrix_mx_puppet_skype_database_hostname: 'matrix-postgres' -matrix_mx_puppet_skype_database_port: 5432 -matrix_mx_puppet_skype_database_name: matrix_mx_puppet_skype - -matrix_mx_puppet_skype_database_connection_string: 'postgresql://{{ matrix_mx_puppet_skype_database_username }}:{{ matrix_mx_puppet_skype_database_password }}@{{ matrix_mx_puppet_skype_database_hostname }}:{{ matrix_mx_puppet_skype_database_port }}/{{ matrix_mx_puppet_skype_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_skype_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_skype_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_skype_configuration_yaml`. - -matrix_mx_puppet_skype_configuration_extension: "{{ matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml if matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_skype_configuration_yaml`. -matrix_mx_puppet_skype_configuration: "{{ matrix_mx_puppet_skype_configuration_yaml|from_yaml|combine(matrix_mx_puppet_skype_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_skype_registration_yaml: | - as_token: "{{ matrix_mx_puppet_skype_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_skype_homeserver_token }}" - id: skype-puppet - namespaces: - users: - - exclusive: true - regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _skypepuppet_bot - url: {{ matrix_mx_puppet_skype_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_skype_registration: "{{ matrix_mx_puppet_skype_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml deleted file mode 100644 index 699ad6f69..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}" - when: matrix_mx_puppet_skype_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ - matrix_synapse_container_extra_arguments|default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] - }} - - matrix_synapse_app_service_config_files: > - {{ - matrix_synapse_app_service_config_files|default([]) - + - ["/matrix-mx-puppet-skype-registration.yaml"] - }} - when: matrix_mx_puppet_skype_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml deleted file mode 100644 index 0793e994b..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml deleted file mode 100644 index 96ae82e61..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ /dev/null @@ -1,135 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-skype role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Skype paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {path: "{{ matrix_mx_puppet_skype_base_path }}", when: true} - - {path: "{{ matrix_mx_puppet_skype_config_path }}", when: true} - - {path: "{{ matrix_mx_puppet_skype_data_path }}", when: true} - - {path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}"} - when: matrix_mx_puppet_skype_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_skype_base_path }}/database.db" - register: matrix_mx_puppet_skype_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-skype.service is stopped - service: - name: matrix-mx-puppet-skype - state: stopped - enabled: false - daemon_reload: true - failed_when: false - when: "matrix_mx_puppet_skype_stat_database.stat.exists" - -- name: (Data relocation) Move mx-puppet-skype database file to ./data directory - command: "mv {{ matrix_mx_puppet_skype_base_path }}/database.db {{ matrix_mx_puppet_skype_data_path }}/database.db" - when: "matrix_mx_puppet_skype_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_skype_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}" - register: matrix_mx_puppet_skype_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_skype_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_skype_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-skype.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_skype_requires_restart: true - when: "matrix_mx_puppet_skype_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_skype_database_engine == 'postgres'" - -- name: Ensure MX Puppet Skype image is pulled - docker_image: - name: "{{ matrix_mx_puppet_skype_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" - when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build - register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" - until: result is not failed - -- name: Ensure MX Puppet Skype repository is present on self build - git: - repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_mx_puppet_skype_git_pull_results - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - -- name: Ensure MX Puppet Skype Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_skype_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_skype_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - pull: true - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - -- name: Ensure mx-puppet-skype config.yaml installed - copy: - content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml(indent=2, width=999999) }}" - dest: "{{ matrix_mx_puppet_skype_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-skype skype-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml(indent=2, width=999999) }}" - dest: "{{ matrix_mx_puppet_skype_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-skype.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-skype.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-skype.service" - mode: 0644 - register: matrix_mx_puppet_skype_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation - service: - daemon_reload: true - when: "matrix_mx_puppet_skype_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-skype.service restarted, if necessary - service: - name: "matrix-mx-puppet-skype.service" - state: restarted - when: "matrix_mx_puppet_skype_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml deleted file mode 100644 index 838c3be5f..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-skype service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-skype.service" - register: matrix_mx_puppet_skype_service_stat - -- name: Ensure matrix-mx-puppet-skype is stopped - service: - name: matrix-mx-puppet-skype - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_skype_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-skype.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-skype.service" - state: absent - when: "matrix_mx_puppet_skype_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal - service: - daemon_reload: true - when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml deleted file mode 100644 index 7ed433b12..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_skype_appservice_token" - - "matrix_mx_puppet_skype_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 deleted file mode 100644 index 647f8fc78..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ /dev/null @@ -1,118 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Address for the bridge to bind to; if running as a Docker container, you - # probably want 0.0.0.0 here - bindAddress: 0.0.0.0 - # Port to host the bridge on which your homeserver will connect to - port: {{ matrix_mx_puppet_skype_appservice_port }} - # Name of your homeserver - domain: {{ matrix_domain }} - # URL where the bridge can connect to your homeserver - homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} - # Optionally specify a different media URL used for the media store - mediaURL: https://{{ matrix_server_fqn_matrix }} - # This enabled automatic double-puppeting: - # A map for shared secrets of the homeserver URL to the shared secret - # See https://github.com/devture/matrix-synapse-shared-secret-auth - #loginSharedSecretMap: - # yourserver.com: supersecretsharedsecret - {% if matrix_mx_puppet_skype_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} - {% endif %} - # optionally override the display name of the bridge bot - #displayname: Protocol Bot - # optionally set the avatar of the bridge bot - #avatarUrl: mxc://yourserver.com/somefile - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: warn - # Optionally, you can apply filters to the console logging - #console: - # level: info - # enabled: - # - Store - # disabled: - # - PresenceHandler - - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] - -database: -{% if matrix_mx_puppet_skype_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_skype_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_skype_sqlite_database_path_in_container|to_json }} -{% endif %} - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} - -presence: - # Bridge online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 5000 - # if the im.vector.user_status state setting should be diabled - #disableStatusState: false - # A blacklist of remote user IDs for the im.vector.user_status state setting - #statusStateBlacklist: - # - baduser - -relay: - # Regex of Matrix IDs to allow to use the relay mode - # Same format as in provisioning - #whitelist: - #- "@.*:yourserver\\.com" - whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} - - #blacklist: - #- "@user:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} - -# Map certain homeserver URLs to the C-S API endpoint -# Useful for double-puppeting if .well-known is unavailable for some reason -#homeserverUrlMap: -# yourserver.com: http://localhost:1234 - -namePatterns: - # Override the protocols set default name patterns - # Which variables are available depends on protocol implementation - user: :name - room: :name - -limits: - # Up to how many users should be auto-joined on room creation? -1 to disable - # Defaults to 200 - maxAutojoinUsers: 200 - # How long the delay between two autojoin users should be, in millisectonds. - # Defaults to 5000 - roomUserAutojoinDelay: 5000 diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 deleted file mode 100644 index ec06485a8..000000000 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Skype bridge -{% for service in matrix_mx_puppet_skype_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_skype_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_skype_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_skype_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_skype_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_skype_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-skype - -[Install] -WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index c99da4d16..64e0d90d6 100755 --- a/setup.yml +++ b/setup.yml @@ -30,7 +30,6 @@ - matrix-bridge-mx-puppet-discord - matrix-bridge-mx-puppet-groupme - matrix-bridge-mx-puppet-steam - - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack - matrix-bridge-mx-puppet-twitter - matrix-bridge-mx-puppet-instagram From 015952b37d5d995c1f21cae56f3777d6d31c305d Mon Sep 17 00:00:00 2001 From: alexhartley Date: Fri, 15 Jul 2022 17:49:47 +0100 Subject: [PATCH 245/381] Update recommended Skype bridge --- docs/configuring-playbook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index c7804d395..f2ce0cfd6 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) -- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) instead +- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) From 5a1a1126a27e249e44d143fd0e91103241c40982 Mon Sep 17 00:00:00 2001 From: marinmo Date: Sat, 16 Jul 2022 15:33:30 +0000 Subject: [PATCH 246/381] update buscarron from github -> gitlab project doesn't exist on github anymore --- docs/configuring-dns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index aec3c2539..ca7c08b08 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -64,7 +64,7 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. -The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. +The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://gitlab.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. ## `_matrix-identity._tcp` SRV record setup From 91cbc8b2ff9ff9cf883eff2e01310c58d428c318 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 16 Jul 2022 22:28:53 +0300 Subject: [PATCH 247/381] Update mautrix whatsapp 0.5.0 -> 0.6.0 --- .../defaults/main.yml | 2 +- .../templates/config.yaml.j2 | 243 +++++++++++++++--- 2 files changed, 214 insertions(+), 31 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e0af254d0..04184abec 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.5.0 +matrix_mautrix_whatsapp_version: v0.6.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 81be5d80f..6e07ce72a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -5,13 +5,17 @@ homeserver: address: {{ matrix_mautrix_whatsapp_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} -# Application service host/registration related details. -# Changing these values requires regeneration of the registration. # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. address: {{ matrix_mautrix_whatsapp_appservice_address }} @@ -24,11 +28,16 @@ appservice: type: {{ matrix_mautrix_whatsapp_appservice_database_type|to_json }} # The database URI. # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql uri: {{ matrix_mautrix_whatsapp_appservice_database_uri|to_json }} # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null # The unique ID of this appservice. id: whatsapp # Appservice bot details. @@ -39,37 +48,71 @@ appservice: # to leave display name/avatar as-is. displayname: WhatsApp bridge bot avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" +# Segment API key to track some events, like provisioning API login and encryption errors. +segment_key: null + +# Prometheus config. +metrics: + # Enable prometheus metrics? + enabled: false + # IP and port where the metrics listener should be. The path is always /metrics + listen: 127.0.0.1:8001 + +# Config for things that are directly sent to WhatsApp. +whatsapp: + # Device name that's shown in the "WhatsApp Web" section in the mobile app. + os_name: Mautrix-WhatsApp bridge + # Browser name that determines the logo shown in the mobile app. + # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon. + # List of valid browser names: https://github.com/tulir/whatsmeow/blob/8b34d886d543b72e5f4699cf5b2797f68d598f78/binary/proto/def.proto#L38-L51 + browser_name: unknown + # Bridge config bridge: # Localpart template of MXIDs for WhatsApp users. - # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. + # {{.}} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" - displayname_template: "{{ '{{if .PushName}}{{.PushName}}{{else if .BusinessName}}{{.BusinessName}}{{else}}{{.JID}}{{end}} (WA)' }}" + # Displayname template for WhatsApp users. + # {{.PushName}} - nickname set by the WhatsApp user + # {{.BusinessName}} - validated WhatsApp business name + # {{.Phone}} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{.FullName}} - full name from contact list + # {{.FirstName}} - first name from contact list + displayname_template: "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)" + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. + personal_filtering_spaces: false # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true # Should incoming calls send a message to the Matrix room? call_start_notices: true # Should another user's cryptographic identity changing send a message to Matrix? identity_change_notices: false - # Should a "reactions not yet supported" warning be sent to the Matrix room when a user reacts to a message? - reaction_notices: true portal_message_buffer: 128 - # Settings for handling history sync payloads. These settings only apply right after login, - # because the phone only sends the history sync data once, and there's no way to re-request it - # (other than logging out and back in again). + # Settings for handling history sync payloads. history_sync: # Should the bridge create portals for chats in the history sync payload? create_portals: true - # Maximum age of chats in seconds to create portals for. Set to 0 to create portals for all chats in sync payload. - max_age: 604800 # Enable backfilling history sync payloads from WhatsApp using batch sending? # This requires a server with MSC2716 support, which is currently an experimental feature in synapse. # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml. - # Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. + # Note that prior to Synapse 1.49, there were some bugs with the implementation, especially if using event persistence workers. + # There are also still some issues in Synapse's federation implementation. backfill: false # Use double puppets for backfilling? # In order to use this, the double puppets must be in the appservice's user ID namespace @@ -80,6 +123,67 @@ bridge: # Should the bridge request a full sync from the phone when logging in? # This bumps the size of history syncs from 3 months to 1 year. request_full_sync: false + # Settings for media requests. If the media expired, then it will not + # be on the WA servers. + # Media can always be requested by reacting with the ♻️ (recycle) emoji. + # These settings determine if the media requests should be done + # automatically during or after backfill. + media_requests: + # Should expired media be automatically requested from the server as + # part of the backfill process? + auto_request_media: true + # Whether to request the media immediately after the media message + # is backfilled ("immediate") or at a specific time of the day + # ("local_time"). + request_method: immediate + # If request_method is "local_time", what time should the requests + # be sent (in minutes after midnight)? + request_local_time: 120 + # The maximum number of initial conversations that should be synced. + # Other conversations will be backfilled on demand when the start PM + # provisioning endpoint is used or when a message comes in from that + # chat. + max_initial_conversations: -1 + # Settings for immediate backfills. These backfills should generally be + # small and their main purpose is to populate each of the initial chats + # (as configured by max_initial_conversations) with a few messages so + # that you can continue conversations without loosing context. + immediate: + # The number of concurrent backfill workers to create for immediate + # backfills. Note that using more than one worker could cause the + # room list to jump around since there are no guarantees about the + # order in which the backfills will complete. + worker_count: 1 + # The maximum number of events to backfill initially. + max_events: 10 + # Settings for deferred backfills. The purpose of these backfills are + # to fill in the rest of the chat history that was not covered by the + # immediate backfills. These backfills generally should happen at a + # slower pace so as not to overload the homeserver. + # Each deferred backfill config should define a "stage" of backfill + # (i.e. the last week of messages). The fields are as follows: + # - start_days_ago: the number of days ago to start backfilling from. + # To indicate the start of time, use -1. For example, for a week ago, use 7. + # - max_batch_events: the number of events to send per batch. + # - batch_delay: the number of seconds to wait before backfilling each batch. + deferred: + # Last Week + - start_days_ago: 7 + max_batch_events: 20 + batch_delay: 5 + # Last Month + - start_days_ago: 30 + max_batch_events: 50 + batch_delay: 10 + # Last 3 months + - start_days_ago: 90 + max_batch_events: 100 + batch_delay: 10 + # The start of time + - start_days_ago: -1 + max_batch_events: 500 + batch_delay: 10 + # Should puppet avatars be fetched from the server even if an avatar is already set? user_avatar_sync: true # Should Matrix users leaving groups be bridged to WhatsApp? bridge_matrix_leave: true @@ -89,11 +193,26 @@ bridge: # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. sync_direct_chat_list: false + # Should the bridge use MSC2867 to bridge manual "mark as unread"s from + # WhatsApp and set the unread status on initial backfill? + # This will only work on clients that support the m.marked_unread or + # com.famedly.marked_unread room account data. + sync_manual_marked_unread: true # When double puppeting is enabled, users can use `!wa toggle` to change whether # presence and read receipts are bridged. These settings set the default values. # Existing users won't be affected when these are changed. default_bridge_receipts: true default_bridge_presence: true + # Send the presence as "available" to whatsapp when users start typing on a portal. + # This works as a workaround for homeservers that do not support presence, and allows + # users to see when the whatsapp user on the other side is typing during a conversation. + send_presence_on_typing: false + # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp) + # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)? + # + # By default, the bridge acts like WhatsApp web, which only sends active delivery + # receipts when it's in the foreground. + force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_homeserver_address }} @@ -125,9 +244,14 @@ bridge: # Should WhatsApp status messages be bridged into a Matrix room? # Disabling this won't affect already created status broadcast rooms. enable_status_broadcast: true + # Should sending WhatsApp status messages be allowed? + # This can cause issues if the user has lots of contacts, so it's disabled by default. + disable_status_broadcast_send: true # Should the status broadcast room be muted and moved into low priority by default? - # This is only applied when creating the room, the user can unmute/untag it later. + # This is only applied when creating the room, the user can unmute it later. mute_status_broadcast: true + # Tag to apply to the status broadcast room. + status_broadcast_tag: m.lowpriority # Should the bridge use thumbnails from WhatsApp? # They're disabled by default due to very low resolution. whatsapp_thumbnail: false @@ -137,6 +261,30 @@ bridge: # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} + # Whether to enable disappearing messages in groups. If enabled, then the expiration time of + # the messages will be determined by the first user to read the message, rather than individually. + # If the bridge only has a single user, this can be turned on safely. + disappearing_messages_in_groups: false + # Should the bridge never send alerts to the bridge management room? + # These are mostly things like the user being logged out. + disable_bridge_alerts: false + # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, + # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` + # key in the event content even if this is disabled. + url_previews: false + # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. + # This is currently not supported in most clients. + caption_in_message: false + # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration + # Null means there's no enforced timeout. + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: null + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 120s # The prefix for commands. Only required in non-management rooms. command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}" @@ -163,18 +311,53 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} - # Options for automatic key sharing. - key_sharing: - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} - # Require the requesting device to have a valid cross-signing signature? - # This doesn't require that the bridge has verified the device, only that the user has verified it. - # Not yet implemented. - require_cross_signing: false - # Require devices to be verified by the bridge? - # Verification by the bridge is not yet implemented. - require_verification: true + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }} + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate # Permissions for using the bridge. # Permitted values: @@ -214,14 +397,14 @@ logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. - # empy/null = journal logging only - file_name_format: + # Set this to null to disable logging to file. + file_name_format: null # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" # Log file permissions. - file_mode: 0600 + file_mode: 0o600 # Timestamp format for log entries in the Go time format. timestamp_format: "Jan _2, 2006 15:04:05" - # Minimum severity for log messages. + # Minimum severity for log messages printed to stdout/stderr. This doesn't affect the log file. # Options: debug, info, warn, error, fatal print_level: {{ matrix_mautrix_whatsapp_logging_level }} From fa9b34b983595e22799ae6d6ca70f2bcf261cf48 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 16 Jul 2022 23:25:05 +0300 Subject: [PATCH 248/381] Try to make Jinja not trip up over syntax --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 6e07ce72a..b0b2491e6 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -80,7 +80,7 @@ whatsapp: # Bridge config bridge: # Localpart template of MXIDs for WhatsApp users. - # {{.}} is replaced with the phone number of the WhatsApp user. + # {% raw %}{{.}}{% endraw %} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" # Displayname template for WhatsApp users. # {{.PushName}} - nickname set by the WhatsApp user From e149f331406f843aab71777fdc9f6168ea885139 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 16 Jul 2022 23:59:21 +0300 Subject: [PATCH 249/381] add/unify 'Project source code URL' link across all roles --- roles/matrix-backup-borg/defaults/main.yml | 2 ++ roles/matrix-bot-buscarron/defaults/main.yml | 2 +- roles/matrix-bot-go-neb/defaults/main.yml | 2 +- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- roles/matrix-bot-matrix-registration-bot/defaults/main.yml | 2 +- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 +- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-discord/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- roles/matrix-bridge-appservice-webhooks/defaults/main.yml | 2 +- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 +- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 +- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-steam/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml | 2 +- roles/matrix-bridge-sms/defaults/main.yml | 2 +- roles/matrix-client-cinny/defaults/main.yml | 1 + roles/matrix-client-element/defaults/main.yml | 1 + roles/matrix-client-hydrogen/defaults/main.yml | 1 + roles/matrix-corporal/defaults/main.yml | 2 +- roles/matrix-coturn/defaults/main.yml | 1 + roles/matrix-dendrite/defaults/main.yml | 2 +- roles/matrix-dimension/defaults/main.yml | 1 + roles/matrix-dynamic-dns/defaults/main.yml | 2 ++ roles/matrix-email2matrix/defaults/main.yml | 1 + roles/matrix-etherpad/defaults/main.yml | 1 + roles/matrix-grafana/defaults/main.yml | 1 + roles/matrix-jitsi/defaults/main.yml | 1 + roles/matrix-ma1sd/defaults/main.yml | 2 +- roles/matrix-mailer/defaults/main.yml | 1 + roles/matrix-nginx-proxy/defaults/main.yml | 1 + roles/matrix-ntfy/defaults/main.yml | 2 ++ roles/matrix-postgres-backup/defaults/main.yml | 1 + roles/matrix-postgres/defaults/main.yml | 1 + roles/matrix-prometheus-node-exporter/defaults/main.yml | 1 + roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 2 +- roles/matrix-prometheus/defaults/main.yml | 1 + roles/matrix-redis/defaults/main.yml | 1 + roles/matrix-registration/defaults/main.yml | 1 + roles/matrix-sygnal/defaults/main.yml | 2 +- roles/matrix-synapse-admin/defaults/main.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 2 +- 56 files changed, 60 insertions(+), 37 deletions(-) diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 906522c24..5003c26c6 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Project source code URL: https://gitlab.com/etke.cc/borgmatic + matrix_backup_borg_enabled: true matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 56686f42f..aff54ceb0 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -1,6 +1,6 @@ --- # buscarron is a helpdesk bot -# See: https://gitlab.com/etke.cc/buscarron +# Project source code URL: https://gitlab.com/etke.cc/buscarron matrix_bot_buscarron_enabled: true diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index fa57b1095..31cb27d67 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -1,6 +1,6 @@ --- # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. -# See: https://github.com/matrix-org/go-neb +# Project source code URL: https://github.com/matrix-org/go-neb matrix_bot_go_neb_enabled: true matrix_bot_go_neb_version: latest diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 292de0bf4..665c64e9c 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -1,6 +1,6 @@ --- # honoroit is a helpdesk bot -# See: https://gitlab.com/etke.cc/honoroit +# Project source code URL: https://gitlab.com/etke.cc/honoroit matrix_bot_honoroit_enabled: true diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 40538478e..6cd0d15ae 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-registration-bot creates and manages registration tokens for a matrix server -# See: https://github.com/moan0s/matrix-registration-bot +# Project source code URL: https://github.com/moan0s/matrix-registration-bot matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_container_image_self_build: false diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 0fdf8a415..48e6f07b4 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-reminder-bot is a bot for one-off and recurring reminders -# See: https://github.com/anoadragon453/matrix-reminder-bot +# Project source code URL: https://github.com/anoadragon453/matrix-reminder-bot matrix_bot_matrix_reminder_bot_enabled: true diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 714cd0d36..94d04e782 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -1,6 +1,6 @@ --- # A moderation tool for Matrix -# See: https://github.com/matrix-org/mjolnir +# Project source code URL: https://github.com/matrix-org/mjolnir matrix_bot_mjolnir_enabled: true diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index b2ef2cdf5..f3e39f24f 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-appservice-discord is a Matrix <-> Discord bridge -# See: https://github.com/Half-Shot/matrix-appservice-discord +# Project source code URL: https://github.com/Half-Shot/matrix-appservice-discord matrix_appservice_discord_enabled: true diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index d0843836d..52554f61b 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -1,6 +1,6 @@ --- # Matrix Appservice IRC is a Matrix <-> IRC bridge -# See: https://github.com/matrix-org/matrix-appservice-irc +# Project source code URL: https://github.com/matrix-org/matrix-appservice-irc matrix_appservice_irc_enabled: true diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index ae3f55df6..91a00d3db 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-appservice-slack is a Matrix <-> Slack bridge -# See: https://github.com/matrix-org/matrix-appservice-slack +# Project source code URL: https://github.com/matrix-org/matrix-appservice-slack matrix_appservice_slack_enabled: true diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 223b9c0b3..e7ea26ed3 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-appservice-webhooks is a Matrix <-> webhook bridge -# See: https://github.com/redoonetworks/matrix-appservice-webhooks +# Project source code URL: https://github.com/redoonetworks/matrix-appservice-webhooks matrix_appservice_webhooks_enabled: true diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 514cfb142..498e4894d 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -1,6 +1,6 @@ --- # beeper-linkedin is a Matrix <-> LinkedIn bridge -# See: https://gitlab.com/beeper/linkedin +# Project source code URL: https://gitlab.com/beeper/linkedin matrix_beeper_linkedin_enabled: true diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index b6b4db346..5e31b0450 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -1,6 +1,6 @@ --- # Go Skype Bridge is a Matrix <-> Skype bridge -# See: https://github.com/kelaresg/go-skype-bridge +# Project source code URL: https://github.com/kelaresg/go-skype-bridge matrix_go_skype_bridge_enabled: true diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index dfbddd426..e8d2c7907 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -1,6 +1,6 @@ --- # heisenbridge is a bouncer-style Matrix IRC bridge -# See: https://github.com/hifi/heisenbridge +# Project source code URL: https://github.com/hifi/heisenbridge matrix_heisenbridge_enabled: true diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index abe266682..74f98bacd 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -1,7 +1,7 @@ --- # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. -# https://github.com/matrix-org/matrix-hookshot +# Project source code URL: https://github.com/matrix-org/matrix-hookshot matrix_hookshot_enabled: true diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 22d7fda67..7993550fa 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-facebook is a Matrix <-> Facebook bridge -# See: https://github.com/mautrix/facebook +# Project source code URL: https://github.com/mautrix/facebook matrix_mautrix_facebook_enabled: true diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 2077d210d..5b93741a9 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-googlechat is a Matrix <-> googlechat bridge -# See: https://github.com/mautrix/googlechat +# Project source code URL: https://github.com/mautrix/googlechat matrix_mautrix_googlechat_enabled: true diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 31fec1005..061fa56ab 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-hangouts is a Matrix <-> Hangouts bridge -# See: https://github.com/mautrix/hangouts +# Project source code URL: https://github.com/mautrix/hangouts matrix_mautrix_hangouts_enabled: true diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 79ff1bf0f..5c849cfc7 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-instagram is a Matrix <-> Instagram bridge -# See: https://github.com/mautrix/instagram +# Project source code URL: https://github.com/mautrix/instagram matrix_mautrix_instagram_enabled: true diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 6b0f41d72..3ed92dbcb 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-signal is a Matrix <-> Signal bridge -# See: https://github.com/mautrix/signal +# Project source code URL: https://github.com/mautrix/signal matrix_mautrix_signal_enabled: true diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index e3ee2fe95..97ba2bc97 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-telegram is a Matrix <-> Telegram bridge -# See: https://github.com/mautrix/telegram +# Project source code URL: https://github.com/mautrix/telegram matrix_mautrix_telegram_enabled: true diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 291bd6a55..150b5b4dc 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-twitter is a Matrix <-> Twitter bridge -# See: https://github.com/mautrix/twitter +# Project source code URL: https://github.com/mautrix/twitter matrix_mautrix_twitter_enabled: true diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 04184abec..e7f027091 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -1,6 +1,6 @@ --- # mautrix-whatsapp is a Matrix <-> Whatsapp bridge -# See: https://github.com/mautrix/whatsapp +# Project source code URL: https://github.com/mautrix/whatsapp matrix_mautrix_whatsapp_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 2a2ecd58a..4d297f25f 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord +# Project source code URL: https://gitlab.com/mx-puppet/discord/mx-puppet-discord matrix_mx_puppet_discord_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 0daf6dfc7..696380ed1 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge -# See: https://gitlab.com/robintown/mx-puppet-groupme +# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme matrix_mx_puppet_groupme_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 3a73e0fed..c7c86e3c5 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -1,6 +1,6 @@ --- # mx-puppet-instagram bridges instagram DMs -# See: https://github.com/Sorunome/mx-puppet-instagram +# Project source code URL: https://github.com/Sorunome/mx-puppet-instagram matrix_mx_puppet_instagram_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index b77614f70..294b18cf7 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# Project source code URL: https://gitlab.com/mx-puppet/slack/mx-puppet-slack matrix_mx_puppet_slack_enabled: true diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 4e3d6bc6e..430dc90f1 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -1,11 +1,11 @@ --- # Mx Puppet Steam is a Matrix <-> Steam bridge -# See: https://github.com/matrix-steam/mx-puppet-steam +# Project source code URL: https://github.com/icewind1991/mx-puppet-steam matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 37be2be28..c1b460713 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -1,7 +1,7 @@ --- # Mx Puppet Twitter is a Matrix <-> Twitter bridge -# See: https://github.com/Sorunome/mx-puppet-twitter +# Project source code URL: https://github.com/Sorunome/mx-puppet-twitter matrix_mx_puppet_twitter_enabled: true diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 82ffce6eb..8a640f862 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-sms-bridge is a Matrix <-> SMS bridge -# See: https://github.com/benkuly/matrix-sms-bridge +# Project source code URL: https://github.com/benkuly/matrix-sms-bridge matrix_sms_bridge_enabled: true diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 891058009..277f6e0cf 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/ajbura/cinny matrix_client_cinny_enabled: true diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index aacc2f11f..e93b2c7c5 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/vector-im/element-web matrix_client_element_enabled: true diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 88d52ba5c..5a28ef38a 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/vector-im/hydrogen-web matrix_client_hydrogen_enabled: true diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index bd91564ab..1aa512eec 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-corporal is a reconciliator and gateway for a managed Matrix server. -# See: https://github.com/devture/matrix-corporal +# Project source code URL: https://github.com/devture/matrix-corporal matrix_corporal_enabled: true diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index bf3564cd0..0b48616be 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/coturn/coturn matrix_coturn_enabled: true diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index f3876875e..450ae6324 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -1,6 +1,6 @@ --- # Dendrite is a second-generation Matrix homeserver currently in Beta -# See: https://github.com/matrix-org/dendrite +# Project source code URL: https://github.com/matrix-org/dendrite matrix_dendrite_enabled: true diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index c4da906de..68bd79089 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/turt2live/matrix-dimension matrix_dimension_enabled: false diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 95a1188b4..97629e15c 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Project source code URL: https://github.com/linuxserver/docker-ddclient + # Whether dynamic dns is enabled matrix_dynamic_dns_enabled: true diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index fe5d33995..3084506f1 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/devture/email2matrix matrix_email2matrix_enabled: true diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 8a0248606..656e43f9d 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/ether/etherpad-lite matrix_etherpad_enabled: false diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 7765ae48c..f411dc52d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-grafana is open source visualization and analytics software # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md +# Project source code URL: https://github.com/grafana/grafana matrix_grafana_enabled: false diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 70dc035d8..ef6a5735e 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/jitsi/docker-jitsi-meet matrix_jitsi_enabled: true diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index f1d570494..19aaf189a 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -1,6 +1,6 @@ --- # ma1sd is a Federated Matrix Identity Server -# See: https://github.com/ma1uta/ma1sd +# Project source code URL: https://github.com/ma1uta/ma1sd matrix_ma1sd_enabled: true diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 6d3bb2e24..48cd638ce 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/devture/exim-relay matrix_mailer_enabled: true diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f9b7a019f..8da1268d6 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true matrix_nginx_proxy_version: 1.21.6-alpine diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index d5fc3fbad..96e9e69df 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Project source code URL: https://github.com/binwiederhier/ntfy + matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index 59ae50766..ed42266f2 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/prodrigestivill/docker-postgres-backup-local matrix_postgres_backup_enabled: false diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index b6cbc2055..3a4d73be1 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/postgres/postgres # Controls if the Postgres server managed by the playbook is enabled. # You can turn it off and use an external Postgres server by setting this to `false`. diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index d061d59cd..d90776976 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics # See: https://prometheus.io/docs/guides/node-exporter/ +# Project source code URL: https://github.com/prometheus/node_exporter matrix_prometheus_node_exporter_enabled: false diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 8c3f435e6..b7cd08b9a 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics -# See: https://github.com/prometheus-community/postgres_exporter +# Project source code URL: https://github.com/prometheus-community/postgres_exporter matrix_prometheus_postgres_exporter_enabled: false diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 28395bd9d..b7b05bed8 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-prometheus is an open-source systems monitoring and alerting toolkit # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md +# Project source code URL: https://github.com/prometheus/prometheus matrix_prometheus_enabled: false diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 88d3d7397..4454355e3 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -1,4 +1,5 @@ --- +# Project source code URL: https://github.com/redis/redis matrix_redis_enabled: true diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index a5db3022d..9f4c673cd 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -1,6 +1,7 @@ --- # matrix-registration is a simple python application to have a token based matrix registration # See: https://zeratax.github.io/matrix-registration/ +# Project source code URL: https://github.com/ZerataX/matrix-registration matrix_registration_enabled: true diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 15bce68c1..15015a97e 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -1,7 +1,7 @@ --- # Sygnal is a reference Push Gateway for Matrix. # To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app. -# Learn more here: https://github.com/matrix-org/sygnal +# Project source code URL: https://github.com/matrix-org/sygnal matrix_sygnal_enabled: false matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index 0aa19e86b..9f4510b6a 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -1,6 +1,6 @@ --- # matrix-synapse-admin is a web UI for mananging the Synapse Matrix server -# See: https://github.com/Awesome-Technologies/synapse-admin +# Project source code URL: https://github.com/Awesome-Technologies/synapse-admin matrix_synapse_admin_enabled: true diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 1925ffc29..de8bfdcac 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,6 +1,6 @@ --- # Synapse is a Matrix homeserver -# See: https://github.com/matrix-org/synapse +# Project source code URL: https://github.com/matrix-org/synapse matrix_synapse_enabled: true From 88cff139ed57fc28e12bccbe134be73f17498bff Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 10:29:45 +0300 Subject: [PATCH 250/381] fix mautrix-whatsapp config --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b0b2491e6..878fb1db0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -80,7 +80,7 @@ whatsapp: # Bridge config bridge: # Localpart template of MXIDs for WhatsApp users. - # {% raw %}{{.}}{% endraw %} is replaced with the phone number of the WhatsApp user. + # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" # Displayname template for WhatsApp users. # {{.PushName}} - nickname set by the WhatsApp user @@ -89,7 +89,7 @@ bridge: # The following variables are also available, but will cause problems on multi-user instances: # {{.FullName}} - full name from contact list # {{.FirstName}} - first name from contact list - displayname_template: "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)" + displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}" # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. personal_filtering_spaces: false From e3ff6ca01bbc8db98d55da45170723ba295ccd60 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 14:16:57 +0300 Subject: [PATCH 251/381] mautrix-whatsapp - fix more vars --- .../templates/config.yaml.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 878fb1db0..8e0e300b8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -83,12 +83,12 @@ bridge: # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" # Displayname template for WhatsApp users. - # {{.PushName}} - nickname set by the WhatsApp user - # {{.BusinessName}} - validated WhatsApp business name - # {{.Phone}} - phone number (international format) + # {{ '{{.PushName}}' }} - nickname set by the WhatsApp user + # {{ '{{.BusinessName}}' }} - validated WhatsApp business name + # {{ '{{.Phone}}' }} - phone number (international format) # The following variables are also available, but will cause problems on multi-user instances: - # {{.FullName}} - full name from contact list - # {{.FirstName}} - first name from contact list + # {{ '{{.FullName}}' }} - full name from contact list + # {{ '{{.FirstName}}' }} - first name from contact list displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}" # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. From c0ad5159202d6dd7f57ca5a4d9aaa3f4da5885a8 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:08:42 +0300 Subject: [PATCH 252/381] add ansible-lint; cleanup yamllint --- .github/workflows/matrix.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 2d9cd667c..32216cc62 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -7,10 +7,18 @@ on: # yamllint disable-line rule:truthy jobs: yamllint: - name: 🧹 yamllint + name: yamllint runs-on: ubuntu-latest steps: - - name: ⤵️ Check out configuration from GitHub + - name: Check out uses: actions/checkout@v3 - - name: 🚀 Run yamllint + - name: Run yamllint uses: frenck/action-yamllint@v1.2.0 + ansible-lint: + name: yamllint + runs-on: ubuntu-latest + steps: + - name: Check out + uses: actions/checkout@v3 + - name: Run ansible-lint + uses: ansible-community/ansible-lint-action@main From a3581e79a735079dceecd1a7e5c40b7c0d42e5ec Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:10:15 +0300 Subject: [PATCH 253/381] rename job --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 32216cc62..aa107858b 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -15,7 +15,7 @@ jobs: - name: Run yamllint uses: frenck/action-yamllint@v1.2.0 ansible-lint: - name: yamllint + name: ansible-lint runs-on: ubuntu-latest steps: - name: Check out From 0453ccc71647432684302971a4491e94b55600d0 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:21:22 +0300 Subject: [PATCH 254/381] update hydrogen 0.2.29 -> 0.2.33; sync config --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- .../templates/config.json.j2 | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 5a28ef38a..8171fc120 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.29 +matrix_client_hydrogen_version: v0.2.33 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 index 62a849b0f..3e5563546 100644 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ b/roles/matrix-client-hydrogen/templates/config.json.j2 @@ -1,3 +1,16 @@ { - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }} + "push": { + "appId": "io.element.hydrogen.web", + "gatewayUrl": "https://matrix.org", + "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" + }, + "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }}, + "bugReportEndpointUrl": "https://element.io/bugreports/submit", + "themeManifests": [ + "assets/theme-Element.json" + ], + "defaultTheme": { + "light": "element-light", + "dark": "element-dark" + } } From 0ffac5bb45c6d10a9eca30b658181038489f7960 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:24:51 +0300 Subject: [PATCH 255/381] update dynamic dns 3.9.1-ls89 -> 3.9.1-ls92 --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 97629e15c..1da87f38d 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls89 +matrix_dynamic_dns_version: v3.9.1-ls92 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From ca11763e862b3eb19f3872c0a2a0cf4bd8f2e0c8 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:26:33 +0300 Subject: [PATCH 256/381] update grafana 9.0.2 -> 9.0.3 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index f411dc52d..3765a0e4d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.2 +matrix_grafana_version: 9.0.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From a6506cf6ff56c5173a5e331093bae4c5c37b21a8 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:29:50 +0300 Subject: [PATCH 257/381] update nginx 1.21.6 -> 1.23.0 --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8da1268d6..3eb6d9499 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.6-alpine +matrix_nginx_proxy_version: 1.23.0-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but From 4bc12fd5602c85e719e7edfb7091f4cb406a3d78 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:31:41 +0300 Subject: [PATCH 258/381] update prometheus 2.36.2 -> 2.37.0 --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index b7b05bed8..547a868ff 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.36.2 +matrix_prometheus_version: v2.37.0 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 22a55f4fa7feb0a227cbf92aebb64239f09fe56e Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:33:43 +0300 Subject: [PATCH 259/381] update redis 6.2.6 -> 7.0.3 --- roles/matrix-redis/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 4454355e3..1534afdb2 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -8,7 +8,7 @@ matrix_redis_connection_password: "" matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" -matrix_redis_version: 6.2.6-alpine +matrix_redis_version: 7.0.3-alpine matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}" matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' From 405d07527f71dcae4c012af0103acf5596ad1e4d Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 17 Jul 2022 17:38:05 +0300 Subject: [PATCH 260/381] update sygnal 0.11.0 -> 0.12.0 --- roles/matrix-sygnal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 15015a97e..b19ce6141 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -8,7 +8,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" -matrix_sygnal_version: v0.11.0 +matrix_sygnal_version: v0.12.0 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}" matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}" From 018ca75d48145d572ec9f370aab0e4279489bee6 Mon Sep 17 00:00:00 2001 From: teutates <10206665+teutat3s@users.noreply.github.com> Date: Mon, 18 Jul 2022 11:28:59 +0200 Subject: [PATCH 261/381] Implement MSC 1929 Homeserver Admin Contact (#1931) * Implement MSC 1929 Homeserver Admin Contact Fixes #1612 For details to the proposed (not accepted yet) MSC, see: https://github.com/matrix-org/matrix-spec-proposals/blob/hs/proposal-admin-contact-1/proposals/1929-admin-contact.md * Implement feedback from PR #1931 * Implement feedback from PR #1931 * Fix mixed indentation --- docs/configuring-well-known.md | 28 +++++++++++++++++++ roles/matrix-base/defaults/main.yml | 25 +++++++++++++++++ roles/matrix-base/tasks/setup_well_known.yml | 8 ++++++ .../static-files/well-known/matrix-support.j2 | 7 +++++ 4 files changed, 68 insertions(+) create mode 100644 roles/matrix-base/templates/static-files/well-known/matrix-support.j2 diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 36e53996b..d52bef73f 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -36,6 +36,33 @@ However, this playbook installs your Matrix server on another domain (e.g. `matr To learn how to set it up, read the Installing section below. +## (Optional) Introduction to Homeserver Admin Contact and Support page + +[MSC 1929](https://github.com/matrix-org/matrix-spec-proposals/pull/1929) specifies a way to add contact details of admins, as well as a link to a support page for users who are having issues with the service. + +This MSC did not get accepted yet, but we think it might already be useful to Homeserver admins who wish to provide this information to end-users. + +The two playbook variables that you could look for, if you're interested in being an early adopter, are: `matrix_homeserver_admin_contacts` and `matrix_homeserver_support_url`. + +Example snippet for `vars.yml`: +``` +# Homeserver admin contacts as per MSC 1929 https://github.com/matrix-org/matrix-spec-proposals/pull/1929 +matrix_homeserver_admin_contacts: + - matrix_id: @admin1:domain.tld + email_address: admin@domain.tld + role: admin + - matrix_id: @admin2:domain.tld + email_address: admin@domain.tld + role: admin + - email_address: security@domain.tld + role: security + +matrix_homeserver_support_url: "https://example.domain.tld/support" +``` + +To learn how to set up `/.well-known/matrix/support` for the base domain, read the Installing section below. + + ## Installing well-known files on the base domain's server To implement the two service discovery mechanisms, your base domain's server (e.g. `example.com`) needs to run an HTTPS-capable webserver. @@ -185,5 +212,6 @@ No matter which method you've used to set up the well-known files, if you've don - `https:///.well-known/matrix/server` - `https:///.well-known/matrix/client` +- `https:///.well-known/matrix/support` You can also check if everything is configured correctly, by [checking if services work](maintenance-checking-services.md). diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 9b6d45f84..b8bea562a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -12,6 +12,19 @@ matrix_domain: ~ # Example value: "@someone:{{ matrix_domain }}" matrix_admin: '' +# Homeserver admin contacts and support page as per MSC 1929 +# See: https://github.com/matrix-org/matrix-spec-proposals/pull/1929 +# Users in form: +# matrix_homeserver_admin_contacts: +# - matrix_id: @admin:domain.tld +# email_address: admin@domain.tld +# role: admin +# - email_address: security@domain.tld +# role: security +matrix_homeserver_admin_contacts: [] +# Url string like https://domain.tld/support.html +matrix_homeserver_support_url: '' + # This will contain the homeserver implementation that is in use. # Valid values: synapse, dendrite # @@ -225,6 +238,18 @@ matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_m # You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`. matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}" +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_well_known_matrix_support_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-support.j2') }}" + +matrix_well_known_matrix_support_configuration_extension_json: '{}' + +matrix_well_known_matrix_support_configuration_extension: "{{ matrix_well_known_matrix_support_configuration_extension_json|from_json if matrix_well_known_matrix_support_configuration_extension_json|from_json is mapping else {} }}" + +# Holds the final `/.well-known/matrix/support` configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_support_configuration_default` and `matrix_well_known_matrix_support_configuration_extension_json`. +matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_support_configuration_default|combine(matrix_well_known_matrix_support_configuration_extension, recursive=True) }}" + # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index 3f475950b..44ef3d28a 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -35,3 +35,11 @@ path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" state: absent when: "not matrix_well_known_matrix_server_enabled|bool" + +- name: Ensure Matrix /.well-known/matrix/support file configured + copy: + content: "{{ matrix_well_known_matrix_support_configuration|to_nice_json }}" + dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/support" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 new file mode 100644 index 000000000..71567abbe --- /dev/null +++ b/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 @@ -0,0 +1,7 @@ +#jinja2: lstrip_blocks: "True" +{ + "admins": {{ matrix_homeserver_admin_contacts|to_json }} + {% if matrix_homeserver_support_url %}, + "support_page": "{{ matrix_homeserver_support_url|to_json }}" + {% endif %} +} From 4a5143fa8dde0e6c4648452dd5106f5c0375907b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 12:32:38 +0300 Subject: [PATCH 262/381] Add variable to influence whether /.well-known/matrix/support is created Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1931 --- roles/matrix-base/defaults/main.yml | 7 +++++++ roles/matrix-base/tasks/setup_well_known.yml | 11 +++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index b8bea562a..6095f730e 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -21,8 +21,10 @@ matrix_admin: '' # role: admin # - email_address: security@domain.tld # role: security +# Also see: `matrix_well_known_matrix_support_enabled` matrix_homeserver_admin_contacts: [] # Url string like https://domain.tld/support.html +# Also see: `matrix_well_known_matrix_support_enabled` matrix_homeserver_support_url: '' # This will contain the homeserver implementation that is in use. @@ -267,6 +269,11 @@ matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_ho # matrix domain (`matrix_server_fqn_matrix`). matrix_well_known_matrix_server_enabled: true +# Controls whether a `/.well-known/matrix/support` file is generated and used at all. +# +# See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc. +matrix_well_known_matrix_support_enabled: true + # Controls whether Docker is automatically installed. # If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package. matrix_docker_installation_enabled: true diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index 44ef3d28a..da9b534f8 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -37,9 +37,16 @@ when: "not matrix_well_known_matrix_server_enabled|bool" - name: Ensure Matrix /.well-known/matrix/support file configured - copy: - content: "{{ matrix_well_known_matrix_support_configuration|to_nice_json }}" + ansible.builtin.copy: + content: "{{ matrix_well_known_matrix_support_configuration | to_nice_json }}" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/support" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + when: matrix_well_known_matrix_support_enabled | bool + +- name: Ensure Matrix /.well-known/matrix/support file deleted + ansible.builtin.file: + path: "{{ matrix_static_files_base_path }}/.well-known/matrix/support" + state: absent + when: "not matrix_well_known_matrix_support_enabled | bool" From c9e30708beed4b493aaf0af1dce123c6043f1c26 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 12:46:19 +0300 Subject: [PATCH 263/381] Fix double-quoting in /.well-known/matrix/support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1931 `|to_json` already adds the surrounding double-quotes for the string, so adding them explicitly means we've got a double-quotes problem. --- .../templates/static-files/well-known/matrix-support.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 index 71567abbe..97e760127 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 @@ -2,6 +2,6 @@ { "admins": {{ matrix_homeserver_admin_contacts|to_json }} {% if matrix_homeserver_support_url %}, - "support_page": "{{ matrix_homeserver_support_url|to_json }}" + "support_page": {{ matrix_homeserver_support_url|to_json }} {% endif %} } From 3f7498da5ad0c01a5aef336ac6ea4c28c46bdef1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 12:49:53 +0300 Subject: [PATCH 264/381] Fix matrix_homeserver_admin_contacts example Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1931 This does 2 things: - it fixes the syntax for `matrix_id`. Starting strings with `@` is invalid YAML, so such strings need to be wrapped in single or double quotes - it makes use of the `matrix_domain` variable instead of hardcoding the domain name. This should be more and mistake-proof (typos or people mistaking their domain - matrix. vs base domain) --- docs/configuring-well-known.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index d52bef73f..f9f086b0a 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -48,11 +48,11 @@ Example snippet for `vars.yml`: ``` # Homeserver admin contacts as per MSC 1929 https://github.com/matrix-org/matrix-spec-proposals/pull/1929 matrix_homeserver_admin_contacts: - - matrix_id: @admin1:domain.tld + - matrix_id: "@admin1:{{ matrix_domain }}" email_address: admin@domain.tld role: admin - - matrix_id: @admin2:domain.tld - email_address: admin@domain.tld + - matrix_id: "@admin2:{{ matrix_domain }}" + email_address: admin2@domain.tld role: admin - email_address: security@domain.tld role: security From 78b5be4a26196f582aefc7bf14145a7dd1f583cc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 12:54:45 +0300 Subject: [PATCH 265/381] Do not generate /.well-known/matrix/support unless explicitly asked to Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1931 --- docs/configuring-well-known.md | 4 ++++ roles/matrix-base/defaults/main.yml | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index f9f086b0a..53a353860 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -46,6 +46,10 @@ The two playbook variables that you could look for, if you're interested in bein Example snippet for `vars.yml`: ``` +# Enable generation of `/.well-known/matrix/support`. +# This needs to be enabled explicitly for now, because MSC 1929 is not yet accepted. +matrix_well_known_matrix_support_enabled: true + # Homeserver admin contacts as per MSC 1929 https://github.com/matrix-org/matrix-spec-proposals/pull/1929 matrix_homeserver_admin_contacts: - matrix_id: "@admin1:{{ matrix_domain }}" diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 6095f730e..a0c0da9bb 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -271,8 +271,10 @@ matrix_well_known_matrix_server_enabled: true # Controls whether a `/.well-known/matrix/support` file is generated and used at all. # +# This is not enabled by default, until the MSC gets accepted: https://github.com/matrix-org/matrix-spec-proposals/pull/1929 +# # See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc. -matrix_well_known_matrix_support_enabled: true +matrix_well_known_matrix_support_enabled: false # Controls whether Docker is automatically installed. # If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package. From 34cdaade08de7ea84ab62a44e82968b932f98f29 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 10:39:08 +0300 Subject: [PATCH 266/381] Use fully-qualified module names for builtin Ansible modules Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1939 --- roles/matrix-aux/tasks/setup.yml | 4 +- roles/matrix-backup-borg/tasks/init.yml | 2 +- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 10 +-- .../tasks/validate_config.yml | 4 +- .../matrix-base/tasks/clean_up_old_files.yml | 2 +- roles/matrix-base/tasks/sanity_check.yml | 20 ++--- roles/matrix-base/tasks/server_base/setup.yml | 6 +- .../tasks/server_base/setup_debian.yml | 6 +- .../tasks/server_base/setup_fedora.yml | 6 +- .../tasks/server_base/setup_raspbian.yml | 6 +- .../tasks/server_base/setup_redhat.yml | 6 +- .../tasks/server_base/setup_redhat8.yml | 8 +- roles/matrix-base/tasks/setup_matrix_base.yml | 6 +- roles/matrix-base/tasks/setup_matrix_user.yml | 8 +- roles/matrix-base/tasks/setup_well_known.yml | 8 +- .../tasks/util/ensure_fuse_installed.yml | 4 +- .../tasks/util/ensure_openssl_installed.yml | 4 +- roles/matrix-bot-buscarron/tasks/init.yml | 2 +- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- roles/matrix-bot-go-neb/tasks/init.yml | 2 +- .../matrix-bot-go-neb/tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 4 +- roles/matrix-bot-honoroit/tasks/init.yml | 2 +- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 2 +- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 2 +- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 4 +- roles/matrix-bot-mjolnir/tasks/init.yml | 4 +- .../tasks/setup_install.yml | 14 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/migrate_nedb_to_postgres.yml | 14 +-- .../tasks/setup_install.yml | 38 ++++---- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/migrate_nedb_to_postgres.yml | 14 +-- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 16 ++-- .../tasks/setup_install.yml | 16 ++-- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 4 +- .../tasks/setup_install.yml | 16 ++-- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 4 +- .../tasks/setup_install.yml | 28 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../matrix-bridge-heisenbridge/tasks/init.yml | 6 +- .../tasks/setup_install.yml | 8 +- .../tasks/setup_uninstall.yml | 6 +- roles/matrix-bridge-hookshot/tasks/init.yml | 18 ++-- .../tasks/setup_install.yml | 20 ++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 16 ++-- .../tasks/init.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 14 +-- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 4 +- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 10 +-- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 14 +-- .../tasks/setup_install.yml | 28 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 4 +- .../tasks/setup_install.yml | 28 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 22 ++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 6 +- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- .../tasks/init.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- roles/matrix-bridge-sms/tasks/init.yml | 6 +- .../matrix-bridge-sms/tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 4 +- .../tasks/validate_config.yml | 2 +- roles/matrix-client-cinny/tasks/init.yml | 4 +- .../matrix-client-cinny/tasks/self_check.yml | 8 +- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- roles/matrix-client-element/tasks/init.yml | 4 +- .../tasks/migrate_riot_web.yml | 8 +- .../tasks/prepare_themes.yml | 8 +- .../tasks/self_check.yml | 8 +- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 4 +- roles/matrix-client-hydrogen/tasks/init.yml | 4 +- .../tasks/self_check.yml | 8 +- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- .../tasks/dump_runtime_results.yml | 2 +- .../tasks/run_docker_prune.yml | 2 +- roles/matrix-common-after/tasks/start.yml | 14 +-- roles/matrix-common-after/tasks/stop.yml | 2 +- roles/matrix-corporal/tasks/init.yml | 4 +- .../tasks/self_check_corporal.yml | 8 +- .../matrix-corporal/tasks/setup_corporal.yml | 18 ++-- .../matrix-corporal/tasks/validate_config.yml | 6 +- roles/matrix-coturn/tasks/init.yml | 6 +- roles/matrix-coturn/tasks/setup_install.yml | 18 ++-- roles/matrix-coturn/tasks/setup_uninstall.yml | 10 +-- roles/matrix-coturn/tasks/validate_config.yml | 2 +- .../tasks/dendrite/setup_install.yml | 14 +-- .../tasks/dendrite/setup_uninstall.yml | 6 +- roles/matrix-dendrite/tasks/init.yml | 2 +- roles/matrix-dendrite/tasks/main.yml | 2 +- roles/matrix-dendrite/tasks/register_user.yml | 8 +- .../tasks/self_check_client_api.yml | 6 +- .../tasks/self_check_federation_api.yml | 8 +- .../matrix-dendrite/tasks/setup_dendrite.yml | 2 +- .../matrix-dendrite/tasks/validate_config.yml | 4 +- roles/matrix-dimension/tasks/init.yml | 2 +- .../matrix-dimension/tasks/setup_install.yml | 22 ++--- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 4 +- roles/matrix-dynamic-dns/tasks/init.yml | 4 +- roles/matrix-dynamic-dns/tasks/install.yml | 10 +-- roles/matrix-dynamic-dns/tasks/uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- roles/matrix-email2matrix/tasks/init.yml | 2 +- .../tasks/setup_install.yml | 10 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- roles/matrix-etherpad/tasks/init.yml | 10 +-- roles/matrix-etherpad/tasks/setup_install.yml | 8 +- .../matrix-etherpad/tasks/setup_uninstall.yml | 8 +- .../matrix-etherpad/tasks/validate_config.yml | 4 +- roles/matrix-grafana/tasks/init.yml | 2 +- roles/matrix-grafana/tasks/setup.yml | 20 ++--- .../matrix-grafana/tasks/validate_config.yml | 2 +- roles/matrix-jitsi/tasks/init.yml | 4 +- roles/matrix-jitsi/tasks/setup_jitsi_base.yml | 2 +- .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 18 ++-- roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 18 ++-- .../tasks/setup_jitsi_prosody.yml | 18 ++-- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 18 ++-- .../tasks/util/setup_jitsi_auth.yml | 6 +- roles/matrix-jitsi/tasks/validate_config.yml | 6 +- roles/matrix-ma1sd/tasks/init.yml | 4 +- roles/matrix-ma1sd/tasks/migrate_mxisd.yml | 16 ++-- roles/matrix-ma1sd/tasks/self_check_ma1sd.yml | 8 +- roles/matrix-ma1sd/tasks/setup_install.yml | 30 +++---- roles/matrix-ma1sd/tasks/setup_uninstall.yml | 8 +- roles/matrix-ma1sd/tasks/validate_config.yml | 10 +-- roles/matrix-mailer/tasks/init.yml | 4 +- roles/matrix-mailer/tasks/setup_mailer.yml | 18 ++-- roles/matrix-nginx-proxy/tasks/init.yml | 4 +- roles/matrix-nginx-proxy/tasks/main.yml | 2 +- .../tasks/nginx-proxy/setup_metrics_auth.yml | 8 +- .../tasks/self_check_well_known.yml | 6 +- .../tasks/self_check_well_known_file.yml | 24 ++--- .../tasks/setup_nginx_proxy.yml | 88 +++++++++---------- .../tasks/setup_well_known.yml | 6 +- roles/matrix-nginx-proxy/tasks/ssl/main.yml | 6 +- .../tasks/ssl/setup_ssl_lets_encrypt.yml | 10 +-- ...tup_ssl_lets_encrypt_obtain_for_domain.yml | 14 +-- ...ssl_manually_managed_verify_for_domain.yml | 6 +- ...etup_ssl_self_signed_obtain_for_domain.yml | 8 +- .../tasks/validate_config.yml | 14 +-- roles/matrix-ntfy/tasks/init.yml | 2 +- roles/matrix-ntfy/tasks/self_check.yml | 8 +- roles/matrix-ntfy/tasks/setup_install.yml | 8 +- roles/matrix-ntfy/tasks/setup_uninstall.yml | 8 +- roles/matrix-postgres-backup/tasks/init.yml | 2 +- .../tasks/setup_postgres_backup.yml | 18 ++-- .../util/detect_existing_postgres_version.yml | 20 ++--- .../tasks/validate_config.yml | 2 +- .../tasks/import_generic_sqlite_db.yml | 22 ++--- .../matrix-postgres/tasks/import_postgres.yml | 22 ++--- .../tasks/import_synapse_sqlite_db.yml | 18 ++-- roles/matrix-postgres/tasks/init.yml | 2 +- .../tasks/migrate_postgres_data_directory.yml | 12 +-- roles/matrix-postgres/tasks/run_vacuum.yml | 26 +++--- .../matrix-postgres/tasks/setup_postgres.yml | 40 ++++----- .../tasks/upgrade_postgres.yml | 46 +++++----- .../tasks/util/create_additional_database.yml | 8 +- .../util/create_additional_databases.yml | 2 +- .../util/detect_existing_postgres_version.yml | 20 ++--- .../tasks/util/migrate_db_to_postgres.yml | 28 +++--- .../matrix-postgres/tasks/validate_config.yml | 8 +- .../tasks/init.yml | 8 +- .../tasks/setup.yml | 10 +-- .../tasks/init.yml | 8 +- .../tasks/setup.yml | 10 +-- roles/matrix-prometheus/tasks/init.yml | 2 +- .../matrix-prometheus/tasks/setup_install.yml | 10 +-- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 2 +- roles/matrix-redis/tasks/init.yml | 2 +- roles/matrix-redis/tasks/setup_redis.yml | 18 ++-- .../tasks/generate_token.yml | 10 +-- roles/matrix-registration/tasks/init.yml | 12 +-- .../matrix-registration/tasks/list_tokens.yml | 6 +- .../tasks/setup_install.yml | 20 ++--- .../tasks/setup_uninstall.yml | 6 +- .../tasks/validate_config.yml | 4 +- roles/matrix-sygnal/tasks/init.yml | 2 +- roles/matrix-sygnal/tasks/setup_install.yml | 8 +- roles/matrix-sygnal/tasks/setup_uninstall.yml | 8 +- roles/matrix-sygnal/tasks/validate_config.yml | 2 +- roles/matrix-synapse-admin/tasks/init.yml | 12 +-- roles/matrix-synapse-admin/tasks/setup.yml | 12 +-- .../tasks/validate_config.yml | 2 +- .../ext/encryption-disabler/setup_install.yml | 4 +- .../encryption-disabler/setup_uninstall.yml | 2 +- .../tasks/ext/ldap-auth/setup.yml | 2 +- .../ext/mjolnir-antispam/setup_install.yml | 8 +- .../ext/mjolnir-antispam/setup_uninstall.yml | 2 +- .../tasks/ext/rest-auth/setup_install.yml | 6 +- .../tasks/ext/rest-auth/setup_uninstall.yml | 2 +- .../ext/shared-secret-auth/setup_install.yml | 8 +- .../shared-secret-auth/setup_uninstall.yml | 2 +- .../synapse-simple-antispam/setup_install.yml | 10 +-- .../setup_uninstall.yml | 2 +- .../tasks/goofys/setup_install.yml | 8 +- .../tasks/goofys/setup_uninstall.yml | 8 +- .../tasks/import_media_store.yml | 16 ++-- roles/matrix-synapse/tasks/init.yml | 16 ++-- roles/matrix-synapse/tasks/main.yml | 2 +- roles/matrix-synapse/tasks/register_user.yml | 10 +-- .../compress_room.yml | 14 +-- .../rust-synapse-compress-state/main.yml | 26 +++--- .../tasks/self_check_client_api.yml | 6 +- .../tasks/self_check_federation_api.yml | 8 +- roles/matrix-synapse/tasks/setup_synapse.yml | 2 +- .../tasks/synapse/setup_install.yml | 22 ++--- .../tasks/synapse/setup_uninstall.yml | 8 +- .../tasks/synapse/workers/init.yml | 16 ++-- .../tasks/synapse/workers/setup.yml | 4 +- .../tasks/synapse/workers/setup_install.yml | 6 +- .../tasks/synapse/workers/setup_uninstall.yml | 6 +- .../inject_systemd_services_for_worker.yml | 6 +- .../workers/util/setup_files_for_worker.yml | 10 +-- .../tasks/update_user_password.yml | 14 +-- .../matrix-synapse/tasks/validate_config.yml | 10 +-- 297 files changed, 1420 insertions(+), 1420 deletions(-) diff --git a/roles/matrix-aux/tasks/setup.yml b/roles/matrix-aux/tasks/setup.yml index 949c0b4a5..87c67d6dc 100644 --- a/roles/matrix-aux/tasks/setup.yml +++ b/roles/matrix-aux/tasks/setup.yml @@ -1,7 +1,7 @@ --- - name: Ensure AUX directories are created - file: + ansible.builtin.file: dest: "{{ item.dest }}" state: directory owner: "{{ item.owner|default(matrix_user_username) }}" @@ -10,7 +10,7 @@ with_items: "{{ matrix_aux_directory_definitions }}" - name: Ensure AUX files are created - copy: + ansible.builtin.copy: dest: "{{ item.dest }}" content: "{{ item.content }}" owner: "{{ item.owner|default(matrix_user_username) }}" diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml index a82fb7b8e..4d853a82c 100644 --- a/roles/matrix-backup-borg/tasks/init.yml +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -1,4 +1,4 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}" when: matrix_backup_borg_enabled|bool diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 6ef398631..c8cf7f24e 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -3,17 +3,17 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" - name: Fail if detected Postgres version is unsupported - fail: + ansible.builtin.fail: msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" - name: Set the correct borg backup version to use - set_fact: + ansible.builtin.set_fact: matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -25,7 +25,7 @@ when: "item.when|bool" - name: Ensure borgmatic config is created - copy: + ansible.builtin.copy: content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_backup_borg_config_path }}/config.yaml" owner: "{{ matrix_user_username }}" @@ -33,7 +33,7 @@ mode: 0640 - name: Ensure borg passwd is created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/passwd.j2" dest: "{{ matrix_backup_borg_config_path }}/passwd" owner: "{{ matrix_user_username }}" @@ -41,7 +41,7 @@ mode: 0640 - name: Ensure borg ssh key is created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/sshkey.j2" dest: "{{ matrix_backup_borg_config_path }}/sshkey" owner: "{{ matrix_user_username }}" @@ -61,7 +61,7 @@ until: result is not failed - name: Ensure borg repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_backup_borg_docker_repo }}" dest: "{{ matrix_backup_borg_docker_src_files_path }}" force: "yes" @@ -83,30 +83,30 @@ when: "matrix_backup_borg_container_image_self_build|bool" - name: Ensure matrix-backup-borg.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" mode: 0644 register: matrix_backup_borg_systemd_service_result - name: Ensure matrix-backup-borg.timer installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" mode: 0644 register: matrix_backup_borg_systemd_timer_result - name: Ensure systemd reloaded after matrix-backup-borg.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_backup_borg_systemd_service_result.changed|bool" - name: Ensure matrix-backup-borg.service enabled - service: + ansible.builtin.service: enabled: true name: matrix-backup-borg.service - name: Ensure matrix-backup-borg.timer enabled - service: + ansible.builtin.service: enabled: true name: matrix-backup-borg.timer diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/matrix-backup-borg/tasks/setup_uninstall.yml index faad44f72..faed21f8a 100644 --- a/roles/matrix-backup-borg/tasks/setup_uninstall.yml +++ b/roles/matrix-backup-borg/tasks/setup_uninstall.yml @@ -5,7 +5,7 @@ register: matrix_backup_borg_service_stat - name: Ensure matrix-backup-borg is stopped - service: + ansible.builtin.service: name: matrix-backup-borg state: stopped enabled: false @@ -14,24 +14,24 @@ when: "matrix_backup_borg_service_stat.stat.exists|bool" - name: Ensure matrix-backup-borg.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" state: absent when: "matrix_backup_borg_service_stat.stat.exists|bool" - name: Ensure matrix-backup-borg.timer doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" state: absent when: "matrix_backup_borg_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-backup-borg.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_backup_borg_service_stat.stat.exists|bool" - name: Ensure Matrix borg paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_backup_borg_base_path }}" state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml index 84b78d1ea..66e487dd9 100644 --- a/roles/matrix-backup-borg/tasks/validate_config.yml +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -1,6 +1,6 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -9,7 +9,7 @@ - "matrix_backup_borg_location_repositories" - name: Fail if encryption passphrase is undefined unless repository is unencrypted - fail: + ansible.builtin.fail: msg: >- You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable. when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'" diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/matrix-base/tasks/clean_up_old_files.yml index 03eb8bcce..b79c01b3f 100644 --- a/roles/matrix-base/tasks/clean_up_old_files.yml +++ b/roles/matrix-base/tasks/clean_up_old_files.yml @@ -1,7 +1,7 @@ --- - name: Get rid of old files and directories - file: + ansible.builtin.file: path: "{{ item }}" state: absent with_items: diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 98fa2738f..29ae8419e 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -1,27 +1,27 @@ --- - name: Fail if invalid homeserver implementation - fail: + ansible.builtin.fail: msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`" when: "matrix_homeserver_implementation not in ['synapse', 'dendrite']" # We generally support Ansible 2.7.1 and above. - name: Fail if running on Ansible < 2.7.1 - fail: + ansible.builtin.fail: msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" when: - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)" # Though we do not support Ansible 2.9.6 which is buggy - name: Fail if running on Ansible 2.9.6 on Ubuntu - fail: + ansible.builtin.fail: msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" when: - ansible_distribution == 'Ubuntu' - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6" - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). @@ -35,7 +35,7 @@ # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. - name: Fail if matrix_homeserver_generic_secret_key is undefined - fail: + ansible.builtin.fail: msg: | The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value. @@ -47,7 +47,7 @@ when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''" - name: Fail if required variables are undefined - fail: + ansible.builtin.fail: msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value" with_items: - {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"} @@ -58,7 +58,7 @@ when: "item.value is none or item.value == ''" - name: Fail if uppercase domain used - fail: + ansible.builtin.fail: msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!" with_items: - "{{ matrix_domain }}" @@ -67,21 +67,21 @@ when: "item != item|lower" - name: Fail if using python2 on Archlinux - fail: + ansible.builtin.fail: msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3." when: - ansible_distribution == 'Archlinux' - ansible_python.version.major != 3 - name: Fail if architecture is set incorrectly - fail: + ansible.builtin.fail: msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}." when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or (ansible_architecture.startswith("armv") and matrix_architecture != "arm32") - name: Fail if encountering usage of removed role (mx-puppet-skype) - fail: + ansible.builtin.fail: msg: >- Your configuration seems to include a reference to `matrix_mx_puppet_skype_enabled`. Are you trying to install the mx-puppet-skype bridge? The playbook no longer includes a role for installing mx-puppet-skype, because the mx-puppet-bridge is unmaintained and has been reported as broken for a long time. diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index bbfa077c8..c5145e559 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -12,7 +12,7 @@ - block: # ansible_lsb is only available if lsb-release is installed. - name: Ensure lsb-release installed - apt: + ansible.builtin.apt: name: - lsb-release state: present @@ -34,13 +34,13 @@ when: ansible_distribution == 'Archlinux' - name: Ensure Docker is started and autoruns - service: + ansible.builtin.service: name: docker state: started enabled: true - name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" - service: + ansible.builtin.service: name: "{{ matrix_ntpd_service }}" state: started enabled: true diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index 5b169df77..a45cd3772 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -1,7 +1,7 @@ --- - name: Ensure APT usage dependencies are installed - apt: + ansible.builtin.apt: name: - apt-transport-https - ca-certificates @@ -26,14 +26,14 @@ when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed - apt: + ansible.builtin.apt: name: - "{{ matrix_ntpd_package }}" state: latest update_cache: true - name: Ensure Docker is installed - apt: + ansible.builtin.apt: name: - "{{ matrix_docker_package_name }}" - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml index 7369b6ad1..c83d88445 100644 --- a/roles/matrix-base/tasks/server_base/setup_fedora.yml +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -1,7 +1,7 @@ --- - name: Ensure Docker repository is enabled - template: + ansible.builtin.template: src: "{{ role_path }}/files/yum.repos.d/{{ item }}" dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" @@ -18,14 +18,14 @@ when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure yum packages are installed - yum: + ansible.builtin.yum: name: - "{{ matrix_ntpd_package }}" state: latest update_cache: true - name: Ensure Docker is installed - yum: + ansible.builtin.yum: name: - "{{ matrix_docker_package_name }}" - python3-pip diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index 6a09f2fe1..e3406ed50 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -1,7 +1,7 @@ --- - name: Ensure APT usage dependencies are installed - apt: + ansible.builtin.apt: name: - apt-transport-https - ca-certificates @@ -26,14 +26,14 @@ when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed - apt: + ansible.builtin.apt: name: - "{{ matrix_ntpd_package }}" state: latest update_cache: true - name: Ensure Docker is installed - apt: + ansible.builtin.apt: name: - "{{ matrix_docker_package_name }}" - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml index b4be1d081..88061c719 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -1,7 +1,7 @@ --- - name: Ensure Docker repository is enabled - template: + ansible.builtin.template: src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" @@ -16,14 +16,14 @@ when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure yum packages are installed - yum: + ansible.builtin.yum: name: - "{{ matrix_ntpd_package }}" state: latest update_cache: true - name: Ensure Docker is installed - yum: + ansible.builtin.yum: name: - "{{ matrix_docker_package_name }}" - docker-python diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml index d9dd6e23f..d2eca6812 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -1,7 +1,7 @@ --- - name: Ensure Docker repository is enabled - template: + ansible.builtin.template: src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" @@ -16,21 +16,21 @@ when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure EPEL is installed - yum: + ansible.builtin.yum: name: - epel-release state: latest update_cache: true - name: Ensure yum packages are installed - yum: + ansible.builtin.yum: name: - "{{ matrix_ntpd_package }}" state: latest update_cache: true - name: Ensure Docker is installed - yum: + ansible.builtin.yum: name: - "{{ matrix_docker_package_name }}" - python3-pip diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/matrix-base/tasks/setup_matrix_base.yml index 0fad2b3d6..100b7e7c7 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/matrix-base/tasks/setup_matrix_base.yml @@ -1,7 +1,7 @@ --- - name: Ensure Matrix base path exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: "{{ matrix_base_data_path_mode }}" @@ -11,7 +11,7 @@ - "{{ matrix_base_data_path }}" - name: Preserve vars.yml on the server for easily restoring if it gets lost later on - copy: + ansible.builtin.copy: src: "{{ matrix_vars_yml_snapshotting_src }}" dest: "{{ matrix_base_data_path }}/vars.yml" owner: "{{ matrix_user_username }}" @@ -25,7 +25,7 @@ driver: bridge - name: Ensure matrix-remove-all script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2" dest: "{{ matrix_local_bin_path }}/matrix-remove-all" mode: 0750 diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index 41604f874..0435b7a3c 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -1,18 +1,18 @@ --- - name: Ensure Matrix group is created - group: + ansible.builtin.group: name: "{{ matrix_user_groupname }}" gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}" state: present register: matrix_group - name: Set Matrix Group GID Variable - set_fact: + ansible.builtin.set_fact: matrix_user_gid: "{{ matrix_group.gid }}" - name: Ensure Matrix user is created - user: + ansible.builtin.user: name: "{{ matrix_user_username }}" uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present @@ -23,5 +23,5 @@ register: matrix_user - name: Set Matrix Group UID Variable - set_fact: + ansible.builtin.set_fact: matrix_user_uid: "{{ matrix_user.uid }}" diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index da9b534f8..c4a5c236e 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -4,7 +4,7 @@ # # For running with another webserver, we recommend being part of the `matrix` group. - name: Ensure Matrix static-files path exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0755 @@ -14,7 +14,7 @@ - "{{ matrix_static_files_base_path }}/.well-known/matrix" - name: Ensure Matrix /.well-known/matrix/client file configured - copy: + ansible.builtin.copy: content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" mode: 0644 @@ -22,7 +22,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Matrix /.well-known/matrix/server file configured - copy: + ansible.builtin.copy: content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" mode: 0644 @@ -31,7 +31,7 @@ when: matrix_well_known_matrix_server_enabled|bool - name: Ensure Matrix /.well-known/matrix/server file deleted - file: + ansible.builtin.file: path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" state: absent when: "not matrix_well_known_matrix_server_enabled|bool" diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index 7a3fde41d..dfb1ddc80 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -1,7 +1,7 @@ --- # This is for both RedHat 7 and 8 - name: Ensure fuse installed (RedHat) - yum: + ansible.builtin.yum: name: - fuse state: latest @@ -9,7 +9,7 @@ # This is for both Debian and Raspbian - name: Ensure fuse installed (Debian/Raspbian) - apt: + ansible.builtin.apt: name: - fuse state: latest diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml index 53fc9b03e..909c0f1cb 100644 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -1,7 +1,7 @@ --- # This is for both RedHat 7 and 8 - name: Ensure openssl installed (RedHat) - yum: + ansible.builtin.yum: name: - openssl state: latest @@ -9,7 +9,7 @@ # This is for both Debian and Raspbian - name: Ensure openssl installed (Debian/Raspbian) - apt: + ansible.builtin.apt: name: - openssl state: latest diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/matrix-bot-buscarron/tasks/init.yml index 3da32948f..37c0932ec 100644 --- a/roles/matrix-bot-buscarron/tasks/init.yml +++ b/roles/matrix-bot-buscarron/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" when: matrix_bot_buscarron_enabled|bool diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml index 0ebe7e426..6559a95a2 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: false - block: @@ -9,7 +9,7 @@ register: matrix_bot_buscarron_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" dst: "{{ matrix_bot_buscarron_database_connection_string }}" @@ -20,13 +20,13 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: true when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_bot_buscarron_database_engine == 'postgres'" - name: Ensure buscarron paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -40,7 +40,7 @@ when: "item.when|bool" - name: Ensure buscarron environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_buscarron_config_path }}/env" owner: "{{ matrix_user_username }}" @@ -60,7 +60,7 @@ until: result is not failed - name: Ensure buscarron repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_buscarron_docker_repo }}" dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" force: "yes" @@ -82,19 +82,19 @@ when: "matrix_bot_buscarron_container_image_self_build|bool" - name: Ensure matrix-bot-buscarron.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" mode: 0644 register: matrix_bot_buscarron_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-buscarron.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_buscarron_systemd_service_result.changed|bool" - name: Ensure matrix-bot-buscarron.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-buscarron.service" state: restarted when: "matrix_bot_buscarron_requires_restart|bool" diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml index cc70e79a3..5dd266530 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_bot_buscarron_service_stat - name: Ensure matrix-buscarron is stopped - service: + ansible.builtin.service: name: matrix-bot-buscarron state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_bot_buscarron_service_stat.stat.exists|bool" - name: Ensure matrix-bot-buscarron.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" state: absent when: "matrix_bot_buscarron_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-buscarron.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_buscarron_service_stat.stat.exists|bool" - name: Ensure Matrix buscarron paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_buscarron_base_path }}" state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/matrix-bot-buscarron/tasks/validate_config.yml index 5a517d394..04238012a 100644 --- a/roles/matrix-bot-buscarron/tasks/validate_config.yml +++ b/roles/matrix-bot-buscarron/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml index b046d4944..a1b57ec65 100644 --- a/roles/matrix-bot-go-neb/tasks/init.yml +++ b/roles/matrix-bot-go-neb/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" when: matrix_bot_go_neb_enabled|bool diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index ef2dfbb03..71d5168a6 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_bot_go_neb_requires_restart: false - name: Ensure go-neb paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ until: result is not failed - name: Ensure go-neb config installed - copy: + ansible.builtin.copy: content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" mode: 0644 @@ -36,19 +36,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-bot-go-neb.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" mode: 0644 register: matrix_bot_go_neb_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_go_neb_systemd_service_result.changed|bool" - name: Ensure matrix-bot-go-neb.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-go-neb.service" state: restarted when: "matrix_bot_go_neb_requires_restart|bool" diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml index a009badfd..d27377c1d 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_bot_go_neb_service_stat - name: Ensure matrix-go-neb is stopped - service: + ansible.builtin.service: name: matrix-bot-go-neb state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - name: Ensure matrix-bot-go-neb.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" state: absent when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - name: Ensure Matrix go-neb paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_go_neb_base_path }}" state: absent diff --git a/roles/matrix-bot-go-neb/tasks/validate_config.yml b/roles/matrix-bot-go-neb/tasks/validate_config.yml index 7b292250a..72bc3cb41 100644 --- a/roles/matrix-bot-go-neb/tasks/validate_config.yml +++ b/roles/matrix-bot-go-neb/tasks/validate_config.yml @@ -1,13 +1,13 @@ --- - name: Fail if there's not at least 1 client - fail: + ansible.builtin.fail: msg: >- You need at least 1 client in the matrix_bot_go_neb_clients block. when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined - name: Fail if there's not at least 1 service - fail: + ansible.builtin.fail: msg: >- You need at least 1 service in the matrix_bot_go_neb_services block. when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/matrix-bot-honoroit/tasks/init.yml index 5ace015b1..2a5ea4d75 100644 --- a/roles/matrix-bot-honoroit/tasks/init.yml +++ b/roles/matrix-bot-honoroit/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" when: matrix_bot_honoroit_enabled|bool diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 584df9b71..2f7bb9a45 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: false - block: @@ -9,7 +9,7 @@ register: matrix_bot_honoroit_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" dst: "{{ matrix_bot_honoroit_database_connection_string }}" @@ -20,13 +20,13 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: true when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_bot_honoroit_database_engine == 'postgres'" - name: Ensure honoroit paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -40,7 +40,7 @@ when: "item.when|bool" - name: Ensure honoroit environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_honoroit_config_path }}/env" owner: "{{ matrix_user_username }}" @@ -60,7 +60,7 @@ until: result is not failed - name: Ensure honoroit repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_honoroit_docker_repo }}" dest: "{{ matrix_bot_honoroit_docker_src_files_path }}" force: "yes" @@ -82,19 +82,19 @@ when: "matrix_bot_honoroit_container_image_self_build|bool" - name: Ensure matrix-bot-honoroit.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" mode: 0644 register: matrix_bot_honoroit_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-honoroit.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_honoroit_systemd_service_result.changed|bool" - name: Ensure matrix-bot-honoroit.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-honoroit.service" state: restarted when: "matrix_bot_honoroit_requires_restart|bool" diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml index 45bccabd8..7bb6b8f1c 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_bot_honoroit_service_stat - name: Ensure matrix-honoroit is stopped - service: + ansible.builtin.service: name: matrix-bot-honoroit state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_bot_honoroit_service_stat.stat.exists|bool" - name: Ensure matrix-bot-honoroit.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" state: absent when: "matrix_bot_honoroit_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-honoroit.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_honoroit_service_stat.stat.exists|bool" - name: Ensure Matrix honoroit paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_honoroit_base_path }}" state: absent diff --git a/roles/matrix-bot-honoroit/tasks/validate_config.yml b/roles/matrix-bot-honoroit/tasks/validate_config.yml index 562bf9fba..0057e3c2c 100644 --- a/roles/matrix-bot-honoroit/tasks/validate_config.yml +++ b/roles/matrix-bot-honoroit/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml index 03235b805..c3988eb2a 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}" when: matrix_bot_matrix_registration_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 716d67bc3..6fd17ee8d 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure matrix-registration-bot paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -14,7 +14,7 @@ when: "item.when|bool" - name: Ensure matrix-registration-bot configuration file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/config/config.yml.j2" dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml" owner: "{{ matrix_user_username }}" @@ -34,7 +34,7 @@ until: result is not failed - name: Ensure matrix-registration-bot repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}" dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" force: "yes" @@ -56,18 +56,18 @@ when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" - name: Ensure matrix-bot-matrix-registration-bot.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" mode: 0644 register: matrix_bot_matrix_registration_bot_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-matrix-registration-bot.service" state: restarted diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml index 9881592fe..5a2dbc267 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_bot_matrix_registration_bot_service_stat - name: Ensure matrix-matrix-registration-bot is stopped - service: + ansible.builtin.service: name: matrix-bot-matrix-registration-bot state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" - name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" state: absent when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" - name: Ensure Matrix matrix-registration-bot paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_matrix_registration_bot_base_path }}" state: absent diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml index d5db028d7..39e97cde2 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml index 414969557..cae7074c3 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" when: matrix_bot_matrix_reminder_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index d7f4706fb..3abda7338 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: false - block: @@ -10,7 +10,7 @@ register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" @@ -21,13 +21,13 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: true when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" - name: Ensure matrix-reminder-bot paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -53,7 +53,7 @@ until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}" dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" force: "yes" @@ -75,7 +75,7 @@ when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" - name: Ensure matrix-reminder-bot config installed - copy: + ansible.builtin.copy: content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml" mode: 0644 @@ -83,19 +83,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-bot-matrix-reminder-bot.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" mode: 0644 register: matrix_bot_matrix_reminder_bot_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-matrix-reminder-bot.service" state: restarted when: "matrix_bot_matrix_reminder_bot_requires_restart|bool" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index eb7543c59..1b5201e73 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_bot_matrix_reminder_bot_service_stat - name: Ensure matrix-matrix-reminder-bot is stopped - service: + ansible.builtin.service: name: matrix-bot-matrix-reminder-bot state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" state: absent when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - name: Ensure Matrix matrix-reminder-bot paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_matrix_reminder_bot_base_path }}" state: absent diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml index 8963a3125..54f38dd51 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -10,7 +10,7 @@ - "matrix_bot_matrix_reminder_bot_reminders_timezone" - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml index e09964ecd..5955a6f41 100644 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}" when: matrix_bot_mjolnir_enabled|bool diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index 66f2806a8..f9e739644 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_bot_mjolnir_requires_restart: false - name: Ensure matrix-bot-mjolnir paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -30,7 +30,7 @@ until: result is not failed - name: Ensure mjolnir repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}" dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}" version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}" @@ -52,7 +52,7 @@ when: "matrix_bot_mjolnir_container_image_self_build|bool" - name: Ensure matrix-bot-mjolnir config installed - copy: + ansible.builtin.copy: content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" mode: 0644 @@ -60,19 +60,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-bot-mjolnir.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" mode: 0644 register: matrix_bot_mjolnir_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" - name: Ensure matrix-bot-mjolnir.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-mjolnir.service" state: restarted when: "matrix_bot_mjolnir_requires_restart|bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 935859778..d7a240e73 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_bot_mjolnir_service_stat - name: Ensure matrix-bot-mjolnir is stopped - service: + ansible.builtin.service: name: matrix-bot-mjolnir state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - name: Ensure matrix-bot-mjolnir.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" state: absent when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - name: Ensure matrix-bot-mjolnir paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_mjolnir_base_path }}" state: absent diff --git a/roles/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/matrix-bot-mjolnir/tasks/validate_config.yml index cb961baf3..63289d7ba 100644 --- a/roles/matrix-bot-mjolnir/tasks/validate_config.yml +++ b/roles/matrix-bot-mjolnir/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required variables are undefined - fail: + ansible.builtin.fail: msg: "The `{{ item }}` variable must be defined and have a non-null value." with_items: - "matrix_bot_mjolnir_access_token" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index a53112ad7..df3c927b5 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -2,17 +2,17 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}" when: matrix_appservice_discord_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index a06d38aca..5e9bf9698 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: false - block: @@ -10,7 +10,7 @@ register: matrix_appservice_discord_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" dst: "{{ matrix_appservice_discord_database_connString }}" @@ -21,7 +21,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: true when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_appservice_discord_database_engine == 'postgres'" @@ -38,7 +38,7 @@ until: result is not failed - name: Ensure AppService Discord paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -55,7 +55,7 @@ register: matrix_appservice_discord_stat_db - name: (Data relocation) Ensure matrix-appservice-discord.service is stopped - service: + ansible.builtin.service: name: matrix-appservice-discord state: stopped enabled: false @@ -64,7 +64,7 @@ when: "matrix_appservice_discord_stat_db.stat.exists" - name: (Data relocation) Move AppService Discord discord.db file to ./data directory - command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}" + ansible.builtin.command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}" with_items: - discord.db - user-store.db @@ -72,7 +72,7 @@ when: "matrix_appservice_discord_stat_db.stat.exists" - name: Ensure AppService Discord config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" mode: 0644 @@ -80,7 +80,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure AppService Discord registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_discord_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" mode: 0644 @@ -90,7 +90,7 @@ # If `matrix_appservice_discord_client_id` hasn't changed, the same invite link would be generated. # We intentionally suppress Ansible changes. - name: Generate AppService Discord invite link - shell: >- + ansible.builtin.shell: >- {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -101,19 +101,19 @@ changed_when: false - name: Ensure matrix-appservice-discord.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" mode: 0644 register: matrix_appservice_discord_systemd_service_result - name: Ensure systemd reloaded after matrix-appservice-discord.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_discord_systemd_service_result.changed" - name: Ensure matrix-appservice-discord.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-appservice-discord.service" state: restarted when: "matrix_appservice_discord_requires_restart|bool" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index ab56c26b6..b844fa7cc 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_appservice_discord_service_stat - name: Ensure matrix-appservice-discord is stopped - service: + ansible.builtin.service: name: matrix-appservice-discord state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_appservice_discord_service_stat.stat.exists" - name: Ensure matrix-appservice-discord.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" state: absent when: "matrix_appservice_discord_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-appservice-discord.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml index 73253ba03..901b760bf 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -13,7 +13,7 @@ - "matrix_appservice_discord_homeserver_domain" - name: (Deprecation) Catch and report renamed appservice-discord variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). @@ -22,5 +22,5 @@ - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': ''} - name: Require a valid database engine - fail: msg="`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" + ansible.builtin.fail: msg="`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" when: "matrix_appservice_discord_database_engine not in ['sqlite', 'postgres']" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index a35144f05..b318f23ff 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -2,24 +2,24 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}" when: matrix_appservice_irc_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index d7fcaa07b..486b093b2 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -1,21 +1,21 @@ --- - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." when: "not matrix_postgres_enabled|bool" # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" # Actual import work - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -34,13 +34,13 @@ register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped - service: + ansible.builtin.service: name: matrix-appservice-irc state: stopped when: "matrix_appservice_irc_service_stat.stat.exists" - name: Import appservice-irc NeDB database into Postgres - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -54,14 +54,14 @@ '/usr/local/bin/node /app/lib/scripts/migrate-db-to-pgres.js --dbdir /data --privateKey /data/passkey.pem --connectionString {{ matrix_appservice_irc_database_connection_string }}' - name: Archive NeDB database files - command: + ansible.builtin.command: cmd: "mv {{ matrix_appservice_irc_data_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}.backup" with_items: - rooms.db - users.db - name: Inject result - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 1ae0b3fa3..d24de340a 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -3,7 +3,7 @@ - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" - name: Ensure Appservice IRC paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -23,24 +23,24 @@ - block: - name: (Data relocation) Ensure matrix-appservice-irc.service is stopped - service: + ansible.builtin.service: name: matrix-appservice-irc state: stopped daemon_reload: true failed_when: false - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory - command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" + ansible.builtin.command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" - name: (Data relocation) Move AppService IRC database files to ./data directory - command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" + ansible.builtin.command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" with_items: - rooms.db - users.db failed_when: false when: "matrix_appservice_irc_stat_passkey.stat.exists" -- set_fact: +- ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: false - block: @@ -52,7 +52,7 @@ - block: - import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: true when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists|bool" when: "matrix_appservice_irc_database_engine == 'postgres'" @@ -70,7 +70,7 @@ until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building - git: + ansible.builtin.git: repo: "{{ matrix_appservice_irc_docker_repo }}" dest: "{{ matrix_appservice_irc_docker_src_files_path }}" force: "yes" @@ -92,7 +92,7 @@ when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed" - name: Ensure Matrix Appservice IRC config installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_irc_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" mode: 0644 @@ -105,7 +105,7 @@ register: irc_passkey_file - name: Generate Appservice IRC passkey if it doesn't exist - shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" + ansible.builtin.shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" become: true become_user: "{{ matrix_user_username }}" when: "not irc_passkey_file.stat.exists" @@ -113,7 +113,7 @@ # In the past, we used to generate the passkey.pem file with root, so permissions may not be okay. # Fix it. - name: (Migration) Ensure Appservice IRC passkey permissions are okay - file: + ansible.builtin.file: path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" mode: 0644 owner: "{{ matrix_user_username }}" @@ -139,7 +139,7 @@ # an up-to-date file, and we fix it up with some static values later on, # to produce a final registration.yaml file, as we desire. - name: Generate Appservice IRC registration-template.yaml - shell: >- + ansible.builtin.shell: >- {{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -157,26 +157,26 @@ changed_when: false - name: Read Appservice IRC registration-template.yaml - slurp: + ansible.builtin.slurp: src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml" register: matrix_appservice_irc_registration_template_slurp - name: Remove unnecessary Appservice IRC registration-template.yaml - file: + ansible.builtin.file: path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml" state: absent changed_when: false - name: Parse registration-template.yaml - set_fact: + ansible.builtin.set_fact: matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}" - name: Combine registration-template.yaml and own registration override config - set_fact: + ansible.builtin.set_fact: matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}" - name: Ensure Appservice IRC registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_irc_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" mode: 0644 @@ -184,19 +184,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-appservice-irc.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" mode: 0644 register: matrix_appservice_irc_systemd_service_result - name: Ensure systemd reloaded after matrix-appservice-irc.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_irc_systemd_service_result.changed" - name: Ensure matrix-appservice-irc.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-appservice-irc.service" state: restarted when: "matrix_appservice_irc_requires_restart|bool" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index a4d95df55..216ec682f 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped - service: + ansible.builtin.service: name: matrix-appservice-irc state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_appservice_irc_service_stat.stat.exists" - name: Ensure matrix-appservice-irc.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" state: absent when: "matrix_appservice_irc_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-appservice-irc.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml index 303f26409..f101e6fea 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -17,7 +17,7 @@ # # This is a safety check to ensure we fail earlier and in a nicer way. - name: Fail if no additional configuration provided - fail: + ansible.builtin.fail: msg: >- Your Appservice IRC configuration is incomplete (lacking an `ircService.servers` configuration). You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers` @@ -26,7 +26,7 @@ when: "matrix_appservice_irc_configuration.ircService.servers|length == 0" - name: (Deprecation) Catch and report renamed appservice-irc variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index c83318171..21fee674c 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -2,24 +2,24 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}" when: matrix_appservice_slack_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -38,14 +38,14 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -54,7 +54,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_appservice_slack_matrix_nginx_proxy_configuration: | location {{ matrix_appservice_slack_public_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -69,7 +69,7 @@ } - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -81,7 +81,7 @@ when: matrix_appservice_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index 0bea65bc4..6c0dd2786 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -1,21 +1,21 @@ --- - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." when: "not matrix_postgres_enabled|bool" # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" # Actual import work - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -29,12 +29,12 @@ when: "matrix_postgres_service_start_result.changed|bool" - name: Ensure matrix-appservice-slack is stopped - service: + ansible.builtin.service: name: matrix-appservice-slack state: stopped - name: Import appservice-slack NeDB database into Postgres - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -48,7 +48,7 @@ '/usr/local/bin/node /usr/src/app/lib/scripts/migrateToPostgres.js --dbdir /data --connectionString {{ matrix_appservice_slack_database_connection_string }}' - name: Archive NeDB database files - command: + ansible.builtin.command: cmd: "mv {{ matrix_appservice_slack_data_path }}/{{ item }} {{ matrix_appservice_slack_data_path }}/{{ item }}.backup" with_items: - teams.db @@ -57,7 +57,7 @@ - event-store.db - name: Inject result - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 42aa020c5..5eb860ee3 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure AppService Slack paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -14,7 +14,7 @@ - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"} when: item.when|bool -- set_fact: +- ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: false - block: @@ -26,7 +26,7 @@ - block: - import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: true when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists|bool" when: "matrix_appservice_slack_database_engine == 'postgres'" @@ -44,7 +44,7 @@ until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building - git: + ansible.builtin.git: repo: "{{ matrix_appservice_slack_docker_repo }}" dest: "{{ matrix_appservice_slack_docker_src_files_path }}" force: "yes" @@ -66,7 +66,7 @@ when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed" - name: Ensure Matrix Appservice Slack config installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/config.yaml" mode: 0644 @@ -74,7 +74,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure appservice-slack registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_slack_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml" mode: 0644 @@ -82,19 +82,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-appservice-slack.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" mode: 0644 register: matrix_appservice_slack_systemd_service_result - name: Ensure systemd reloaded after matrix-appservice-slack.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_slack_systemd_service_result.changed" - name: Ensure matrix-appservice-slack.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-appservice-slack.service" state: restarted when: "matrix_appservice_slack_requires_restart|bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index dffe78b34..fefa9aba1 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_appservice_slack_service_stat - name: Ensure matrix-appservice-slack is stopped - service: + ansible.builtin.service: name: matrix-appservice-slack state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_appservice_slack_service_stat.stat.exists" - name: Ensure matrix-appservice-slack.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" state: absent when: "matrix_appservice_slack_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-appservice-slack.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml index 1866c3123..e00eb6d4a 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -13,7 +13,7 @@ - "matrix_appservice_slack_id_token" - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 370b835d6..6b9fa87e2 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -2,17 +2,17 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}" when: matrix_appservice_webhooks_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -31,14 +31,14 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -47,7 +47,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} @@ -64,7 +64,7 @@ {% endif %} - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -76,7 +76,7 @@ when: matrix_appservice_webhooks_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 274f54c53..9228b6178 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure AppService webhooks paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ - block: - name: Ensure Appservice webhooks repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}" dest: "{{ matrix_appservice_webhooks_docker_src_files_path }}" version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}" @@ -50,7 +50,7 @@ when: "matrix_appservice_webhooks_container_image_self_build|bool" - name: Ensure Matrix Appservice webhooks config is installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml" mode: 0644 @@ -58,7 +58,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Matrix Appservice webhooks schema.yml template exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/schema.yml.j2" dest: "{{ matrix_appservice_webhooks_config_path }}/schema.yml" mode: 0644 @@ -66,7 +66,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Matrix Appservice webhooks database.json template exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/database.json.j2" dest: "{{ matrix_appservice_webhooks_data_path }}/database.json" mode: 0644 @@ -74,7 +74,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure appservice-webhooks registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml" mode: 0644 @@ -82,13 +82,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-appservice-webhooks.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" mode: 0644 register: matrix_appservice_webhooks_systemd_service_result - name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_webhooks_systemd_service_result.changed" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 38235652b..8da6f8c20 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_appservice_webhooks_service_stat - name: Ensure matrix-appservice-webhooks is stopped - service: + ansible.builtin.service: name: matrix-appservice-webhooks state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_appservice_webhooks_service_stat.stat.exists" - name: Ensure matrix-appservice-webhooks.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" state: absent when: "matrix_appservice_webhooks_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml index 48f63e68b..d7f45c6f8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 64057301f..6de40974a 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -1,11 +1,11 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" when: matrix_beeper_linkedin_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 74f80314b..73794efec 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - name: Ensure Beeper LinkedIn paths exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -36,7 +36,7 @@ - block: - name: Ensure Beeper LinkedIn repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" @@ -48,7 +48,7 @@ # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image - command: | + ansible.builtin.command: | {{ matrix_host_command_docker }} run \ --rm \ --entrypoint=/bin/sh \ @@ -72,7 +72,7 @@ when: "matrix_beeper_linkedin_container_image_self_build|bool" - name: Ensure beeper-linkedin config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" mode: 0644 @@ -80,7 +80,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure beeper-linkedin registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" mode: 0644 @@ -88,13 +88,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-beeper-linkedin.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" mode: 0644 register: matrix_beeper_linkedin_systemd_service_result - name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index befa2f610..be2b198fa 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_beeper_linkedin_service_stat - name: Ensure matrix-beeper-linkedin is stopped - service: + ansible.builtin.service: name: matrix-beeper-linkedin state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_beeper_linkedin_service_stat.stat.exists" - name: Ensure matrix-beeper-linkedin.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" state: absent when: "matrix_beeper_linkedin_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml index d808de081..61489b7c6 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml index 452d835b7..81baaa245 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}" when: matrix_go_skype_bridge_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index c884625ba..d43941d43 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: false - block: @@ -18,7 +18,7 @@ register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" dst: "{{ matrix_go_skype_bridge_database_connection_string }}" @@ -30,14 +30,14 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: true when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_go_skype_bridge_database_engine == 'postgres'" - name: Ensure Go Skype Bridge paths exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -63,7 +63,7 @@ until: result is not failed - name: Ensure Go Skype Bridge repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}" dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}" version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}" @@ -96,7 +96,7 @@ register: matrix_go_skype_bridge_stat_mx_state - name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped - service: + ansible.builtin.service: name: matrix-go-skype-bridge state: stopped enabled: false @@ -105,15 +105,15 @@ when: "matrix_go_skype_bridge_stat_database.stat.exists" - name: (Data relocation) Move go-skype-bridge database file to ./data directory - command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" + ansible.builtin.command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db" when: "matrix_go_skype_bridge_stat_database.stat.exists" - name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory - command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json" + ansible.builtin.command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json" when: "matrix_go_skype_bridge_stat_mx_state.stat.exists" - name: Ensure go-skype-bridge config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml" mode: 0644 @@ -121,7 +121,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure go-skype-bridge registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml" mode: 0644 @@ -129,19 +129,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-go-skype-bridge.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2" dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service" mode: 0644 register: matrix_go_skype_bridge_systemd_service_result - name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_go_skype_bridge_systemd_service_result.changed" - name: Ensure matrix-go-skype-bridge.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-go-skype-bridge.service" state: restarted when: "matrix_go_skype_bridge_requires_restart|bool" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml index 19acff857..138cdbf18 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_go_skype_bridge_service_stat - name: Ensure matrix-go-skype-bridge is stopped - service: + ansible.builtin.service: name: matrix-go-skype-bridge state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_go_skype_bridge_service_stat.stat.exists" - name: Ensure matrix-go-skype-bridge.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-go-skype-bridge.service" state: absent when: "matrix_go_skype_bridge_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_go_skype_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml index 7e9f3dafb..d681299f2 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index ef3efb761..dd08beb5c 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -2,17 +2,17 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role. when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}" when: matrix_heisenbridge_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index f24bf9264..4112f047a 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -12,7 +12,7 @@ until: result is not failed - name: Ensure heisenbridge paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -22,7 +22,7 @@ - "{{ matrix_heisenbridge_base_path }}" - name: Ensure heisenbridge registration.yaml installed if provided - copy: + ansible.builtin.copy: content: "{{ matrix_heisenbridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml" mode: 0644 @@ -30,13 +30,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-heisenbridge.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2" dest: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" mode: 0644 register: matrix_heisenbridge_systemd_service_result - name: Ensure systemd reloaded after matrix-heisenbridge.service installation - service: + ansible.builtin.service: daemon_reload: true when: matrix_heisenbridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index 54d5bd67b..c3bf7950a 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_heisenbridge_service_stat - name: Ensure matrix-heisenbridge is stopped - service: + ansible.builtin.service: name: matrix-heisenbridge state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_heisenbridge_service_stat.stat.exists" - name: Ensure matrix-heisenbridge.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" state: absent when: "matrix_heisenbridge_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-heisenbridge.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 96d5740a7..5ac8c4f2a 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -2,17 +2,17 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-hookshot role needs to execute before the matrix-synapse role. when: "matrix_hookshot_enabled and matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}" when: matrix_hookshot_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -30,7 +30,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -39,7 +39,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_hookshot_matrix_nginx_proxy_configuration: | location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -95,7 +95,7 @@ } - name: Register hookshot proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -104,7 +104,7 @@ }} - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) - set_fact: + ansible.builtin.set_fact: matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | location /metrics/hookshot { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -120,7 +120,7 @@ when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) @@ -131,7 +131,7 @@ when: matrix_hookshot_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 25f2978cd..eb5e9a98b 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -3,7 +3,7 @@ - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" - name: Ensure hookshot paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -27,7 +27,7 @@ until: result is not failed - name: Ensure hookshot repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_hookshot_container_image_self_build_repo }}" dest: "{{ matrix_hookshot_docker_src_files_path }}" version: "{{ matrix_hookshot_container_image_self_build_branch }}" @@ -55,13 +55,13 @@ register: hookshot_passkey_file - name: Generate hookshot passkey if it doesn't exist - shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096" + ansible.builtin.shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096" become: true become_user: "{{ matrix_user_username }}" when: "not hookshot_passkey_file.stat.exists" - name: Ensure hookshot config.yml installed if provided - copy: + ansible.builtin.copy: content: "{{ matrix_hookshot_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/config.yml" mode: 0644 @@ -69,7 +69,7 @@ group: "{{ matrix_user_groupname }}" - name: Validate hookshot config.yml - command: | + ansible.builtin.command: | {{ matrix_host_command_docker }} run --rm --name={{ matrix_hookshot_container_url }}-validate @@ -80,12 +80,12 @@ register: hookshot_config_validation_result - name: Fail if hookshot config.yml invalid - fail: + ansible.builtin.fail: msg: "Your hookshot configuration did not pass validation:\n{{ hookshot_config_validation_result.stdout }}\n{{ hookshot_config_validation_result.stderr }}" when: "hookshot_config_validation_result.rc > 0" - name: Ensure hookshot registration.yml installed if provided - copy: + ansible.builtin.copy: content: "{{ matrix_hookshot_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/registration.yml" mode: 0644 @@ -93,7 +93,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure hookshot github private key file installed if github is enabled - copy: + ansible.builtin.copy: content: "{{ matrix_hookshot_github_private_key }}" dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" mode: 0400 @@ -102,13 +102,13 @@ when: matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length > 0 - name: Ensure matrix-hookshot.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-hookshot.service" mode: 0644 register: matrix_hookshot_systemd_service_result - name: Ensure systemd reloaded after matrix-hookshot.service installation - service: + ansible.builtin.service: daemon_reload: true when: matrix_hookshot_systemd_service_result.changed diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml index d8efbb029..903f46e65 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_hookshot_service_stat - name: Ensure matrix-hookshot is stopped - service: + ansible.builtin.service: name: matrix-hookshot state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_hookshot_service_stat.stat.exists" - name: Ensure matrix-hookshot.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-hookshot.service" state: absent when: "matrix_hookshot_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-hookshot.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_hookshot_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml index b96223323..0fbcf53c2 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -10,7 +10,7 @@ - "matrix_hookshot_homeserver_token" - name: Fail if required GitHub settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) to enable GitHub. when: "matrix_hookshot_github_enabled and vars[item] == ''" @@ -19,7 +19,7 @@ - "matrix_hookshot_github_secret" - name: Fail if required GitHub OAuth settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth. when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''" @@ -28,7 +28,7 @@ - "matrix_hookshot_github_oauth_secret" - name: Fail if required Jira settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) to enable Jira. when: "matrix_hookshot_jira_enabled and vars[item] == ''" @@ -36,7 +36,7 @@ - "matrix_hookshot_jira_secret" - name: Fail if required Jira OAuth settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth. when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''" @@ -45,13 +45,13 @@ - "matrix_hookshot_jira_oauth_secret" - name: Fail if required Figma settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define at least one Figma instance to enable Figma. when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined" - name: Fail if required provisioning settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) to enable provisioning. when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" @@ -59,7 +59,7 @@ - "matrix_hookshot_provisioning_secret" - name: (Deprecation) Catch and report old metrics usage - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot, which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`. diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index f2cd59632..3bad6fb21 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}" when: matrix_mautrix_facebook_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -29,7 +29,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -38,7 +38,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_facebook_public_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -53,7 +53,7 @@ } - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -62,7 +62,7 @@ }} - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 699ed88a0..eaf2f1394 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: false - block: @@ -18,7 +18,7 @@ register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_facebook_database_connection_string }}" @@ -29,7 +29,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: true when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mautrix_facebook_database_engine == 'postgres'" @@ -47,7 +47,7 @@ until: result is not failed - name: Ensure Mautrix Facebook paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -61,7 +61,7 @@ when: item.when|bool - name: Ensure Mautrix Facebook repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" @@ -89,7 +89,7 @@ register: matrix_mautrix_facebook_stat_database - name: (Data relocation) Ensure matrix-mautrix-facebook.service is stopped - service: + ansible.builtin.service: name: matrix-mautrix-facebook state: stopped enabled: false @@ -98,11 +98,11 @@ when: "matrix_mautrix_facebook_stat_database.stat.exists" - name: (Data relocation) Move mautrix-facebook database file to ./data directory - command: "mv {{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db {{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db" + ansible.builtin.command: "mv {{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db {{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db" when: "matrix_mautrix_facebook_stat_database.stat.exists" - name: Ensure mautrix-facebook config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/config.yaml" mode: 0644 @@ -110,7 +110,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-facebook registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/registration.yaml" mode: 0644 @@ -118,19 +118,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-facebook.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Ensure matrix-mautrix-facebook.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mautrix-facebook.service" state: restarted when: "matrix_mautrix_facebook_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index 1c8fbd3b6..cebdcdabe 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mautrix_facebook_service_stat - name: Ensure matrix-mautrix-facebook is stopped - service: + ansible.builtin.service: name: matrix-mautrix-facebook state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mautrix_facebook_service_stat.stat.exists" - name: Ensure matrix-mautrix-facebook.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" state: absent when: "matrix_mautrix_facebook_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 7fcd6bead..986fbc634 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -12,7 +12,7 @@ - block: - name: Inject warning if on an old SQLite-supporting version - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index 27845148e..67cdd4a5c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}" when: matrix_mautrix_googlechat_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -29,7 +29,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -38,7 +38,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_googlechat_public_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -52,7 +52,7 @@ {% endif %} } - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -64,7 +64,7 @@ when: matrix_mautrix_googlechat_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index bf04e834c..a2544c573 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: false - block: @@ -18,7 +18,7 @@ register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" @@ -29,7 +29,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: true when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mautrix_googlechat_database_engine == 'postgres'" @@ -47,7 +47,7 @@ until: result is not failed - name: Ensure Mautrix googlechat paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -61,7 +61,7 @@ when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" force: "yes" @@ -88,7 +88,7 @@ register: matrix_mautrix_googlechat_stat_database - name: (Data relocation) Ensure matrix-mautrix-googlechat.service is stopped - service: + ansible.builtin.service: name: matrix-mautrix-googlechat state: stopped enabled: false @@ -97,11 +97,11 @@ when: "matrix_mautrix_googlechat_stat_database.stat.exists" - name: (Data relocation) Move mautrix-googlechat database file to ./data directory - command: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db" + ansible.builtin.command: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db" when: "matrix_mautrix_googlechat_stat_database.stat.exists" - name: Ensure mautrix-googlechat config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml" mode: 0644 @@ -109,7 +109,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-googlechat registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml" mode: 0644 @@ -117,19 +117,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-googlechat.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" mode: 0644 register: matrix_mautrix_googlechat_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_googlechat_systemd_service_result.changed" - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mautrix-googlechat.service" state: restarted when: "matrix_mautrix_googlechat_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index a315c0c84..889558681 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mautrix_googlechat_service_stat - name: Ensure matrix-mautrix-googlechat is stopped - service: + ansible.builtin.service: name: matrix-mautrix-googlechat state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mautrix_googlechat_service_stat.stat.exists" - name: Ensure matrix-mautrix-googlechat.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" state: absent when: "matrix_mautrix_googlechat_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml index 083e8d342..fc36472eb 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -9,6 +9,6 @@ - "matrix_mautrix_googlechat_public_endpoint" - "matrix_mautrix_googlechat_appservice_token" - "matrix_mautrix_googlechat_homeserver_token" -- debug: +- ansible.builtin.debug: msg: - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index d00e52528..6f7374ee8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}" when: matrix_mautrix_hangouts_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -29,7 +29,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -38,7 +38,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_hangouts_public_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -52,7 +52,7 @@ {% endif %} } - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -64,7 +64,7 @@ when: matrix_mautrix_hangouts_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 6a8808159..11456cc4a 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: false - block: @@ -18,7 +18,7 @@ register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" @@ -29,7 +29,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: true when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mautrix_hangouts_database_engine == 'postgres'" @@ -47,7 +47,7 @@ until: result is not failed - name: Ensure Mautrix Hangouts paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -61,7 +61,7 @@ when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" force: "yes" @@ -88,7 +88,7 @@ register: matrix_mautrix_hangouts_stat_database - name: (Data relocation) Ensure matrix-mautrix-hangouts.service is stopped - service: + ansible.builtin.service: name: matrix-mautrix-hangouts state: stopped enabled: false @@ -97,11 +97,11 @@ when: "matrix_mautrix_hangouts_stat_database.stat.exists" - name: (Data relocation) Move mautrix-hangouts database file to ./data directory - command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" + ansible.builtin.command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" when: "matrix_mautrix_hangouts_stat_database.stat.exists" - name: Ensure mautrix-hangouts config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" mode: 0644 @@ -109,7 +109,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-hangouts registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" mode: 0644 @@ -117,19 +117,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-hangouts.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" mode: 0644 register: matrix_mautrix_hangouts_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_hangouts_systemd_service_result.changed" - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mautrix-hangouts.service" state: restarted when: "matrix_mautrix_hangouts_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 8ce859c8e..f3234a2e9 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mautrix_hangouts_service_stat - name: Ensure matrix-mautrix-hangouts is stopped - service: + ansible.builtin.service: name: matrix-mautrix-hangouts state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mautrix_hangouts_service_stat.stat.exists" - name: Ensure matrix-mautrix-hangouts.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" state: absent when: "matrix_mautrix_hangouts_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 0242ef16c..c80586e09 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -9,6 +9,6 @@ - "matrix_mautrix_hangouts_public_endpoint" - "matrix_mautrix_hangouts_appservice_token" - "matrix_mautrix_hangouts_homeserver_token" -- debug: +- ansible.builtin.debug: msg: - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index 867133809..e3b4c58c5 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}" when: matrix_mautrix_instagram_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 5e30adbe4..98fa11571 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -2,7 +2,7 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" @@ -20,7 +20,7 @@ until: result is not failed - name: Ensure Mautrix instagram paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -34,7 +34,7 @@ when: item.when|bool - name: Ensure Mautrix instagram repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}" force: "yes" @@ -56,7 +56,7 @@ when: "matrix_mautrix_instagram_container_image_self_build|bool" - name: Ensure mautrix-instagram config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml" mode: 0644 @@ -64,7 +64,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-instagram registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml" mode: 0644 @@ -72,13 +72,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-instagram.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" mode: 0644 register: matrix_mautrix_instagram_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_instagram_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index 2cc0e0e93..ef90f01f6 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -5,7 +5,7 @@ register: matrix_mautrix_instagram_service_stat - name: Ensure matrix-mautrix-instagram is stopped - service: + ansible.builtin.service: name: matrix-mautrix-instagram state: stopped enabled: false @@ -13,12 +13,12 @@ when: "matrix_mautrix_instagram_service_stat.stat.exists" - name: Ensure matrix-mautrix-instagram.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" state: absent when: "matrix_mautrix_instagram_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml index 24992ff56..99f7b0156 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml @@ -1,6 +1,6 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index b9b698c57..4d9a2448f 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,11 +1,11 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" when: matrix_mautrix_signal_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 06f77348b..b7afb3519 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -3,7 +3,7 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" @@ -22,7 +22,7 @@ - name: Ensure Mautrix Signal repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_signal_docker_repo }}" dest: "{{ matrix_mautrix_signal_docker_src_files_path }}" force: "yes" @@ -54,7 +54,7 @@ register: matrix_mautrix_signal_daemon_pull_results - name: Ensure Mautrix Signal Daemon repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}" dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" force: "yes" @@ -76,7 +76,7 @@ when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" - name: Ensure Mautrix Signal paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -91,7 +91,7 @@ - "{{ matrix_mautrix_signal_daemon_path }}/data" - name: Ensure mautrix-signal config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" mode: 0644 @@ -99,7 +99,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-signal registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_signal_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" mode: 0644 @@ -107,20 +107,20 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-signal-daemon.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" mode: 0644 register: matrix_mautrix_signal_daemon_systemd_service_result - name: Ensure matrix-mautrix-signal.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" mode: 0644 register: matrix_mautrix_signal_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-signal.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index 8ca2be3fe..33f1b9f5c 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -7,7 +7,7 @@ register: matrix_mautrix_signal_daemon_service_stat - name: Ensure matrix-mautrix-signal-daemon is stopped - service: + ansible.builtin.service: name: matrix-mautrix-signal-daemon state: stopped enabled: false @@ -15,7 +15,7 @@ when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" state: absent when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" @@ -27,7 +27,7 @@ register: matrix_mautrix_signal_service_stat - name: Ensure matrix-mautrix-signal is stopped - service: + ansible.builtin.service: name: matrix-mautrix-signal state: stopped enabled: false @@ -35,13 +35,13 @@ when: "matrix_mautrix_signal_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" state: absent when: "matrix_mautrix_signal_service_stat.stat.exists" # All services - name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml index 108ac044d..01a02c2f3 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -12,7 +12,7 @@ - "matrix_mautrix_signal_appservice_token" - name: (Deprecation) Catch and report renamed Signal variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 93b4d9f85..a9cc04254 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}" when: matrix_mautrix_telegram_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -29,7 +29,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -38,7 +38,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_telegram_public_endpoint }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -53,7 +53,7 @@ } - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -61,7 +61,7 @@ [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] }} - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 55e7d016f..d530d2b93 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: false - block: @@ -18,7 +18,7 @@ register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_telegram_database_connection_string }}" @@ -29,13 +29,13 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: true when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mautrix_telegram_database_engine == 'postgres'" - name: Ensure Mautrix Telegram paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -61,7 +61,7 @@ until: result is not failed - name: Ensure lottieconverter is present when self-building - git: + ansible.builtin.git: repo: "{{ matrix_telegram_lottieconverter_docker_repo }}" dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" force: "yes" @@ -83,7 +83,7 @@ when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build|bool" - name: Ensure matrix-mautrix-telegram repository is present when self-building - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_telegram_docker_repo }}" dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}" force: "yes" @@ -112,7 +112,7 @@ register: matrix_mautrix_telegram_stat_database - name: (Data relocation) Ensure matrix-mautrix-telegram.service is stopped - service: + ansible.builtin.service: name: matrix-mautrix-telegram state: stopped enabled: false @@ -121,11 +121,11 @@ when: "matrix_mautrix_telegram_stat_database.stat.exists" - name: (Data relocation) Move mautrix-telegram database file to ./data directory - command: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db" + ansible.builtin.command: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db" when: "matrix_mautrix_telegram_stat_database.stat.exists" - name: Ensure mautrix-telegram config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/config.yaml" mode: 0644 @@ -133,7 +133,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-telegram registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/registration.yaml" mode: 0644 @@ -141,19 +141,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-telegram.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" mode: 0644 register: matrix_mautrix_telegram_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_telegram_systemd_service_result.changed" - name: Ensure matrix-mautrix-telegram.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mautrix-telegram.service" state: restarted when: "matrix_mautrix_telegram_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index a713898b9..01b58313a 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mautrix_telegram_service_stat - name: Ensure matrix-mautrix-telegram is stopped - service: + ansible.builtin.service: name: matrix-mautrix-telegram state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mautrix_telegram_service_stat.stat.exists" - name: Ensure matrix-mautrix-telegram.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" state: absent when: "matrix_mautrix_telegram_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml index 2067b97b0..9711448bf 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -13,7 +13,7 @@ - "matrix_mautrix_telegram_homeserver_token" - name: (Deprecation) Catch and report renamed Telegram variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 34f4ebde2..3fdd66d83 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -1,11 +1,11 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}" when: matrix_mautrix_twitter_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -24,6 +24,6 @@ # ansible lower than 2.8, does not support docker_image build parameters # for self buildig it is explicitly needed, so we rather fail here - name: Fail if running on Ansible lower than 2.8 and trying self building - fail: + ansible.builtin.fail: msg: "To self build Mautrix Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_twitter_container_image_self_build" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 552c9d525..167176a8f 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mautrix_twitter_requires_restart: false - name: Ensure Mautrix Twitter image is pulled @@ -24,7 +24,7 @@ until: result is not failed - name: Ensure Mautrix Twitter paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -38,7 +38,7 @@ when: item.when|bool - name: Ensure Mautrix Twitter repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" @@ -60,7 +60,7 @@ when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool" - name: Ensure mautrix-twitter config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml" mode: 0644 @@ -68,7 +68,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-twitter registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml" mode: 0644 @@ -76,19 +76,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-twitter.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" mode: 0644 register: matrix_mautrix_twitter_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_twitter_systemd_service_result.changed" - name: Ensure matrix-mautrix-twitter.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mautrix-twitter.service" state: restarted when: "matrix_mautrix_twitter_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 024603e71..9c3579316 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -6,19 +6,19 @@ register: matrix_mautrix_twitter_service_stat - name: Ensure matrix-mautrix-twitter is stopped - service: + ansible.builtin.service: name: matrix-mautrix-twitter state: stopped daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" - name: Ensure matrix-mautrix-twitter.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" state: absent when: "matrix_mautrix_twitter_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml index 5b6e3d020..326dca83a 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index d4fb82218..75a0134b2 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" when: matrix_mautrix_whatsapp_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index f47675b58..59e5fe0ef 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -3,12 +3,12 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: false - block: @@ -18,7 +18,7 @@ register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}" @@ -30,14 +30,14 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: true when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" - name: Ensure Mautrix Whatsapp paths exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -63,7 +63,7 @@ until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mautrix_whatsapp_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}" @@ -96,7 +96,7 @@ register: matrix_mautrix_whatsapp_stat_mx_state - name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped - service: + ansible.builtin.service: name: matrix-mautrix-whatsapp state: stopped enabled: false @@ -105,15 +105,15 @@ when: "matrix_mautrix_whatsapp_stat_database.stat.exists" - name: (Data relocation) Move mautrix-whatsapp database file to ./data directory - command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" + ansible.builtin.command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" when: "matrix_mautrix_whatsapp_stat_database.stat.exists" - name: (Data relocation) Move mautrix-whatsapp mx-state file to ./data directory - command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json" + ansible.builtin.command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json" when: "matrix_mautrix_whatsapp_stat_mx_state.stat.exists" - name: Ensure mautrix-whatsapp config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" mode: 0644 @@ -121,7 +121,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mautrix-whatsapp registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" mode: 0644 @@ -129,19 +129,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mautrix-whatsapp.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" mode: 0644 register: matrix_mautrix_whatsapp_systemd_service_result - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mautrix-whatsapp.service" state: restarted when: "matrix_mautrix_whatsapp_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 3884f9e7e..94f7f30ae 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mautrix_whatsapp_service_stat - name: Ensure matrix-mautrix-whatsapp is stopped - service: + ansible.builtin.service: name: matrix-mautrix-whatsapp state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - name: Ensure matrix-mautrix-whatsapp.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" state: absent when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index 9b0a725c9..863dc926f 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -11,7 +11,7 @@ - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 115ccf353..ca0090287 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}" when: matrix_mx_puppet_discord_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ddfa39d5..3c3c43a03 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -3,13 +3,13 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - name: Ensure MX Puppet Discord paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -29,17 +29,17 @@ - block: - name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-discord state: stopped daemon_reload: true failed_when: false - name: (Data relocation) Move mx-puppet-discord database file to ./data directory - command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" + ansible.builtin.command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" when: "matrix_mx_puppet_discord_stat_database.stat.exists" -- set_fact: +- ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: false - block: @@ -49,7 +49,7 @@ register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_discord_database_connection_string }}" @@ -60,7 +60,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: true when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mx_puppet_discord_database_engine == 'postgres'" @@ -78,7 +78,7 @@ until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mx_puppet_discord_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" force: "yes" @@ -101,7 +101,7 @@ when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" - name: Ensure mx-puppet-discord config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" mode: 0644 @@ -109,7 +109,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mx-puppet-discord discord-registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" mode: 0644 @@ -117,19 +117,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mx-puppet-discord.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-discord.service" mode: 0644 register: matrix_mx_puppet_discord_systemd_service_result - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_discord_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-discord.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mx-puppet-discord.service" state: restarted when: "matrix_mx_puppet_discord_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index b3ab8e39e..beff6c5db 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mx_puppet_discord_service_stat - name: Ensure matrix-mx-puppet-discord is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-discord state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mx_puppet_discord_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-discord.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-mx-puppet-discord.service" state: absent when: "matrix_mx_puppet_discord_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml index c253eda29..e73a868a5 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index 9bada5d87..0791546d6 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}" when: matrix_mx_puppet_groupme_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 286c5611c..9ca9c7ea6 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -3,13 +3,13 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - name: Ensure MX Puppet Groupme paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ register: matrix_mx_puppet_groupme_stat_database - name: (Data relocation) Ensure matrix-mx-puppet-groupme.service is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-groupme state: stopped enabled: false @@ -37,10 +37,10 @@ when: "matrix_mx_puppet_groupme_stat_database.stat.exists" - name: (Data relocation) Move mx-puppet-groupme database file to ./data directory - command: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db" + ansible.builtin.command: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db" when: "matrix_mx_puppet_groupme_stat_database.stat.exists" -- set_fact: +- ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: false - block: @@ -50,7 +50,7 @@ register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}" @@ -61,7 +61,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: true when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" @@ -79,7 +79,7 @@ until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" force: "yes" @@ -101,7 +101,7 @@ when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure mx-puppet-groupme config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml" mode: 0644 @@ -109,7 +109,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mx-puppet-groupme groupme-registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml" mode: 0644 @@ -117,19 +117,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mx-puppet-groupme.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-groupme.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-groupme.service" mode: 0644 register: matrix_mx_puppet_groupme_systemd_service_result - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_groupme_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mx-puppet-groupme.service" state: restarted when: "matrix_mx_puppet_groupme_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index 24daf7be8..faf5ac0a5 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mx_puppet_groupme_service_stat - name: Ensure matrix-mx-puppet-groupme is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-groupme state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-groupme.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" state: absent when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml index 5c5463ce9..d091de6dc 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index ae6302b30..3f2b98dc2 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}" when: matrix_mx_puppet_instagram_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 2e74c059e..4048e1755 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -3,13 +3,13 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: false - block: @@ -19,7 +19,7 @@ register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}" @@ -30,7 +30,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: true when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" @@ -48,7 +48,7 @@ until: result is not failed - name: Ensure mx-puppet-instagram paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -62,7 +62,7 @@ when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool - name: Ensure mx-puppet-instagram repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" force: "yes" @@ -84,7 +84,7 @@ when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" - name: Ensure mx-puppet-instagram config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" mode: 0644 @@ -92,7 +92,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mx-puppet-instagram-registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" mode: 0644 @@ -100,19 +100,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mx-puppet-instagram.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service" mode: 0644 register: matrix_mx_puppet_instagram_systemd_service_result - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_instagram_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mx-puppet-instagram.service" state: restarted when: "matrix_mx_puppet_instagram_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index e4435a3e8..cb876e2a1 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mx_puppet_instagram_service_stat - name: Ensure matrix-mx-puppet-instagram is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-instagram state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-instagram.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" state: absent when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml index b6d9d994e..383fe5021 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index ed6753a2f..74a6ed44b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}" when: matrix_mx_puppet_slack_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -29,7 +29,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -38,7 +38,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | location {{ matrix_mx_puppet_slack_redirect_path }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -53,7 +53,7 @@ } - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -65,7 +65,7 @@ when: matrix_mx_puppet_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 3a7dfb409..48408b5ab 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -3,13 +3,13 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - name: Ensure MX Puppet Slack paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ register: matrix_mx_puppet_slack_stat_database - name: (Data relocation) Ensure matrix-mx-puppet-slack.service is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-slack state: stopped enabled: false @@ -36,7 +36,7 @@ failed_when: false when: "matrix_mx_puppet_slack_stat_database.stat.exists" -- set_fact: +- ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: false - block: @@ -46,7 +46,7 @@ register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_slack_database_connection_string }}" @@ -57,7 +57,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: true when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mx_puppet_slack_database_engine == 'postgres'" @@ -75,7 +75,7 @@ until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" @@ -98,11 +98,11 @@ when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" - name: (Data relocation) Move mx-puppet-slack database file to ./data directory - command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db" + ansible.builtin.command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db" when: "matrix_mx_puppet_slack_stat_database.stat.exists" - name: Ensure mx-puppet-slack config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" mode: 0644 @@ -110,7 +110,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mx-puppet-slack slack-registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" mode: 0644 @@ -118,19 +118,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mx-puppet-slack.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-slack.service" mode: 0644 register: matrix_mx_puppet_slack_systemd_service_result - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_slack_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-slack.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mx-puppet-slack.service" state: restarted when: "matrix_mx_puppet_slack_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index 3a119267e..835e20d79 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mx_puppet_slack_service_stat - name: Ensure matrix-mx-puppet-slack is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-slack state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mx_puppet_slack_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-slack.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-mx-puppet-slack.service" state: absent when: "matrix_mx_puppet_slack_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml index 3a0bca111..ea917f97e 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index 9a171af79..7c5487f48 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}" when: matrix_mx_puppet_steam_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index ac2a2fda9..dfb7c6c9c 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -3,13 +3,13 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - name: Ensure MX Puppet Steam paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ register: matrix_mx_puppet_steam_stat_database - name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-steam state: stopped enabled: false @@ -37,10 +37,10 @@ when: "matrix_mx_puppet_steam_stat_database.stat.exists" - name: (Data relocation) Move mx-puppet-steam database file to ./data directory - command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db" + ansible.builtin.command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db" when: "matrix_mx_puppet_steam_stat_database.stat.exists" -- set_fact: +- ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: false - block: @@ -50,7 +50,7 @@ register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_steam_database_connection_string }}" @@ -61,7 +61,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: true when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mx_puppet_steam_database_engine == 'postgres'" @@ -79,7 +79,7 @@ until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" force: "yes" @@ -101,7 +101,7 @@ when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure mx-puppet-steam config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" mode: 0644 @@ -109,7 +109,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mx-puppet-steam steam-registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" mode: 0644 @@ -117,19 +117,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mx-puppet-steam.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-steam.service" mode: 0644 register: matrix_mx_puppet_steam_systemd_service_result - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_steam_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-steam.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mx-puppet-steam.service" state: restarted when: "matrix_mx_puppet_steam_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index 2e152ef67..7ec8245dc 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mx_puppet_steam_service_stat - name: Ensure matrix-mx-puppet-steam is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-steam state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mx_puppet_steam_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-steam.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-mx-puppet-steam.service" state: absent when: "matrix_mx_puppet_steam_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml index a8bc6a420..2e54d6ffa 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index d774de159..53e2f2f50 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -2,16 +2,16 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}" when: matrix_mx_puppet_twitter_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) @@ -29,7 +29,7 @@ - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -38,7 +38,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | location {{ matrix_mx_puppet_twitter_webhook_path }} { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -53,7 +53,7 @@ } - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -65,7 +65,7 @@ when: matrix_mx_puppet_twitter_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 6336b0a08..34d522f5e 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -3,13 +3,13 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" - name: Ensure MX Puppet Twitter paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ register: matrix_mx_puppet_twitter_stat_database - name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-twitter state: stopped enabled: false @@ -37,10 +37,10 @@ when: "matrix_mx_puppet_twitter_stat_database.stat.exists" - name: (Data relocation) Move mx-puppet-twitter database file to ./data directory - command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db" + ansible.builtin.command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db" when: "matrix_mx_puppet_twitter_stat_database.stat.exists" -- set_fact: +- ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: false - block: @@ -50,7 +50,7 @@ register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}" @@ -61,7 +61,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: true when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" @@ -79,7 +79,7 @@ until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" force: "yes" @@ -101,7 +101,7 @@ when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure mx-puppet-twitter config.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" mode: 0644 @@ -109,7 +109,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure mx-puppet-twitter twitter-registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" mode: 0644 @@ -117,19 +117,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-mx-puppet-twitter.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service" mode: 0644 register: matrix_mx_puppet_twitter_systemd_service_result - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_twitter_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-mx-puppet-twitter.service" state: restarted when: "matrix_mx_puppet_twitter_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 56dcd9ce0..2718634db 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_mx_puppet_twitter_service_stat - name: Ensure matrix-mx-puppet-twitter is stopped - service: + ansible.builtin.service: name: matrix-mx-puppet-twitter state: stopped enabled: false @@ -14,12 +14,12 @@ when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-twitter.service doesn't exist - file: + ansible.builtin.file: path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" state: absent when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml index d13a39e1e..b5b7ef5b7 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index 9ee96b3eb..4a3d1719c 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -3,17 +3,17 @@ # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed - fail: + ansible.builtin.fail: msg: >- The matrix-sms-bridge role needs to execute before the matrix-synapse role. when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}" when: matrix_sms_bridge_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 412c26feb..ad6a91858 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -10,7 +10,7 @@ until: result is not failed - name: Ensure matrix-sms-bridge paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -22,7 +22,7 @@ - "{{ matrix_sms_bridge_data_path }}" - name: Ensure matrix-sms-bridge application.yml installed - copy: + ansible.builtin.copy: content: "{{ matrix_sms_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/application.yml" mode: 0644 @@ -30,7 +30,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-sms-bridge registration.yaml installed - copy: + ansible.builtin.copy: content: "{{ matrix_sms_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" mode: 0644 @@ -38,7 +38,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure android-sms-gateway-server cert installed - copy: + ansible.builtin.copy: src: "{{ matrix_sms_bridge_provider_android_truststore_local_path }}" dest: "{{ matrix_sms_bridge_config_path }}/matrix-sms-gateway-server.p12" mode: 0644 @@ -47,13 +47,13 @@ when: matrix_sms_bridge_provider_android_truststore_local_path != "" - name: Ensure matrix-sms-bridge.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2" dest: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" mode: 0644 register: matrix_sms_bridge_systemd_service_result - name: Ensure systemd reloaded after matrix-sms-bridge.service installation - service: + ansible.builtin.service: daemon_reload: true when: matrix_sms_bridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml index d74476ebe..f0f966b2d 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_sms_bridge_service_stat - name: Ensure matrix-sms-bridge is stopped - service: + ansible.builtin.service: name: matrix-sms-bridge state: stopped enabled: false @@ -14,7 +14,7 @@ when: "matrix_sms_bridge_service_stat.stat.exists" - name: Ensure matrix-sms-bridge.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" state: absent when: "matrix_sms_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml index 96e41755b..fa7dcfbdd 100644 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ b/roles/matrix-bridge-sms/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/matrix-client-cinny/tasks/init.yml index 04fbd8a20..4d1190dc6 100644 --- a/roles/matrix-client-cinny/tasks/init.yml +++ b/roles/matrix-client-cinny/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Cinny image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_cinny_container_image_self_build and matrix_client_cinny_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-cinny.service'] }}" when: matrix_client_cinny_enabled|bool diff --git a/roles/matrix-client-cinny/tasks/self_check.yml b/roles/matrix-client-cinny/tasks/self_check.yml index d00408da9..e0f9bfc1e 100644 --- a/roles/matrix-client-cinny/tasks/self_check.yml +++ b/roles/matrix-client-cinny/tasks/self_check.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_client_cinny_url_endpoint_public: "https://{{ matrix_server_fqn_cinny }}/config.json" - name: Check Cinny - uri: + ansible.builtin.uri: url: "{{ matrix_client_cinny_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_client_cinny_self_check_validate_certificates }}" @@ -13,10 +13,10 @@ ignore_errors: true - name: Fail if Cinny not working - fail: + ansible.builtin.fail: msg: "Failed checking Cinny is up at `{{ matrix_server_fqn_cinny }}` (checked endpoint: `{{ matrix_client_cinny_url_endpoint_public }}`). Is Cinny running? Is port 443 open in your firewall? Full error: {{ matrix_client_cinny_self_check_result }}" when: "matrix_client_cinny_self_check_result.failed or 'json' not in matrix_client_cinny_self_check_result" - name: Report working Cinny - debug: + ansible.builtin.debug: msg: "Cinny at `{{ matrix_server_fqn_cinny }}` is working (checked endpoint: `{{ matrix_client_cinny_url_endpoint_public }}`)" diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index da979f565..3689586f4 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- - name: Ensure Cinny paths exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -24,7 +24,7 @@ until: result is not failed - name: Ensure Cinny repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_client_cinny_container_image_self_build_repo }}" dest: "{{ matrix_client_cinny_docker_src_files_path }}" version: "{{ matrix_client_cinny_docker_image.split(':')[1] }}" @@ -35,7 +35,7 @@ when: "matrix_client_cinny_container_image_self_build|bool" - name: Ensure Cinny configuration installed - copy: + ansible.builtin.copy: content: "{{ matrix_client_cinny_configuration|to_nice_json }}" dest: "{{ matrix_client_cinny_data_path }}/config.json" mode: 0644 @@ -43,7 +43,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Cinny additional config files installed - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ matrix_client_cinny_data_path }}/{{ item.name }}" mode: 0644 @@ -65,13 +65,13 @@ when: "matrix_client_cinny_container_image_self_build|bool" - name: Ensure matrix-client-cinny.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-cinny.service.j2" dest: "{{ matrix_systemd_path }}/matrix-client-cinny.service" mode: 0644 register: matrix_client_cinny_systemd_service_result - name: Ensure systemd reloaded after matrix-client-cinny.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_cinny_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/matrix-client-cinny/tasks/setup_uninstall.yml index 507c5d70e..866308ddc 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/matrix-client-cinny/tasks/setup_uninstall.yml @@ -5,7 +5,7 @@ register: matrix_client_cinny_service_stat - name: Ensure matrix-client-cinny is stopped - service: + ansible.builtin.service: name: matrix-client-cinny state: stopped enabled: false @@ -14,18 +14,18 @@ when: "matrix_client_cinny_service_stat.stat.exists|bool" - name: Ensure matrix-client-cinny.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" state: absent when: "matrix_client_cinny_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-client-cinny.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_cinny_service_stat.stat.exists|bool" - name: Ensure Cinny paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_client_cinny_data_path }}" state: absent diff --git a/roles/matrix-client-cinny/tasks/validate_config.yml b/roles/matrix-client-cinny/tasks/validate_config.yml index d8e804c5e..10f64fee1 100644 --- a/roles/matrix-client-cinny/tasks/validate_config.yml +++ b/roles/matrix-client-cinny/tasks/validate_config.yml @@ -1,6 +1,6 @@ --- - name: Fail if required Cinny settings not defined - fail: + ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) to use Cinny. when: "vars[item] == '' or vars[item] is none" diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/matrix-client-element/tasks/init.yml index cb1df0b52..65edf53a0 100644 --- a/roles/matrix-client-element/tasks/init.yml +++ b/roles/matrix-client-element/tasks/init.yml @@ -1,12 +1,12 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}" when: matrix_client_element_enabled|bool # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build and matrix_client_element_enabled" diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/matrix-client-element/tasks/migrate_riot_web.yml index ee0fd4460..b570d8927 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/matrix-client-element/tasks/migrate_riot_web.yml @@ -7,7 +7,7 @@ when: "matrix_client_element_enabled|bool" - name: Ensure matrix-riot-web is stopped - service: + ansible.builtin.service: name: matrix-riot-web state: stopped enabled: false @@ -16,13 +16,13 @@ when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" - name: Ensure matrix-riot-web.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-riot-web.service" state: absent when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-riot-web.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" @@ -33,5 +33,5 @@ when: "matrix_client_element_enabled|bool" - name: Relocate /matrix/riot-web to /matrix/client-element - command: "mv /matrix/riot-web /matrix/client-element" + ansible.builtin.command: "mv /matrix/riot-web /matrix/client-element" when: "matrix_client_element_enabled|bool and matrix_client_riot_web_dir_stat.stat.exists" diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index bfb9837bc..7d5c10197 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -6,7 +6,7 @@ - block: - name: Ensure Element themes repository is pulled - git: + ansible.builtin.git: repo: "{{ matrix_client_element_themes_repository_url }}" dest: "{{ role_path }}/files/scratchpad/themes" @@ -18,13 +18,13 @@ register: matrix_client_element_theme_file_list - name: Read Element theme - slurp: + ansible.builtin.slurp: path: "{{ item.path }}" register: "matrix_client_element_theme_file_contents" with_items: "{{ matrix_client_element_theme_file_list.files }}" - name: Load Element theme - set_fact: + ansible.builtin.set_fact: matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" with_items: "{{ matrix_client_element_theme_file_contents.results }}" @@ -39,7 +39,7 @@ # - name: Ensure Element themes repository is removed - file: + ansible.builtin.file: path: "{{ role_path }}/files/scratchpad/themes" state: absent run_once: true diff --git a/roles/matrix-client-element/tasks/self_check.yml b/roles/matrix-client-element/tasks/self_check.yml index d05644c80..031bb5f90 100644 --- a/roles/matrix-client-element/tasks/self_check.yml +++ b/roles/matrix-client-element/tasks/self_check.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json" - name: Check Element - uri: + ansible.builtin.uri: url: "{{ matrix_client_element_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}" @@ -13,10 +13,10 @@ ignore_errors: true - name: Fail if Element not working - fail: + ansible.builtin.fail: msg: "Failed checking Element is up at `{{ matrix_server_fqn_element }}` (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`). Is Element running? Is port 443 open in your firewall? Full error: {{ matrix_client_element_self_check_result }}" when: "matrix_client_element_self_check_result.failed or 'json' not in matrix_client_element_self_check_result" - name: Report working Element - debug: + ansible.builtin.debug: msg: "Element at `{{ matrix_server_fqn_element }}` is working (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`)" diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 4d0af82d6..6a4fe3f30 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure Element paths exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -25,7 +25,7 @@ until: result is not failed - name: Ensure Element repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_client_element_container_image_self_build_repo }}" dest: "{{ matrix_client_element_docker_src_files_path }}" version: "{{ matrix_client_element_docker_image.split(':')[1] }}" @@ -39,13 +39,13 @@ # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357 # - https://github.com/vector-im/element-web/issues/19544 - name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices - lineinfile: + ansible.builtin.lineinfile: path: "{{ matrix_client_element_docker_src_files_path }}/webpack.config.js" regexp: '(\s+)splitChunks: \{' line: '\1splitChunks: { maxSize: 100000,' backrefs: true owner: root - group: root + ansible.builtin.group: root mode: '0644' when: "matrix_client_element_container_image_self_build|bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled|bool" @@ -62,7 +62,7 @@ when: "matrix_client_element_container_image_self_build|bool" - name: Ensure Element configuration installed - copy: + ansible.builtin.copy: content: "{{ matrix_client_element_configuration|to_nice_json }}" dest: "{{ matrix_client_element_data_path }}/config.json" mode: 0644 @@ -70,7 +70,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Element config files installed - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ matrix_client_element_data_path }}/{{ item.name }}" mode: 0644 @@ -83,7 +83,7 @@ when: "item.src is not none" - name: Ensure Element config files removed - file: + ansible.builtin.file: path: "{{ matrix_client_element_data_path }}/{{ item.name }}" state: absent with_items: @@ -91,13 +91,13 @@ when: "item.src is none" - name: Ensure matrix-client-element.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2" dest: "{{ matrix_systemd_path }}/matrix-client-element.service" mode: 0644 register: matrix_client_element_systemd_service_result - name: Ensure systemd reloaded after matrix-client-element.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_element_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/matrix-client-element/tasks/setup_uninstall.yml index 55bc20d6a..83b4a7955 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/matrix-client-element/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_client_element_service_stat - name: Ensure matrix-client-element is stopped - service: + ansible.builtin.service: name: matrix-client-element state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_client_element_service_stat.stat.exists|bool" - name: Ensure matrix-client-element.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-client-element.service" state: absent when: "matrix_client_element_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-client-element.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_element_service_stat.stat.exists|bool" - name: Ensure Element paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_client_element_data_path }}" state: absent diff --git a/roles/matrix-client-element/tasks/validate_config.yml b/roles/matrix-client-element/tasks/validate_config.yml index d246b612a..fdf74f07d 100644 --- a/roles/matrix-client-element/tasks/validate_config.yml +++ b/roles/matrix-client-element/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required Element settings not defined - fail: + ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) for using Element. when: "vars[item] == ''" @@ -9,7 +9,7 @@ - "matrix_client_element_default_hs_url" - name: (Deprecation) Catch and report riot-web variables - fail: + ansible.builtin.fail: msg: >- Riot has been renamed to Element (https://element.io/blog/welcome-to-element/). The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names. diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml index c6801e517..70454d92e 100644 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ b/roles/matrix-client-hydrogen/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}" when: matrix_client_hydrogen_enabled|bool diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index 0c6642318..978e531f2 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json" - name: Check Hydrogen - uri: + ansible.builtin.uri: url: "{{ matrix_client_hydrogen_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_client_hydrogen_self_check_validate_certificates }}" @@ -13,10 +13,10 @@ ignore_errors: true - name: Fail if Hydrogen not working - fail: + ansible.builtin.fail: msg: "Failed checking Hydrogen is up at `{{ matrix_server_fqn_hydrogen }}` (checked endpoint: `{{ matrix_client_hydrogen_url_endpoint_public }}`). Is Hydrogen running? Is port 443 open in your firewall? Full error: {{ matrix_client_hydrogen_self_check_result }}" when: "matrix_client_hydrogen_self_check_result.failed or 'json' not in matrix_client_hydrogen_self_check_result" - name: Report working Hydrogen - debug: + ansible.builtin.debug: msg: "Hydrogen at `{{ matrix_server_fqn_hydrogen }}` is working (checked endpoint: `{{ matrix_client_hydrogen_url_endpoint_public }}`)" diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index db866178e..b7a63fb7f 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure Hydrogen paths exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -25,7 +25,7 @@ until: result is not failed - name: Ensure Hydrogen repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}" dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" @@ -36,7 +36,7 @@ when: "matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure Hydrogen configuration installed - copy: + ansible.builtin.copy: content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/src/platform/web/assets/config.json" mode: 0644 @@ -45,7 +45,7 @@ when: "matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure Hydrogen additional config files installed - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ matrix_client_hydrogen_data_path }}/{{ item.name }}" mode: 0644 @@ -69,13 +69,13 @@ when: "matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure matrix-client-hydrogen.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" mode: 0644 register: matrix_client_hydrogen_systemd_service_result - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_hydrogen_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml index 7aff2916f..ac0c11c7a 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_client_hydrogen_service_stat - name: Ensure matrix-client-hydrogen is stopped - service: + ansible.builtin.service: name: matrix-client-hydrogen state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_client_hydrogen_service_stat.stat.exists|bool" - name: Ensure matrix-client-hydrogen.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" state: absent when: "matrix_client_hydrogen_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-client-hydrogen.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_client_hydrogen_service_stat.stat.exists|bool" - name: Ensure Hydrogen paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_client_hydrogen_data_path }}" state: absent diff --git a/roles/matrix-client-hydrogen/tasks/validate_config.yml b/roles/matrix-client-hydrogen/tasks/validate_config.yml index d3b9a709b..4188acba0 100644 --- a/roles/matrix-client-hydrogen/tasks/validate_config.yml +++ b/roles/matrix-client-hydrogen/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required Hydrogen settings not defined - fail: + ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) to use Hydrogen. when: "(vars[item] == '' or vars[item] is none) and matrix_client_hydrogen_container_image_self_build|bool" diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml index 44ae1a308..4074a625d 100644 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ b/roles/matrix-common-after/tasks/dump_runtime_results.yml @@ -1,7 +1,7 @@ --- # Ansible outputs the message in the `item=` field. # It's unnecessary to output it again in the actual message, so we don't. -- debug: +- ansible.builtin.debug: msg: "" with_items: "{{ matrix_playbook_runtime_results }}" when: "matrix_playbook_runtime_results is defined and matrix_playbook_runtime_results|length > 0" diff --git a/roles/matrix-common-after/tasks/run_docker_prune.yml b/roles/matrix-common-after/tasks/run_docker_prune.yml index a7e35a03b..27fc16155 100644 --- a/roles/matrix-common-after/tasks/run_docker_prune.yml +++ b/roles/matrix-common-after/tasks/run_docker_prune.yml @@ -1,4 +1,4 @@ --- - name: Run Docker System Prune - command: "{{ matrix_host_command_docker }} system prune -a -f" + ansible.builtin.command: "{{ matrix_host_command_docker }} system prune -a -f" diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index 02fa672e3..35126fc12 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -1,22 +1,22 @@ --- - name: Determine whether we should make services autostart - set_fact: + ansible.builtin.set_fact: matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled|default('') == '' else matrix_services_autostart_enabled|bool }}" - name: Ensure systemd is reloaded - service: + ansible.builtin.service: daemon_reload: true - name: Ensure Matrix services are stopped - service: + ansible.builtin.service: name: "{{ item }}" state: stopped with_items: "{{ matrix_systemd_services_list }}" when: not ansible_check_mode - name: Ensure Matrix services are started - service: + ansible.builtin.service: name: "{{ item }}" enabled: "{{ matrix_services_autostart_enabled_bool }}" state: started @@ -39,7 +39,7 @@ service_facts: - name: Fail if service isn't detected to be running - fail: + ansible.builtin.fail: msg: >- {{ item }} was not detected to be running. It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). @@ -57,13 +57,13 @@ # service_facts is not collecting the data successfully. # Therefore iterating here manually - name: Fetch systemd information - systemd: + ansible.builtin.systemd: name: "{{ item }}" register: systemdstatus with_items: "{{ matrix_systemd_services_list }}" - name: Fail if service isn't detected to be running - fail: + ansible.builtin.fail: msg: >- {{ item.item }} was not detected to be running. It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). diff --git a/roles/matrix-common-after/tasks/stop.yml b/roles/matrix-common-after/tasks/stop.yml index 5ae0afbba..a343999c6 100644 --- a/roles/matrix-common-after/tasks/stop.yml +++ b/roles/matrix-common-after/tasks/stop.yml @@ -1,7 +1,7 @@ --- - name: Ensure Matrix services stopped - service: + ansible.builtin.service: name: "{{ item }}" state: stopped with_items: "{{ matrix_systemd_services_list }}" diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index b2f50e939..08ef7c88f 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}" when: matrix_corporal_enabled|bool diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index b702c00f1..3ddda8e04 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal" - name: Check Matrix Corporal HTTP gateway - uri: + ansible.builtin.uri: url: "{{ corporal_client_api_url_endpoint_public }}" follow_redirects: none return_content: true @@ -13,10 +13,10 @@ ignore_errors: true - name: Fail if Matrix Corporal HTTP gateway not working - fail: + ansible.builtin.fail: msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}" when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content" - name: Report working Matrix Corporal HTTP gateway - debug: + ansible.builtin.debug: msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index a3582592c..58039bf49 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -5,7 +5,7 @@ # - name: Ensure Matrix Corporal paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -18,7 +18,7 @@ when: matrix_corporal_enabled|bool - name: Ensure Matrix Corporal repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_corporal_container_image_self_build_repo }}" dest: "{{ matrix_corporal_container_src_files_path }}" version: "{{ matrix_corporal_docker_image.split(':')[1] }}" @@ -53,7 +53,7 @@ until: result is not failed - name: Ensure Matrix Corporal config installed - copy: + ansible.builtin.copy: content: "{{ matrix_corporal_configuration|to_nice_json }}" dest: "{{ matrix_corporal_config_dir_path }}/config.json" mode: 0644 @@ -62,7 +62,7 @@ when: matrix_corporal_enabled|bool - name: Ensure matrix-corporal.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2" dest: "{{ matrix_systemd_path }}/matrix-corporal.service" mode: 0644 @@ -70,7 +70,7 @@ when: matrix_corporal_enabled|bool - name: Ensure systemd reloaded after matrix-corporal.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" @@ -86,7 +86,7 @@ when: "not matrix_corporal_enabled|bool" - name: Ensure matrix-corporal is stopped - service: + ansible.builtin.service: name: matrix-corporal state: stopped enabled: false @@ -95,18 +95,18 @@ when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-corporal.service" state: absent when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-corporal.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal files don't exist - file: + ansible.builtin.file: path: "{{ item }}" state: absent with_items: diff --git a/roles/matrix-corporal/tasks/validate_config.yml b/roles/matrix-corporal/tasks/validate_config.yml index a8930e7ed..50848810e 100644 --- a/roles/matrix-corporal/tasks/validate_config.yml +++ b/roles/matrix-corporal/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required matrix-corporal settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal. when: "vars[item] == ''" @@ -12,12 +12,12 @@ - "matrix_corporal_policy_provider_config" - name: Fail if HTTP API enabled, but no token set - fail: + ansible.builtin.fail: msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" - name: (Deprecation) Catch and report renamed corporal variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index 93e4fa3a2..726e30655 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -2,14 +2,14 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}" when: matrix_coturn_enabled|bool -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn-reload.timer'] }}" when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index a721f186b..d24e43138 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -2,12 +2,12 @@ # This is a cleanup/migration task. It can be removed some time in the future. - name: (Migration) Remove deprecated cronjob - file: + ansible.builtin.file: path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload" state: absent - name: Ensure Matrix Coturn path exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -31,7 +31,7 @@ - block: - name: Ensure Coturn repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_coturn_container_image_self_build_repo }}" dest: "{{ matrix_coturn_docker_src_files_path }}" version: "{{ matrix_coturn_container_image_self_build_repo_version }}" @@ -53,7 +53,7 @@ when: "matrix_coturn_container_image_self_build|bool" - name: Ensure Coturn configuration path exists - file: + ansible.builtin.file: path: "{{ matrix_coturn_base_path }}" state: directory mode: 0750 @@ -61,7 +61,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure turnserver.conf installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/turnserver.conf.j2" dest: "{{ matrix_coturn_config_path }}" mode: 0644 @@ -74,7 +74,7 @@ driver: bridge - name: Ensure matrix-coturn.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2" dest: "{{ matrix_systemd_path }}/matrix-coturn.service" mode: 0644 @@ -84,7 +84,7 @@ # We optimize for the common use-case though (short-lived Let's Encrypt certificates). # Reloading doesn't hurt anyway, so there's no need to make this more flexible. - name: Ensure reloading systemd units installed, if necessary - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/{{ item }}.j2" dest: "{{ matrix_systemd_path }}/{{ item }}" mode: 0644 @@ -96,7 +96,7 @@ # A similar task exists in `setup_uninstall.yml` - name: Ensure reloading systemd units uninstalled, if unnecessary - file: + ansible.builtin.file: path: "{{ item }}" state: absent register: "matrix_coturn_systemd_service_change_results" @@ -106,6 +106,6 @@ - matrix-coturn-reload.timer - name: Ensure systemd reloaded if systemd units changed - service: + ansible.builtin.service: daemon_reload: true when: "matrix_coturn_systemd_service_change_results.changed" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/matrix-coturn/tasks/setup_uninstall.yml index 097ba8733..b3d77e40c 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/matrix-coturn/tasks/setup_uninstall.yml @@ -7,7 +7,7 @@ when: "not matrix_coturn_enabled|bool" - name: Ensure matrix-coturn is stopped - service: + ansible.builtin.service: name: matrix-coturn state: stopped enabled: false @@ -15,7 +15,7 @@ when: "matrix_coturn_service_stat.stat.exists|bool" - name: Ensure matrix-coturn-reload.timer is stopped - service: + ansible.builtin.service: name: matrix-coturn state: stopped enabled: false @@ -24,7 +24,7 @@ when: "matrix_coturn_service_stat.stat.exists|bool" - name: Ensure systemd units don't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/{{ item }}" state: absent register: matrix_coturn_systemd_unit_uninstallation_result @@ -34,12 +34,12 @@ - matrix-coturn-reload.timer - name: Ensure systemd reloaded after unit removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool" - name: Ensure Matrix coturn paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_coturn_base_path }}" state: absent diff --git a/roles/matrix-coturn/tasks/validate_config.yml b/roles/matrix-coturn/tasks/validate_config.yml index 637f720db..90e842e13 100644 --- a/roles/matrix-coturn/tasks/validate_config.yml +++ b/roles/matrix-coturn/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required Coturn settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) for using Coturn. when: "vars[item] == ''" diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index a18ad065e..47cf5513f 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -9,7 +9,7 @@ # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. - name: Ensure Dendrite media store path exists - file: + ansible.builtin.file: path: "{{ matrix_dendrite_media_store_path }}" state: directory mode: 0750 @@ -37,7 +37,7 @@ # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. - name: Generate Dendrite signing key - command: | + ansible.builtin.command: | docker run --rm --name=matrix-dendrite-config @@ -48,14 +48,14 @@ when: "not matrix_dendrite_signing_key_stat.stat.exists" - name: Ensure Dendrite server key exists - file: + ansible.builtin.file: path: "{{ matrix_dendrite_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.pem" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - name: Ensure Dendrite configuration installed - copy: + ansible.builtin.copy: content: "{{ matrix_dendrite_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dendrite_config_dir_path }}/dendrite.yaml" mode: 0644 @@ -63,19 +63,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-dendrite.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/dendrite/systemd/matrix-dendrite.service.j2" dest: "{{ matrix_systemd_path }}/matrix-dendrite.service" mode: 0644 register: matrix_dendrite_systemd_service_result - name: Ensure systemd reloaded after matrix-dendrite.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_dendrite_systemd_service_result.changed|bool" - name: Ensure matrix-dendrite-create-account script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2" dest: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account" mode: 0750 diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index 89d5481c4..881222561 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_dendrite_service_stat - name: Ensure matrix-dendrite is stopped - service: + ansible.builtin.service: name: matrix-dendrite state: stopped daemon_reload: true @@ -14,13 +14,13 @@ when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure matrix-dendrite.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-dendrite.service" state: absent when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-dendrite.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_dendrite_service_stat.stat.exists" diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/matrix-dendrite/tasks/init.yml index 524ef6eec..20e34ef55 100644 --- a/roles/matrix-dendrite/tasks/init.yml +++ b/roles/matrix-dendrite/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/matrix-dendrite/tasks/main.yml index 5483adec1..a08f45bdb 100644 --- a/roles/matrix-dendrite/tasks/main.yml +++ b/roles/matrix-dendrite/tasks/main.yml @@ -36,7 +36,7 @@ - self-check - name: Mark matrix-dendrite role as executed - set_fact: + ansible.builtin.set_fact: matrix_dendrite_role_executed: true tags: - always diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index b8e3ae5eb..e18af1383 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -1,16 +1,16 @@ --- - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `username` variable needs to be provided to this playbook, via --extra-vars" when: "username is not defined or username == ''" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `password` variable needs to be provided to this playbook, via --extra-vars" when: "password is not defined or password == ''" - name: Ensure matrix-dendrite is started - service: + ansible.builtin.service: name: matrix-dendrite state: started daemon_reload: true @@ -22,4 +22,4 @@ when: "start_result.changed" - name: Register user - command: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username|quote }} {{ password|quote }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username|quote }} {{ password|quote }}" diff --git a/roles/matrix-dendrite/tasks/self_check_client_api.yml b/roles/matrix-dendrite/tasks/self_check_client_api.yml index 2470d8186..99b6cb40d 100644 --- a/roles/matrix-dendrite/tasks/self_check_client_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_client_api.yml @@ -1,6 +1,6 @@ --- - name: Check Matrix Client API - uri: + ansible.builtin.uri: url: "{{ matrix_dendrite_client_api_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" @@ -9,10 +9,10 @@ check_mode: false - name: Fail if Matrix Client API not working - fail: + ansible.builtin.fail: msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_client_api_url_endpoint_public }}`). Is Dendrite running? Is port 443 open in your firewall? Full error: {{ result_matrix_dendrite_client_api }}" when: "(result_matrix_dendrite_client_api.failed or 'json' not in result_matrix_dendrite_client_api)" - name: Report working Matrix Client API - debug: + ansible.builtin.debug: msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_client_api_url_endpoint_public }}`) is working" diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/matrix-dendrite/tasks/self_check_federation_api.yml index 0afca2cb9..0d817afeb 100644 --- a/roles/matrix-dendrite/tasks/self_check_federation_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_federation_api.yml @@ -1,6 +1,6 @@ --- - name: Check Matrix Federation API - uri: + ansible.builtin.uri: url: "{{ matrix_dendrite_federation_api_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" @@ -9,16 +9,16 @@ check_mode: false - name: Fail if Matrix Federation API not working - fail: + ansible.builtin.fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_federation_api_url_endpoint_public }}`). Is Dendrite running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_dendrite_federation_api }}" when: "matrix_dendrite_federation_enabled|bool and (result_matrix_dendrite_federation_api.failed or 'json' not in result_matrix_dendrite_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled - fail: + ansible.builtin.fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_federation_api_url_endpoint_public }}`) despite being disabled." when: "not matrix_dendrite_federation_enabled|bool and not result_matrix_dendrite_federation_api.failed" - name: Report working Matrix Federation API - debug: + ansible.builtin.debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_federation_api_url_endpoint_public }}`) is working" when: "matrix_dendrite_federation_enabled|bool" diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index fc306759d..792e9c4f2 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -1,6 +1,6 @@ --- - name: Ensure Dendrite paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 diff --git a/roles/matrix-dendrite/tasks/validate_config.yml b/roles/matrix-dendrite/tasks/validate_config.yml index 2d2cf4c5b..390da9380 100644 --- a/roles/matrix-dendrite/tasks/validate_config.yml +++ b/roles/matrix-dendrite/tasks/validate_config.yml @@ -1,6 +1,6 @@ --- - name: Fail if required Dendrite settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) for using Dendrite. when: "vars[item] == ''" @@ -8,7 +8,7 @@ - "matrix_dendrite_registration_shared_secret" - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml index 6336cb4d3..4ee1bb0eb 100644 --- a/roles/matrix-dimension/tasks/init.yml +++ b/roles/matrix-dimension/tasks/init.yml @@ -1,4 +1,4 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" when: matrix_dimension_enabled|bool diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index b999383e1..01bab7cf5 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_dimension_requires_restart: false - block: @@ -12,10 +12,10 @@ - block: # pgloader makes a few columns `smallint`, instead of `boolean`. # We need to fix them up. - - set_fact: + - ansible.builtin.set_fact: matrix_dimension_pgloader_additional_psql_statements_list: [] - - set_fact: + - ansible.builtin.set_fact: matrix_dimension_pgloader_additional_psql_statements_list: | {{ matrix_dimension_pgloader_additional_psql_statements_list @@ -49,7 +49,7 @@ - {'table': 'dimension_bridges', 'column': 'isEnabled', 'default': ''} - {'table': 'dimension_bridges', 'column': 'isPublic', 'default': ''} - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_dimension_sqlite_database_path_local }}" dst: "{{ matrix_dimension_database_connection_string }}" @@ -63,13 +63,13 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_dimension_requires_restart: true when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_dimension_database_engine == 'postgres'" - name: Ensure Dimension base path exists - file: + ansible.builtin.file: path: "{{ matrix_dimension_base_path }}" state: directory mode: 0770 @@ -77,7 +77,7 @@ group: "{{ matrix_dimension_user_gid }}" - name: Ensure Dimension config installed - copy: + ansible.builtin.copy: content: "{{ matrix_dimension_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dimension_base_path }}/config.yaml" mode: 0640 @@ -97,7 +97,7 @@ until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_dimension_container_image_self_build_repo }}" dest: "{{ matrix_dimension_docker_src_files_path }}" version: "{{ matrix_dimension_container_image_self_build_branch }}" @@ -120,19 +120,19 @@ when: "matrix_dimension_container_image_self_build|bool" - name: Ensure matrix-dimension.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" dest: "{{ matrix_systemd_path }}/matrix-dimension.service" mode: 0644 register: matrix_dimension_systemd_service_result - name: Ensure systemd reloaded after matrix-dimension.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_dimension_systemd_service_result.changed|bool" - name: Ensure matrix-dimension.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-dimension.service" state: restarted when: "matrix_dimension_requires_restart|bool" diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml index cdfbe07af..5a1818930 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/matrix-dimension/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_dimension_service_stat - name: Ensure matrix-dimension is stopped - service: + ansible.builtin.service: name: matrix-dimension state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_dimension_service_stat.stat.exists|bool" - name: Ensure matrix-dimension.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-dimension.service" state: absent when: "matrix_dimension_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-dimension.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_dimension_service_stat.stat.exists|bool" - name: Ensure Dimension base directory doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_dimension_base_path }}" state: absent diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml index 8413c42f5..5af0ba6d6 100644 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -1,6 +1,6 @@ --- - name: Fail if required Dimension settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) for using Dimension. with_items: @@ -8,7 +8,7 @@ when: "matrix_dimension_enabled and vars[item] == ''" - name: (Deprecation) Catch and report renamed Dimension variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index 6ea6a60bb..2604270e2 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}" when: "matrix_dynamic_dns_enabled|bool" diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index 60f079374..664f18545 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -13,7 +13,7 @@ until: result is not failed - name: Ensure Dynamic DNS paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0751 @@ -26,7 +26,7 @@ when: matrix_dynamic_dns_enabled|bool and item.when|bool - name: Ensure Dynamic DNS repository is present on self build - git: + ansible.builtin.git: repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}" dest: "{{ matrix_dynamic_dns_docker_src_files_path }}" force: "yes" @@ -48,7 +48,7 @@ when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" - name: Ensure Dynamic DNS ddclient.conf installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/ddclient.conf.j2" dest: "{{ matrix_dynamic_dns_config_path }}/ddclient.conf" mode: 0644 @@ -56,13 +56,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-dynamic-dns.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-dynamic-dns.service.j2" dest: "/etc/systemd/system/matrix-dynamic-dns.service" mode: 0644 register: matrix_dynamic_dns_systemd_service_result - name: Ensure systemd reloaded after matrix-dynamic-dns.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_dynamic_dns_systemd_service_result.changed" diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml index 80842c9c4..1583344d0 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml @@ -6,7 +6,7 @@ register: matrix_dynamic_dns_service_stat - name: Ensure matrix-dynamic-dns is stopped - service: + ansible.builtin.service: name: matrix-dynamic-dns state: stopped enabled: false @@ -14,13 +14,13 @@ when: "matrix_dynamic_dns_service_stat.stat.exists" - name: Ensure matrix-dynamic-dns.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" state: absent when: "matrix_dynamic_dns_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-dynamic-dns.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" diff --git a/roles/matrix-dynamic-dns/tasks/validate_config.yml b/roles/matrix-dynamic-dns/tasks/validate_config.yml index 8f0001eaa..610dc2f8c 100644 --- a/roles/matrix-dynamic-dns/tasks/validate_config.yml +++ b/roles/matrix-dynamic-dns/tasks/validate_config.yml @@ -1,13 +1,13 @@ --- - name: Fail if no configurations specified - fail: + ansible.builtin.fail: msg: >- You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns. when: "matrix_dynamic_dns_domain_configurations|length == 0" - name: Fail if required settings not defined in configuration blocks - fail: + ansible.builtin.fail: msg: >- One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, provider, protocol). when: "'domain' not in configuration or 'provider' not in configuration or 'protocol' not in configuration" diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml index 5f582212a..5e81b40ab 100644 --- a/roles/matrix-email2matrix/tasks/init.yml +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index a2470728e..3828e36e9 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure Email2Matrix paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -14,7 +14,7 @@ when: "item.when|bool" - name: Ensure Email2Matrix configuration file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/config.json.j2" dest: "{{ matrix_email2matrix_config_dir_path }}/config.json" owner: "{{ matrix_user_username }}" @@ -34,7 +34,7 @@ until: result is not failed - name: Ensure Email2Matrix repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_email2matrix_container_image_self_build_repo }}" dest: "{{ matrix_email2matrix_docker_src_files_path }}" version: "{{ matrix_email2matrix_container_image_self_build_branch }}" @@ -57,13 +57,13 @@ when: "matrix_email2matrix_container_image_self_build|bool" - name: Ensure matrix-email2matrix.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service" mode: 0644 register: matrix_email2matrix_systemd_service_result - name: Ensure systemd reloaded after matrix-email2matrix.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_email2matrix_systemd_service_result.changed|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml index 27d35f2d6..4b76adcc3 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/matrix-email2matrix/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_email2matrix_service_stat - name: Ensure matrix-email2matrix is stopped - service: + ansible.builtin.service: name: matrix-email2matrix state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_email2matrix_service_stat.stat.exists|bool" - name: Ensure matrix-email2matrix.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" state: absent when: "matrix_email2matrix_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-email2matrix.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_email2matrix_service_stat.stat.exists|bool" - name: Ensure Email2Matrix data path doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_email2matrix_base_path }}" state: absent diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/matrix-email2matrix/tasks/validate_config.yml index d8beecf4a..59a3581e4 100644 --- a/roles/matrix-email2matrix/tasks/validate_config.yml +++ b/roles/matrix-email2matrix/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if no mappings - fail: + ansible.builtin.fail: msg: > You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. when: "matrix_email2matrix_matrix_mappings|length == 0" diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index 392addd04..a3cda0686 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -1,12 +1,12 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" when: matrix_etherpad_enabled|bool - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -15,7 +15,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_etherpad_matrix_nginx_proxy_configuration: | rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; @@ -42,7 +42,7 @@ } - name: Register Etherpad proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) @@ -54,7 +54,7 @@ when: matrix_etherpad_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Etherpad tool but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index 6f276e05c..d11545a50 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure Etherpad base path exists - file: + ansible.builtin.file: path: "{{ matrix_etherpad_base_path }}" state: directory mode: 0770 @@ -9,7 +9,7 @@ group: "{{ matrix_etherpad_user_gid }}" - name: Ensure Etherpad config installed - copy: + ansible.builtin.copy: content: "{{ matrix_etherpad_configuration|to_nice_json }}" dest: "{{ matrix_etherpad_base_path }}/settings.json" mode: 0640 @@ -28,13 +28,13 @@ until: result is not failed - name: Ensure matrix-etherpad.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2" dest: "{{ matrix_systemd_path }}/matrix-etherpad.service" mode: 0644 register: matrix_etherpad_systemd_service_result - name: Ensure systemd reloaded after matrix-etherpad.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_etherpad_systemd_service_result.changed|bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml index ae1f2604e..b72b70bc9 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_etherpad_service_stat - name: Ensure matrix-etherpad is stopped - service: + ansible.builtin.service: name: matrix-etherpad state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_etherpad_service_stat.stat.exists|bool" - name: Ensure matrix-etherpad.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-etherpad.service" state: absent when: "matrix_etherpad_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-etherpad.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_etherpad_service_stat.stat.exists|bool" - name: Ensure Etherpad base directory doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_etherpad_base_path }}" state: absent diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml index f9438e7bf..07194d65c 100644 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ b/roles/matrix-etherpad/tasks/validate_config.yml @@ -1,13 +1,13 @@ --- - name: Fail if Etherpad is enabled without the Dimension integrations manager - fail: + ansible.builtin.fail: msg: >- To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true when: "not matrix_dimension_enabled|bool" - name: Fail if no database is configured for Etherpad - fail: + ansible.builtin.fail: msg: >- Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/matrix-grafana/tasks/init.yml index 4c2cbf068..e01743b7b 100644 --- a/roles/matrix-grafana/tasks/init.yml +++ b/roles/matrix-grafana/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" when: matrix_grafana_enabled|bool diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 16b9fa659..da25db594 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -17,7 +17,7 @@ until: result is not failed - name: Ensure grafana paths exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -34,7 +34,7 @@ when: matrix_grafana_enabled|bool - name: Ensure grafana.ini present - template: + ansible.builtin.template: src: "{{ role_path }}/templates/grafana.ini.j2" dest: "{{ matrix_grafana_config_path }}/grafana.ini" mode: 0440 @@ -43,7 +43,7 @@ when: matrix_grafana_enabled|bool - name: Ensure provisioning/datasources/default.yaml present - template: + ansible.builtin.template: src: "{{ role_path }}/templates/datasources.yaml.j2" dest: "{{ matrix_grafana_config_path }}/provisioning/datasources/default.yaml" mode: 0440 @@ -52,7 +52,7 @@ when: matrix_grafana_enabled|bool - name: Ensure provisioning/dashboards/default.yaml present - template: + ansible.builtin.template: src: "{{ role_path }}/templates/dashboards.yaml.j2" dest: "{{ matrix_grafana_config_path }}/provisioning/dashboards/default.yaml" mode: 0440 @@ -61,7 +61,7 @@ when: matrix_grafana_enabled|bool - name: Ensure dashboard(s) downloaded - get_url: + ansible.builtin.get_url: url: "{{ item }}" dest: "{{ matrix_grafana_config_path }}/dashboards/" force: true @@ -76,7 +76,7 @@ until: result is not failed - name: Ensure matrix-grafana.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-grafana.service.j2" dest: "{{ matrix_systemd_path }}/matrix-grafana.service" mode: 0644 @@ -84,7 +84,7 @@ when: matrix_grafana_enabled|bool - name: Ensure systemd reloaded after matrix-grafana.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed" @@ -98,7 +98,7 @@ register: matrix_grafana_service_stat - name: Ensure matrix-grafana is stopped - service: + ansible.builtin.service: name: matrix-grafana state: stopped enabled: false @@ -107,12 +107,12 @@ when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - name: Ensure matrix-grafana.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-grafana.service" state: absent when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-grafana.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" diff --git a/roles/matrix-grafana/tasks/validate_config.yml b/roles/matrix-grafana/tasks/validate_config.yml index 63d4919a3..cc48c5596 100644 --- a/roles/matrix-grafana/tasks/validate_config.yml +++ b/roles/matrix-grafana/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if Prometheus not enabled - fail: + ansible.builtin.fail: msg: > You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana. when: "not matrix_prometheus_enabled" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index 58567d925..9a64ac63c 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool - name: Fail if on an unsupported architecture - fail: + ansible.builtin.fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml index 4b390c18c..a945450ec 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -7,7 +7,7 @@ # - name: Ensure Matrix jitsi base path exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 0cb7043fa..98569a136 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -5,7 +5,7 @@ # - name: Ensure Matrix jitsi-jicofo path exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0777 @@ -29,7 +29,7 @@ until: result is not failed - name: Ensure jitsi-jicofo environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/jicofo/env.j2" dest: "{{ matrix_jitsi_jicofo_base_path }}/env" owner: "{{ matrix_user_username }}" @@ -38,7 +38,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure jitsi-jicofo configuration files created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" owner: "{{ matrix_user_username }}" @@ -50,7 +50,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure matrix-jitsi-jicofo.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" mode: 0644 @@ -58,7 +58,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" @@ -73,7 +73,7 @@ when: "not matrix_jitsi_enabled|bool" - name: Ensure matrix-jitsi-jicofo is stopped - service: + ansible.builtin.service: name: matrix-jitsi-jicofo state: stopped enabled: false @@ -82,18 +82,18 @@ when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure matrix-jitsi-jicofo.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure Matrix jitsi-jicofo paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_jitsi_jicofo_base_path }}" state: absent when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 90bf4a69f..94425dc55 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -5,7 +5,7 @@ # - name: Ensure Matrix jitsi-jvb path exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0777 @@ -29,7 +29,7 @@ until: result is not failed - name: Ensure jitsi-jvb configuration files created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/jvb/{{ item }}.j2" dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" owner: "{{ matrix_user_username }}" @@ -41,7 +41,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure jitsi-jvb environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/jvb/env.j2" dest: "{{ matrix_jitsi_jvb_base_path }}/env" owner: "{{ matrix_user_username }}" @@ -50,7 +50,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure matrix-jitsi-jvb.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" mode: 0644 @@ -58,7 +58,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" @@ -73,7 +73,7 @@ when: "not matrix_jitsi_enabled|bool" - name: Ensure matrix-jitsi-jvb is stopped - service: + ansible.builtin.service: name: matrix-jitsi-jvb state: stopped enabled: false @@ -82,18 +82,18 @@ when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure matrix-jitsi-jvb.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure Matrix jitsi-jvb paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_jitsi_jvb_base_path }}" state: absent when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 6db954b8b..17122231b 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -5,7 +5,7 @@ # - name: Ensure Matrix jitsi-prosody environment exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0777 @@ -30,7 +30,7 @@ until: result is not failed - name: Ensure jitsi-prosody environment variables file is created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/prosody/env.j2" dest: "{{ matrix_jitsi_prosody_base_path }}/env" owner: "{{ matrix_user_username }}" @@ -39,7 +39,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure matrix-jitsi-prosody.service file is installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" mode: 0644 @@ -47,13 +47,13 @@ when: matrix_jitsi_enabled|bool - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - name: Ensure authentication is properly configured include_tasks: - file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" + ansible.builtin.file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" when: - matrix_jitsi_enabled|bool - matrix_jitsi_enable_auth|bool @@ -70,7 +70,7 @@ when: "not matrix_jitsi_enabled|bool" - name: Ensure matrix-jitsi-prosody is stopped - service: + ansible.builtin.service: name: matrix-jitsi-prosody state: stopped enabled: false @@ -79,18 +79,18 @@ when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure matrix-jitsi-prosody.service file doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure Matrix jitsi-prosody paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_jitsi_prosody_base_path }}" state: absent when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index feda4ace4..586f703a9 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -5,7 +5,7 @@ # - name: Ensure Matrix jitsi-web path exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0777 @@ -31,7 +31,7 @@ until: result is not failed - name: Ensure jitsi-web environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/web/env.j2" dest: "{{ matrix_jitsi_web_base_path }}/env" owner: "{{ matrix_user_username }}" @@ -40,7 +40,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure jitsi-web configuration files created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/web/{{ item }}.j2" dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" owner: "{{ matrix_user_username }}" @@ -52,7 +52,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure matrix-jitsi-web.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" mode: 0644 @@ -60,7 +60,7 @@ when: matrix_jitsi_enabled|bool - name: Ensure systemd reloaded after matrix-jitsi-web.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" @@ -75,7 +75,7 @@ when: "not matrix_jitsi_enabled|bool" - name: Ensure matrix-jitsi-web is stopped - service: + ansible.builtin.service: name: matrix-jitsi-web state: stopped enabled: false @@ -84,18 +84,18 @@ when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure matrix-jitsi-web.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-jitsi-web.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure Matrix jitsi-web paths doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_jitsi_web_base_path }}" state: absent when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 50973acb5..5176a7c03 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -4,7 +4,7 @@ # - name: Ensure matrix-jitsi-prosody container is running - systemd: + ansible.builtin.systemd: state: started name: matrix-jitsi-prosody register: matrix_jitsi_prosody_start_result @@ -15,7 +15,7 @@ # - name: Ensure Jitsi internal authentication users are configured - shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" + ansible.builtin.shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}" when: - matrix_jitsi_auth_type == "internal" @@ -33,7 +33,7 @@ # Stop Necessary Services # - name: Ensure matrix-jitsi-prosody container is stopped if necessary - systemd: + ansible.builtin.systemd: state: stopped name: matrix-jitsi-prosody when: matrix_jitsi_prosody_start_result.changed|bool diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml index 5131396de..5655ea45d 100644 --- a/roles/matrix-jitsi/tasks/validate_config.yml +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required Jitsi settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi. @@ -21,7 +21,7 @@ - name: Fail if a Jitsi internal authentication account is not defined - fail: + ansible.builtin.fail: msg: >- At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication. If you're setting up Jitsi for the first time, you may have missed a step. @@ -33,7 +33,7 @@ - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index a7c914dbb..f3059bb48 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled|bool" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}" when: matrix_ma1sd_enabled|bool diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index 720afa768..36ca89599 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -8,7 +8,7 @@ register: ma1sd_migrate_mxisd_data_dir_stat - name: Warn if mxisd data detected - debug: + ansible.builtin.debug: msg: > You seem to have an existing mxisd folder in `{{ matrix_base_data_path }}/mxisd`. We are going to migrate it to ma1sd and rename the folder to mxisd.migrated. @@ -20,7 +20,7 @@ register: matrix_mxisd_service_stat - name: Ensure matrix-mxisd is stopped - service: + ansible.builtin.service: name: matrix-mxisd state: stopped enabled: false @@ -34,7 +34,7 @@ when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure matrix-ma1sd is stopped - service: + ansible.builtin.service: name: matrix-ma1sd state: stopped daemon_reload: true @@ -44,7 +44,7 @@ # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. - block: - name: Copy mxisd data files to ma1sd folder - command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" + ansible.builtin.command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - name: Check existence of mxisd.db file stat: @@ -52,20 +52,20 @@ register: matrix_ma1sd_mxisd_db_stat - name: Rename database (mxisd.db -> ma1sd.db) - command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" + ansible.builtin.command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - name: Rename mxisd folder - command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" + ansible.builtin.command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mxisd.service" state: absent when: "matrix_mxisd_service_stat.stat.exists" - name: Ensure systemd reloaded after removing outdated matrix-mxisd.service - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml index 4a4c71367..6fde9dd2f 100644 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml @@ -1,10 +1,10 @@ --- -- set_fact: +- ansible.builtin.set_fact: ma1sd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1" - name: Check ma1sd Identity Service - uri: + ansible.builtin.uri: url: "{{ ma1sd_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" @@ -13,10 +13,10 @@ ignore_errors: true - name: Fail if ma1sd Identity Service not working - fail: + ansible.builtin.fail: msg: "Failed checking ma1sd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ ma1sd_url_endpoint_public }}`). Is ma1sd running? Is port 443 open in your firewall? Full error: {{ result_ma1sd }}" when: "result_ma1sd.failed or 'json' not in result_ma1sd" - name: Report working ma1sd Identity Service - debug: + ansible.builtin.debug: msg: "ma1sd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ ma1sd_url_endpoint_public }}`)" diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index e3347a4db..2233067aa 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure ma1sd paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -18,7 +18,7 @@ # These (SQLite -> Postgres) migration tasks are usually at the top, # but we'd like to run them after `migrate_mxisd.yml`, which requires the ma1sd paths to exist. -- set_fact: +- ansible.builtin.set_fact: matrix_ma1sd_requires_restart: false - block: @@ -28,7 +28,7 @@ register: matrix_ma1sd_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_ma1sd_sqlite_database_path_local }}" dst: "{{ matrix_ma1sd_database_connection_string }}" @@ -40,7 +40,7 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: true when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_ma1sd_database_engine == 'postgres'" @@ -59,7 +59,7 @@ - block: - name: Ensure gradle is installed for self-building (Debian) - apt: + ansible.builtin.apt: name: - gradle state: present @@ -67,7 +67,7 @@ when: (ansible_os_family == 'Debian') - name: Ensure gradle is installed for self-building (RedHat) - fail: + ansible.builtin.fail: msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" when: ansible_os_family == 'RedHat' @@ -80,7 +80,7 @@ when: ansible_distribution == 'Archlinux' - name: Ensure ma1sd repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" dest: "{{ matrix_ma1sd_docker_src_files_path }}" version: "{{ matrix_ma1sd_container_image_self_build_branch }}" @@ -90,7 +90,7 @@ register: matrix_ma1sd_git_pull_results - name: Ensure ma1sd Docker image is built - shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" + ansible.builtin.shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" args: chdir: "{{ matrix_ma1sd_docker_src_files_path }}" when: matrix_ma1sd_git_pull_results.changed @@ -110,7 +110,7 @@ when: "matrix_ma1sd_container_image_self_build|bool" - name: Ensure ma1sd config installed - copy: + ansible.builtin.copy: content: "{{ matrix_ma1sd_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_ma1sd_config_path }}/ma1sd.yaml" mode: 0644 @@ -118,7 +118,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure custom view templates are installed, if any - copy: + ansible.builtin.copy: content: "{{ item.value }}" dest: "{{ matrix_ma1sd_config_path }}/{{ item.location }}" mode: 0644 @@ -130,7 +130,7 @@ when: "matrix_ma1sd_view_session_custom_templates_enabled|bool and item.value" - name: Ensure custom email templates are installed, if any - copy: + ansible.builtin.copy: content: "{{ item.value }}" dest: "{{ matrix_ma1sd_config_path }}/{{ item.location }}" mode: 0644 @@ -145,7 +145,7 @@ # Only cleaning up for people who define the respective templates - name: (Cleanup) Ensure custom email templates are not in data/ anymore (we've put them in config/) - file: + ansible.builtin.file: path: "{{ matrix_ma1sd_data_path }}/{{ item.location }}" state: absent with_items: @@ -156,19 +156,19 @@ when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value" - name: Ensure matrix-ma1sd.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2" dest: "{{ matrix_systemd_path }}/matrix-ma1sd.service" mode: 0644 register: matrix_ma1sd_systemd_service_result - name: Ensure systemd reloaded after matrix-ma1sd.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_ma1sd_systemd_service_result.changed|bool" - name: Ensure matrix-ma1sd.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-ma1sd.service" state: restarted when: "matrix_ma1sd_requires_restart|bool" diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml index 30a1bfda6..d50cd6137 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_ma1sd_service_stat - name: Ensure matrix-ma1sd is stopped - service: + ansible.builtin.service: name: matrix-ma1sd state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_ma1sd_service_stat.stat.exists|bool" - name: Ensure matrix-ma1sd.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" state: absent when: "matrix_ma1sd_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-ma1sd.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_ma1sd_service_stat.stat.exists|bool" - name: Ensure Matrix ma1sd paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_ma1sd_base_path }}" state: absent diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/matrix-ma1sd/tasks/validate_config.yml index 5f621fcac..af12dd3f1 100644 --- a/roles/matrix-ma1sd/tasks/validate_config.yml +++ b/roles/matrix-ma1sd/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: (Deprecation) Warn about ma1sd variables that are not used anymore - fail: + ansible.builtin.fail: msg: > The `{{ item }}` variable defined in your configuration is not used by this playbook anymore! You'll need to adapt to the new way of extending ma1sd configuration. @@ -31,7 +31,7 @@ - 'matrix_ma1sd_architecture' - name: Ensure ma1sd configuration does not contain any dot-notation keys - fail: + ansible.builtin.fail: msg: > Since version 1.3.0, ma1sd will not accept property-style configuration keys. You have defined a key (`{{ item.key }}`) which contains a dot. @@ -40,7 +40,7 @@ with_dict: "{{ matrix_ma1sd_configuration }}" - name: Fail if required ma1sd settings not defined - fail: + ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) for using ma1sd. when: "vars[item] == ''" @@ -49,7 +49,7 @@ - "matrix_ma1sd_dns_overwrite_homeserver_client_value" - name: (Deprecation) Catch and report renamed ma1sd variables - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). @@ -60,7 +60,7 @@ - {'old': 'matrix_ma1sd_default_port', 'new': 'matrix_ma1sd_container_port'} - name: (Deprecation) Catch and report mxisd variables - fail: + ansible.builtin.fail: msg: >- mxisd is deprecated and has been replaced with ma1sd (https://github.com/ma1uta/ma1sd), a compatible fork. The playbook will migrate your existing mxisd configuration and data automatically, but you need to adjust variable names. diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index c928d5574..c0afe9622 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -2,10 +2,10 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}" when: matrix_mailer_enabled|bool diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index d2f8f9171..aa1e725a3 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -5,7 +5,7 @@ # - name: Ensure mailer base path exists - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -17,14 +17,14 @@ when: "matrix_mailer_enabled|bool and item.when" - name: Ensure mailer environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/env-mailer.j2" dest: "{{ matrix_mailer_base_path }}/env-mailer" mode: 0640 when: matrix_mailer_enabled|bool - name: Ensure exim-relay repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_mailer_container_image_self_build_repository_url }}" dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}" version: "{{ matrix_mailer_container_image_self_build_version }}" @@ -59,7 +59,7 @@ until: result is not failed - name: Ensure matrix-mailer.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2" dest: "{{ matrix_systemd_path }}/matrix-mailer.service" mode: 0644 @@ -67,7 +67,7 @@ when: matrix_mailer_enabled|bool - name: Ensure systemd reloaded after matrix-mailer.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed" @@ -82,7 +82,7 @@ when: "not matrix_mailer_enabled|bool" - name: Ensure matrix-mailer is stopped - service: + ansible.builtin.service: name: matrix-mailer state: stopped enabled: false @@ -91,18 +91,18 @@ when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure matrix-mailer.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mailer.service" state: absent when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mailer.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure Matrix mailer environment variables path doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_mailer_base_path }}" state: absent when: "not matrix_mailer_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml index ddc8cb47b..3f31470c1 100644 --- a/roles/matrix-nginx-proxy/tasks/init.yml +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -1,9 +1,9 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}" when: matrix_nginx_proxy_enabled|bool -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}" when: "item.applicable|bool and item.enableable|bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml index 74f8e8d1d..066e62d35 100644 --- a/roles/matrix-nginx-proxy/tasks/main.yml +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -33,7 +33,7 @@ - self-check - name: Mark matrix-nginx-proxy role as executed - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_role_executed: true tags: - always diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 046746df2..5d1005770 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -2,7 +2,7 @@ # When we're dealing with raw htpasswd content, we just store it in the file directly. - name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) - copy: + ansible.builtin.copy: content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content }}" dest: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" owner: "{{ matrix_user_username }}" @@ -30,7 +30,7 @@ # We store the password in a file and make the `htpasswd` tool read it from there, # as opposed to passing it directly on stdin (which will expose it to other processes on the server). - name: Store metrics password in a temporary file - copy: + ansible.builtin.copy: content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" dest: "/tmp/matrix-nginx-proxy-metrics-password" mode: 0400 @@ -38,7 +38,7 @@ group: "{{ matrix_user_gid }}" - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -53,7 +53,7 @@ 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' - name: Delete temporary metrics password file - file: + ansible.builtin.file: path: /tmp/matrix-nginx-proxy-metrics-password state: absent when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml index be1b65553..ad53084d0 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml @@ -1,7 +1,7 @@ --- - name: Determine well-known files to check (Matrix) - set_fact: + ansible.builtin.set_fact: well_known_file_checks: - path: /.well-known/matrix/client purpose: Client Discovery @@ -10,7 +10,7 @@ validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}" - block: - - set_fact: + - ansible.builtin.set_fact: well_known_file_check_matrix_server: path: /.well-known/matrix/server purpose: Server Discovery @@ -19,7 +19,7 @@ validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}" - name: Determine domains that we require certificates for (ma1sd) - set_fact: + ansible.builtin.set_fact: well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}" when: matrix_well_known_matrix_server_enabled|bool diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 588cd1e78..0a7b5845c 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -1,13 +1,13 @@ --- -- set_fact: +- ansible.builtin.set_fact: well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}" well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}" # These well-known files may be served without a `Content-Type: application/json` header, # so we can't rely on the uri module's automatic parsing of JSON. - name: Check .well-known on the matrix hostname - uri: + ansible.builtin.uri: url: "{{ well_known_url_matrix }}" follow_redirects: none return_content: true @@ -19,25 +19,25 @@ ignore_errors: true - name: Fail if .well-known not working on the matrix hostname - fail: + ansible.builtin.fail: msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}" when: "result_well_known_matrix.failed" - name: Parse JSON for well-known payload at the matrix hostname - set_fact: + ansible.builtin.set_fact: well_known_matrix_payload: "{{ result_well_known_matrix.content|from_json }}" - name: Fail if .well-known not CORS-aware on the matrix hostname - fail: + ansible.builtin.fail: msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set." when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix" - name: Report working .well-known on the matrix hostname - debug: + ansible.builtin.debug: msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)" - name: Check .well-known on the identity hostname - uri: + ansible.builtin.uri: url: "{{ well_known_url_identity }}" follow_redirects: "{{ well_known_file_check.follow_redirects }}" return_content: true @@ -49,25 +49,25 @@ ignore_errors: true - name: Fail if .well-known not working on the identity hostname - fail: + ansible.builtin.fail: msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}" when: "result_well_known_identity.failed" - name: Parse JSON for well-known payload at the identity hostname - set_fact: + ansible.builtin.set_fact: well_known_identity_payload: "{{ result_well_known_identity.content|from_json }}" - name: Fail if .well-known not CORS-aware on the identity hostname - fail: + ansible.builtin.fail: msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md" when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity" # For people who manually copy the well-known file, try to detect if it's outdated - name: Fail if well-known is different on matrix hostname and identity hostname - fail: + ansible.builtin.fail: msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?" when: "well_known_matrix_payload != well_known_identity_payload" - name: Report working .well-known on the identity hostname - debug: + ansible.builtin.debug: msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)" diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 70541fdc1..7a71c739e 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -11,7 +11,7 @@ # to be unnecessary. # - name: Ensure Matrix nginx-proxy paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -25,7 +25,7 @@ when: item.when|bool - name: Ensure Matrix nginx-proxy configured (main config override) - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/nginx.conf.j2" dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf" mode: 0644 @@ -36,123 +36,123 @@ when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool - name: Ensure Matrix nginx-proxy configured (generic) - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf" mode: 0644 when: matrix_nginx_proxy_enabled|bool - name: Ensure Matrix nginx-proxy configuration for matrix-synapse exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf" mode: 0644 when: matrix_nginx_proxy_proxy_synapse_enabled|bool - name: Ensure Matrix nginx-proxy configuration for matrix-synapse deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf" state: absent when: "not matrix_nginx_proxy_proxy_synapse_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for matrix-dendrite exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dendrite.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf" mode: 0644 when: matrix_nginx_proxy_proxy_dendrite_enabled|bool - name: Ensure Matrix nginx-proxy configuration for matrix-dendrite deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf" state: absent when: "not matrix_nginx_proxy_proxy_dendrite_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for Element domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf" mode: 0644 when: matrix_nginx_proxy_proxy_element_enabled|bool - name: Ensure Matrix nginx-proxy configuration for riot domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf" mode: 0644 when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf" mode: 0644 when: matrix_nginx_proxy_proxy_hydrogen_enabled|bool - name: Ensure Matrix nginx-proxy configuration for Cinny domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-cinny.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf" mode: 0644 when: matrix_nginx_proxy_proxy_cinny_enabled|bool - name: Ensure Matrix nginx-proxy configuration for buscarron domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" mode: 0644 when: matrix_nginx_proxy_proxy_buscarron_enabled|bool - name: Ensure Matrix nginx-proxy configuration for dimension domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled|bool - name: Ensure Matrix nginx-proxy configuration for goneb domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" mode: 0644 when: matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool - name: Ensure Matrix nginx-proxy configuration for jitsi domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" mode: 0644 when: matrix_nginx_proxy_proxy_jitsi_enabled|bool - name: Ensure Matrix nginx-proxy configuration for grafana domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-grafana.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf" mode: 0644 when: matrix_nginx_proxy_proxy_grafana_enabled|bool - name: Ensure Matrix nginx-proxy configuration for sygnal domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf" mode: 0644 when: matrix_nginx_proxy_proxy_sygnal_enabled|bool - name: Ensure Matrix nginx-proxy configuration for ntfy domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" mode: 0644 when: matrix_nginx_proxy_proxy_ntfy_enabled|bool - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf" mode: 0644 - name: Ensure Matrix nginx-proxy data directory for base domain exists - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain" state: directory mode: 0750 @@ -161,7 +161,7 @@ when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool - name: Ensure Matrix nginx-proxy homepage for base domain exists - copy: + ansible.builtin.copy: content: "{{ matrix_nginx_proxy_base_domain_homepage_template }}" dest: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" mode: 0644 @@ -170,7 +170,7 @@ when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool - name: Ensure Matrix nginx-proxy configuration for base domain exists - template: + ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-base-domain.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf" mode: 0644 @@ -192,7 +192,7 @@ until: result is not failed - name: Ensure matrix-nginx-proxy.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 @@ -200,7 +200,7 @@ when: matrix_nginx_proxy_enabled|bool - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed" @@ -216,7 +216,7 @@ when: "not matrix_nginx_proxy_enabled|bool" - name: Ensure matrix-nginx-proxy is stopped - service: + ansible.builtin.service: name: matrix-nginx-proxy state: stopped enabled: false @@ -225,113 +225,113 @@ when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure matrix-nginx-proxy.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" state: absent when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf" state: absent when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for riot domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf" state: absent when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf" state: absent when: "not matrix_nginx_proxy_proxy_hydrogen_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for Cinny domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf" state: absent when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" state: absent when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" state: absent when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for goneb domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" state: absent when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" state: absent when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for grafana domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf" state: absent when: "not matrix_nginx_proxy_proxy_grafana_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf" state: absent when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" state: absent when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool" - name: Ensure Matrix nginx-proxy homepage for base domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" state: absent when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for base domain deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf" state: absent when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for main config override deleted - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf" state: absent when: "not matrix_nginx_proxy_enabled|bool" - name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI) - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" state: absent # This file is now generated by the matrix-synapse role and saved in the Synapse directory - name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted - file: + ansible.builtin.file: path: "{{ matrix_base_data_path }}/external_prometheus.yml.example" state: absent - name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs) - file: + ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" state: absent when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml index 1c85552c3..11e941bd4 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_well_known_file_path: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" # We need others to be able to read these directories too, @@ -7,7 +7,7 @@ # # For running with another webserver, we recommend being part of the `matrix` group. - name: Ensure Matrix static-files path exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0755 @@ -17,7 +17,7 @@ - "{{ matrix_static_files_base_path }}/.well-known/matrix" - name: Ensure Matrix /.well-known/matrix/client configured - template: + ansible.builtin.template: src: "{{ role_path }}/templates/well-known/matrix-client.j2" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix" mode: 0644 diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml index 6b843c7b6..d6a2627bb 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -1,12 +1,12 @@ --- - name: Fail if using unsupported SSL certificate retrieval method - fail: + ansible.builtin.fail: msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value" when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" - name: Fail if using unsupported private key type - fail: + ansible.builtin.fail: msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value" when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']" @@ -14,7 +14,7 @@ # Common tasks, required by almost any method below. - name: Ensure SSL certificate paths exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0770 diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index bfd25894a..46be689ca 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -3,7 +3,7 @@ # This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name. # This migration task can be removed some time in the future. - name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files - file: + ansible.builtin.file: path: "{{ item }}" state: absent with_items: @@ -31,13 +31,13 @@ loop_var: domain_name - name: Ensure Let's Encrypt SSL renewal script installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2" dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" mode: 0755 - name: Ensure SSL renewal systemd units installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2" dest: "{{ matrix_systemd_path }}/{{ item.name }}" mode: 0644 @@ -51,14 +51,14 @@ - block: - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/{{ item.name }}" state: absent when: "not item.applicable|bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" - name: Ensure Let's Encrypt SSL renewal script removed - file: + ansible.builtin.file: path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" state: absent when: "matrix_ssl_retrieval_method != 'lets-encrypt'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 12a212579..02a137f3f 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -1,8 +1,8 @@ --- -- debug: +- ansible.builtin.debug: msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}" -- set_fact: +- ansible.builtin.set_fact: domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem" - name: Check if a certificate for the domain already exists @@ -10,12 +10,12 @@ path: "{{ domain_name_certificate_path }}" register: domain_name_certificate_path_stat -- set_fact: +- ansible.builtin.set_fact: domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" - block: - name: Ensure required service for obtaining is started - service: + ansible.builtin.service: name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" state: started register: matrix_ssl_pre_obtaining_required_service_start_result @@ -29,7 +29,7 @@ # This will fail if there is something running on port 80 (like matrix-nginx-proxy). # We suppress the error, as we'll try another method below. - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly) - shell: >- + ansible.builtin.shell: >- {{ matrix_host_command_docker }} run --rm --name=matrix-certbot @@ -58,7 +58,7 @@ # If matrix-nginx-proxy is configured from a previous run of this playbook, # and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`. - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy) - shell: >- + ansible.builtin.shell: >- {{ matrix_host_command_docker }} run --rm --name=matrix-certbot @@ -86,7 +86,7 @@ ignore_errors: true - name: Fail if all SSL certificate retrieval attempts failed - fail: + ansible.builtin.fail: msg: | Failed to obtain a certificate directly (by listening on port 80) and also failed to obtain by relying on the server at port 80 to proxy the request. diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml index 2b5bb1f31..8bab1128e 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_ssl_certificate_verification_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem" matrix_ssl_certificate_verification_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem" @@ -9,7 +9,7 @@ path: "{{ matrix_ssl_certificate_verification_cert_path }}" register: matrix_ssl_certificate_verification_cert_path_stat_result -- fail: +- ansible.builtin.fail: msg: "Failed finding a certificate file (for domain `{{ domain_name }}`) at `{{ matrix_ssl_certificate_verification_cert_path }}`" when: "not matrix_ssl_certificate_verification_cert_path_stat_result.stat.exists" @@ -18,6 +18,6 @@ path: "{{ matrix_ssl_certificate_verification_cert_key_path }}" register: matrix_ssl_certificate_verification_cert_key_path_stat_result -- fail: +- ansible.builtin.fail: msg: "Failed finding a certificate key file (for domain `{{ domain_name }}`) at `{{ matrix_ssl_certificate_verification_cert_key_path }}`" when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml index ff7fa2d8b..873420c3e 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_ssl_certificate_csr_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/csr.csr" matrix_ssl_certificate_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem" matrix_ssl_certificate_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem" @@ -12,7 +12,7 @@ # In order to do any sort of generation (below), we need to ensure the directory exists first - name: Ensure SSL certificate directory exists - file: + ansible.builtin.file: path: "{{ matrix_ssl_certificate_csr_path|dirname }}" state: directory mode: 0750 @@ -28,7 +28,7 @@ # # We'll do it in a more manual way. - name: Generate SSL certificate - command: | + ansible.builtin.command: | openssl req -x509 \ -sha256 \ -newkey rsa:4096 \ @@ -40,7 +40,7 @@ when: "not matrix_ssl_certificate_cert_path_stat_result.stat.exists" - name: Adjust SSL certificate file ownership - file: + ansible.builtin.file: path: "{{ item }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index c6697e935..7e3b1eccb 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). @@ -16,19 +16,19 @@ - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': ''} - name: Fail on unknown matrix_ssl_retrieval_method - fail: + ansible.builtin.fail: msg: >- `matrix_ssl_retrieval_method` needs to be set to a known value. when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" - name: Fail on unknown matrix_nginx_proxy_ssl_config - fail: + ansible.builtin.fail: msg: >- `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" - name: Fail if Basic Auth enabled for metrics, but no credentials supplied - fail: + ansible.builtin.fail: msg: | Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) @@ -37,7 +37,7 @@ - block: - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). @@ -48,7 +48,7 @@ when: "item.old in vars" - name: Fail if required variables are undefined - fail: + ansible.builtin.fail: msg: "The `{{ item }}` variable must be defined and have a non-null value" with_items: - "matrix_ssl_lets_encrypt_support_email" @@ -60,7 +60,7 @@ when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: (Deprecation) Catch and report old metrics usage - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse, which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`. diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/matrix-ntfy/tasks/init.yml index e2622655e..997be03f7 100644 --- a/roles/matrix-ntfy/tasks/init.yml +++ b/roles/matrix-ntfy/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" when: matrix_ntfy_enabled|bool diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml index e91047341..02529f35e 100644 --- a/roles/matrix-ntfy/tasks/self_check.yml +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -3,11 +3,11 @@ # Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax. # Expect an empty response (because we query 'since=1s'). -- set_fact: +- ansible.builtin.set_fact: matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s" - name: Check ntfy - uri: + ansible.builtin.uri: url: "{{ matrix_ntfy_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}" @@ -16,10 +16,10 @@ ignore_errors: true - name: Fail if ntfy not working - fail: + ansible.builtin.fail: msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}" when: "matrix_ntfy_self_check_result.failed" - name: Report working ntfy - debug: + ansible.builtin.debug: msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)" diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/matrix-ntfy/tasks/setup_install.yml index 461d31763..510110c18 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -12,7 +12,7 @@ until: result is not failed - name: Ensure matrix-ntfy paths exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -24,7 +24,7 @@ - "{{ matrix_ntfy_data_path }}" - name: Ensure matrix-ntfy config installed - copy: + ansible.builtin.copy: content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" mode: 0644 @@ -32,13 +32,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-ntfy.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result - name: Ensure systemd reloaded after matrix-ntfy.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_ntfy_systemd_service_result.changed" diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/matrix-ntfy/tasks/setup_uninstall.yml index e63caa9a7..93ecad3dc 100644 --- a/roles/matrix-ntfy/tasks/setup_uninstall.yml +++ b/roles/matrix-ntfy/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_ntfy_service_stat - name: Ensure matrix-ntfy is stopped - service: + ansible.builtin.service: name: matrix-ntfy state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_ntfy_service_stat.stat.exists" - name: Ensure matrix-ntfy.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-ntfy.service" state: absent when: "matrix_ntfy_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-ntfy.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_ntfy_service_stat.stat.exists" - name: Ensure matrix-ntfy path doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_ntfy_base_path }}" state: absent diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml index f74cea06e..aea1c337c 100644 --- a/roles/matrix-postgres-backup/tasks/init.yml +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" when: matrix_postgres_backup_enabled|bool diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 733410335..deb80d8e3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -10,7 +10,7 @@ # If not, we install using the latest Postgres. # # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). -- set_fact: +- ansible.builtin.set_fact: matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image|default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" when: matrix_postgres_backup_enabled|bool @@ -27,7 +27,7 @@ until: result is not failed - name: Ensure Postgres backup paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0700 @@ -38,7 +38,7 @@ when: matrix_postgres_backup_enabled|bool - name: Ensure Postgres environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_backup_path }}/{{ item }}" owner: "{{ matrix_user_username }}" @@ -49,7 +49,7 @@ when: matrix_postgres_backup_enabled|bool - name: Ensure matrix-postgres-backup.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2" dest: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" mode: 0644 @@ -57,7 +57,7 @@ when: matrix_postgres_backup_enabled|bool - name: Ensure systemd reloaded after matrix-postgres-backup.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" @@ -72,7 +72,7 @@ when: "not matrix_postgres_backup_enabled|bool" - name: Ensure matrix-postgres-backup is stopped - service: + ansible.builtin.service: name: matrix-postgres-backup state: stopped enabled: false @@ -80,13 +80,13 @@ when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure matrix-postgres-backup.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" state: absent when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-postgres-backup.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" @@ -98,7 +98,7 @@ # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres backup data remains - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml index 10828cc7a..33120453d 100644 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -4,7 +4,7 @@ # If there is, it also tries to detect the Docker image that corresponds to that version. - name: Initialize Postgres version determination variables (default to empty) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" matrix_postgres_backup_detected_existing: false matrix_postgres_backup_detected_version: "" @@ -15,47 +15,47 @@ path: "{{ matrix_postgres_backup_detection_pg_version_path }}" register: result_pg_version_stat -- set_fact: +- ansible.builtin.set_fact: matrix_postgres_backup_detected_existing: true when: "result_pg_version_stat.stat.exists" - name: Determine existing Postgres version (read PG_VERSION file) - slurp: + ansible.builtin.slurp: src: "{{ matrix_postgres_backup_detection_pg_version_path }}" register: result_pg_version when: matrix_postgres_backup_detected_existing|bool - name: Determine existing Postgres version (make sense of PG_VERSION file) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" when: matrix_postgres_backup_detected_existing|bool - name: Determine corresponding Docker image to detected version (assume default of latest) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_latest }}" when: "matrix_postgres_backup_detected_version != ''" - name: Determine corresponding Docker image to detected version (use 9.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v9 }}" when: "matrix_postgres_backup_detected_version.startswith('9.')" - name: Determine corresponding Docker image to detected version (use 10.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v10 }}" when: "matrix_postgres_backup_detected_version == '10' or matrix_postgres_backup_detected_version.startswith('10.')" - name: Determine corresponding Docker image to detected version (use 11.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v11 }}" when: "matrix_postgres_backup_detected_version == '11' or matrix_postgres_backup_detected_version.startswith('11.')" - name: Determine corresponding Docker image to detected version (use 12.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" when: "matrix_postgres_backup_detected_version == '12' or matrix_postgres_backup_detected_version.startswith('12.')" - name: Determine corresponding Docker image to detected version (use 13.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v13 }}" when: "matrix_postgres_backup_detected_version == '13' or matrix_postgres_backup_detected_version.startswith('13.')" diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/matrix-postgres-backup/tasks/validate_config.yml index fda9b9193..8a2ddb5ad 100644 --- a/roles/matrix-postgres-backup/tasks/validate_config.yml +++ b/roles/matrix-postgres-backup/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required Postgres settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml index 2a673ee3f..81f370500 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -3,12 +3,12 @@ # Pre-checks - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." when: "not matrix_postgres_enabled|bool" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `sqlite_database_path` variable needs to be provided to this playbook, via --extra-vars" when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')" @@ -18,7 +18,7 @@ register: sqlite_database_path_stat_result - name: Fail if provided SQLite database file doesn't exist - fail: + ansible.builtin.fail: msg: "File cannot be found on the server at {{ sqlite_database_path }}" when: "not sqlite_database_path_stat_result.stat.exists" @@ -27,16 +27,16 @@ - block: - name: Fail if postgres_connection_string_variable_name points to an undefined variable - fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" + ansible.builtin.fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" when: "postgres_connection_string_variable_name not in vars" - name: Get Postgres connection string from variable - set_fact: + ansible.builtin.set_fact: postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}" when: 'postgres_connection_string_variable_name is defined' - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: >- Either a `postgres_db_connection_string` variable or a `postgres_connection_string_variable_name` needs to be provided to this playbook, via `--extra-vars`. Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:/database_name"` or `--extra-vars="postgres_connection_string_variable_name=matrix_appservice_discord_database_connString"` @@ -46,7 +46,7 @@ # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" @@ -54,7 +54,7 @@ # Actual import work - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -68,7 +68,7 @@ when: "matrix_postgres_service_start_result.changed|bool" - name: Import SQLite database from {{ sqlite_database_path }} into Postgres - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -82,11 +82,11 @@ 'pgloader /in.db {{ postgres_db_connection_string }}' - name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) - command: + ansible.builtin.command: cmd: "mv {{ sqlite_database_path }} {{ sqlite_database_path }}.backup" - name: Inject result - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index 948c4b3aa..899dc78c8 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -3,12 +3,12 @@ # Pre-checks - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." when: "not matrix_postgres_enabled|bool" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `server_path_postgres_dump` variable needs to be provided to this playbook, via --extra-vars" when: "server_path_postgres_dump is not defined or server_path_postgres_dump.startswith('<')" @@ -18,7 +18,7 @@ register: result_server_path_postgres_dump_stat - name: Fail if provided Postgres dump file doesn't exists - fail: + ansible.builtin.fail: msg: "File cannot be found on the server at {{ server_path_postgres_dump }}" when: "not result_server_path_postgres_dump_stat.stat.exists" @@ -26,26 +26,26 @@ # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" - name: Set postgres_import_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_import_wait_time: "{{ 7 * 86400 }}" when: "postgres_import_wait_time|default('') == ''" # By default, we connect and import into the main (`matrix`) database. # Single-database dumps for Synapse may wish to import into `synapse` instead. - name: Set postgres_default_import_database, if not provided - set_fact: + ansible.builtin.set_fact: postgres_default_import_database: "{{ matrix_postgres_db_name }}" when: "postgres_default_import_database|default('') == ''" # Actual import work - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -59,7 +59,7 @@ - import_tasks: tasks/util/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected - fail: + ansible.builtin.fail: msg: "Could not find existing Postgres installation" when: "not matrix_postgres_detected_existing|bool" @@ -68,7 +68,7 @@ # The dump most likely contains those same entries and would try to re-create them, leading to errors. # We need to skip over those lines. - name: Generate Postgres database import command - set_fact: + ansible.builtin.set_fact: matrix_postgres_import_command: >- {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import --log-driver=none @@ -91,7 +91,7 @@ # We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it, # which ruins the command (`matrix_postgres_import_command`) - name: Note about Postgres importing alternative - set_fact: + ansible.builtin.set_fact: dummy: true with_items: - >- @@ -101,6 +101,6 @@ and manually run the above import command directly on the server. - name: Perform Postgres database import - command: "{{ matrix_postgres_import_command }}" + ansible.builtin.command: "{{ matrix_postgres_import_command }}" async: "{{ postgres_import_wait_time }}" poll: 10 diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml index 2dafba591..d10831dda 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -3,12 +3,12 @@ # Pre-checks - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." when: "not matrix_postgres_enabled|bool" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `server_path_homeserver_db` variable needs to be provided to this playbook, via --extra-vars" when: "server_path_homeserver_db is not defined or server_path_homeserver_db.startswith('<')" @@ -18,7 +18,7 @@ register: result_server_path_homeserver_db_stat - name: Fail if provided SQLite homeserver.db file doesn't exist - fail: + ansible.builtin.fail: msg: "File cannot be found on the server at {{ server_path_homeserver_db }}" when: "not result_server_path_homeserver_db_stat.stat.exists" @@ -26,7 +26,7 @@ # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" @@ -34,18 +34,18 @@ # Actual import work - name: Ensure matrix-postgres is stopped - service: + ansible.builtin.service: name: matrix-postgres state: stopped daemon_reload: true - name: Ensure postgres data is wiped out - file: + ansible.builtin.file: path: "{{ matrix_postgres_data_path }}" state: absent - name: Ensure postgres data path exists - file: + ansible.builtin.file: path: "{{ matrix_postgres_data_path }}" state: directory mode: 0700 @@ -53,7 +53,7 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: restarted daemon_reload: true @@ -70,7 +70,7 @@ # Also, some old `docker_container` versions were buggy and would leave containers behind # on failure, which we had to work around to allow retries (by re-running the playbook). - name: Import SQLite database into Postgres - command: | + ansible.builtin.command: | docker run --rm --name=matrix-synapse-migrate diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml index e5ebd9c56..0a46fa86c 100644 --- a/roles/matrix-postgres/tasks/init.yml +++ b/roles/matrix-postgres/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}" when: matrix_postgres_enabled|bool diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index f927783fa..4713fcd6d 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -16,7 +16,7 @@ register: result_pg_old_data_dir_stat - name: Warn if old Postgres data directory detected - debug: + ansible.builtin.debug: msg: > Found that you have Postgres data in `{{ matrix_postgres_base_path }}`. From now on, Postgres data is supposed to be stored in `{{ matrix_postgres_data_path }}` instead. @@ -26,7 +26,7 @@ # We should stop Postgres first, before building a list of files, # as to ignore any `postmaster.pid` files, etc. - name: Ensure matrix-postgres is stopped - service: + ansible.builtin.service: name: matrix-postgres state: stopped daemon_reload: true @@ -41,7 +41,7 @@ when: "result_pg_old_data_dir_stat.stat.exists" - name: Ensure new Postgres data path exists - file: + ansible.builtin.file: path: "{{ matrix_postgres_data_path }}" state: directory mode: 0700 @@ -51,7 +51,7 @@ - block: - name: Relocate Postgres data files from old directory to new - command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path|basename }}" + ansible.builtin.command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path|basename }}" with_items: "{{ result_pg_old_data_dir_find.files }}" when: "result_pg_old_data_dir_stat.stat.exists" @@ -61,12 +61,12 @@ # and have it initialize a new database. - name: Ensure outdated matrix-postgres.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent when: "result_pg_old_data_dir_stat.stat.exists" - name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service - service: + ansible.builtin.service: daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 0b7a60f81..f3c59775b 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -3,7 +3,7 @@ # Pre-checks - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run vacuum." when: "not matrix_postgres_enabled|bool" @@ -11,12 +11,12 @@ # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" - name: Set postgres_vacuum_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_vacuum_wait_time: "{{ 7 * 86400 }}" when: "postgres_vacuum_wait_time|default('') == ''" @@ -24,7 +24,7 @@ # Actual vacuuming work - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -38,12 +38,12 @@ - import_tasks: tasks/util/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected - fail: + ansible.builtin.fail: msg: "Could not find existing Postgres installation" when: "not matrix_postgres_detected_existing|bool" - name: Generate Postgres database vacuum command - set_fact: + ansible.builtin.set_fact: matrix_postgres_vacuum_command: >- {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -54,9 +54,9 @@ psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c 'VACUUM FULL VERBOSE' - name: Note about Postgres vacuum alternative - debug: + ansible.builtin.debug: msg: >- - Running vacuum with the following Postgres command: `{{ matrix_postgres_vacuum_command }}`. + Running vacuum with the following Postgres ansible.builtin.command: `{{ matrix_postgres_vacuum_command }}`. If this crashes, you can stop all processes (`systemctl stop matrix-*`), start Postgres only (`systemctl start matrix-postgres`) and manually run the above command directly on the server. @@ -64,26 +64,26 @@ - name: Populate service facts service_facts: -- set_fact: +- ansible.builtin.set_fact: matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service']|default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" - name: Ensure matrix-synapse is stopped - service: + ansible.builtin.service: name: matrix-synapse state: stopped daemon_reload: true - name: Run Postgres vacuum command - command: "{{ matrix_postgres_vacuum_command }}" + ansible.builtin.command: "{{ matrix_postgres_vacuum_command }}" async: "{{ postgres_vacuum_wait_time }}" poll: 10 register: matrix_postgres_synapse_vacuum_result # Intentionally show the results -- debug: var="matrix_postgres_synapse_vacuum_result" +- ansible.builtin.debug: var="matrix_postgres_synapse_vacuum_result" - name: Ensure matrix-synapse is started, if it previously was - service: + ansible.builtin.service: name: matrix-synapse state: started daemon_reload: true diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 04763a324..3cdde8073 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -14,17 +14,17 @@ # If not, we install using the latest Postgres. # # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). -- set_fact: +- ansible.builtin.set_fact: matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" when: matrix_postgres_enabled|bool - name: Abort if on an unsupported Postgres version - fail: + ansible.builtin.fail: msg: "You're on Postgres {{ matrix_postgres_detected_version }}, which is no longer supported. To upgrade, see docs/maintenance-postgres.md" when: "matrix_postgres_enabled|bool and matrix_postgres_detected_version.startswith('9.')" - name: Inject warning if on an old version of Postgres - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) @@ -49,7 +49,7 @@ until: result is not failed - name: Ensure Postgres paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0700 @@ -64,7 +64,7 @@ # - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) # - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true - name: Ensure Postgres data path ownership is correct - file: + ansible.builtin.file: path: "{{ matrix_postgres_data_path }}" state: directory owner: "{{ matrix_user_username }}" @@ -73,7 +73,7 @@ when: matrix_postgres_enabled|bool - name: Ensure Postgres environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_base_path }}/{{ item }}" owner: "{{ matrix_user_username }}" @@ -85,41 +85,41 @@ when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres-cli script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2" dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli" mode: 0755 when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres-cli-non-interactive script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2" dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive" mode: 0755 when: matrix_postgres_enabled|bool - name: Ensure matrix-change-user-admin-status script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status" mode: 0755 when: matrix_postgres_enabled|bool - name: (Migration) Ensure old matrix-make-user-admin script deleted - file: + ansible.builtin.file: path: "{{ matrix_local_bin_path }}/matrix-make-user-admin" state: absent when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres-update-user-password-hash script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash" mode: 0755 when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" dest: "{{ matrix_systemd_path }}/matrix-postgres.service" mode: 0644 @@ -127,12 +127,12 @@ when: matrix_postgres_enabled|bool - name: Ensure systemd reloaded after matrix-postgres.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed" - include_tasks: - file: "{{ role_path }}/tasks/util/create_additional_databases.yml" + ansible.builtin.file: "{{ role_path }}/tasks/util/create_additional_databases.yml" apply: tags: - always @@ -145,7 +145,7 @@ when: "matrix_postgres_enabled|bool" - name: Inject warning if backup data remains - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) @@ -168,20 +168,20 @@ when: "not matrix_postgres_enabled|bool" - name: Ensure matrix-postgres is stopped - service: + ansible.builtin.service: name: matrix-postgres state: stopped daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure matrix-postgres.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-postgres.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" @@ -193,7 +193,7 @@ # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres local data remains - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) @@ -205,7 +205,7 @@ when: "not matrix_postgres_enabled|bool and matrix_postgres_data_path_stat.stat.exists" - name: Remove Postgres scripts - file: + ansible.builtin.file: path: "{{ matrix_local_bin_path }}/{{ item }}" state: absent with_items: diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index bf98d938a..012f292de 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -1,32 +1,32 @@ --- - name: Set default postgres_dump_dir, if not provided - set_fact: + ansible.builtin.set_fact: postgres_dump_dir: "/tmp" when: "postgres_dump_dir|default('') == ''" - name: Set postgres_dump_name, if not provided - set_fact: + ansible.builtin.set_fact: postgres_dump_name: "matrix-postgres-dump.sql.gz" when: "postgres_dump_name|default('') == ''" - name: Set postgres_auto_upgrade_backup_data_path, if not provided - set_fact: + ansible.builtin.set_fact: postgres_auto_upgrade_backup_data_path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup" when: "postgres_auto_upgrade_backup_data_path|default('') == ''" - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" - name: Set postgres_force_upgrade, if not provided - set_fact: + ansible.builtin.set_fact: postgres_force_upgrade: false when: "postgres_force_upgrade|default('') == ''" - name: Fail, if trying to upgrade external Postgres database - fail: + ansible.builtin.fail: msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade." when: "not matrix_postgres_enabled|bool" @@ -36,32 +36,32 @@ register: result_auto_upgrade_path - name: Abort, if existing Postgres auto-upgrade data path detected - fail: + ansible.builtin.fail: msg: "Detected that a left-over {{ postgres_auto_upgrade_backup_data_path }} exists. You should rename it to {{ matrix_postgres_data_path }} if the previous upgrade went wrong, or delete it if it went well." when: "result_auto_upgrade_path.stat.exists" - import_tasks: tasks/util/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected - fail: + ansible.builtin.fail: msg: "Could not find existing Postgres installation" when: "not matrix_postgres_detected_existing|bool" - name: Abort, if already at latest Postgres version - fail: + ansible.builtin.fail: msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do" when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest and not postgres_force_upgrade" -- debug: +- ansible.builtin.debug: msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}" - name: Ensure matrix-synapse is stopped - service: + ansible.builtin.service: name: matrix-synapse state: stopped - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -78,7 +78,7 @@ # role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`) by itself on startup, # we need to remove these from the dump, or we'll get errors saying these already exist. - name: Perform Postgres database dump - command: >- + ansible.builtin.command: >- {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -92,20 +92,20 @@ > /out/{{ postgres_dump_name }}" - name: Ensure matrix-postgres is stopped - service: + ansible.builtin.service: name: matrix-postgres state: stopped - name: Rename existing Postgres data directory - command: "mv {{ matrix_postgres_data_path }} {{ postgres_auto_upgrade_backup_data_path }}" + ansible.builtin.command: "mv {{ matrix_postgres_data_path }} {{ postgres_auto_upgrade_backup_data_path }}" -- debug: +- ansible.builtin.debug: msg: "NOTE: Your Postgres data directory has been moved from `{{ matrix_postgres_data_path }}` to `{{ postgres_auto_upgrade_backup_data_path }}`. In the event of failure, you can move it back and run the playbook with --tags=setup-postgres to restore operation." - import_tasks: tasks/setup_postgres.yml - name: Ensure matrix-postgres autoruns and is restarted - service: + ansible.builtin.service: name: matrix-postgres enabled: true state: restarted @@ -122,7 +122,7 @@ # The dump most likely contains those same entries and would try to re-create them, leading to errors. # We need to skip over those lines. - name: Generate Postgres database import command - set_fact: + ansible.builtin.set_fact: matrix_postgres_import_command: >- {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import --log-driver=none @@ -145,7 +145,7 @@ # We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it, # which ruins the command (`matrix_postgres_import_command`) - name: Note about Postgres importing - set_fact: + ansible.builtin.set_fact: dummy: true with_items: - >- @@ -155,18 +155,18 @@ and restore the automatically-made backup (`mv {{ postgres_auto_upgrade_backup_data_path }} {{ matrix_postgres_data_path }}`). - name: Perform Postgres database import - command: "{{ matrix_postgres_import_command }}" + ansible.builtin.command: "{{ matrix_postgres_import_command }}" - name: Delete Postgres database dump file - file: + ansible.builtin.file: path: "{{ postgres_dump_dir }}/{{ postgres_dump_name }}" state: absent - name: Ensure matrix-synapse is started - service: + ansible.builtin.service: name: matrix-synapse state: started daemon_reload: true -- debug: +- ansible.builtin.debug: msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/matrix-postgres/tasks/util/create_additional_database.yml b/roles/matrix-postgres/tasks/util/create_additional_database.yml index 22b3c9a2a..b4fee2c8a 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_database.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_database.yml @@ -3,7 +3,7 @@ # It'd be better if this is belonged to `validate_config.yml`, but it would have to be some loop-within-a-loop there, # and that's ugly. We also don't expect this to catch errors often. It's more of a defensive last-minute check. - name: Fail if additional database data appears invalid - fail: + ansible.builtin.fail: msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}" when: "item not in additional_db" with_items: "{{ ['name', 'username', 'password'] }}" @@ -12,7 +12,7 @@ # This file will be mounted into the container and fed to Postgres. # This way, we avoid passing sensitive data around in CLI commands that other users on the system can see. - name: Create additional database initialization SQL file for {{ additional_db.name }} - template: + ansible.builtin.template: src: "{{ role_path }}/templates/sql/init-additional-db-user-and-role.sql.j2" dest: "/tmp/matrix-postgres-init-additional-db-user-and-role.sql" mode: 0600 @@ -20,7 +20,7 @@ group: "{{ matrix_user_gid }}" - name: Execute Postgres additional database initialization SQL file for {{ additional_db.name }} - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -35,6 +35,6 @@ 'psql -h {{ matrix_postgres_connection_hostname }} --file=/matrix-postgres-init-additional-db-user-and-role.sql' - name: Delete additional database initialization SQL file for {{ additional_db.name }} - file: + ansible.builtin.file: path: /tmp/matrix-postgres-init-additional-db-user-and-role.sql state: absent diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/matrix-postgres/tasks/util/create_additional_databases.yml index de87f98c4..c1b5cd517 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_databases.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_databases.yml @@ -1,7 +1,7 @@ --- - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index a7e94a0c3..932ca336a 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -4,7 +4,7 @@ # If there is, it also tries to detect the Docker image that corresponds to that version. - name: Initialize Postgres version determination variables (default to empty) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" matrix_postgres_detected_existing: false matrix_postgres_detected_version: "" @@ -15,47 +15,47 @@ path: "{{ matrix_postgres_detection_pg_version_path }}" register: result_pg_version_stat -- set_fact: +- ansible.builtin.set_fact: matrix_postgres_detected_existing: true when: "result_pg_version_stat.stat.exists" - name: Determine existing Postgres version (read PG_VERSION file) - slurp: + ansible.builtin.slurp: src: "{{ matrix_postgres_detection_pg_version_path }}" register: result_pg_version when: matrix_postgres_detected_existing|bool - name: Determine existing Postgres version (make sense of PG_VERSION file) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" when: matrix_postgres_detected_existing|bool - name: Determine corresponding Docker image to detected version (assume default of latest) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_latest }}" when: "matrix_postgres_detected_version != ''" - name: Determine corresponding Docker image to detected version (use 9.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v9 }}" when: "matrix_postgres_detected_version.startswith('9.')" - name: Determine corresponding Docker image to detected version (use 10.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v10 }}" when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" - name: Determine corresponding Docker image to detected version (use 11.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}" when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" - name: Determine corresponding Docker image to detected version (use 12.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}" when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" - name: Determine corresponding Docker image to detected version (use 13.x, if detected) - set_fact: + ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v13 }}" when: "matrix_postgres_detected_version == '13' or matrix_postgres_detected_version.startswith('13.')" diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index 90f73dba8..7b1fb6aaa 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -1,17 +1,17 @@ --- - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." when: "not matrix_postgres_enabled|bool" - name: Fail if util called incorrectly (missing matrix_postgres_db_migration_request) - fail: + ansible.builtin.fail: msg: "The `matrix_postgres_db_migration_request` variable needs to be provided to this util." when: "matrix_postgres_db_migration_request is not defined" - name: Fail if util called incorrectly (invalid matrix_postgres_db_migration_request) - fail: + ansible.builtin.fail: msg: "The `matrix_postgres_db_migration_request` variable needs to contain `{{ item }}`." with_items: - src @@ -27,13 +27,13 @@ register: matrix_postgres_db_migration_request_src_stat_result - name: Fail if provided source database file doesn't exist - fail: + ansible.builtin.fail: msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}" when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists" - block: - name: Ensure pgloader repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}" dest: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" version: "{{ matrix_postgres_pgloader_container_image_self_build_repo_branch }}" @@ -49,7 +49,7 @@ # # Although we're not using the dimitri/pgloader image, the one we're using suffers from the same problem. - name: Switch pgloader base image from Debian stable (likely 10.x/Buster) to Bullseye - lineinfile: + ansible.builtin.lineinfile: path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}/Dockerfile" regexp: "{{ item.match }}" line: "{{ item.replace }}" @@ -82,7 +82,7 @@ # Defaults - name: Set postgres_start_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: postgres_start_wait_time: 15 when: "postgres_start_wait_time|default('') == ''" @@ -90,7 +90,7 @@ # matrix-postgres is most likely started already - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -112,14 +112,14 @@ # However, we don't do it, because it's simpler having it here, and it also gets to happen only if we'll be doing an import. # If we bailed out (somewhere above), nothing would have gotten stopped. It's nice to leave this running in such cases. - name: Ensure systemd services blocking the database import are stopped - service: + ansible.builtin.service: name: "{{ item }}" state: stopped failed_when: false with_items: "{{ matrix_postgres_db_migration_request.systemd_services_to_stop }}" - name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -137,11 +137,11 @@ # because it refers to the role that included this util, and not to the role this file belongs to. - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" - name: Execute additional Postgres SQL migration statements - command: + ansible.builtin.command: cmd: >- {{ matrix_host_command_docker }} run --rm @@ -156,11 +156,11 @@ when: "matrix_postgres_db_migration_request.additional_psql_statements_list|default([])|length > 0" - name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) - command: + ansible.builtin.command: cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup" - name: Inject result - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-postgres/tasks/validate_config.yml b/roles/matrix-postgres/tasks/validate_config.yml index eac4dd5b1..f239b116a 100644 --- a/roles/matrix-postgres/tasks/validate_config.yml +++ b/roles/matrix-postgres/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: (Deprecation) Warn about matrix_postgres_use_external usage - fail: + ansible.builtin.fail: msg: > The `matrix_postgres_use_external` variable defined in your configuration is not used by this playbook anymore! You'll need to adapt to the new way of using an external Postgres server. @@ -13,7 +13,7 @@ # This is separate (from the other required variables below), # because we'd like to have a friendlier message for our existing users. - name: Fail if matrix_postgres_connection_password not defined - fail: + ansible.builtin.fail: msg: >- The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes. You need to perform multiple manual steps to resolve this. @@ -22,7 +22,7 @@ when: "matrix_postgres_connection_password == ''" - name: Fail if required Postgres settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" @@ -34,6 +34,6 @@ - "matrix_postgres_db_name" - name: Fail if Postgres password length exceeded - fail: + ansible.builtin.fail: msg: "The maximum `matrix_postgres_connection_password` length is 99 characters" when: "matrix_postgres_connection_password|length > 99" diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index d08340a83..4e53b0c35 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -1,12 +1,12 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -15,7 +15,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - set_fact: + ansible.builtin.set_fact: matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | location /metrics/node-exporter { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -31,7 +31,7 @@ } - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 21d0b55db..ee2c18359 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -17,7 +17,7 @@ until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" dest: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" mode: 0644 @@ -25,7 +25,7 @@ when: matrix_prometheus_node_exporter_enabled|bool - name: Ensure systemd reloaded after matrix-prometheus.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_systemd_service_result.changed" @@ -39,7 +39,7 @@ register: matrix_prometheus_node_exporter_service_stat - name: Ensure matrix-prometheus-node-exporter is stopped - service: + ansible.builtin.service: name: matrix-prometheus-node-exporter state: stopped enabled: false @@ -48,12 +48,12 @@ when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - name: Ensure matrix-prometheus-node-exporter.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" state: absent when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 996cc975d..3c7b5b012 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -1,12 +1,12 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -15,7 +15,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - set_fact: + ansible.builtin.set_fact: matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | location /metrics/postgres-exporter { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -31,7 +31,7 @@ } - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index 08ffe708e..2c263eb28 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -17,7 +17,7 @@ until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" dest: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" mode: 0644 @@ -25,7 +25,7 @@ when: matrix_prometheus_postgres_exporter_enabled|bool - name: Ensure systemd reloaded after matrix-prometheus.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" @@ -39,7 +39,7 @@ register: matrix_prometheus_postgres_exporter_service_stat - name: Ensure matrix-prometheus-postgres-exporter is stopped - service: + ansible.builtin.service: name: matrix-prometheus-postgres-exporter state: stopped enabled: false @@ -48,12 +48,12 @@ when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" state: absent when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/matrix-prometheus/tasks/init.yml index 6587ddd91..946410e34 100644 --- a/roles/matrix-prometheus/tasks/init.yml +++ b/roles/matrix-prometheus/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" when: matrix_prometheus_enabled|bool diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index 06989e7ef..ad2b94aad 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -12,7 +12,7 @@ until: result is not failed - name: Ensure Prometheus paths exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -24,7 +24,7 @@ - "{{ matrix_prometheus_data_path }}" - name: Download synapse-v2.rules - get_url: + ansible.builtin.get_url: url: "{{ matrix_prometheus_scraper_synapse_rules_download_url }}" dest: "{{ matrix_prometheus_config_path }}/synapse-v2.rules" force: true @@ -38,7 +38,7 @@ until: result is not failed - name: Ensure prometheus.yml installed - copy: + ansible.builtin.copy: content: "{{ matrix_prometheus_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_prometheus_config_path }}/prometheus.yml" mode: 0644 @@ -46,13 +46,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-prometheus.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2" dest: "{{ matrix_systemd_path }}/matrix-prometheus.service" mode: 0644 register: matrix_prometheus_systemd_service_result - name: Ensure systemd reloaded after matrix-prometheus.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_prometheus_systemd_service_result.changed|bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index c9f07f52e..f1a624819 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_prometheus_service_stat - name: Ensure matrix-prometheus is stopped - service: + ansible.builtin.service: name: matrix-prometheus state: stopped enabled: false @@ -15,12 +15,12 @@ when: "matrix_prometheus_service_stat.stat.exists|bool" - name: Ensure matrix-prometheus.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-prometheus.service" state: absent when: "matrix_prometheus_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-prometheus.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_prometheus_service_stat.stat.exists|bool" diff --git a/roles/matrix-prometheus/tasks/validate_config.yml b/roles/matrix-prometheus/tasks/validate_config.yml index 9fcfe12b2..3e3863042 100644 --- a/roles/matrix-prometheus/tasks/validate_config.yml +++ b/roles/matrix-prometheus/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if Synapse metrics or Prometheus Node Exporter not enabled - fail: + ansible.builtin.fail: msg: > You need to enable `matrix_prometheus_scraper_synapse_enabled` and/or `matrix_prometheus_scraper_node_enabled` for Prometheus grab metrics. when: "not matrix_prometheus_scraper_synapse_enabled and not matrix_prometheus_scraper_node_enabled" diff --git a/roles/matrix-redis/tasks/init.yml b/roles/matrix-redis/tasks/init.yml index 99c52026d..08d7ec5a0 100644 --- a/roles/matrix-redis/tasks/init.yml +++ b/roles/matrix-redis/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" when: matrix_redis_enabled|bool diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index df1d17367..7ff55552d 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -17,7 +17,7 @@ until: result is not failed - name: Ensure redis paths exist - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0700 @@ -32,7 +32,7 @@ # - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) # - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true - name: Ensure redis data path ownership is correct - file: + ansible.builtin.file: path: "{{ matrix_redis_data_path }}" state: directory owner: "{{ matrix_user_username }}" @@ -41,7 +41,7 @@ when: matrix_redis_enabled|bool - name: Ensure redis environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_redis_base_path }}/{{ item }}" mode: 0644 @@ -50,7 +50,7 @@ when: matrix_redis_enabled|bool - name: Ensure matrix-redis.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" dest: "{{ matrix_systemd_path }}/matrix-redis.service" mode: 0644 @@ -58,7 +58,7 @@ when: matrix_redis_enabled|bool - name: Ensure systemd reloaded after matrix-redis.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_redis_enabled|bool and matrix_redis_systemd_service_result.changed" @@ -73,7 +73,7 @@ when: "not matrix_redis_enabled|bool" - name: Ensure matrix-redis is stopped - service: + ansible.builtin.service: name: matrix-redis state: stopped enabled: false @@ -81,13 +81,13 @@ when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Ensure matrix-redis.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-redis.service" state: absent when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-redis.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" @@ -99,6 +99,6 @@ # We just want to notify the user. Deleting data is too destructive. - name: Notify if matrix-redis local data remains - debug: + ansible.builtin.debug: msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it." when: "not matrix_redis_enabled|bool and matrix_redis_data_path_stat.stat.exists" diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/matrix-registration/tasks/generate_token.yml index 4e337b016..4b01957ca 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/matrix-registration/tasks/generate_token.yml @@ -1,17 +1,17 @@ --- - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars" when: "one_time is not defined or one_time not in ['yes', 'no']" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `ex_date` variable (expiration date) needs to be provided to this playbook, via --extra-vars" when: "ex_date is not defined or ex_date == ''" - name: Call matrix-registration token creation API - uri: + ansible.builtin.uri: url: "{{ matrix_registration_api_token_endpoint }}" follow_redirects: none validate_certs: "{{ matrix_registration_api_validate_certs }}" @@ -28,7 +28,7 @@ check_mode: false register: matrix_registration_api_result -- set_fact: +- ansible.builtin.set_fact: matrix_registration_api_result_message: >- matrix-registration result: @@ -42,7 +42,7 @@ check_mode: false - name: Inject result message into matrix_playbook_runtime_results - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index 44a887d18..5267f2b2b 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -2,17 +2,17 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" when: matrix_registration_enabled|bool - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -21,7 +21,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_registration_matrix_nginx_proxy_configuration: | rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; @@ -47,7 +47,7 @@ } - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -59,7 +59,7 @@ when: matrix_registration_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/matrix-registration/tasks/list_tokens.yml index 9ef40d274..d83d29769 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/matrix-registration/tasks/list_tokens.yml @@ -1,7 +1,7 @@ --- - name: Call matrix-registration list all tokens API - uri: + ansible.builtin.uri: url: "{{ matrix_registration_api_token_endpoint }}" follow_redirects: none validate_certs: "{{ matrix_registration_api_validate_certs }}" @@ -13,7 +13,7 @@ check_mode: false register: matrix_registration_api_result -- set_fact: +- ansible.builtin.set_fact: matrix_registration_api_result_message: >- matrix-registration result: @@ -21,7 +21,7 @@ check_mode: false - name: Inject result message into matrix_playbook_runtime_results - set_fact: + ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 36cd0fd4a..3a8e71e79 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_registration_requires_restart: false - block: @@ -10,7 +10,7 @@ register: matrix_registration_sqlite_database_path_local_stat_result - block: - - set_fact: + - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_registration_sqlite_database_path_local }}" dst: "{{ matrix_registration_database_connection_string }}" @@ -26,13 +26,13 @@ - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - set_fact: + - ansible.builtin.set_fact: matrix_registration_requires_restart: true when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists|bool" when: "matrix_registration_database_engine == 'postgres'" - name: Ensure matrix-registration paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 @@ -58,7 +58,7 @@ until: result is not failed - name: Ensure matrix-registration repository is present when self-building - git: + ansible.builtin.git: repo: "{{ matrix_registration_container_image_self_build_repo }}" dest: "{{ matrix_registration_docker_src_files_path }}" version: "{{ matrix_registration_container_image_self_build_branch }}" @@ -70,7 +70,7 @@ # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 - name: Patch setup.py to allow self-built version to work - lineinfile: + ansible.builtin.lineinfile: path: "{{ matrix_registration_docker_src_files_path }}/setup.py" regexp: 'flask-limiter' line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",' @@ -89,7 +89,7 @@ when: "matrix_registration_container_image_self_build|bool" - name: Ensure matrix-registration config installed - copy: + ansible.builtin.copy: content: "{{ matrix_registration_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_registration_config_path }}/config.yaml" mode: 0644 @@ -97,19 +97,19 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-registration.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2" dest: "{{ matrix_systemd_path }}/matrix-registration.service" mode: 0644 register: matrix_registration_systemd_service_result - name: Ensure systemd reloaded after matrix-registration.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_registration_systemd_service_result.changed|bool" - name: Ensure matrix-registration.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-registration.service" state: restarted when: "matrix_registration_requires_restart|bool" diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml index 4b7c195fe..54f5483be 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/matrix-registration/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_registration_service_stat - name: Ensure matrix-registration is stopped - service: + ansible.builtin.service: name: matrix-registration state: stopped enabled: false @@ -15,13 +15,13 @@ when: "matrix_registration_service_stat.stat.exists|bool" - name: Ensure matrix-registration.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-registration.service" state: absent when: "matrix_registration_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-registration.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_registration_service_stat.stat.exists|bool" diff --git a/roles/matrix-registration/tasks/validate_config.yml b/roles/matrix-registration/tasks/validate_config.yml index 90466b46c..eb140d31e 100644 --- a/roles/matrix-registration/tasks/validate_config.yml +++ b/roles/matrix-registration/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required matrix-registration settings not defined - fail: + ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) for using matrix-registration. when: "vars[item] == ''" @@ -11,7 +11,7 @@ - "matrix_registration_server_location" - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/matrix-sygnal/tasks/init.yml index efa17a4d6..1543435c1 100644 --- a/roles/matrix-sygnal/tasks/init.yml +++ b/roles/matrix-sygnal/tasks/init.yml @@ -1,5 +1,5 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" when: matrix_sygnal_enabled|bool diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index 1a6ce186f..26b59d995 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -12,7 +12,7 @@ until: result is not failed - name: Ensure Sygnal paths exists - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0750 @@ -24,7 +24,7 @@ - "{{ matrix_sygnal_data_path }}" - name: Ensure Sygnal config installed - copy: + ansible.builtin.copy: content: "{{ matrix_sygnal_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml" mode: 0640 @@ -32,13 +32,13 @@ group: "{{ matrix_user_groupname }}" - name: Ensure matrix-sygnal.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2" dest: "{{ matrix_systemd_path }}/matrix-sygnal.service" mode: 0644 register: matrix_sygnal_systemd_service_result - name: Ensure systemd reloaded after matrix-sygnal.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_sygnal_systemd_service_result.changed|bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml index 5a81a1b29..37b7db22a 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/matrix-sygnal/tasks/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_sygnal_service_stat - name: Ensure matrix-sygnal is stopped - service: + ansible.builtin.service: name: matrix-sygnal state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_sygnal_service_stat.stat.exists|bool" - name: Ensure matrix-sygnal.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-sygnal.service" state: absent when: "matrix_sygnal_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-sygnal.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_sygnal_service_stat.stat.exists|bool" - name: Ensure Sygnal base directory doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_sygnal_base_path }}" state: absent diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index 2121edf45..b2c380109 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if no Sygnal apps defined - fail: + ansible.builtin.fail: msg: >- Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index de8c00466..e274e1868 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -2,17 +2,17 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_image_self_build and matrix_synapse_admin_enabled" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" when: matrix_synapse_admin_enabled|bool - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -21,7 +21,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_synapse_admin_matrix_nginx_proxy_configuration: | rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; @@ -38,7 +38,7 @@ } - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) @@ -50,7 +50,7 @@ when: matrix_synapse_admin_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: + ansible.builtin.debug: msg: >- NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy reverse proxy. diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index f83ccdc3f..5f117a12c 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -17,7 +17,7 @@ until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building - git: + ansible.builtin.git: repo: "{{ matrix_synapse_admin_container_image_self_build_repo }}" dest: "{{ matrix_synapse_admin_docker_src_files_path }}" version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" @@ -40,7 +40,7 @@ when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" - name: Ensure matrix-synapse-admin.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-synapse-admin.service.j2" dest: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" mode: 0644 @@ -48,7 +48,7 @@ when: matrix_synapse_admin_enabled|bool - name: Ensure systemd reloaded after matrix-synapse-admin.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed" @@ -62,7 +62,7 @@ register: matrix_synapse_admin_service_stat - name: Ensure matrix-synapse-admin is stopped - service: + ansible.builtin.service: name: matrix-synapse-admin state: stopped enabled: false @@ -71,13 +71,13 @@ when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" state: absent when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-synapse-admin.service removal - service: + ansible.builtin.service: daemon_reload: true when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" diff --git a/roles/matrix-synapse-admin/tasks/validate_config.yml b/roles/matrix-synapse-admin/tasks/validate_config.yml index 20a5c170f..bf5fe69e1 100644 --- a/roles/matrix-synapse-admin/tasks/validate_config.yml +++ b/roles/matrix-synapse-admin/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index cdcdd0828..41970cde7 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Download matrix_encryption_disabler - get_url: + ansible.builtin.get_url: url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}" dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" force: true @@ -13,7 +13,7 @@ delay: "{{ matrix_geturl_retries_delay }}" until: result is not failed -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_modules: | {{ matrix_synapse_modules|default([]) diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml index a532464d8..c223f6e85 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Ensure matrix_encryption_disabler doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" state: absent diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index b483f688a..d5f54db3b 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_password_providers_enabled: true matrix_synapse_additional_loggers: > diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index 1d224bc92..4dd122ff5 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure git installed (RedHat) - yum: + ansible.builtin.yum: name: - git state: present @@ -9,7 +9,7 @@ when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) - apt: + ansible.builtin.apt: name: - git state: present @@ -25,14 +25,14 @@ when: "ansible_distribution == 'Archlinux'" - name: Clone mjolnir-antispam git repository - git: + ansible.builtin.git: repo: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url }}" version: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version }}" dest: "{{ matrix_synapse_ext_path }}/mjolnir" become: true become_user: "{{ matrix_user_username }}" -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_spam_checker: > {{ matrix_synapse_spam_checker diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml index f8439a873..8211d51ae 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Ensure mjolnir-antispam doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_ext_path }}/mjolnir" state: absent diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 22ad318de..685b2922f 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -1,12 +1,12 @@ --- - name: Fail if REST Auth endpoint not configured - fail: + ansible.builtin.fail: msg: "You have enabled the REST Auth password provider, but have not configured its endpoint in the `matrix_synapse_ext_password_provider_rest_auth_endpoint` variable. Consult the documentation." when: "matrix_synapse_ext_password_provider_rest_auth_endpoint == ''" - name: Download matrix-synapse-rest-auth - get_url: + ansible.builtin.get_url: url: "{{ matrix_synapse_ext_password_provider_rest_auth_download_url }}" dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py" force: true @@ -18,7 +18,7 @@ delay: "{{ matrix_geturl_retries_delay }}" until: result is not failed -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_password_providers_enabled: true matrix_synapse_container_extra_arguments: > diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml index be8ad600b..d95dd1c7c 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Ensure matrix-synapse-rest-auth doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py" state: absent diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index 091b0eb2f..f4229538b 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -1,17 +1,17 @@ --- - name: Fail if Shared Secret Auth secret not set - fail: + ansible.builtin.fail: msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" - name: Fail if no Shared Secret Auth login types enabled - fail: + ansible.builtin.fail: msg: "Shared Secret Auth is enabled, but none of the login types are" when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)" - name: Download matrix-synapse-shared-secret-auth - get_url: + ansible.builtin.get_url: url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" force: true @@ -23,7 +23,7 @@ delay: "{{ matrix_geturl_retries_delay }}" until: result is not failed -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_modules: | {{ matrix_synapse_modules|default([]) diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml index e564909e7..b2f909443 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Ensure matrix-synapse-shared-secret-auth doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" state: absent diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 579a707c6..7eb67debf 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -1,12 +1,12 @@ --- - name: Fail if Synapse Simple Antispam blocked homeservers is not set - fail: + ansible.builtin.fail: msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers" when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers|length == 0" - name: Ensure git installed (RedHat) - yum: + ansible.builtin.yum: name: - git state: present @@ -14,7 +14,7 @@ when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) - apt: + ansible.builtin.apt: name: - git state: present @@ -30,14 +30,14 @@ when: "ansible_distribution == 'Archlinux'" - name: Clone synapse-simple-antispam git repository - git: + ansible.builtin.git: repo: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url }}" version: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version }}" dest: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam" become: true become_user: "{{ matrix_user_username }}" -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_modules: > {{ matrix_synapse_modules diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml index 14cefc72d..b1d558aa5 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Ensure synapse-simple-antispam doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam" state: absent diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index d37815203..b9e99747b 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -21,7 +21,7 @@ ignore_errors: true - name: Ensure Matrix Goofys external storage mountpoint exists - file: + ansible.builtin.file: path: "{{ matrix_s3_media_store_path }}" state: directory mode: 0750 @@ -30,20 +30,20 @@ when: "not local_path_matrix_s3_media_store_path_stat.failed and not local_path_matrix_s3_media_store_path_stat.stat.exists" - name: Ensure goofys environment variables file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/goofys/env-goofys.j2" dest: "{{ matrix_synapse_config_dir_path }}/env-goofys" owner: root mode: 0600 - name: Ensure matrix-goofys.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" dest: "{{ matrix_systemd_path }}/matrix-goofys.service" mode: 0644 register: matrix_goofys_systemd_service_result - name: Ensure systemd reloaded after matrix-goofys.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index c00206eff..8f7e32373 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_goofys_service_stat - name: Ensure matrix-goofys is stopped - service: + ansible.builtin.service: name: matrix-goofys state: stopped enabled: false @@ -15,18 +15,18 @@ when: "matrix_goofys_service_stat.stat.exists" - name: Ensure matrix-goofys.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-goofys.service" state: absent when: "matrix_goofys_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-goofys.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_goofys_service_stat.stat.exists" - name: Ensure goofys environment variables file doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_config_dir_path }}/env-goofys" state: absent diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index 8e9626806..edfad27e5 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -3,12 +3,12 @@ # Pre-checks - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `server_path_media_store` variable needs to be provided to this playbook, via --extra-vars" when: "server_path_media_store is not defined or server_path_media_store.startswith('<')" - name: Fail if media store is on Amazon S3 - fail: + ansible.builtin.fail: msg: "Your media store is on Amazon S3. Due to technical limitations, restoring is not supported." when: matrix_s3_media_store_enabled|bool @@ -18,7 +18,7 @@ register: server_path_media_store_stat - name: Fail if provided media store directory doesn't exist on the server - fail: + ansible.builtin.fail: msg: "{{ server_path_media_store }} cannot be found on the server" when: "not server_path_media_store_stat.stat.exists or not server_path_media_store_stat.stat.isdir" @@ -33,7 +33,7 @@ register: server_path_media_store_remote_content_stat - name: Fail if media store directory doesn't look okay (lacking remote and local content) - fail: + ansible.builtin.fail: msg: "{{ server_path_media_store }} contains neither local_content nor remote_content directories. It's most likely a mistake and is not a media store directory." when: "not server_path_media_store_local_content_stat.stat.exists and not server_path_media_store_remote_content_stat.stat.exists" @@ -41,7 +41,7 @@ # Actual import work - name: Ensure matrix-synapse is stopped - service: + ansible.builtin.service: name: matrix-synapse state: stopped enabled: false @@ -57,14 +57,14 @@ delete: true # It's wasteful to preserve owner/group now. We chown below anyway. owner: false - group: false + ansible.builtin.group: false times: true delegate_to: "{{ inventory_hostname }}" # This is for the generic case and fails in other cases (remote file systems), # because in such cases the base path (matrix_synapse_media_store_path) is a mount point. - name: Ensure media store permissions are correct (generic case) - file: + ansible.builtin.file: path: "{{ matrix_synapse_media_store_path }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -75,7 +75,7 @@ # all files become owned by whoever needs to own them. - name: Ensure Synapse is started (if it previously was) - service: + ansible.builtin.service: name: "{{ item }}" state: started daemon_reload: true diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index ffaec05fd..c76b4f6c8 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -2,7 +2,7 @@ # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 - fail: + ansible.builtin.fail: msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" @@ -11,7 +11,7 @@ - import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" when: matrix_synapse_enabled|bool @@ -22,13 +22,13 @@ loop_var: matrix_synapse_worker_details when: matrix_synapse_enabled|bool and matrix_synapse_workers_enabled|bool -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled|bool - block: - name: Fail if matrix-nginx-proxy role already executed - fail: + ansible.builtin.fail: msg: >- Trying to append Synapse's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. @@ -37,7 +37,7 @@ when: matrix_nginx_proxy_role_executed|default(False)|bool - name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) - set_fact: + ansible.builtin.set_fact: matrix_synapse_nginx_metrics_configuration_block: | location /metrics/synapse/main-process { {% if matrix_nginx_proxy_enabled|default(False) %} @@ -52,7 +52,7 @@ } - name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) @@ -61,7 +61,7 @@ }} - name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) - set_fact: + ansible.builtin.set_fact: matrix_synapse_worker_nginx_metrics_configuration_block: | {% for worker in matrix_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} @@ -76,7 +76,7 @@ when: matrix_synapse_workers_enabled_list|length > 0 - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) - set_fact: + ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 552358434..31a8c3684 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -51,7 +51,7 @@ - rust-synapse-compress-state - name: Mark matrix-synapse role as executed - set_fact: + ansible.builtin.set_fact: matrix_synapse_role_executed: true tags: - always diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 2a1c57082..48ce33bb8 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -1,22 +1,22 @@ --- - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `username` variable needs to be provided to this playbook, via --extra-vars" when: "username is not defined or username == ''" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `password` variable needs to be provided to this playbook, via --extra-vars" when: "password is not defined or password == ''" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `admin` variable needs to be provided to this playbook, via --extra-vars" when: "admin is not defined or admin not in ['yes', 'no']" - name: Ensure matrix-synapse is started - service: + ansible.builtin.service: name: matrix-synapse state: started daemon_reload: true @@ -28,4 +28,4 @@ when: "start_result.changed" - name: Register user - command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index e1386c752..30849ded6 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -1,10 +1,10 @@ --- -- debug: +- ansible.builtin.debug: msg: "Compressing room `{{ room_details.room_id }}` having {{ room_details.count }} state group rows" - name: Generate rust-synapse-compress-state room compression command - set_fact: + ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_compress_room_command: >- {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -17,15 +17,15 @@ -r '{{ room_details.room_id }}' - name: Run rust-synapse-compress-state room compression command (SQL generation) - command: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_command }}" + ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_command }}" async: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_compress_room_command_result -- debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result" +- ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result" - name: Generate Postgres compression SQL import command - set_fact: + ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_command: >- {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -39,12 +39,12 @@ psql -v ON_ERROR_STOP=1 -h matrix-postgres -d {{ matrix_synapse_database_database }}" - name: Import compression SQL into Postgres - command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}" + ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}" async: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_psql_import_command_result - name: Clean up - file: + ansible.builtin.file: path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}/state-compressor.sql" state: absent diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 219f1c986..33a18ac63 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -2,7 +2,7 @@ # Pre-checks - name: Fail if Postgres not enabled - fail: + ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state." when: "not matrix_postgres_enabled|bool" @@ -10,22 +10,22 @@ # Defaults - name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided - set_fact: + ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800 when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided - set_fact: + ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600 when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided - set_fact: + ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600 when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided - set_fact: + ansible.builtin.set_fact: # The minimum number of state groups we're looking for before we consider a room eligible for compression. # Rooms with a smaller state groups count will not be compressed. matrix_synapse_rust_synapse_compress_state_min_state_groups_required: 100000 @@ -35,7 +35,7 @@ # Actual compression work - name: Ensure rust-synapse-compress-state paths exist - file: + ansible.builtin.file: path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}" state: directory mode: 0750 @@ -54,7 +54,7 @@ until: result is not failed - name: Generate rust-synapse-compress-state room find command - set_fact: + ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command: >- {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -66,7 +66,7 @@ 'SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;' - name: Find rooms eligible for compression with rust-synapse-compress-state - command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}" + ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}" async: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_find_rooms_command_result @@ -85,10 +85,10 @@ # Row 3 contains a space when there's no result. - block: - - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" + - ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" - name: Fail if room find result is not what we expect - fail: + ansible.builtin.fail: msg: >- Expecting 4 lines in the "find rooms" result. when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" @@ -96,11 +96,11 @@ - block: # matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list # of dictionaries like this: {'room_id': '!some-id', 'count': 2461329} - - set_fact: + - ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_eligible_rooms: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] | from_json }}" - name: Display rooms that will be compressed - debug: + ansible.builtin.debug: msg: >- The following rooms contain more than {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} state group rows (configurable via `matrix_synapse_rust_synapse_compress_state_min_state_groups_required`) @@ -115,7 +115,7 @@ when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '" - name: Show notice about lack of rooms to compress - debug: + ansible.builtin.debug: msg: >- No rooms were found to contain more than {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} state group rows (configurable via `matrix_synapse_rust_synapse_compress_state_min_state_groups_required`), diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 407a79ff6..c09063045 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -1,7 +1,7 @@ --- - name: Check Matrix Client API - uri: + ansible.builtin.uri: url: "{{ matrix_synapse_client_api_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" @@ -11,11 +11,11 @@ when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working - fail: + ansible.builtin.fail: msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" when: "matrix_synapse_enabled|bool and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" - name: Report working Matrix Client API - debug: + ansible.builtin.debug: msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" when: matrix_synapse_enabled|bool diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 322493721..447e3e262 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -1,7 +1,7 @@ --- - name: Check Matrix Federation API - uri: + ansible.builtin.uri: url: "{{ matrix_synapse_federation_api_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" @@ -11,16 +11,16 @@ when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working - fail: + ansible.builtin.fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled - fail: + ansible.builtin.fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API - debug: + ansible.builtin.debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool" diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index 47e404f41..c2b33f0b0 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -1,7 +1,7 @@ --- - name: Ensure Synapse paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0750 diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 1aaaf7b3f..e0d470720 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -10,7 +10,7 @@ # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. - name: Ensure Synapse media store path exists - file: + ansible.builtin.file: path: "{{ matrix_synapse_media_store_path }}" state: directory mode: 0750 @@ -20,7 +20,7 @@ - block: - name: Ensure Synapse repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_synapse_container_image_self_build_repo }}" dest: "{{ matrix_synapse_docker_src_files_path }}" version: "{{ matrix_synapse_docker_image.split(':')[1] }}" @@ -30,14 +30,14 @@ register: matrix_synapse_git_pull_results - name: Check if Synapse Docker image exists - command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + ansible.builtin.command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" register: matrix_synapse_docker_image_check_result # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, # because the latter does not support BuildKit. # See: https://github.com/ansible-collections/community.general/issues/514 - name: Ensure Synapse Docker image is built - shell: + ansible.builtin.shell: chdir: "{{ matrix_synapse_docker_src_files_path }}" cmd: | {{ matrix_host_command_docker }} build \ @@ -74,7 +74,7 @@ # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent docker-py version, which is not available for a lot of people yet. - name: Generate initial Synapse config and signing key - command: | + ansible.builtin.command: | docker run --rm --name=matrix-config @@ -89,7 +89,7 @@ when: "not matrix_synapse_signing_key_stat.stat.exists" - name: Ensure Synapse homeserver config installed - copy: + ansible.builtin.copy: content: "{{ matrix_synapse_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml" mode: 0644 @@ -97,31 +97,31 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Synapse log config installed - template: + ansible.builtin.template: src: "{{ matrix_synapse_template_synapse_log }}" dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config" mode: 0644 - name: Ensure matrix-synapse.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" dest: "{{ matrix_systemd_path }}/matrix-synapse.service" mode: 0644 register: matrix_synapse_systemd_service_result - name: Ensure systemd reloaded after matrix-synapse.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_synapse_systemd_service_result.changed" - name: Ensure matrix-synapse-register-user script created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0755 - name: Generate sample prometheus.yml for external scraping - template: + ansible.builtin.template: src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2" dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 1d4fe7ad2..1f2d3fe5a 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -6,7 +6,7 @@ register: matrix_synapse_service_stat - name: Ensure matrix-synapse is stopped - service: + ansible.builtin.service: name: matrix-synapse state: stopped enabled: false @@ -15,13 +15,13 @@ when: "matrix_synapse_service_stat.stat.exists" - name: Ensure matrix-synapse.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-synapse.service" state: absent when: "matrix_synapse_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-synapse.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_synapse_service_stat.stat.exists" @@ -31,7 +31,7 @@ state: absent - name: Ensure sample prometheus.yml for external scraping is deleted - file: + ansible.builtin.file: path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" state: absent when: "not matrix_synapse_metrics_proxying_enabled|bool" diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index f59313bde..6d75d9f64 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -5,7 +5,7 @@ # so we're forced to do something much uglier. - name: Build generic workers - set_fact: + ansible.builtin.set_fact: worker: type: 'generic_worker' instanceId: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" @@ -15,7 +15,7 @@ loop: "{{ range(0, matrix_synapse_workers_generic_workers_count|int)|list }}" - name: Build federation sender workers - set_fact: + ansible.builtin.set_fact: worker: type: 'federation_sender' instanceId: "{{ item }}" @@ -26,7 +26,7 @@ # This type of worker can only have a count of 1, at most - name: Build pusher workers - set_fact: + ansible.builtin.set_fact: worker: type: 'pusher' instanceId: "{{ item }}" @@ -37,7 +37,7 @@ # This type of worker can only have a count of 1, at most - name: Build appservice workers - set_fact: + ansible.builtin.set_fact: worker: type: 'appservice' instanceId: "{{ item }}" @@ -47,7 +47,7 @@ loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count|int)|list }}" - name: Build media_repository workers - set_fact: + ansible.builtin.set_fact: worker: type: 'media_repository' instanceId: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" @@ -57,7 +57,7 @@ loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count|int)|list }}" - name: Build frontend_proxy workers - set_fact: + ansible.builtin.set_fact: worker: type: 'frontend_proxy' instanceId: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" @@ -66,7 +66,7 @@ register: "matrix_synapse_workers_list_results_frontend_proxy_workers" loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count|int)|list }}" -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list|default([]) + [item.ansible_facts.worker] }}" with_items: | {{ @@ -83,5 +83,5 @@ matrix_synapse_workers_list_results_frontend_proxy_workers.results }} -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup.yml b/roles/matrix-synapse/tasks/synapse/workers/setup.yml index ce66a2e40..7fcce2b49 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup.yml @@ -3,14 +3,14 @@ # A previous version of the worker setup used this. # This is a temporary cleanup for people who ran that version. - name: Ensure old matrix-synapse.service.wants directory is gone - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-synapse.service.wants" state: absent # Same. This was part of a previous version of the worker setup. # No longer necessary. - name: Ensure matrix-synapse-worker-write-pid script is removed - file: + ansible.builtin.file: path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid" state: absent diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml index 983f1876f..ce86e35f3 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml @@ -9,7 +9,7 @@ # This also deletes some things which we need. They will be recreated below. - name: Ensure previous worker configs are cleaned - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ matrix_synapse_workers_current_config_files.files }}" @@ -22,7 +22,7 @@ register: matrix_synapse_workers_current_systemd_services - name: Ensure unnecessary worker systemd services are stopped and disabled - service: + ansible.builtin.service: name: "{{ item.path|basename }}" state: stopped enabled: false @@ -30,7 +30,7 @@ when: "not ansible_check_mode and item.path|basename not in matrix_systemd_services_list" - name: Ensure unnecessary worker systemd services are cleaned - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index f03576112..8b70dec58 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -4,7 +4,7 @@ service_facts: - name: Ensure any worker services are stopped - service: + ansible.builtin.service: name: "{{ item.key }}" state: stopped with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" @@ -18,7 +18,7 @@ register: matrix_synapse_workers_current_config_files - name: Ensure previous worker configs are cleaned - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ matrix_synapse_workers_current_config_files.files }}" @@ -31,7 +31,7 @@ register: matrix_synapse_workers_current_systemd_services - name: Ensure previous worker systemd services are cleaned - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml index 2669e1491..dfbb8316d 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml @@ -8,12 +8,12 @@ # In the future, it should be possible to remove this check. # Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. - name: Fail if instanceId not defined for worker - fail: + ansible.builtin.fail: msg: "Synapse workers (like {{ matrix_synapse_worker_details|to_json }}) need to define an instanceId property (type + instanceId must be unique)" when: "'instanceId' not in matrix_synapse_worker_details" -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}.service" -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_systemd_service_name] }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index 2247cd894..883558a75 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,21 +1,21 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_systemd_service_name }}" -- set_fact: +- ansible.builtin.set_fact: matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.type }}_{{ matrix_synapse_worker_details.instanceId }}.yaml" - name: Ensure configuration exists for {{ matrix_synapse_worker_systemd_service_name }} - template: + ansible.builtin.template: src: "{{ role_path }}/templates/synapse/worker.yaml.j2" dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}" - name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }} - template: + ansible.builtin.template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse-worker.service.j2" dest: "{{ matrix_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service" mode: 0644 diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index fd348d9db..171159ff8 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -1,29 +1,29 @@ --- - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `username` variable needs to be provided to this playbook, via --extra-vars" when: "username is not defined or username == ''" - name: Fail if playbook called incorrectly - fail: + ansible.builtin.fail: msg: "The `password` variable needs to be provided to this playbook, via --extra-vars" when: "password is not defined or password == ''" - name: Fail if not using matrix-postgres container - fail: + ansible.builtin.fail: msg: "This command is working only when matrix-postgres container is being used" when: "not matrix_postgres_enabled|bool" - name: Ensure matrix-synapse is started - service: + ansible.builtin.service: name: matrix-synapse state: started daemon_reload: true register: start_result - name: Ensure matrix-postgres is started - service: + ansible.builtin.service: name: matrix-postgres state: started daemon_reload: true @@ -36,8 +36,8 @@ when: "start_result.changed or postgres_start_result.changed" - name: Generate password hash - shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" + ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" register: password_hash - name: Update user password hash - command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index ab0ca3a7e..ba60abf8a 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required Synapse settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) for using Synapse. when: "vars[item] == ''" @@ -13,7 +13,7 @@ - "matrix_synapse_database_database" - name: Fail if asking to configure deprecaed workers (appservice, userdir) - fail: + ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 0. This type of worker has been deprecated since Synapse v1.59. @@ -25,7 +25,7 @@ - "matrix_synapse_workers_user_dir_workers_count" - name: Fail if asking for more than 1 instance of single-instance workers - fail: + ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item]|int > 1" @@ -34,7 +34,7 @@ - "matrix_synapse_workers_federation_sender_workers_count" - name: (Deprecation) Catch and report renamed settings - fail: + ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). @@ -63,7 +63,7 @@ - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml - fail: + ansible.builtin.fail: msg: >- Your matrix_synapse_configuration_extension_yaml configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). From ddf18eadc7e60dcdc11080612714230358421cc5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 11:22:05 +0300 Subject: [PATCH 267/381] More ansible-lint fixes --- roles/matrix-aux/tasks/main.yml | 4 +- roles/matrix-aux/tasks/setup.yml | 12 +-- roles/matrix-backup-borg/defaults/main.yml | 6 +- roles/matrix-backup-borg/tasks/init.yml | 2 +- roles/matrix-backup-borg/tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 16 ++-- .../tasks/setup_uninstall.yml | 10 +-- roles/matrix-base/tasks/main.yml | 22 ++--- roles/matrix-base/tasks/sanity_check.yml | 10 +-- roles/matrix-base/tasks/server_base/setup.yml | 12 +-- .../tasks/server_base/setup_archlinux.yml | 2 +- .../tasks/server_base/setup_debian.yml | 6 +- .../tasks/server_base/setup_fedora.yml | 8 +- .../tasks/server_base/setup_raspbian.yml | 6 +- .../tasks/server_base/setup_redhat.yml | 6 +- .../tasks/server_base/setup_redhat8.yml | 8 +- roles/matrix-base/tasks/setup_matrix_base.yml | 2 +- roles/matrix-base/tasks/setup_well_known.yml | 8 +- roles/matrix-bot-buscarron/tasks/init.yml | 2 +- roles/matrix-bot-buscarron/tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 20 ++--- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-bot-go-neb/defaults/main.yml | 4 +- roles/matrix-bot-go-neb/tasks/init.yml | 2 +- roles/matrix-bot-go-neb/tasks/main.yml | 14 +-- .../matrix-bot-go-neb/tasks/setup_install.yml | 8 +- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-bot-honoroit/tasks/init.yml | 2 +- roles/matrix-bot-honoroit/tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 20 ++--- .../tasks/setup_uninstall.yml | 8 +- .../tasks/init.yml | 2 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 10 +-- .../tasks/setup_uninstall.yml | 8 +- .../defaults/main.yml | 4 +- .../tasks/init.yml | 2 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 22 ++--- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-bot-mjolnir/defaults/main.yml | 4 +- roles/matrix-bot-mjolnir/tasks/init.yml | 2 +- roles/matrix-bot-mjolnir/tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 14 +-- .../tasks/setup_uninstall.yml | 8 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 10 +-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 16 ++-- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 10 +-- .../tasks/main.yml | 14 +-- .../tasks/migrate_nedb_to_postgres.yml | 12 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 22 ++--- .../tasks/main.yml | 14 +-- .../tasks/migrate_nedb_to_postgres.yml | 10 +-- .../tasks/setup_install.yml | 20 ++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 22 ++--- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 10 +-- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 10 +-- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 2 +- .../matrix-bridge-heisenbridge/tasks/init.yml | 10 +-- .../matrix-bridge-heisenbridge/tasks/main.yml | 10 +-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 2 +- .../matrix-bridge-hookshot/defaults/main.yml | 8 +- roles/matrix-bridge-hookshot/tasks/init.yml | 34 +++---- roles/matrix-bridge-hookshot/tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 16 ++-- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 2 +- .../tasks/validate_config.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 18 ++-- .../tasks/setup_uninstall.yml | 4 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 32 +++---- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 16 ++-- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 10 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 8 +- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- .../defaults/main.yml | 6 +- .../tasks/init.yml | 18 ++-- .../tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 26 +++--- .../tasks/setup_uninstall.yml | 2 +- roles/matrix-bridge-sms/defaults/main.yml | 6 +- roles/matrix-bridge-sms/tasks/init.yml | 10 +-- roles/matrix-bridge-sms/tasks/main.yml | 14 +-- .../matrix-bridge-sms/tasks/setup_install.yml | 4 +- .../tasks/setup_uninstall.yml | 2 +- roles/matrix-client-cinny/tasks/init.yml | 2 +- roles/matrix-client-cinny/tasks/main.yml | 18 ++-- .../tasks/setup_install.yml | 10 +-- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-client-element/tasks/init.yml | 2 +- roles/matrix-client-element/tasks/main.yml | 26 +++--- .../tasks/migrate_riot_web.yml | 16 ++-- .../tasks/prepare_themes.yml | 6 +- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-client-hydrogen/tasks/init.yml | 2 +- roles/matrix-client-hydrogen/tasks/main.yml | 18 ++-- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 8 +- .../tasks/validate_config.yml | 2 +- roles/matrix-common-after/tasks/main.yml | 12 +-- roles/matrix-common-after/tasks/start.yml | 6 +- roles/matrix-corporal/tasks/init.yml | 2 +- roles/matrix-corporal/tasks/main.yml | 14 +-- .../matrix-corporal/tasks/setup_corporal.yml | 28 +++--- .../matrix-corporal/tasks/validate_config.yml | 2 +- roles/matrix-coturn/tasks/init.yml | 4 +- roles/matrix-coturn/tasks/main.yml | 14 +-- roles/matrix-coturn/tasks/setup_install.yml | 10 +-- roles/matrix-coturn/tasks/setup_uninstall.yml | 10 +-- roles/matrix-dendrite/defaults/main.yml | 4 +- .../matrix-dendrite/tasks/dendrite/setup.yml | 8 +- .../tasks/dendrite/setup_install.yml | 8 +- .../tasks/dendrite/setup_uninstall.yml | 2 +- roles/matrix-dendrite/tasks/init.yml | 2 +- roles/matrix-dendrite/tasks/main.yml | 22 ++--- roles/matrix-dendrite/tasks/register_user.yml | 2 +- .../tasks/self_check_federation_api.yml | 6 +- .../matrix-dendrite/tasks/setup_dendrite.yml | 4 +- roles/matrix-dendrite/vars/main.yml | 4 +- roles/matrix-dimension/defaults/main.yml | 4 +- roles/matrix-dimension/tasks/init.yml | 2 +- roles/matrix-dimension/tasks/main.yml | 14 +-- .../matrix-dimension/tasks/setup_install.yml | 20 ++--- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-dimension/vars/main.yml | 2 +- roles/matrix-dynamic-dns/tasks/init.yml | 2 +- roles/matrix-dynamic-dns/tasks/install.yml | 8 +- roles/matrix-dynamic-dns/tasks/main.yml | 14 +-- roles/matrix-dynamic-dns/tasks/uninstall.yml | 2 +- roles/matrix-email2matrix/tasks/init.yml | 2 +- roles/matrix-email2matrix/tasks/main.yml | 14 +-- .../tasks/setup_install.yml | 10 +-- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-etherpad/tasks/init.yml | 12 +-- roles/matrix-etherpad/tasks/main.yml | 14 +-- roles/matrix-etherpad/tasks/setup_install.yml | 2 +- .../matrix-etherpad/tasks/setup_uninstall.yml | 8 +- .../matrix-etherpad/tasks/validate_config.yml | 2 +- roles/matrix-grafana/tasks/init.yml | 2 +- roles/matrix-grafana/tasks/main.yml | 8 +- roles/matrix-grafana/tasks/setup.yml | 24 ++--- roles/matrix-jitsi/tasks/init.yml | 4 +- roles/matrix-jitsi/tasks/main.yml | 26 +++--- roles/matrix-jitsi/tasks/setup_jitsi_base.yml | 4 +- .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 22 ++--- roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 22 ++--- .../tasks/setup_jitsi_prosody.yml | 26 +++--- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 22 ++--- .../tasks/util/setup_jitsi_auth.yml | 2 +- roles/matrix-jitsi/tasks/validate_config.yml | 2 +- roles/matrix-ma1sd/defaults/main.yml | 4 +- roles/matrix-ma1sd/tasks/init.yml | 4 +- roles/matrix-ma1sd/tasks/main.yml | 18 ++-- roles/matrix-ma1sd/tasks/migrate_mxisd.yml | 8 +- roles/matrix-ma1sd/tasks/setup_install.yml | 28 +++--- roles/matrix-ma1sd/tasks/setup_uninstall.yml | 8 +- roles/matrix-ma1sd/vars/main.yml | 2 +- roles/matrix-mailer/tasks/init.yml | 2 +- roles/matrix-mailer/tasks/main.yml | 6 +- roles/matrix-mailer/tasks/setup_mailer.yml | 28 +++--- roles/matrix-nginx-proxy/tasks/init.yml | 4 +- roles/matrix-nginx-proxy/tasks/main.yml | 18 ++-- .../tasks/self_check_well_known.yml | 4 +- .../tasks/setup_nginx_proxy.yml | 90 +++++++++---------- roles/matrix-nginx-proxy/tasks/ssl/main.yml | 6 +- .../tasks/ssl/setup_ssl_lets_encrypt.yml | 6 +- ...tup_ssl_lets_encrypt_obtain_for_domain.yml | 10 +-- .../tasks/ssl/setup_ssl_manually_managed.yml | 2 +- ...ssl_manually_managed_verify_for_domain.yml | 4 +- .../tasks/ssl/setup_ssl_self_signed.yml | 4 +- ...etup_ssl_self_signed_obtain_for_domain.yml | 2 +- .../tasks/validate_config.yml | 2 +- roles/matrix-nginx-proxy/vars/main.yml | 4 +- roles/matrix-ntfy/defaults/main.yml | 4 +- roles/matrix-ntfy/tasks/init.yml | 2 +- roles/matrix-ntfy/tasks/main.yml | 14 +-- roles/matrix-ntfy/tasks/setup_install.yml | 2 +- roles/matrix-ntfy/tasks/setup_uninstall.yml | 2 +- roles/matrix-postgres-backup/tasks/init.yml | 2 +- roles/matrix-postgres-backup/tasks/main.yml | 10 +-- .../tasks/setup_postgres_backup.yml | 36 ++++---- .../util/detect_existing_postgres_version.yml | 6 +- roles/matrix-postgres/defaults/main.yml | 4 +- .../tasks/import_generic_sqlite_db.yml | 12 +-- .../matrix-postgres/tasks/import_postgres.yml | 20 ++--- .../tasks/import_synapse_sqlite_db.yml | 12 +-- roles/matrix-postgres/tasks/init.yml | 2 +- roles/matrix-postgres/tasks/main.yml | 30 +++---- .../tasks/migrate_postgres_data_directory.yml | 6 +- roles/matrix-postgres/tasks/run_vacuum.yml | 16 ++-- .../matrix-postgres/tasks/setup_postgres.yml | 70 +++++++-------- .../tasks/upgrade_postgres.yml | 24 ++--- .../util/create_additional_databases.yml | 6 +- .../util/detect_existing_postgres_version.yml | 6 +- .../tasks/util/migrate_db_to_postgres.yml | 20 ++--- .../tasks/init.yml | 10 +-- .../tasks/main.yml | 4 +- .../tasks/setup.yml | 14 +-- .../tasks/init.yml | 10 +-- .../tasks/main.yml | 4 +- .../tasks/setup.yml | 14 +-- roles/matrix-prometheus/defaults/main.yml | 4 +- roles/matrix-prometheus/tasks/init.yml | 2 +- roles/matrix-prometheus/tasks/main.yml | 14 +-- .../matrix-prometheus/tasks/setup_install.yml | 6 +- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-redis/tasks/init.yml | 2 +- roles/matrix-redis/tasks/main.yml | 6 +- roles/matrix-redis/tasks/setup_redis.yml | 28 +++--- roles/matrix-registration/defaults/main.yml | 4 +- .../tasks/generate_token.yml | 4 +- roles/matrix-registration/tasks/init.yml | 12 +-- .../matrix-registration/tasks/list_tokens.yml | 2 +- roles/matrix-registration/tasks/main.yml | 22 ++--- .../tasks/setup_install.yml | 24 ++--- .../tasks/setup_uninstall.yml | 8 +- roles/matrix-sygnal/defaults/main.yml | 4 +- roles/matrix-sygnal/tasks/init.yml | 2 +- roles/matrix-sygnal/tasks/main.yml | 14 +-- roles/matrix-sygnal/tasks/setup_install.yml | 4 +- roles/matrix-sygnal/tasks/setup_uninstall.yml | 8 +- roles/matrix-synapse-admin/tasks/init.yml | 12 +-- roles/matrix-synapse-admin/tasks/main.yml | 8 +- roles/matrix-synapse-admin/tasks/setup.yml | 20 ++--- roles/matrix-synapse/defaults/main.yml | 20 ++--- .../tasks/ext/encryption-disabler/setup.yml | 8 +- .../ext/encryption-disabler/setup_install.yml | 4 +- .../tasks/ext/ldap-auth/setup.yml | 2 +- .../tasks/ext/mjolnir-antispam/setup.yml | 8 +- .../ext/mjolnir-antispam/setup_install.yml | 2 +- .../tasks/ext/rest-auth/setup.yml | 8 +- .../tasks/ext/rest-auth/setup_install.yml | 2 +- roles/matrix-synapse/tasks/ext/setup.yml | 12 +-- .../tasks/ext/shared-secret-auth/setup.yml | 8 +- .../ext/shared-secret-auth/setup_install.yml | 4 +- .../ext/synapse-simple-antispam/setup.yml | 8 +- .../synapse-simple-antispam/setup_install.yml | 2 +- roles/matrix-synapse/tasks/goofys/setup.yml | 8 +- .../tasks/goofys/setup_install.yml | 4 +- .../tasks/goofys/setup_uninstall.yml | 2 +- .../tasks/import_media_store.yml | 10 +-- roles/matrix-synapse/tasks/init.yml | 20 ++--- roles/matrix-synapse/tasks/main.yml | 34 +++---- roles/matrix-synapse/tasks/register_user.yml | 2 +- .../rust-synapse-compress-state/main.yml | 12 +-- .../tasks/self_check_client_api.yml | 6 +- .../tasks/self_check_federation_api.yml | 8 +- roles/matrix-synapse/tasks/setup_synapse.yml | 10 +-- roles/matrix-synapse/tasks/synapse/setup.yml | 8 +- .../tasks/synapse/setup_install.yml | 12 +-- .../tasks/synapse/setup_uninstall.yml | 4 +- .../tasks/synapse/workers/init.yml | 14 +-- .../tasks/synapse/workers/setup.yml | 8 +- .../tasks/synapse/workers/setup_install.yml | 10 +-- .../tasks/synapse/workers/setup_uninstall.yml | 8 +- .../inject_systemd_services_for_worker.yml | 2 +- .../tasks/update_user_password.yml | 4 +- roles/matrix-synapse/vars/main.yml | 6 +- 337 files changed, 1720 insertions(+), 1720 deletions(-) diff --git a/roles/matrix-aux/tasks/main.yml b/roles/matrix-aux/tasks/main.yml index 2585715be..df7c77d0c 100644 --- a/roles/matrix-aux/tasks/main.yml +++ b/roles/matrix-aux/tasks/main.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/setup.yml" - when: run_stop|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" + when: run_stop | bool tags: - setup-all - setup-aux-files diff --git a/roles/matrix-aux/tasks/setup.yml b/roles/matrix-aux/tasks/setup.yml index 87c67d6dc..ccb0bdcb4 100644 --- a/roles/matrix-aux/tasks/setup.yml +++ b/roles/matrix-aux/tasks/setup.yml @@ -4,16 +4,16 @@ ansible.builtin.file: dest: "{{ item.dest }}" state: directory - owner: "{{ item.owner|default(matrix_user_username) }}" - group: "{{ item.group|default(matrix_user_groupname) }}" - mode: "{{ item.mode|default(matrix_aux_directory_default_mode) }}" + owner: "{{ item.owner | default(matrix_user_username) }}" + group: "{{ item.group | default(matrix_user_groupname) }}" + mode: "{{ item.mode | default(matrix_aux_directory_default_mode) }}" with_items: "{{ matrix_aux_directory_definitions }}" - name: Ensure AUX files are created ansible.builtin.copy: dest: "{{ item.dest }}" content: "{{ item.content }}" - owner: "{{ item.owner|default(matrix_user_username) }}" - group: "{{ item.group|default(matrix_user_groupname) }}" - mode: "{{ item.mode|default(matrix_aux_file_default_mode) }}" + owner: "{{ item.owner | default(matrix_user_username) }}" + group: "{{ item.group | default(matrix_user_groupname) }}" + mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}" with_items: "{{ matrix_aux_file_definitions }}" diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 5003c26c6..ed2ffb722 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -14,7 +14,7 @@ matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/do matrix_backup_borg_version: "" matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" -matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version|default('') == '' }}" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}" # A list of extra arguments to pass to the container matrix_backup_borg_container_extra_arguments: [] @@ -93,8 +93,8 @@ matrix_backup_borg_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_backup_borg_configuration_yaml`. -matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml|from_yaml if matrix_backup_borg_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml | from_yaml if matrix_backup_borg_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final borgmatic configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`. -matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml|from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}" +matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml | from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml index 4d853a82c..d57f12491 100644 --- a/roles/matrix-backup-borg/tasks/init.yml +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -1,4 +1,4 @@ --- - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}" - when: matrix_backup_borg_enabled|bool + when: matrix_backup_borg_enabled | bool diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/matrix-backup-borg/tasks/main.yml index 0dbf54e15..5de4559c5 100644 --- a/roles/matrix-backup-borg/tasks/main.yml +++ b/roles/matrix-backup-borg/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_backup_borg_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_backup_borg_enabled | bool" tags: - setup-all - setup-backup-borg -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_backup_borg_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_backup_borg_enabled | bool" tags: - setup-all - setup-backup-borg -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_backup_borg_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_backup_borg_enabled | bool" tags: - setup-all - setup-backup-borg diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index c8cf7f24e..686313a29 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- - block: - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" - name: Fail if detected Postgres version is unsupported ansible.builtin.fail: @@ -10,7 +10,7 @@ - name: Set the correct borg backup version to use ansible.builtin.set_fact: matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" - when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == '' + when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist ansible.builtin.file: @@ -22,11 +22,11 @@ with_items: - {path: "{{ matrix_backup_borg_config_path }}", when: true} - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure borgmatic config is created ansible.builtin.copy: - content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_backup_borg_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_backup_borg_config_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" @@ -54,7 +54,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" - when: "not matrix_backup_borg_container_image_self_build|bool" + when: "not matrix_backup_borg_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -68,7 +68,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_backup_borg_git_pull_results - when: "matrix_backup_borg_container_image_self_build|bool" + when: "matrix_backup_borg_container_image_self_build | bool" - name: Ensure borg image is built docker_image: @@ -80,7 +80,7 @@ dockerfile: Dockerfile path: "{{ matrix_backup_borg_docker_src_files_path }}" pull: true - when: "matrix_backup_borg_container_image_self_build|bool" + when: "matrix_backup_borg_container_image_self_build | bool" - name: Ensure matrix-backup-borg.service installed ansible.builtin.template: @@ -99,7 +99,7 @@ - name: Ensure systemd reloaded after matrix-backup-borg.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_backup_borg_systemd_service_result.changed|bool" + when: "matrix_backup_borg_systemd_service_result.changed | bool" - name: Ensure matrix-backup-borg.service enabled ansible.builtin.service: diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/matrix-backup-borg/tasks/setup_uninstall.yml index faed21f8a..fb583f57a 100644 --- a/roles/matrix-backup-borg/tasks/setup_uninstall.yml +++ b/roles/matrix-backup-borg/tasks/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Check existence of matrix-backup-borg service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" register: matrix_backup_borg_service_stat @@ -11,24 +11,24 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_backup_borg_service_stat.stat.exists|bool" + when: "matrix_backup_borg_service_stat.stat.exists | bool" - name: Ensure matrix-backup-borg.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" state: absent - when: "matrix_backup_borg_service_stat.stat.exists|bool" + when: "matrix_backup_borg_service_stat.stat.exists | bool" - name: Ensure matrix-backup-borg.timer doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" state: absent - when: "matrix_backup_borg_service_stat.stat.exists|bool" + when: "matrix_backup_borg_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-backup-borg.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_backup_borg_service_stat.stat.exists|bool" + when: "matrix_backup_borg_service_stat.stat.exists | bool" - name: Ensure Matrix borg paths don't exist ansible.builtin.file: diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index 1cdc0432e..2205056d8 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -1,34 +1,34 @@ --- -- import_tasks: "{{ role_path }}/tasks/sanity_check.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" + when: run_setup | bool tags: - setup-all -- import_tasks: "{{ role_path }}/tasks/server_base/setup.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml" + when: run_setup | bool tags: - setup-all # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`, # which are required by many other roles. -- import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml" + when: run_setup | bool tags: - always - setup-system-user -- import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml" + when: run_setup | bool tags: - setup-all -- import_tasks: "{{ role_path }}/tasks/setup_well_known.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml" + when: run_setup | bool tags: - setup-all - setup-ma1sd diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 29ae8419e..03ff0afb4 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -50,11 +50,11 @@ ansible.builtin.fail: msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value" with_items: - - {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"} - - {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix|default('') }}"} - - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element|default('') }}"} - - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url|default('') }}"} - - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url|default('') }}"} + - {'var': matrix_domain, 'value': "{{ matrix_domain | default('') }}"} + - {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix | default('') }}"} + - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element | default('') }}"} + - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url | default('') }}"} + - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url | default('') }}"} when: "item.value is none or item.value == ''" - name: Fail if uppercase domain used diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index c5145e559..cec745902 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,12 +1,12 @@ --- -- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8 -- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30 -- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30 - block: @@ -23,14 +23,14 @@ setup: filter=ansible_lsb* when: lsb_release_installation_result.changed - - include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml" when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian') - - include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml" when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian') when: ansible_os_family == 'Debian' -- include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml" when: ansible_distribution == 'Archlinux' - name: Ensure Docker is started and autoruns diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/matrix-base/tasks/server_base/setup_archlinux.yml index a4912a5db..73c18ceef 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/matrix-base/tasks/server_base/setup_archlinux.yml @@ -13,4 +13,4 @@ name: - docker state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index a45cd3772..c463738b4 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -16,14 +16,14 @@ state: present register: add_repository_key ignore_errors: true - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker repository is enabled apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present update_cache: true - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed ansible.builtin.apt: @@ -38,4 +38,4 @@ - "{{ matrix_docker_package_name }}" - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml index c83d88445..e9ddf54b0 100644 --- a/roles/matrix-base/tasks/server_base/setup_fedora.yml +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -9,13 +9,13 @@ mode: 0644 with_items: - docker-ce-fedora.repo - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted rpm_key: state: present key: https://download.docker.com/linux/fedora/gpg - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure yum packages are installed ansible.builtin.yum: @@ -30,10 +30,10 @@ - "{{ matrix_docker_package_name }}" - python3-pip state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool - name: Ensure Docker-Py is installed pip: name: docker-py state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index e3406ed50..6f0b1467c 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -16,14 +16,14 @@ state: present register: add_repository_key ignore_errors: true - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker repository is enabled apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present update_cache: true - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed ansible.builtin.apt: @@ -38,4 +38,4 @@ - "{{ matrix_docker_package_name }}" - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml index 88061c719..92615ac79 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -7,13 +7,13 @@ owner: "root" group: "root" mode: 0644 - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted rpm_key: state: present key: https://download.docker.com/linux/centos/gpg - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure yum packages are installed ansible.builtin.yum: @@ -28,4 +28,4 @@ - "{{ matrix_docker_package_name }}" - docker-python state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml index d2eca6812..7b50160d0 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -7,13 +7,13 @@ owner: "root" group: "root" mode: 0644 - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted rpm_key: state: present key: https://download.docker.com/linux/centos/gpg - when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure EPEL is installed ansible.builtin.yum: @@ -35,10 +35,10 @@ - "{{ matrix_docker_package_name }}" - python3-pip state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool - name: Ensure Docker-Py is installed pip: name: docker-py state: latest - when: matrix_docker_installation_enabled|bool + when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/matrix-base/tasks/setup_matrix_base.yml index 100b7e7c7..2e8609873 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/matrix-base/tasks/setup_matrix_base.yml @@ -17,7 +17,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: '0660' - when: "matrix_vars_yml_snapshotting_enabled|bool" + when: "matrix_vars_yml_snapshotting_enabled | bool" - name: Ensure Matrix network is created in Docker docker_network: diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index c4a5c236e..d51e93d3f 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -15,7 +15,7 @@ - name: Ensure Matrix /.well-known/matrix/client file configured ansible.builtin.copy: - content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}" + content: "{{ matrix_well_known_matrix_client_configuration | to_nice_json }}" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" mode: 0644 owner: "{{ matrix_user_username }}" @@ -23,18 +23,18 @@ - name: Ensure Matrix /.well-known/matrix/server file configured ansible.builtin.copy: - content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}" + content: "{{ matrix_well_known_matrix_server_configuration | to_nice_json }}" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_well_known_matrix_server_enabled|bool + when: matrix_well_known_matrix_server_enabled | bool - name: Ensure Matrix /.well-known/matrix/server file deleted ansible.builtin.file: path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" state: absent - when: "not matrix_well_known_matrix_server_enabled|bool" + when: "not matrix_well_known_matrix_server_enabled | bool" - name: Ensure Matrix /.well-known/matrix/support file configured ansible.builtin.copy: diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/matrix-bot-buscarron/tasks/init.yml index 37c0932ec..a1f5751db 100644 --- a/roles/matrix-bot-buscarron/tasks/init.yml +++ b/roles/matrix-bot-buscarron/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" - when: matrix_bot_buscarron_enabled|bool + when: matrix_bot_buscarron_enabled | bool diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/matrix-bot-buscarron/tasks/main.yml index 63e87dfb8..e6712262f 100644 --- a/roles/matrix-bot-buscarron/tasks/main.yml +++ b/roles/matrix-bot-buscarron/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_buscarron_enabled | bool" tags: - setup-all - setup-bot-buscarron -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_buscarron_enabled | bool" tags: - setup-all - setup-bot-buscarron -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_buscarron_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool" tags: - setup-all - setup-bot-buscarron diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml index 6559a95a2..e9ba12586 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -4,7 +4,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" register: matrix_bot_buscarron_sqlite_database_path_local_stat_result @@ -13,16 +13,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" dst: "{{ matrix_bot_buscarron_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_bot_buscarron_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-buscarron.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: true - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_bot_buscarron_database_engine == 'postgres'" - name: Ensure buscarron paths exist @@ -37,7 +37,7 @@ - {path: "{{ matrix_bot_buscarron_data_path }}", when: true} - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true} - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure buscarron environment variables file created ansible.builtin.template: @@ -53,7 +53,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" - when: "not matrix_bot_buscarron_container_image_self_build|bool" + when: "not matrix_bot_buscarron_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -67,7 +67,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_bot_buscarron_git_pull_results - when: "matrix_bot_buscarron_container_image_self_build|bool" + when: "matrix_bot_buscarron_container_image_self_build | bool" - name: Ensure buscarron image is built docker_image: @@ -79,7 +79,7 @@ dockerfile: Dockerfile path: "{{ matrix_bot_buscarron_docker_src_files_path }}" pull: true - when: "matrix_bot_buscarron_container_image_self_build|bool" + when: "matrix_bot_buscarron_container_image_self_build | bool" - name: Ensure matrix-bot-buscarron.service installed ansible.builtin.template: @@ -91,10 +91,10 @@ - name: Ensure systemd reloaded after matrix-bot-buscarron.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_bot_buscarron_systemd_service_result.changed|bool" + when: "matrix_bot_buscarron_systemd_service_result.changed | bool" - name: Ensure matrix-bot-buscarron.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-buscarron.service" state: restarted - when: "matrix_bot_buscarron_requires_restart|bool" + when: "matrix_bot_buscarron_requires_restart | bool" diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml index 5dd266530..ad9e78cdd 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-buscarron service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" register: matrix_bot_buscarron_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + when: "matrix_bot_buscarron_service_stat.stat.exists | bool" - name: Ensure matrix-bot-buscarron.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" state: absent - when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + when: "matrix_bot_buscarron_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-buscarron.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + when: "matrix_bot_buscarron_service_stat.stat.exists | bool" - name: Ensure Matrix buscarron paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index 31cb27d67..f01f28fc5 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -224,8 +224,8 @@ matrix_bot_go_neb_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_bot_go_neb_configuration_yaml`. -matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml | from_yaml if matrix_bot_go_neb_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. -matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" +matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml | from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml index a1b57ec65..9d5b4f896 100644 --- a/roles/matrix-bot-go-neb/tasks/init.yml +++ b/roles/matrix-bot-go-neb/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" - when: matrix_bot_go_neb_enabled|bool + when: matrix_bot_go_neb_enabled | bool diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/matrix-bot-go-neb/tasks/main.yml index 3c2ed9c58..27487ac53 100644 --- a/roles/matrix-bot-go-neb/tasks/main.yml +++ b/roles/matrix-bot-go-neb/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_go_neb_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_go_neb_enabled | bool" tags: - setup-all - setup-bot-go-neb -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_go_neb_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_go_neb_enabled | bool" tags: - setup-all - setup-bot-go-neb -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool" tags: - setup-all - setup-bot-go-neb diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index 71d5168a6..a651c1608 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -14,7 +14,7 @@ - {path: "{{ matrix_bot_go_neb_config_path }}", when: true} - {path: "{{ matrix_bot_go_neb_data_path }}", when: true} - {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure go-neb image is pulled docker_image: @@ -29,7 +29,7 @@ - name: Ensure go-neb config installed ansible.builtin.copy: - content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_bot_go_neb_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -45,10 +45,10 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_bot_go_neb_systemd_service_result.changed|bool" + when: "matrix_bot_go_neb_systemd_service_result.changed | bool" - name: Ensure matrix-bot-go-neb.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-go-neb.service" state: restarted - when: "matrix_bot_go_neb_requires_restart|bool" + when: "matrix_bot_go_neb_requires_restart | bool" diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml index d27377c1d..9794a90ad 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-go-neb service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" register: matrix_bot_go_neb_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_go_neb_service_stat.stat.exists|bool" + when: "matrix_bot_go_neb_service_stat.stat.exists | bool" - name: Ensure matrix-bot-go-neb.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" state: absent - when: "matrix_bot_go_neb_service_stat.stat.exists|bool" + when: "matrix_bot_go_neb_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_go_neb_service_stat.stat.exists|bool" + when: "matrix_bot_go_neb_service_stat.stat.exists | bool" - name: Ensure Matrix go-neb paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/matrix-bot-honoroit/tasks/init.yml index 2a5ea4d75..1b03373c8 100644 --- a/roles/matrix-bot-honoroit/tasks/init.yml +++ b/roles/matrix-bot-honoroit/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" - when: matrix_bot_honoroit_enabled|bool + when: matrix_bot_honoroit_enabled | bool diff --git a/roles/matrix-bot-honoroit/tasks/main.yml b/roles/matrix-bot-honoroit/tasks/main.yml index 7d66177c6..5de468fe7 100644 --- a/roles/matrix-bot-honoroit/tasks/main.yml +++ b/roles/matrix-bot-honoroit/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_honoroit_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_honoroit_enabled | bool" tags: - setup-all - setup-bot-honoroit -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_honoroit_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_honoroit_enabled | bool" tags: - setup-all - setup-bot-honoroit -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_honoroit_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool" tags: - setup-all - setup-bot-honoroit diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 2f7bb9a45..f41c4a26f 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -4,7 +4,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" register: matrix_bot_honoroit_sqlite_database_path_local_stat_result @@ -13,16 +13,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" dst: "{{ matrix_bot_honoroit_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_bot_honoroit_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-honoroit.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: true - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_bot_honoroit_database_engine == 'postgres'" - name: Ensure honoroit paths exist @@ -37,7 +37,7 @@ - {path: "{{ matrix_bot_honoroit_data_path }}", when: true} - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true} - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure honoroit environment variables file created ansible.builtin.template: @@ -53,7 +53,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" - when: "not matrix_bot_honoroit_container_image_self_build|bool" + when: "not matrix_bot_honoroit_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -67,7 +67,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_bot_honoroit_git_pull_results - when: "matrix_bot_honoroit_container_image_self_build|bool" + when: "matrix_bot_honoroit_container_image_self_build | bool" - name: Ensure honoroit image is built docker_image: @@ -79,7 +79,7 @@ dockerfile: Dockerfile path: "{{ matrix_bot_honoroit_docker_src_files_path }}" pull: true - when: "matrix_bot_honoroit_container_image_self_build|bool" + when: "matrix_bot_honoroit_container_image_self_build | bool" - name: Ensure matrix-bot-honoroit.service installed ansible.builtin.template: @@ -91,10 +91,10 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_bot_honoroit_systemd_service_result.changed|bool" + when: "matrix_bot_honoroit_systemd_service_result.changed | bool" - name: Ensure matrix-bot-honoroit.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-honoroit.service" state: restarted - when: "matrix_bot_honoroit_requires_restart|bool" + when: "matrix_bot_honoroit_requires_restart | bool" diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml index 7bb6b8f1c..6ede0d1d2 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-honoroit service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" register: matrix_bot_honoroit_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_honoroit_service_stat.stat.exists|bool" + when: "matrix_bot_honoroit_service_stat.stat.exists | bool" - name: Ensure matrix-bot-honoroit.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" state: absent - when: "matrix_bot_honoroit_service_stat.stat.exists|bool" + when: "matrix_bot_honoroit_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-honoroit.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_honoroit_service_stat.stat.exists|bool" + when: "matrix_bot_honoroit_service_stat.stat.exists | bool" - name: Ensure Matrix honoroit paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml index c3988eb2a..91b1f095d 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}" - when: matrix_bot_matrix_registration_bot_enabled|bool + when: matrix_bot_matrix_registration_bot_enabled | bool diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml index c90da6a8b..cc162e991 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool" tags: - setup-all - setup-bot-matrix-registration-bot -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool" tags: - setup-all - setup-bot-matrix-registration-bot -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_matrix_registration_bot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_matrix_registration_bot_enabled | bool" tags: - setup-all - setup-bot-matrix-registration-bot diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 6fd17ee8d..e5155cddb 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -11,7 +11,7 @@ - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure matrix-registration-bot configuration file created ansible.builtin.template: @@ -27,7 +27,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}" - when: "not matrix_bot_matrix_registration_bot_container_image_self_build|bool" + when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -41,7 +41,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_bot_matrix_registration_bot_git_pull_results - when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool" - name: Ensure matrix-registration-bot image is built docker_image: @@ -53,7 +53,7 @@ dockerfile: Dockerfile path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" pull: true - when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool" - name: Ensure matrix-bot-matrix-registration-bot.service installed ansible.builtin.template: @@ -65,7 +65,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed|bool" + when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed | bool" - name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary ansible.builtin.service: diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml index 5a2dbc267..426eefc10 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-matrix-registration-bot service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" register: matrix_bot_matrix_registration_bot_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" - name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" state: absent - when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" - name: Ensure Matrix matrix-registration-bot paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 48e6f07b4..8a63413e2 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -93,8 +93,8 @@ matrix_bot_matrix_reminder_bot_configuration_extension_yaml: | # matrix: # device_name: My-Reminder-Bot -matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml | from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_matrix_reminder_bot_configuration_yaml`. -matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml|from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}" +matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml | from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml index cae7074c3..0a5ba4821 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" - when: matrix_bot_matrix_reminder_bot_enabled|bool + when: matrix_bot_matrix_reminder_bot_enabled | bool diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml index d9a1df7e4..19c3823fa 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_matrix_reminder_bot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool" tags: - setup-all - setup-bot-matrix-reminder-bot -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_matrix_reminder_bot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool" tags: - setup-all - setup-bot-matrix-reminder-bot -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_matrix_reminder_bot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_matrix_reminder_bot_enabled | bool" tags: - setup-all - setup-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 3abda7338..915831d3f 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -5,7 +5,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result @@ -14,16 +14,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_bot_matrix_reminder_bot_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: true - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" - name: Ensure matrix-reminder-bot paths exist @@ -38,7 +38,7 @@ - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true} - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true} - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure matrix-reminder-bot image is pulled docker_image: @@ -46,7 +46,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" - when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + when: "not matrix_bot_matrix_reminder_bot_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -60,7 +60,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_bot_matrix_reminder_bot_git_pull_results - when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool" - name: Ensure matrix-reminder-bot image is built docker_image: @@ -72,11 +72,11 @@ dockerfile: docker/Dockerfile path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" pull: true - when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool" - name: Ensure matrix-reminder-bot config installed ansible.builtin.copy: - content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_bot_matrix_reminder_bot_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -92,10 +92,10 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" + when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed | bool" - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-matrix-reminder-bot.service" state: restarted - when: "matrix_bot_matrix_reminder_bot_requires_restart|bool" + when: "matrix_bot_matrix_reminder_bot_requires_restart | bool" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index 1b5201e73..d8926df75 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-matrix-reminder-bot service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" register: matrix_bot_matrix_reminder_bot_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" + when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" - name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" state: absent - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" + when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" + when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" - name: Ensure Matrix matrix-reminder-bot paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 94d04e782..e03dff40a 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -52,8 +52,8 @@ matrix_bot_mjolnir_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_bot_mjolnir_configuration_yaml`. -matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration_extension_yaml|from_yaml if matrix_bot_mjolnir_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration_extension_yaml | from_yaml if matrix_bot_mjolnir_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. -matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" +matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml | from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml index 5955a6f41..2b6053428 100644 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -8,4 +8,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}" - when: matrix_bot_mjolnir_enabled|bool + when: matrix_bot_mjolnir_enabled | bool diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/matrix-bot-mjolnir/tasks/main.yml index a2a209147..867201a20 100644 --- a/roles/matrix-bot-mjolnir/tasks/main.yml +++ b/roles/matrix-bot-mjolnir/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool" tags: - setup-all - setup-bot-mjolnir -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool" tags: - setup-all - setup-bot-mjolnir -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_mjolnir_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_mjolnir_enabled | bool" tags: - setup-all - setup-bot-mjolnir diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index f9e739644..08ac9d034 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -15,7 +15,7 @@ - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true} - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true} - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure mjolnir Docker image is pulled docker_image: @@ -23,7 +23,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" - when: "not matrix_bot_mjolnir_container_image_self_build|bool" + when: "not matrix_bot_mjolnir_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -38,7 +38,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_bot_mjolnir_git_pull_results - when: "matrix_bot_mjolnir_container_image_self_build|bool" + when: "matrix_bot_mjolnir_container_image_self_build | bool" - name: Ensure mjolnir Docker image is built docker_image: @@ -49,11 +49,11 @@ dockerfile: Dockerfile path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" pull: true - when: "matrix_bot_mjolnir_container_image_self_build|bool" + when: "matrix_bot_mjolnir_container_image_self_build | bool" - name: Ensure matrix-bot-mjolnir config installed ansible.builtin.copy: - content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_bot_mjolnir_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -69,10 +69,10 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" + when: "matrix_bot_mjolnir_systemd_service_result.changed | bool" - name: Ensure matrix-bot-mjolnir.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-mjolnir.service" state: restarted - when: "matrix_bot_mjolnir_requires_restart|bool" + when: "matrix_bot_mjolnir_requires_restart | bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml index d7a240e73..5c7f4c896 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-bot-mjolnir service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" register: matrix_bot_mjolnir_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" + when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" - name: Ensure matrix-bot-mjolnir.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" state: absent - when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" + when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" + when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" - name: Ensure matrix-bot-mjolnir paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index f3e39f24f..0d0d35fbe 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -87,9 +87,9 @@ matrix_appservice_discord_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_appservice_discord_configuration_yaml`. -matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml | from_yaml if matrix_appservice_discord_configuration_extension_yaml | from_yaml is mapping else {} }}" -matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" +matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml | from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" matrix_appservice_discord_registration_yaml: | #jinja2: lstrip_blocks: "True" @@ -109,4 +109,4 @@ matrix_appservice_discord_registration_yaml: | protocols: - discord -matrix_appservice_discord_registration: "{{ matrix_appservice_discord_registration_yaml|from_yaml }}" +matrix_appservice_discord_registration: "{{ matrix_appservice_discord_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index df3c927b5..b9d875dae 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -5,25 +5,25 @@ ansible.builtin.fail: msg: >- The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. - when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed|default(False)" + when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}" - when: matrix_appservice_discord_enabled|bool + when: matrix_appservice_discord_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-appservice-discord-registration.yaml"] }} - when: matrix_appservice_discord_enabled|bool + when: matrix_appservice_discord_enabled | bool diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml index 5df7bfe2b..7ab8f3a65 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_discord_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_discord_enabled | bool" tags: - setup-all - setup-appservice-discord -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_discord_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_discord_enabled | bool" tags: - setup-all - setup-appservice-discord -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_discord_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_discord_enabled | bool" tags: - setup-all - setup-appservice-discord diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 5e9bf9698..4b12442bb 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -5,7 +5,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_appservice_discord_sqlite_database_path_local }}" register: matrix_appservice_discord_sqlite_database_path_local_stat_result @@ -14,16 +14,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" dst: "{{ matrix_appservice_discord_database_connString }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_appservice_discord_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-appservice-discord.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: true - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_appservice_discord_database_engine == 'postgres'" - name: Ensure Appservice Discord image is pulled @@ -50,7 +50,7 @@ - "{{ matrix_appservice_discord_data_path }}" - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_appservice_discord_base_path }}/discord.db" register: matrix_appservice_discord_stat_db @@ -73,7 +73,7 @@ - name: Ensure AppService Discord config.yaml installed ansible.builtin.copy: - content: "{{ matrix_appservice_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -81,7 +81,7 @@ - name: Ensure AppService Discord registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_appservice_discord_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_discord_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -116,4 +116,4 @@ ansible.builtin.service: name: "matrix-appservice-discord.service" state: restarted - when: "matrix_appservice_discord_requires_restart|bool" + when: "matrix_appservice_discord_requires_restart | bool" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index b844fa7cc..83588d1c1 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-appservice-discord service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" register: matrix_appservice_discord_service_stat diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 52554f61b..19dd9e59f 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -382,9 +382,9 @@ matrix_appservice_irc_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_appservice_irc_configuration_yaml`. -matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml | from_yaml if matrix_appservice_irc_configuration_extension_yaml | from_yaml is mapping else {} }}" -matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" +matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml | from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" # The original registration.yaml file generated by AppService IRC is merged with this config override, # to produce the final registration.yaml file ultimately used by both the bridge and the homeserver. @@ -399,4 +399,4 @@ matrix_appservice_irc_registration_override_yaml: | as_token: "{{ matrix_appservice_irc_appservice_token }}" hs_token: "{{ matrix_appservice_irc_homeserver_token }}" -matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml|from_yaml }}" +matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index b318f23ff..d22dd5d71 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -12,25 +12,25 @@ ansible.builtin.fail: msg: >- The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. - when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)" + when: "matrix_appservice_irc_enabled | bool and matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}" - when: matrix_appservice_irc_enabled|bool + when: matrix_appservice_irc_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-appservice-irc-registration.yaml"] }} - when: matrix_appservice_irc_enabled|bool + when: matrix_appservice_irc_enabled | bool diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml index 339615eab..41d2017b0 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_irc_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_irc_enabled | bool" tags: - setup-all - setup-appservice-irc -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_irc_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_irc_enabled | bool" tags: - setup-all - setup-appservice-irc -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_irc_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_irc_enabled | bool" tags: - setup-all - setup-appservice-irc diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 486b093b2..6b87ab014 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -3,14 +3,14 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" # Defaults - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" # Actual import work @@ -22,14 +22,14 @@ register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed|bool" + when: "matrix_postgres_service_start_result.changed | bool" - name: Check existence of matrix-appservice-irc service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat @@ -64,7 +64,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_irc_data_path }}/*.db` to `{{ matrix_appservice_irc_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index d24de340a..b04b1adec 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" - name: Ensure Appservice IRC paths exist ansible.builtin.file: @@ -14,10 +14,10 @@ - {path: "{{ matrix_appservice_irc_config_path }}", when: true} - {path: "{{ matrix_appservice_irc_data_path }}", when: true} - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Check if an old passkey file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" register: matrix_appservice_irc_stat_passkey @@ -45,16 +45,16 @@ - block: - name: Check if a nedb database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_appservice_irc_data_path }}/users.db" register: matrix_appservice_irc_nedb_database_path_local_stat_result - block: - - import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: true - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists|bool" + when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool" when: "matrix_appservice_irc_database_engine == 'postgres'" - name: Ensure Appservice IRC image is pulled @@ -63,7 +63,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" - when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool" + when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -77,7 +77,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_appservice_irc_git_pull_results - when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool" + when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool" - name: Ensure matrix-appservice-irc Docker image is built docker_image: @@ -89,18 +89,18 @@ dockerfile: Dockerfile path: "{{ matrix_appservice_irc_docker_src_files_path }}" pull: true - when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed" + when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool and matrix_appservice_irc_git_pull_results.changed" - name: Ensure Matrix Appservice IRC config installed ansible.builtin.copy: - content: "{{ matrix_appservice_irc_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_irc_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - name: Check if Appservice IRC passkey exists - stat: + ansible.builtin.stat: path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" register: irc_passkey_file @@ -177,7 +177,7 @@ - name: Ensure Appservice IRC registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_appservice_irc_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_irc_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -199,4 +199,4 @@ ansible.builtin.service: name: "matrix-appservice-irc.service" state: restarted - when: "matrix_appservice_irc_requires_restart|bool" + when: "matrix_appservice_irc_requires_restart | bool" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 216ec682f..176317dec 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-appservice-irc service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 91a00d3db..8f88c308f 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -95,9 +95,9 @@ matrix_appservice_slack_configuration_extension_yaml: | # - "./debug.log": "info" #- "./error.log": "error" -matrix_appservice_slack_configuration_extension: "{{ matrix_appservice_slack_configuration_extension_yaml|from_yaml if matrix_appservice_slack_configuration_extension_yaml|from_yaml else {} }}" +matrix_appservice_slack_configuration_extension: "{{ matrix_appservice_slack_configuration_extension_yaml | from_yaml if matrix_appservice_slack_configuration_extension_yaml | from_yaml else {} }}" -matrix_appservice_slack_configuration: "{{ matrix_appservice_slack_configuration_yaml|from_yaml|combine(matrix_appservice_slack_configuration_extension, recursive=True) }}" +matrix_appservice_slack_configuration: "{{ matrix_appservice_slack_configuration_yaml | from_yaml|combine(matrix_appservice_slack_configuration_extension, recursive=True) }}" matrix_appservice_slack_registration_yaml: | id: "{{ matrix_appservice_slack_id_token }}" @@ -116,4 +116,4 @@ matrix_appservice_slack_registration_yaml: | rate_limited: true protocols: null -matrix_appservice_slack_registration: "{{ matrix_appservice_slack_registration_yaml|from_yaml }}" +matrix_appservice_slack_registration: "{{ matrix_appservice_slack_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 21fee674c..b4895aea7 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -12,28 +12,28 @@ ansible.builtin.fail: msg: >- The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}" - when: matrix_appservice_slack_enabled|bool + when: matrix_appservice_slack_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-appservice-slack-registration.yaml"] }} - when: matrix_appservice_slack_enabled|bool + when: matrix_appservice_slack_enabled | bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. @@ -41,7 +41,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - block: - name: Fail if matrix-nginx-proxy role already executed @@ -51,13 +51,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_appservice_slack_matrix_nginx_proxy_configuration: | location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; @@ -72,13 +72,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_appservice_slack_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_appservice_slack_enabled|bool + when: matrix_appservice_slack_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -88,4 +88,4 @@ Please make sure that you're proxying the `{{ something }}` URL endpoint to the matrix-appservice-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/matrix-bridge-appservice-slack/tasks/main.yml index 06c3abb61..cd83f61fb 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/main.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_slack_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_slack_enabled | bool" tags: - setup-all - setup-appservice-slack -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_slack_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_slack_enabled | bool" tags: - setup-all - setup-appservice-slack -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_slack_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_slack_enabled | bool" tags: - setup-all - setup-appservice-slack diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index 6c0dd2786..a13d9cc2c 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -3,14 +3,14 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" # Defaults - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" # Actual import work @@ -22,11 +22,11 @@ register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed|bool" + when: "matrix_postgres_service_start_result.changed | bool" - name: Ensure matrix-appservice-slack is stopped ansible.builtin.service: @@ -60,7 +60,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_slack_data_path }}/*.db` to `{{ matrix_appservice_slack_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 5eb860ee3..32428f73a 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -12,23 +12,23 @@ - {path: "{{ matrix_appservice_slack_config_path }}", when: true} - {path: "{{ matrix_appservice_slack_data_path }}", when: true} - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: false - block: - name: Check if a nedb database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_appservice_slack_data_path }}/teams.db" register: matrix_appservice_slack_nedb_database_path_local_stat_result - block: - - import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: true - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists|bool" + when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool" when: "matrix_appservice_slack_database_engine == 'postgres'" - name: Ensure Appservice Slack image is pulled @@ -37,7 +37,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" - when: "not matrix_appservice_slack_container_image_self_build|bool" + when: "not matrix_appservice_slack_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -51,7 +51,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_appservice_slack_git_pull_results - when: "matrix_appservice_slack_container_image_self_build|bool" + when: "matrix_appservice_slack_container_image_self_build | bool" - name: Ensure matrix-appservice-slack Docker image is built docker_image: @@ -63,11 +63,11 @@ dockerfile: Dockerfile path: "{{ matrix_appservice_slack_docker_src_files_path }}" pull: true - when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed" + when: "matrix_appservice_slack_container_image_self_build | bool and matrix_appservice_slack_git_pull_results.changed" - name: Ensure Matrix Appservice Slack config installed ansible.builtin.copy: - content: "{{ matrix_appservice_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_slack_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -75,7 +75,7 @@ - name: Ensure appservice-slack registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_appservice_slack_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_slack_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -97,4 +97,4 @@ ansible.builtin.service: name: "matrix-appservice-slack.service" state: restarted - when: "matrix_appservice_slack_requires_restart|bool" + when: "matrix_appservice_slack_requires_restart | bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index fefa9aba1..fa1aaf269 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-appservice-slack service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" register: matrix_appservice_slack_service_stat diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index e7ea26ed3..0824dc1c8 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -61,9 +61,9 @@ matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates matrix_appservice_webhooks_configuration_extension_yaml: | # -matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml|from_yaml if matrix_appservice_webhooks_configuration_extension_yaml|from_yaml else {} }}" +matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml | from_yaml if matrix_appservice_webhooks_configuration_extension_yaml | from_yaml else {} }}" -matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml|from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}" +matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml | from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}" matrix_appservice_webhooks_registration_yaml: | id: "{{ matrix_appservice_webhooks_id_token }}" @@ -80,4 +80,4 @@ matrix_appservice_webhooks_registration_yaml: | rate_limited: false protocols: null -matrix_appservice_webhooks_registration: "{{ matrix_appservice_webhooks_registration_yaml|from_yaml }}" +matrix_appservice_webhooks_registration: "{{ matrix_appservice_webhooks_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 6b9fa87e2..8a12a686e 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -5,28 +5,28 @@ ansible.builtin.fail: msg: >- The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}" - when: matrix_appservice_webhooks_enabled|bool + when: matrix_appservice_webhooks_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-appservice-webhooks-registration.yaml"] }} - when: matrix_appservice_webhooks_enabled|bool + when: matrix_appservice_webhooks_enabled | bool # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. @@ -34,7 +34,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - block: - name: Fail if matrix-nginx-proxy role already executed @@ -44,12 +44,12 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { resolver 127.0.0.11 valid=5s; @@ -67,13 +67,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_appservice_webhooks_enabled|bool + when: matrix_appservice_webhooks_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -83,4 +83,4 @@ Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` URL endpoint to the matrix-appservice-webhooks container. You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. - when: "matrix_appservice_webhooks_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml index 26a7e24c7..30f05469c 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool" tags: - setup-all - setup-appservice-webhooks -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool" tags: - setup-all - setup-appservice-webhooks -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_webhooks_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_webhooks_enabled | bool" tags: - setup-all - setup-appservice-webhooks diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 9228b6178..603f9d1d6 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -12,7 +12,7 @@ - {path: "{{ matrix_appservice_webhooks_config_path }}", when: true} - {path: "{{ matrix_appservice_webhooks_data_path }}", when: true} - {path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Appservice webhooks image is pulled docker_image: @@ -20,7 +20,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" - when: "not matrix_appservice_webhooks_container_image_self_build|bool" + when: "not matrix_appservice_webhooks_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -47,11 +47,11 @@ dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" pull: true - when: "matrix_appservice_webhooks_container_image_self_build|bool" + when: "matrix_appservice_webhooks_container_image_self_build | bool" - name: Ensure Matrix Appservice webhooks config is installed ansible.builtin.copy: - content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_webhooks_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -75,7 +75,7 @@ - name: Ensure appservice-webhooks registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_appservice_webhooks_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 8da6f8c20..2b3c29d5e 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-appservice-webhooks service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" register: matrix_appservice_webhooks_service_stat diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 498e4894d..18ca90e9c 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -88,11 +88,11 @@ matrix_beeper_linkedin_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_beeper_linkedin_configuration_yaml`. -matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml | from_yaml if matrix_beeper_linkedin_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`. -matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" +matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml | from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" matrix_beeper_linkedin_registration_yaml: | id: linkedin @@ -110,4 +110,4 @@ matrix_beeper_linkedin_registration_yaml: | regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true -matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}" +matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 6de40974a..14137b705 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -2,21 +2,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" - when: matrix_beeper_linkedin_enabled|bool + when: matrix_beeper_linkedin_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-beeper-linkedin-registration.yaml"] }} - when: matrix_beeper_linkedin_enabled|bool + when: matrix_beeper_linkedin_enabled | bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml index 920265fb5..8f295d2ca 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -1,22 +1,22 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_beeper_linkedin_enabled | bool" tags: - setup-all - setup-beeper-linkedin -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_beeper_linkedin_enabled" tags: - setup-all - setup-beeper-linkedin -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_beeper_linkedin_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 73794efec..bfbc1a6b4 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure Beeper LinkedIn paths exists ansible.builtin.file: path: "{{ item.path }}" @@ -19,7 +19,7 @@ - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true} - {path: "{{ matrix_beeper_linkedin_data_path }}", when: true} - {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Beeper LinkedIn image is pulled @@ -28,7 +28,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" - when: "not matrix_beeper_linkedin_container_image_self_build|bool" + when: "not matrix_beeper_linkedin_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -69,11 +69,11 @@ pull: true args: TARGETARCH: "{{ matrix_architecture }}" - when: "matrix_beeper_linkedin_container_image_self_build|bool" + when: "matrix_beeper_linkedin_container_image_self_build | bool" - name: Ensure beeper-linkedin config.yaml installed ansible.builtin.copy: - content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_beeper_linkedin_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -81,7 +81,7 @@ - name: Ensure beeper-linkedin registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_beeper_linkedin_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index be2b198fa..25dbf82b0 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-beeper-linkedin service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" register: matrix_beeper_linkedin_service_stat diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 5e31b0450..dd08fc40b 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -101,11 +101,11 @@ matrix_go_skype_bridge_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_go_skype_bridge_configuration_yaml`. -matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml|from_yaml if matrix_go_skype_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml | from_yaml if matrix_go_skype_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`. -matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml|from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" +matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml | from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" matrix_go_skype_bridge_registration_yaml: | id: skype @@ -123,7 +123,7 @@ matrix_go_skype_bridge_registration_yaml: | regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true -matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml|from_yaml }}" +matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}" # Enable End-to-bridge encryption matrix_go_skype_bridge_bridge_encryption_allow: false diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml index 81baaa245..9b8265560 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml @@ -1,21 +1,21 @@ --- - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}" - when: matrix_go_skype_bridge_enabled|bool + when: matrix_go_skype_bridge_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-go-skype-bridge-registration.yaml"] }} - when: matrix_go_skype_bridge_enabled|bool + when: matrix_go_skype_bridge_enabled | bool diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml index 456ea53cd..39f4b2e52 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool" tags: - setup-all - setup-go-skype-bridge -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool" tags: - setup-all - setup-go-skype-bridge -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_go_skype_bridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_go_skype_bridge_enabled | bool" tags: - setup-all - setup-go-skype-bridge diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index d43941d43..ba37c59c2 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -6,14 +6,14 @@ ansible.builtin.fail: msg: >- The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: false - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result @@ -22,17 +22,17 @@ matrix_postgres_db_migration_request: src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" dst: "{{ matrix_go_skype_bridge_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_go_skype_bridge_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-go-skype-bridge.service'] pgloader_options: ['--with "quote identifiers"'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: true - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_go_skype_bridge_database_engine == 'postgres'" @@ -48,7 +48,7 @@ - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true} - {path: "{{ matrix_go_skype_bridge_data_path }}", when: true} - {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Go Skype Bridge image is pulled docker_image: @@ -71,7 +71,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_go_skype_bridge_git_pull_results - when: "matrix_go_skype_bridge_container_image_self_build|bool" + when: "matrix_go_skype_bridge_container_image_self_build | bool" - name: Ensure Go Skype Bridge Docker image is built docker_image: @@ -83,15 +83,15 @@ dockerfile: Dockerfile path: "{{ matrix_go_skype_bridge_docker_src_files_path }}" pull: true - when: "matrix_go_skype_bridge_container_image_self_build|bool" + when: "matrix_go_skype_bridge_container_image_self_build | bool" - name: Check if an old database file exists - stat: + ansible.builtin.stat: path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db" register: matrix_go_skype_bridge_stat_database - name: Check if an old matrix state file exists - stat: + ansible.builtin.stat: path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json" register: matrix_go_skype_bridge_stat_mx_state @@ -114,7 +114,7 @@ - name: Ensure go-skype-bridge config.yaml installed ansible.builtin.copy: - content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_go_skype_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -122,7 +122,7 @@ - name: Ensure go-skype-bridge registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_go_skype_bridge_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -144,4 +144,4 @@ ansible.builtin.service: name: "matrix-go-skype-bridge.service" state: restarted - when: "matrix_go_skype_bridge_requires_restart|bool" + when: "matrix_go_skype_bridge_requires_restart | bool" diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml index 138cdbf18..975b25ab4 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-go-skype-bridge service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-go-skype-bridge.service" register: matrix_go_skype_bridge_service_stat diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index e8d2c7907..68c5d75bc 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -45,4 +45,4 @@ matrix_heisenbridge_registration_yaml: aliases: [] rooms: [] -matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml|from_yaml }}" +matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index dd08beb5c..1612a5050 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -5,25 +5,25 @@ ansible.builtin.fail: msg: >- The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role. - when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed|default(False)" + when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}" - when: matrix_heisenbridge_enabled|bool + when: matrix_heisenbridge_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/heisenbridge-registration.yaml"] }} - when: matrix_heisenbridge_enabled|bool + when: matrix_heisenbridge_enabled | bool diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/matrix-bridge-heisenbridge/tasks/main.yml index a266643d1..6af9813ec 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/main.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/main.yml @@ -1,17 +1,17 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_heisenbridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_heisenbridge_enabled | bool" tags: - setup-all - setup-heisenbridge -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_heisenbridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_heisenbridge_enabled | bool" tags: - setup-all - setup-heisenbridge diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 4112f047a..ffcc1c8b9 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -23,7 +23,7 @@ - name: Ensure heisenbridge registration.yaml installed if provided ansible.builtin.copy: - content: "{{ matrix_heisenbridge_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_heisenbridge_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index c3bf7950a..a0232295f 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-heisenbridge service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" register: matrix_heisenbridge_service_stat diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 74f98bacd..ed99ef6da 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -233,11 +233,11 @@ matrix_hookshot_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_hookshot_configuration_yaml`. -matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_extension_yaml|from_yaml if matrix_hookshot_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_extension_yaml | from_yaml if matrix_hookshot_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_hookshot_configuration_yaml`. -matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml|from_yaml|combine(matrix_hookshot_configuration_extension, recursive=True) }}" +matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml | from_yaml|combine(matrix_hookshot_configuration_extension, recursive=True) }}" # Default registration template which covers the generic use case. # You can customize it by controlling the various variables inside it. @@ -255,8 +255,8 @@ matrix_hookshot_registration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_hookshot_registration_yaml`. -matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extension_yaml|from_yaml if matrix_hookshot_registration_extension_yaml|from_yaml is mapping else {} }}" +matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extension_yaml | from_yaml if matrix_hookshot_registration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final registration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_hookshot_registration_yaml`. -matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml|from_yaml|combine(matrix_hookshot_registration_extension, recursive=True) }}" +matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml | from_yaml|combine(matrix_hookshot_registration_extension, recursive=True) }}" diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 5ac8c4f2a..f8a1e76cb 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -5,28 +5,28 @@ ansible.builtin.fail: msg: >- The matrix-bridge-hookshot role needs to execute before the matrix-synapse role. - when: "matrix_hookshot_enabled and matrix_synapse_role_executed|default(False)" + when: "matrix_hookshot_enabled and matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}" - when: matrix_hookshot_enabled|bool + when: matrix_hookshot_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/hookshot-registration.yml"] }} - when: matrix_hookshot_enabled|bool + when: matrix_hookshot_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -36,13 +36,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_hookshot_matrix_nginx_proxy_configuration: | location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; @@ -55,7 +55,7 @@ } {% if matrix_hookshot_provisioning_enabled %} location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; @@ -69,7 +69,7 @@ {% endif %} {% if matrix_hookshot_widgets_enabled %} location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; @@ -82,7 +82,7 @@ } {% endif %} location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; @@ -98,7 +98,7 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_hookshot_matrix_nginx_proxy_configuration] }} @@ -107,7 +107,7 @@ ansible.builtin.set_fact: matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | location /metrics/hookshot { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; @@ -117,18 +117,18 @@ proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; {% endif %} } - when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool + when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} - when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool - when: matrix_hookshot_enabled|bool + when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool + when: matrix_hookshot_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -138,4 +138,4 @@ Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` URL endpoint to the matrix-hookshot container. You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. - when: "matrix_hookshot_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/matrix-bridge-hookshot/tasks/main.yml index 409b6175a..99febe114 100644 --- a/roles/matrix-bridge-hookshot/tasks/main.yml +++ b/roles/matrix-bridge-hookshot/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_hookshot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_hookshot_enabled | bool" tags: - setup-all - setup-hookshot -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_hookshot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_hookshot_enabled | bool" tags: - setup-all - setup-hookshot -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_hookshot_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_hookshot_enabled | bool" tags: - setup-all - setup-hookshot diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index eb5e9a98b..e1ced948f 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" - name: Ensure hookshot paths exist ansible.builtin.file: @@ -12,7 +12,7 @@ with_items: - {path: "{{ matrix_hookshot_base_path }}", when: true} - {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure hookshot image is pulled docker_image: @@ -35,7 +35,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_hookshot_git_pull_results - when: "matrix_hookshot_container_image_self_build|bool" + when: "matrix_hookshot_container_image_self_build | bool" - name: Ensure hookshot Docker image is built docker_image: @@ -47,10 +47,10 @@ dockerfile: Dockerfile path: "{{ matrix_hookshot_docker_src_files_path }}" pull: true - when: "matrix_hookshot_container_image_self_build|bool" + when: "matrix_hookshot_container_image_self_build | bool" - name: Check if hookshot passkey exists - stat: + ansible.builtin.stat: path: "{{ matrix_hookshot_base_path }}/passkey.pem" register: hookshot_passkey_file @@ -62,7 +62,7 @@ - name: Ensure hookshot config.yml installed if provided ansible.builtin.copy: - content: "{{ matrix_hookshot_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_hookshot_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/config.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -86,7 +86,7 @@ - name: Ensure hookshot registration.yml installed if provided ansible.builtin.copy: - content: "{{ matrix_hookshot_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_hookshot_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/registration.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -99,7 +99,7 @@ mode: 0400 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length > 0 + when: matrix_hookshot_github_enabled | bool and matrix_hookshot_github_private_key|length > 0 - name: Ensure matrix-hookshot.service installed ansible.builtin.template: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml index 903f46e65..5aba14de6 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-hookshot service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-hookshot.service" register: matrix_hookshot_service_stat diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 7993550fa..0deb244da 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -110,11 +110,11 @@ matrix_mautrix_facebook_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_facebook_configuration_yaml`. -matrix_mautrix_facebook_configuration_extension: "{{ matrix_mautrix_facebook_configuration_extension_yaml|from_yaml if matrix_mautrix_facebook_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_facebook_configuration_extension: "{{ matrix_mautrix_facebook_configuration_extension_yaml | from_yaml if matrix_mautrix_facebook_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_facebook_configuration_yaml`. -matrix_mautrix_facebook_configuration: "{{ matrix_mautrix_facebook_configuration_yaml|from_yaml|combine(matrix_mautrix_facebook_configuration_extension, recursive=True) }}" +matrix_mautrix_facebook_configuration: "{{ matrix_mautrix_facebook_configuration_yaml | from_yaml|combine(matrix_mautrix_facebook_configuration_extension, recursive=True) }}" matrix_mautrix_facebook_registration_yaml: | id: facebook @@ -132,4 +132,4 @@ matrix_mautrix_facebook_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" +matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 3bad6fb21..a5debc0b7 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -8,24 +8,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}" - when: matrix_mautrix_facebook_enabled|bool + when: matrix_mautrix_facebook_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-facebook-registration.yaml"] }} - when: matrix_mautrix_facebook_enabled|bool + when: matrix_mautrix_facebook_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -35,13 +35,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_facebook_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-mautrix-facebook:29319"; @@ -56,7 +56,7 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] }} @@ -69,8 +69,8 @@ Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` URL endpoint to the matrix-mautrix-facebook container. You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled|default(False)|bool" + when: "not matrix_nginx_proxy_enabled | default(False) | bool" tags: - always - when: matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_appservice_public_enabled|bool + when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml index b6e65fe28..3ef2cb233 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool" tags: - setup-all - setup-mautrix-facebook -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool" tags: - setup-all - setup-mautrix-facebook -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_facebook_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_facebook_enabled | bool" tags: - setup-all - setup-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index eaf2f1394..0855c1974 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -6,14 +6,14 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: false - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result @@ -22,16 +22,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_facebook_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mautrix_facebook_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-facebook.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: true - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mautrix_facebook_database_engine == 'postgres'" - name: Ensure Mautrix Facebook image is pulled @@ -58,7 +58,7 @@ - {path: "{{ matrix_mautrix_facebook_config_path }}", when: true} - {path: "{{ matrix_mautrix_facebook_data_path }}", when: true} - {path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Mautrix Facebook repository is present on self-build ansible.builtin.git: @@ -69,7 +69,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_facebook_git_pull_results - when: "matrix_mautrix_facebook_container_image_self_build|bool" + when: "matrix_mautrix_facebook_container_image_self_build | bool" - name: Ensure Mautrix Facebook Docker image is built docker_image: @@ -81,10 +81,10 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_facebook_docker_src_files_path }}" pull: true - when: "matrix_mautrix_facebook_container_image_self_build|bool" + when: "matrix_mautrix_facebook_container_image_self_build | bool" - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db" register: matrix_mautrix_facebook_stat_database @@ -103,7 +103,7 @@ - name: Ensure mautrix-facebook config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_facebook_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -111,7 +111,7 @@ - name: Ensure mautrix-facebook registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_facebook_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -133,4 +133,4 @@ ansible.builtin.service: name: "matrix-mautrix-facebook.service" state: restarted - when: "matrix_mautrix_facebook_requires_restart|bool" + when: "matrix_mautrix_facebook_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index cebdcdabe..2635f1f55 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-facebook service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" register: matrix_mautrix_facebook_service_stat diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 986fbc634..4f588b5f5 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -15,7 +15,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)" diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 5b93741a9..ebac567e9 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -99,11 +99,11 @@ matrix_mautrix_googlechat_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_googlechat_configuration_yaml`. -matrix_mautrix_googlechat_configuration_extension: "{{ matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml if matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_googlechat_configuration_extension: "{{ matrix_mautrix_googlechat_configuration_extension_yaml | from_yaml if matrix_mautrix_googlechat_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_googlechat_configuration_yaml`. -matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml|from_yaml|combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}" +matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml | from_yaml|combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}" matrix_mautrix_googlechat_registration_yaml: | id: googlechat @@ -121,4 +121,4 @@ matrix_mautrix_googlechat_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml|from_yaml }}" +matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index 67cdd4a5c..af1e7d30a 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -8,24 +8,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}" - when: matrix_mautrix_googlechat_enabled|bool + when: matrix_mautrix_googlechat_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-googlechat-registration.yaml"] }} - when: matrix_mautrix_googlechat_enabled|bool + when: matrix_mautrix_googlechat_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -35,13 +35,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-mautrix-googlechat:8080"; @@ -55,13 +55,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_mautrix_googlechat_enabled|bool + when: matrix_mautrix_googlechat_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -71,4 +71,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` URL endpoint to the matrix-mautrix-googlechat container. You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. - when: "matrix_mautrix_googlechat_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml index 16054e7b5..070abfcd9 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool" tags: - setup-all - setup-mautrix-googlechat -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool" tags: - setup-all - setup-mautrix-googlechat -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_googlechat_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_googlechat_enabled | bool" tags: - setup-all - setup-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index a2544c573..8a9b55df0 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -6,14 +6,14 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: false - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result @@ -22,16 +22,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mautrix_googlechat_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: true - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mautrix_googlechat_database_engine == 'postgres'" - name: Ensure Mautrix googlechat image is pulled @@ -58,7 +58,7 @@ - {path: "{{ matrix_mautrix_googlechat_config_path }}", when: true} - {path: "{{ matrix_mautrix_googlechat_data_path }}", when: true} - {path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Mautrix Hangots repository is present on self build ansible.builtin.git: @@ -68,7 +68,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_googlechat_git_pull_results - when: "matrix_mautrix_googlechat_container_image_self_build|bool" + when: "matrix_mautrix_googlechat_container_image_self_build | bool" - name: Ensure Mautrix googlechat Docker image is built docker_image: @@ -80,10 +80,10 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" pull: true - when: "matrix_mautrix_googlechat_container_image_self_build|bool" + when: "matrix_mautrix_googlechat_container_image_self_build | bool" - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db" register: matrix_mautrix_googlechat_stat_database @@ -102,7 +102,7 @@ - name: Ensure mautrix-googlechat config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_googlechat_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -110,7 +110,7 @@ - name: Ensure mautrix-googlechat registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_googlechat_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -132,4 +132,4 @@ ansible.builtin.service: name: "matrix-mautrix-googlechat.service" state: restarted - when: "matrix_mautrix_googlechat_requires_restart|bool" + when: "matrix_mautrix_googlechat_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index 889558681..104e58a5f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-googlechat service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" register: matrix_mautrix_googlechat_service_stat diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 061fa56ab..77db85fec 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -96,11 +96,11 @@ matrix_mautrix_hangouts_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_hangouts_configuration_yaml`. -matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml if matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_configuration_extension_yaml | from_yaml if matrix_mautrix_hangouts_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_hangouts_configuration_yaml`. -matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml|from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" +matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml | from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" matrix_mautrix_hangouts_registration_yaml: | id: hangouts @@ -118,4 +118,4 @@ matrix_mautrix_hangouts_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}" +matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 6f7374ee8..28ca1cdbc 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -8,24 +8,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}" - when: matrix_mautrix_hangouts_enabled|bool + when: matrix_mautrix_hangouts_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-hangouts-registration.yaml"] }} - when: matrix_mautrix_hangouts_enabled|bool + when: matrix_mautrix_hangouts_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -35,13 +35,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-mautrix-hangouts:8080"; @@ -55,13 +55,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_mautrix_hangouts_enabled|bool + when: matrix_mautrix_hangouts_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -71,4 +71,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` URL endpoint to the matrix-mautrix-hangouts container. You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. - when: "matrix_mautrix_hangouts_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml index b43ff478b..d69136899 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool" tags: - setup-all - setup-mautrix-hangouts -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool" tags: - setup-all - setup-mautrix-hangouts -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_hangouts_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_hangouts_enabled | bool" tags: - setup-all - setup-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 11456cc4a..a135fd1f8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -6,14 +6,14 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: false - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result @@ -22,16 +22,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mautrix_hangouts_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: true - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mautrix_hangouts_database_engine == 'postgres'" - name: Ensure Mautrix Hangouts image is pulled @@ -58,7 +58,7 @@ - {path: "{{ matrix_mautrix_hangouts_config_path }}", when: true} - {path: "{{ matrix_mautrix_hangouts_data_path }}", when: true} - {path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Mautrix Hangots repository is present on self build ansible.builtin.git: @@ -68,7 +68,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_hangouts_git_pull_results - when: "matrix_mautrix_hangouts_container_image_self_build|bool" + when: "matrix_mautrix_hangouts_container_image_self_build | bool" - name: Ensure Mautrix Hangouts Docker image is built docker_image: @@ -80,10 +80,10 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" pull: true - when: "matrix_mautrix_hangouts_container_image_self_build|bool" + when: "matrix_mautrix_hangouts_container_image_self_build | bool" - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db" register: matrix_mautrix_hangouts_stat_database @@ -102,7 +102,7 @@ - name: Ensure mautrix-hangouts config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_hangouts_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -110,7 +110,7 @@ - name: Ensure mautrix-hangouts registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_hangouts_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -132,4 +132,4 @@ ansible.builtin.service: name: "matrix-mautrix-hangouts.service" state: restarted - when: "matrix_mautrix_hangouts_requires_restart|bool" + when: "matrix_mautrix_hangouts_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index f3234a2e9..2cb676b5c 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-hangouts service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" register: matrix_mautrix_hangouts_service_stat diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 5c849cfc7..8452d6f39 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -89,11 +89,11 @@ matrix_mautrix_instagram_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_instagram_configuration_yaml`. -matrix_mautrix_instagram_configuration_extension: "{{ matrix_mautrix_instagram_configuration_extension_yaml|from_yaml if matrix_mautrix_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_instagram_configuration_extension: "{{ matrix_mautrix_instagram_configuration_extension_yaml | from_yaml if matrix_mautrix_instagram_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_instagram_configuration_yaml`. -matrix_mautrix_instagram_configuration: "{{ matrix_mautrix_instagram_configuration_yaml|from_yaml|combine(matrix_mautrix_instagram_configuration_extension, recursive=True) }}" +matrix_mautrix_instagram_configuration: "{{ matrix_mautrix_instagram_configuration_yaml | from_yaml|combine(matrix_mautrix_instagram_configuration_extension, recursive=True) }}" matrix_mautrix_instagram_registration_yaml: | id: instagram @@ -111,4 +111,4 @@ matrix_mautrix_instagram_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml|from_yaml }}" +matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index e3b4c58c5..858e29179 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -8,21 +8,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}" - when: matrix_mautrix_instagram_enabled|bool + when: matrix_mautrix_instagram_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-instagram-registration.yaml"] }} - when: matrix_mautrix_instagram_enabled|bool + when: matrix_mautrix_instagram_enabled | bool diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml index b6ffcd06a..d5becb6d3 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_instagram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool" tags: - setup-all - setup-mautrix-instagram -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_instagram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool" tags: - setup-all - setup-mautrix-instagram -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_instagram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_instagram_enabled | bool" tags: - setup-all - setup-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 98fa11571..cac885adc 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -5,7 +5,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix instagram image is pulled docker_image: @@ -31,7 +31,7 @@ - {path: "{{ matrix_mautrix_instagram_config_path }}", when: true} - {path: "{{ matrix_mautrix_instagram_data_path }}", when: true} - {path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", when: "{{ matrix_mautrix_instagram_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Mautrix instagram repository is present on self-build ansible.builtin.git: @@ -41,7 +41,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_instagram_git_pull_results - when: "matrix_mautrix_instagram_container_image_self_build|bool" + when: "matrix_mautrix_instagram_container_image_self_build | bool" - name: Ensure Mautrix instagram Docker image is built docker_image: @@ -53,11 +53,11 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_instagram_docker_src_files_path }}" pull: true - when: "matrix_mautrix_instagram_container_image_self_build|bool" + when: "matrix_mautrix_instagram_container_image_self_build | bool" - name: Ensure mautrix-instagram config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_instagram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -65,7 +65,7 @@ - name: Ensure mautrix-instagram registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_instagram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index ef90f01f6..55d882d32 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Check existence of matrix-mautrix-instagram service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" register: matrix_mautrix_instagram_service_stat diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 3ed92dbcb..429d8ea81 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -124,15 +124,15 @@ matrix_mautrix_signal_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_signal_configuration_yaml`. -matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml|from_yaml if matrix_mautrix_signal_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml | from_yaml if matrix_mautrix_signal_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`. -matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" +matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml | from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}" -matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}" +matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml | from_yaml }}" matrix_mautrix_signal_log_level: 'DEBUG' diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 4d9a2448f..c96fe596d 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -2,21 +2,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" - when: matrix_mautrix_signal_enabled|bool + when: matrix_mautrix_signal_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-signal-registration.yaml"] }} - when: matrix_mautrix_signal_enabled|bool + when: matrix_mautrix_signal_enabled | bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/matrix-bridge-mautrix-signal/tasks/main.yml index 643b94c9c..54bdafcda 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_signal_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_signal_enabled | bool" tags: - setup-all - setup-mautrix-signal -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_signal_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_signal_enabled | bool" tags: - setup-all - setup-mautrix-signal -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_signal_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_signal_enabled | bool" tags: - setup-all - setup-mautrix-signal diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index b7afb3519..d92f2b3fa 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix Signal image is pulled docker_image: @@ -14,7 +14,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" - when: "not matrix_mautrix_signal_container_image_self_build|bool" + when: "not matrix_mautrix_signal_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -29,7 +29,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_signal_git_pull_results - when: "matrix_mautrix_signal_container_image_self_build|bool" + when: "matrix_mautrix_signal_container_image_self_build | bool" - name: Ensure Mautrix Signal image is built docker_image: @@ -41,7 +41,7 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_docker_src_files_path }}" pull: true - when: "matrix_mautrix_signal_container_image_self_build|bool" + when: "matrix_mautrix_signal_container_image_self_build | bool" - name: Ensure Mautrix Signal Daemon image is pulled @@ -50,7 +50,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}" - when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_image_self_build|bool + when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_image_self_build | bool register: matrix_mautrix_signal_daemon_pull_results - name: Ensure Mautrix Signal Daemon repository is present on self-build @@ -61,7 +61,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_signal_daemon_git_pull_results - when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" + when: "matrix_mautrix_signal_daemon_container_image_self_build | bool" - name: Ensure Mautrix Signal Daemon image is built docker_image: @@ -73,7 +73,7 @@ dockerfile: Containerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" pull: true - when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" + when: "matrix_mautrix_signal_daemon_container_image_self_build | bool" - name: Ensure Mautrix Signal paths exist ansible.builtin.file: @@ -92,7 +92,7 @@ - name: Ensure mautrix-signal config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -100,7 +100,7 @@ - name: Ensure mautrix-signal registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_signal_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_signal_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index 33f1b9f5c..befbcbec2 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ # Signal daemon service - name: Check existence of matrix-mautrix-signal-daemon service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" register: matrix_mautrix_signal_daemon_service_stat @@ -22,7 +22,7 @@ # Bridge service - name: Check existence of matrix-mautrix-signal service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" register: matrix_mautrix_signal_service_stat diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 97ba2bc97..a76186aea 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -117,11 +117,11 @@ matrix_mautrix_telegram_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_telegram_configuration_yaml`. -matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_configuration_extension_yaml|from_yaml if matrix_mautrix_telegram_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_configuration_extension_yaml | from_yaml if matrix_mautrix_telegram_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`. -matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" +matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" matrix_mautrix_telegram_registration_yaml: | id: telegram @@ -142,7 +142,7 @@ matrix_mautrix_telegram_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}" +matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}" # Templates for defining MXID's and displaynames for users and rooms. matrix_mautrix_telegram_username_template: 'telegram_{userid}' diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index a9cc04254..e83bc6631 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -8,24 +8,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}" - when: matrix_mautrix_telegram_enabled|bool + when: matrix_mautrix_telegram_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-telegram-registration.yaml"] }} - when: matrix_mautrix_telegram_enabled|bool + when: matrix_mautrix_telegram_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -35,13 +35,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-mautrix-telegram:8080"; @@ -56,7 +56,7 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] }} @@ -68,8 +68,8 @@ Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` URL endpoint to the matrix-mautrix-telegram container. You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled|default(False)|bool" + when: "not matrix_nginx_proxy_enabled | default(False) | bool" tags: - always - when: matrix_mautrix_telegram_enabled|bool and matrix_mautrix_telegram_appservice_public_enabled|bool + when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml index 018b30da4..471f0cf13 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -1,22 +1,22 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool" tags: - setup-all - setup-mautrix-telegram -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool" tags: - setup-all - setup-mautrix-telegram -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_telegram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_telegram_enabled | bool" tags: - setup-all - setup-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index d530d2b93..52bb8328b 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -6,14 +6,14 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: false - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result @@ -22,16 +22,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_telegram_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mautrix_telegram_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-telegram.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: true - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mautrix_telegram_database_engine == 'postgres'" - name: Ensure Mautrix Telegram paths exist @@ -46,7 +46,7 @@ - {path: "{{ matrix_mautrix_telegram_config_path }}", when: true} - {path: "{{ matrix_mautrix_telegram_data_path }}", when: true} - {path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Mautrix Telegram image is pulled docker_image: @@ -54,7 +54,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" - when: "not matrix_mautrix_telegram_container_image_self_build|bool" + when: "not matrix_mautrix_telegram_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -68,7 +68,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_telegram_lottieconverter_git_pull_results - when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_mautrix_telegram_container_image_self_build|bool" + when: "matrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure lottieconverter Docker image is built docker_image: @@ -80,7 +80,7 @@ dockerfile: Dockerfile path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" pull: true - when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build|bool" + when: "matrix_telegram_lottieconverter_container_image_self_build | bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure matrix-mautrix-telegram repository is present when self-building ansible.builtin.git: @@ -90,7 +90,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_telegram_git_pull_results - when: "matrix_mautrix_telegram_container_image_self_build|bool" + when: "matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure matrix-mautrix-telegram Docker image is built docker_image: @@ -101,13 +101,13 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_telegram_docker_src_files_path }}" - pull: "{{ not matrix_telegram_lottieconverter_container_image_self_build_mask_arch|bool }}" + pull: "{{ not matrix_telegram_lottieconverter_container_image_self_build_mask_arch | bool }}" args: TARGETARCH: "" - when: "matrix_mautrix_telegram_container_image_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed" + when: "matrix_mautrix_telegram_container_image_self_build | bool and matrix_mautrix_telegram_git_pull_results.changed" - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db" register: matrix_mautrix_telegram_stat_database @@ -126,7 +126,7 @@ - name: Ensure mautrix-telegram config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_telegram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -134,7 +134,7 @@ - name: Ensure mautrix-telegram registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_telegram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -156,4 +156,4 @@ ansible.builtin.service: name: "matrix-mautrix-telegram.service" state: restarted - when: "matrix_mautrix_telegram_requires_restart|bool" + when: "matrix_mautrix_telegram_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index 01b58313a..f4a5f5690 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-telegram service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" register: matrix_mautrix_telegram_service_stat diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 150b5b4dc..4943d715a 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -87,11 +87,11 @@ matrix_mautrix_twitter_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_twitter_configuration_yaml`. -matrix_mautrix_twitter_configuration_extension: "{{ matrix_mautrix_twitter_configuration_extension_yaml|from_yaml if matrix_mautrix_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_twitter_configuration_extension: "{{ matrix_mautrix_twitter_configuration_extension_yaml | from_yaml if matrix_mautrix_twitter_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_twitter_configuration_yaml`. -matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml|from_yaml|combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}" +matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml | from_yaml|combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}" matrix_mautrix_twitter_registration_yaml: | id: twitter @@ -109,4 +109,4 @@ matrix_mautrix_twitter_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml|from_yaml }}" +matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 3fdd66d83..75a60ffa1 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -2,24 +2,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}" - when: matrix_mautrix_twitter_enabled|bool + when: matrix_mautrix_twitter_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-twitter-registration.yaml"] }} - when: matrix_mautrix_twitter_enabled|bool + when: matrix_mautrix_twitter_enabled | bool # ansible lower than 2.8, does not support docker_image build parameters # for self buildig it is explicitly needed, so we rather fail here diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml index 6c0abe4f5..2f0c39b2a 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool" tags: - setup-all - setup-mautrix-twitter -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool" tags: - setup-all - setup-mautrix-twitter -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_twitter_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mautrix_twitter_enabled | bool" tags: - setup-all - setup-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 167176a8f..a611f3527 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_mautrix_twitter_requires_restart: false @@ -17,7 +17,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" - when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build + when: matrix_mautrix_twitter_enabled | bool and not matrix_mautrix_twitter_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -35,7 +35,7 @@ - {path: "{{ matrix_mautrix_twitter_config_path }}", when: true} - {path: "{{ matrix_mautrix_twitter_data_path }}", when: true} - {path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Mautrix Twitter repository is present on self-build ansible.builtin.git: @@ -46,7 +46,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_twitter_git_pull_results - when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build" + when: "matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_container_image_self_build" - name: Ensure Mautrix Twitter Docker image is built docker_image: @@ -57,11 +57,11 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_twitter_docker_src_files_path }}" pull: true - when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool" + when: "matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_container_image_self_build | bool" - name: Ensure mautrix-twitter config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_twitter_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -69,7 +69,7 @@ - name: Ensure mautrix-twitter registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_twitter_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -91,4 +91,4 @@ ansible.builtin.service: name: "matrix-mautrix-twitter.service" state: restarted - when: "matrix_mautrix_twitter_requires_restart|bool" + when: "matrix_mautrix_twitter_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 9c3579316..5ce64906c 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-twitter service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" register: matrix_mautrix_twitter_service_stat diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e7f027091..9c8652fb7 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -106,11 +106,11 @@ matrix_mautrix_whatsapp_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_whatsapp_configuration_yaml`. -matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml if matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_configuration_extension_yaml | from_yaml if matrix_mautrix_whatsapp_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_whatsapp_configuration_yaml`. -matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml|from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}" +matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml | from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}" matrix_mautrix_whatsapp_registration_yaml: | id: whatsapp @@ -128,7 +128,7 @@ matrix_mautrix_whatsapp_registration_yaml: | regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true -matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" +matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: false diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index 75a0134b2..ab10a5303 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,21 +1,21 @@ --- - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" - when: matrix_mautrix_whatsapp_enabled|bool + when: matrix_mautrix_whatsapp_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mautrix-whatsapp-registration.yaml"] }} - when: matrix_mautrix_whatsapp_enabled|bool + when: matrix_mautrix_whatsapp_enabled | bool diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml index 0a963eb24..4df6fd23b 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -1,21 +1,21 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_whatsapp_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_whatsapp_enabled | bool" tags: - setup-all - setup-mautrix-whatsapp -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_mautrix_whatsapp_enabled" tags: - setup-all - setup-mautrix-whatsapp -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_mautrix_whatsapp_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 59e5fe0ef..c80407e1d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -6,14 +6,14 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: false - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result @@ -22,17 +22,17 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mautrix_whatsapp_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-whatsapp.service'] pgloader_options: ['--with "quote identifiers"'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: true - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" @@ -48,7 +48,7 @@ - {path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true} - {path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true} - {path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Mautrix Whatsapp image is pulled docker_image: @@ -71,7 +71,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mautrix_whatsapp_git_pull_results - when: "matrix_mautrix_whatsapp_container_image_self_build|bool" + when: "matrix_mautrix_whatsapp_container_image_self_build | bool" - name: Ensure Mautrix Whatsapp Docker image is built docker_image: @@ -83,15 +83,15 @@ dockerfile: Dockerfile path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" pull: true - when: "matrix_mautrix_whatsapp_container_image_self_build|bool" + when: "matrix_mautrix_whatsapp_container_image_self_build | bool" - name: Check if an old database file exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db" register: matrix_mautrix_whatsapp_stat_database - name: Check if an old matrix state file exists - stat: + ansible.builtin.stat: path: "{{ matrix_mautrix_whatsapp_base_path }}/mx-state.json" register: matrix_mautrix_whatsapp_stat_mx_state @@ -114,7 +114,7 @@ - name: Ensure mautrix-whatsapp config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_whatsapp_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -122,7 +122,7 @@ - name: Ensure mautrix-whatsapp registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mautrix_whatsapp_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -144,4 +144,4 @@ ansible.builtin.service: name: "matrix-mautrix-whatsapp.service" state: restarted - when: "matrix_mautrix_whatsapp_requires_restart|bool" + when: "matrix_mautrix_whatsapp_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 94f7f30ae..c531b530e 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-whatsapp service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" register: matrix_mautrix_whatsapp_service_stat diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 4d297f25f..3402bbbcc 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -88,11 +88,11 @@ matrix_mx_puppet_discord_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mx_puppet_discord_configuration_yaml`. -matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml | from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`. -matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" +matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml | from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" matrix_mx_puppet_discord_registration_yaml: | as_token: "{{ matrix_mx_puppet_discord_appservice_token }}" @@ -112,4 +112,4 @@ matrix_mx_puppet_discord_registration_yaml: | url: {{ matrix_mx_puppet_discord_appservice_address }} de.sorunome.msc2409.push_ephemeral: true -matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}" +matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index ca0090287..1a821d7d8 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -8,21 +8,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}" - when: matrix_mx_puppet_discord_enabled|bool + when: matrix_mx_puppet_discord_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mx-puppet-discord-registration.yaml"] }} - when: matrix_mx_puppet_discord_enabled|bool + when: matrix_mx_puppet_discord_enabled | bool diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml index e11a2db04..281092e1a 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool" tags: - setup-all - setup-mx-puppet-discord -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool" tags: - setup-all - setup-mx-puppet-discord -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mx_puppet_discord_enabled | bool" tags: - setup-all - setup-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3c3c43a03..48c92bf08 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure MX Puppet Discord paths exist ansible.builtin.file: @@ -20,10 +20,10 @@ - {path: "{{ matrix_mx_puppet_discord_config_path }}", when: true} - {path: "{{ matrix_mx_puppet_discord_data_path }}", when: true} - {path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}"} - when: matrix_mx_puppet_discord_enabled|bool and item.when|bool + when: matrix_mx_puppet_discord_enabled | bool and item.when | bool - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_discord_base_path }}/database.db" register: matrix_mx_puppet_discord_stat_database @@ -44,7 +44,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result @@ -53,16 +53,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_discord_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mx_puppet_discord_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-discord.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: true - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mx_puppet_discord_database_engine == 'postgres'" - name: Ensure MX Puppet Discord image is pulled @@ -71,7 +71,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" - when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + when: matrix_mx_puppet_discord_enabled | bool and not matrix_mx_puppet_discord_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -86,7 +86,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_discord_git_pull_results - when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" + when: "matrix_mx_puppet_discord_enabled | bool and matrix_mx_puppet_discord_container_image_self_build" - name: Ensure MX Puppet Discord Docker image is built docker_image: @@ -98,11 +98,11 @@ dockerfile: "{{ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" pull: true - when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" + when: "matrix_mx_puppet_discord_enabled | bool and matrix_mx_puppet_discord_container_image_self_build | bool" - name: Ensure mx-puppet-discord config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -110,7 +110,7 @@ - name: Ensure mx-puppet-discord discord-registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_discord_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -132,4 +132,4 @@ ansible.builtin.service: name: "matrix-mx-puppet-discord.service" state: restarted - when: "matrix_mx_puppet_discord_requires_restart|bool" + when: "matrix_mx_puppet_discord_requires_restart | bool" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index beff6c5db..585c6c856 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mx-puppet-discord service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-mx-puppet-discord.service" register: matrix_mx_puppet_discord_service_stat diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 696380ed1..f2f7d963d 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -83,11 +83,11 @@ matrix_mx_puppet_groupme_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mx_puppet_groupme_configuration_yaml`. -matrix_mx_puppet_groupme_configuration_extension: "{{ matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml if matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mx_puppet_groupme_configuration_extension: "{{ matrix_mx_puppet_groupme_configuration_extension_yaml | from_yaml if matrix_mx_puppet_groupme_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_groupme_configuration_yaml`. -matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml|from_yaml|combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}" +matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml | from_yaml|combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}" matrix_mx_puppet_groupme_registration_yaml: | as_token: "{{ matrix_mx_puppet_groupme_appservice_token }}" @@ -107,4 +107,4 @@ matrix_mx_puppet_groupme_registration_yaml: | url: {{ matrix_mx_puppet_groupme_appservice_address }} de.sorunome.msc2409.push_ephemeral: true -matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml|from_yaml }}" +matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index 0791546d6..92f041d40 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -8,21 +8,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}" - when: matrix_mx_puppet_groupme_enabled|bool + when: matrix_mx_puppet_groupme_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mx-puppet-groupme-registration.yaml"] }} - when: matrix_mx_puppet_groupme_enabled|bool + when: matrix_mx_puppet_groupme_enabled | bool diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml index 070f920b5..8cc557592 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool" tags: - setup-all - setup-mx-puppet-groupme -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool" tags: - setup-all - setup-mx-puppet-groupme -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_groupme_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mx_puppet_groupme_enabled | bool" tags: - setup-all - setup-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 9ca9c7ea6..3393db217 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure MX Puppet Groupme paths exist ansible.builtin.file: @@ -20,10 +20,10 @@ - {path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true} - {path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true} - {path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}"} - when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool + when: matrix_mx_puppet_groupme_enabled | bool and item.when | bool - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_groupme_base_path }}/database.db" register: matrix_mx_puppet_groupme_stat_database @@ -45,7 +45,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result @@ -54,16 +54,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mx_puppet_groupme_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-groupme.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: true - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" - name: Ensure MX Puppet Groupme image is pulled @@ -72,7 +72,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" - when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build + when: matrix_mx_puppet_groupme_enabled | bool and not matrix_mx_puppet_groupme_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -86,7 +86,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_groupme_git_pull_results - when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" + when: "matrix_mx_puppet_groupme_enabled | bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure MX Puppet Groupme Docker image is built docker_image: @@ -98,11 +98,11 @@ dockerfile: Dockerfile path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" pull: true - when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" + when: "matrix_mx_puppet_groupme_enabled | bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure mx-puppet-groupme config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_groupme_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -110,7 +110,7 @@ - name: Ensure mx-puppet-groupme groupme-registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_groupme_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -132,4 +132,4 @@ ansible.builtin.service: name: "matrix-mx-puppet-groupme.service" state: restarted - when: "matrix_mx_puppet_groupme_requires_restart|bool" + when: "matrix_mx_puppet_groupme_requires_restart | bool" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index faf5ac0a5..5ded61070 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mx-puppet-groupme service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" register: matrix_mx_puppet_groupme_service_stat diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index c7c86e3c5..8c68f9804 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -77,11 +77,11 @@ matrix_mx_puppet_instagram_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`. -matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml | from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`. -matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" +matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml | from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" matrix_mx_puppet_instagram_registration_yaml: | as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}" @@ -101,4 +101,4 @@ matrix_mx_puppet_instagram_registration_yaml: | url: {{ matrix_mx_puppet_instagram_appservice_address }} de.sorunome.msc2409.push_ephemeral: true -matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}" +matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index 3f2b98dc2..5e89275cf 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -8,21 +8,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}" - when: matrix_mx_puppet_instagram_enabled|bool + when: matrix_mx_puppet_instagram_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mx-puppet-instagram-registration.yaml"] }} - when: matrix_mx_puppet_instagram_enabled|bool + when: matrix_mx_puppet_instagram_enabled | bool diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml index 6abb281fc..978577cc3 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool" tags: - setup-all - setup-mx-puppet-instagram -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool" tags: - setup-all - setup-mx-puppet-instagram -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mx_puppet_instagram_enabled | bool" tags: - setup-all - setup-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 4048e1755..9222266b1 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: @@ -14,7 +14,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result @@ -23,16 +23,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mx_puppet_instagram_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-instagram.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: true - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" - name: Ensure mx-puppet-instagram image is pulled @@ -41,7 +41,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" - when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + when: matrix_mx_puppet_instagram_enabled | bool and not matrix_mx_puppet_instagram_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -59,7 +59,7 @@ - {path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true} - {path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true} - {path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}"} - when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool + when: matrix_mx_puppet_instagram_enabled | bool and item.when | bool - name: Ensure mx-puppet-instagram repository is present on self build ansible.builtin.git: @@ -69,7 +69,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_instagram_git_pull_results - when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" + when: "matrix_mx_puppet_instagram_enabled | bool and matrix_mx_puppet_instagram_container_image_self_build | bool" - name: Ensure mx-puppet-instagram Docker image is built docker_image: @@ -81,11 +81,11 @@ dockerfile: Dockerfile path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" pull: true - when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" + when: "matrix_mx_puppet_instagram_enabled | bool and matrix_mx_puppet_instagram_container_image_self_build | bool" - name: Ensure mx-puppet-instagram config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_instagram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -93,7 +93,7 @@ - name: Ensure mx-puppet-instagram-registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_instagram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -115,4 +115,4 @@ ansible.builtin.service: name: "matrix-mx-puppet-instagram.service" state: restarted - when: "matrix_mx_puppet_instagram_requires_restart|bool" + when: "matrix_mx_puppet_instagram_requires_restart | bool" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index cb876e2a1..2d5a98aa4 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mx-puppet-instagram service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" register: matrix_mx_puppet_instagram_service_stat diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 294b18cf7..cc437ad82 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -92,11 +92,11 @@ matrix_mx_puppet_slack_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mx_puppet_slack_configuration_yaml`. -matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml if matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_configuration_extension_yaml | from_yaml if matrix_mx_puppet_slack_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_slack_configuration_yaml`. -matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml|from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}" +matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml | from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}" matrix_mx_puppet_slack_registration_yaml: | as_token: "{{ matrix_mx_puppet_slack_appservice_token }}" @@ -116,4 +116,4 @@ matrix_mx_puppet_slack_registration_yaml: | url: {{ matrix_mx_puppet_slack_appservice_address }} de.sorunome.msc2409.push_ephemeral: true -matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml|from_yaml }}" +matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 74a6ed44b..fd9d62ae4 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -8,24 +8,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}" - when: matrix_mx_puppet_slack_enabled|bool + when: matrix_mx_puppet_slack_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mx-puppet-slack-registration.yaml"] }} - when: matrix_mx_puppet_slack_enabled|bool + when: matrix_mx_puppet_slack_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -35,13 +35,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; @@ -56,13 +56,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_mx_puppet_slack_enabled|bool + when: matrix_mx_puppet_slack_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -72,4 +72,4 @@ Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` URL endpoint to the matrix-mx-puppet-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_slack_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_mx_puppet_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml index 0e886d452..869afc497 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool" tags: - setup-all - setup-mx-puppet-slack -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool" tags: - setup-all - setup-mx-puppet-slack -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_slack_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mx_puppet_slack_enabled | bool" tags: - setup-all - setup-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 48408b5ab..5dab3c4a9 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure MX Puppet Slack paths exist ansible.builtin.file: @@ -20,10 +20,10 @@ - {path: "{{ matrix_mx_puppet_slack_config_path }}", when: true} - {path: "{{ matrix_mx_puppet_slack_data_path }}", when: true} - {path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}"} - when: matrix_mx_puppet_slack_enabled|bool and item.when|bool + when: matrix_mx_puppet_slack_enabled | bool and item.when | bool - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_slack_base_path }}/database.db" register: matrix_mx_puppet_slack_stat_database @@ -41,7 +41,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result @@ -50,16 +50,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_slack_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mx_puppet_slack_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-slack.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: true - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mx_puppet_slack_database_engine == 'postgres'" - name: Ensure MX Puppet Slack image is pulled @@ -68,7 +68,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" - when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + when: matrix_mx_puppet_slack_enabled | bool and not matrix_mx_puppet_slack_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -83,7 +83,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_slack_git_pull_results - when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" + when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build" - name: Ensure MX Puppet Slack Docker image is built docker_image: @@ -95,7 +95,7 @@ dockerfile: "{{ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" pull: true - when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" + when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build" - name: (Data relocation) Move mx-puppet-slack database file to ./data directory ansible.builtin.command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db" @@ -103,7 +103,7 @@ - name: Ensure mx-puppet-slack config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_slack_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -111,7 +111,7 @@ - name: Ensure mx-puppet-slack slack-registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_slack_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -133,4 +133,4 @@ ansible.builtin.service: name: "matrix-mx-puppet-slack.service" state: restarted - when: "matrix_mx_puppet_slack_requires_restart|bool" + when: "matrix_mx_puppet_slack_requires_restart | bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index 835e20d79..3f91b467b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mx-puppet-slack service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-mx-puppet-slack.service" register: matrix_mx_puppet_slack_service_stat diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 430dc90f1..933b043c9 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -83,11 +83,11 @@ matrix_mx_puppet_steam_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mx_puppet_steam_configuration_yaml`. -matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml | from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`. -matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" +matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml | from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" matrix_mx_puppet_steam_registration_yaml: | as_token: "{{ matrix_mx_puppet_steam_appservice_token }}" @@ -107,4 +107,4 @@ matrix_mx_puppet_steam_registration_yaml: | url: {{ matrix_mx_puppet_steam_appservice_address }} de.sorunome.msc2409.push_ephemeral: true -matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}" +matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index 7c5487f48..6c9a9a4fe 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -8,21 +8,21 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}" - when: matrix_mx_puppet_steam_enabled|bool + when: matrix_mx_puppet_steam_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mx-puppet-steam-registration.yaml"] }} - when: matrix_mx_puppet_steam_enabled|bool + when: matrix_mx_puppet_steam_enabled | bool diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml index 733cfa909..236a7009f 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool" tags: - setup-all - setup-mx-puppet-steam -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool" tags: - setup-all - setup-mx-puppet-steam -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mx_puppet_steam_enabled | bool" tags: - setup-all - setup-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index dfb7c6c9c..87c2a4244 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure MX Puppet Steam paths exist ansible.builtin.file: @@ -20,10 +20,10 @@ - {path: "{{ matrix_mx_puppet_steam_config_path }}", when: true} - {path: "{{ matrix_mx_puppet_steam_data_path }}", when: true} - {path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}"} - when: matrix_mx_puppet_steam_enabled|bool and item.when|bool + when: matrix_mx_puppet_steam_enabled | bool and item.when | bool - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_steam_base_path }}/database.db" register: matrix_mx_puppet_steam_stat_database @@ -45,7 +45,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result @@ -54,16 +54,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_steam_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mx_puppet_steam_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-steam.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: true - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mx_puppet_steam_database_engine == 'postgres'" - name: Ensure MX Puppet Steam image is pulled @@ -72,7 +72,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" - when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + when: matrix_mx_puppet_steam_enabled | bool and not matrix_mx_puppet_steam_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -86,7 +86,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_steam_git_pull_results - when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" + when: "matrix_mx_puppet_steam_enabled | bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure MX Puppet Steam Docker image is built docker_image: @@ -98,11 +98,11 @@ dockerfile: Dockerfile path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" pull: true - when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" + when: "matrix_mx_puppet_steam_enabled | bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure mx-puppet-steam config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_steam_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -110,7 +110,7 @@ - name: Ensure mx-puppet-steam steam-registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_steam_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -132,4 +132,4 @@ ansible.builtin.service: name: "matrix-mx-puppet-steam.service" state: restarted - when: "matrix_mx_puppet_steam_requires_restart|bool" + when: "matrix_mx_puppet_steam_requires_restart | bool" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index 7ec8245dc..d88e54722 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mx-puppet-steam service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-mx-puppet-steam.service" register: matrix_mx_puppet_steam_service_stat diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index c1b460713..bcd6b4fff 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -93,11 +93,11 @@ matrix_mx_puppet_twitter_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`. -matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml | from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`. -matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" +matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml | from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" # The prefix for user IDs and aliases matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ @@ -121,4 +121,4 @@ matrix_mx_puppet_twitter_registration_yaml: | url: {{ matrix_mx_puppet_twitter_appservice_address }} de.sorunome.msc2409.push_ephemeral: true -matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" +matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 53e2f2f50..3667ebc75 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -8,24 +8,24 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}" - when: matrix_mx_puppet_twitter_enabled|bool + when: matrix_mx_puppet_twitter_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-mx-puppet-twitter-registration.yaml"] }} - when: matrix_mx_puppet_twitter_enabled|bool + when: matrix_mx_puppet_twitter_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -35,13 +35,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; @@ -56,13 +56,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_mx_puppet_twitter_enabled|bool + when: matrix_mx_puppet_twitter_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -72,4 +72,4 @@ Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` URL endpoint to the matrix-mx-puppet-twitter container. You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_twitter_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_mx_puppet_twitter_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml index 7d65257c9..20e4f6862 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool" tags: - setup-all - setup-mx-puppet-twitter -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool" tags: - setup-all - setup-mx-puppet-twitter -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_mx_puppet_twitter_enabled | bool" tags: - setup-all - setup-mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 34d522f5e..23d4a3a6c 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -6,7 +6,7 @@ ansible.builtin.fail: msg: >- The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" + when: "matrix_synapse_role_executed | default(False)" - name: Ensure MX Puppet Twitter paths exist ansible.builtin.file: @@ -20,10 +20,10 @@ - {path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true} - {path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true} - {path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}"} - when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool + when: matrix_mx_puppet_twitter_enabled | bool and item.when | bool - name: Check if an old database file already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db" register: matrix_mx_puppet_twitter_stat_database @@ -45,7 +45,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result @@ -54,16 +54,16 @@ matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_mx_puppet_twitter_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-twitter.service'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: true - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" - name: Ensure MX Puppet Twitter image is pulled @@ -72,7 +72,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" - when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + when: matrix_mx_puppet_twitter_enabled | bool and not matrix_mx_puppet_twitter_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -86,7 +86,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mx_puppet_twitter_git_pull_results - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + when: "matrix_mx_puppet_twitter_enabled | bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure MX Puppet Twitter Docker image is built docker_image: @@ -98,11 +98,11 @@ dockerfile: Dockerfile path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" pull: true - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + when: "matrix_mx_puppet_twitter_enabled | bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure mx-puppet-twitter config.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_twitter_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -110,7 +110,7 @@ - name: Ensure mx-puppet-twitter twitter-registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_mx_puppet_twitter_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -132,4 +132,4 @@ ansible.builtin.service: name: "matrix-mx-puppet-twitter.service" state: restarted - when: "matrix_mx_puppet_twitter_requires_restart|bool" + when: "matrix_mx_puppet_twitter_requires_restart | bool" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 2718634db..6db13de08 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mx-puppet-twitter service - stat: + ansible.builtin.stat: path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" register: matrix_mx_puppet_twitter_service_stat diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 8a640f862..28a88e311 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -104,9 +104,9 @@ matrix_sms_bridge_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_sms_bridge_configuration_yaml`. -matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml|from_yaml if matrix_sms_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml | from_yaml if matrix_sms_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}" -matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" +matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml | from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" matrix_sms_bridge_registration_yaml: | id: sms @@ -123,4 +123,4 @@ matrix_sms_bridge_registration_yaml: | sender_localpart: smsbot rate_limited: false -matrix_sms_bridge_registration: "{{ matrix_sms_bridge_registration_yaml|from_yaml }}" +matrix_sms_bridge_registration: "{{ matrix_sms_bridge_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index 4a3d1719c..85684b81a 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -6,25 +6,25 @@ ansible.builtin.fail: msg: >- The matrix-sms-bridge role needs to execute before the matrix-synapse role. - when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)" + when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed | default(False)" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}" - when: matrix_sms_bridge_enabled|bool + when: matrix_sms_bridge_enabled | bool # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ - matrix_synapse_app_service_config_files|default([]) + matrix_synapse_app_service_config_files | default([]) + ["/matrix-sms-bridge-registration.yaml"] }} - when: matrix_sms_bridge_enabled|bool + when: matrix_sms_bridge_enabled | bool diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/matrix-bridge-sms/tasks/main.yml index b06e1a548..1a6b964ba 100644 --- a/roles/matrix-bridge-sms/tasks/main.yml +++ b/roles/matrix-bridge-sms/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_sms_bridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_sms_bridge_enabled | bool" tags: - setup-all - setup-matrix-sms-bridge -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_sms_bridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_sms_bridge_enabled | bool" tags: - setup-all - setup-matrix-sms-bridge -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_sms_bridge_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_sms_bridge_enabled | bool" tags: - setup-all - setup-matrix-sms-bridge diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index ad6a91858..dcc317ba2 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -23,7 +23,7 @@ - name: Ensure matrix-sms-bridge application.yml installed ansible.builtin.copy: - content: "{{ matrix_sms_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_sms_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/application.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -31,7 +31,7 @@ - name: Ensure matrix-sms-bridge registration.yaml installed ansible.builtin.copy: - content: "{{ matrix_sms_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_sms_bridge_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml index f0f966b2d..322190f91 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-sms-bridge service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" register: matrix_sms_bridge_service_stat diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/matrix-client-cinny/tasks/init.yml index 4d1190dc6..00e46dc82 100644 --- a/roles/matrix-client-cinny/tasks/init.yml +++ b/roles/matrix-client-cinny/tasks/init.yml @@ -8,4 +8,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-cinny.service'] }}" - when: matrix_client_cinny_enabled|bool + when: matrix_client_cinny_enabled | bool diff --git a/roles/matrix-client-cinny/tasks/main.yml b/roles/matrix-client-cinny/tasks/main.yml index 5c37d38e5..9eb007810 100644 --- a/roles/matrix-client-cinny/tasks/main.yml +++ b/roles/matrix-client-cinny/tasks/main.yml @@ -1,30 +1,30 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_client_cinny_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_client_cinny_enabled | bool" tags: - setup-all - setup-client-cinny -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_client_cinny_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_client_cinny_enabled | bool" tags: - setup-all - setup-client-cinny -- import_tasks: "{{ role_path }}/tasks/self_check.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check|bool and matrix_client_cinny_enabled|bool" + when: "run_self_check | bool and matrix_client_cinny_enabled | bool" tags: - self-check -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_client_cinny_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_client_cinny_enabled | bool" tags: - setup-all - setup-client-cinny diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 3689586f4..0159ea354 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -9,7 +9,7 @@ with_items: - {path: "{{ matrix_client_cinny_data_path }}", when: true} - {path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Cinny Docker image is pulled docker_image: @@ -17,7 +17,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" - when: "not matrix_client_cinny_container_image_self_build|bool" + when: "not matrix_client_cinny_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -32,7 +32,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_client_cinny_git_pull_results - when: "matrix_client_cinny_container_image_self_build|bool" + when: "matrix_client_cinny_container_image_self_build | bool" - name: Ensure Cinny configuration installed ansible.builtin.copy: @@ -62,7 +62,7 @@ dockerfile: Dockerfile path: "{{ matrix_client_cinny_docker_src_files_path }}" pull: true - when: "matrix_client_cinny_container_image_self_build|bool" + when: "matrix_client_cinny_container_image_self_build | bool" - name: Ensure matrix-client-cinny.service installed ansible.builtin.template: @@ -74,4 +74,4 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_client_cinny_systemd_service_result.changed|bool" + when: "matrix_client_cinny_systemd_service_result.changed | bool" diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/matrix-client-cinny/tasks/setup_uninstall.yml index 866308ddc..e6f71b0bc 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/matrix-client-cinny/tasks/setup_uninstall.yml @@ -1,6 +1,6 @@ --- - name: Check existence of matrix-client-cinny.service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" register: matrix_client_cinny_service_stat @@ -11,18 +11,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_client_cinny_service_stat.stat.exists|bool" + when: "matrix_client_cinny_service_stat.stat.exists | bool" - name: Ensure matrix-client-cinny.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" state: absent - when: "matrix_client_cinny_service_stat.stat.exists|bool" + when: "matrix_client_cinny_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-client-cinny.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_client_cinny_service_stat.stat.exists|bool" + when: "matrix_client_cinny_service_stat.stat.exists | bool" - name: Ensure Cinny paths doesn't exist ansible.builtin.file: diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/matrix-client-element/tasks/init.yml index 65edf53a0..7bdad9e1a 100644 --- a/roles/matrix-client-element/tasks/init.yml +++ b/roles/matrix-client-element/tasks/init.yml @@ -2,7 +2,7 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}" - when: matrix_client_element_enabled|bool + when: matrix_client_element_enabled | bool # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 diff --git a/roles/matrix-client-element/tasks/main.yml b/roles/matrix-client-element/tasks/main.yml index 28e23e8a5..53a25afb9 100644 --- a/roles/matrix-client-element/tasks/main.yml +++ b/roles/matrix-client-element/tasks/main.yml @@ -1,42 +1,42 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_client_element_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_client_element_enabled | bool" tags: - setup-all - setup-client-element -- import_tasks: "{{ role_path }}/tasks/prepare_themes.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/prepare_themes.yml" + when: run_setup | bool tags: - setup-all - setup-client-element -- import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml" + when: run_setup | bool tags: - setup-all - setup-client-element -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_client_element_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_client_element_enabled | bool" tags: - setup-all - setup-client-element -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_client_element_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_client_element_enabled | bool" tags: - setup-all - setup-client-element -- import_tasks: "{{ role_path }}/tasks/self_check.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check|bool and matrix_client_element_enabled|bool" + when: "run_self_check | bool and matrix_client_element_enabled | bool" tags: - self-check diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/matrix-client-element/tasks/migrate_riot_web.yml index b570d8927..23011e93b 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/matrix-client-element/tasks/migrate_riot_web.yml @@ -1,10 +1,10 @@ --- - name: Check existence of matrix-riot-web.service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-riot-web.service" register: matrix_client_riot_web_service_stat - when: "matrix_client_element_enabled|bool" + when: "matrix_client_element_enabled | bool" - name: Ensure matrix-riot-web is stopped ansible.builtin.service: @@ -13,25 +13,25 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" + when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" - name: Ensure matrix-riot-web.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-riot-web.service" state: absent - when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" + when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-riot-web.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" + when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" - name: Check existence of /matrix/riot-web - stat: + ansible.builtin.stat: path: "/matrix/riot-web" register: matrix_client_riot_web_dir_stat - when: "matrix_client_element_enabled|bool" + when: "matrix_client_element_enabled | bool" - name: Relocate /matrix/riot-web to /matrix/client-element ansible.builtin.command: "mv /matrix/riot-web /matrix/client-element" - when: "matrix_client_element_enabled|bool and matrix_client_riot_web_dir_stat.stat.exists" + when: "matrix_client_element_enabled | bool and matrix_client_riot_web_dir_stat.stat.exists" diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index 7d5c10197..4ba38943e 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -11,7 +11,7 @@ dest: "{{ role_path }}/files/scratchpad/themes" - name: Find all Element theme files - find: + ansible.builtin.find: paths: "{{ role_path }}/files/scratchpad/themes" patterns: "*.json" recurse: true @@ -31,7 +31,7 @@ run_once: true delegate_to: 127.0.0.1 become: false - when: matrix_client_element_themes_enabled|bool + when: matrix_client_element_themes_enabled | bool # @@ -45,4 +45,4 @@ run_once: true delegate_to: 127.0.0.1 become: false - when: "not matrix_client_element_themes_enabled|bool" + when: "not matrix_client_element_themes_enabled | bool" diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 6a4fe3f30..356d53424 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -10,7 +10,7 @@ with_items: - {path: "{{ matrix_client_element_data_path }}", when: true} - {path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Element Docker image is pulled docker_image: @@ -18,7 +18,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" - when: "not matrix_client_element_container_image_self_build|bool" + when: "not matrix_client_element_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -33,7 +33,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_client_element_git_pull_results - when: "matrix_client_element_container_image_self_build|bool" + when: "matrix_client_element_container_image_self_build | bool" # See: # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357 @@ -47,7 +47,7 @@ owner: root ansible.builtin.group: root mode: '0644' - when: "matrix_client_element_container_image_self_build|bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled|bool" + when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool" - name: Ensure Element Docker image is built docker_image: @@ -59,7 +59,7 @@ dockerfile: Dockerfile path: "{{ matrix_client_element_docker_src_files_path }}" pull: true - when: "matrix_client_element_container_image_self_build|bool" + when: "matrix_client_element_container_image_self_build | bool" - name: Ensure Element configuration installed ansible.builtin.copy: @@ -100,4 +100,4 @@ - name: Ensure systemd reloaded after matrix-client-element.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_client_element_systemd_service_result.changed|bool" + when: "matrix_client_element_systemd_service_result.changed | bool" diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/matrix-client-element/tasks/setup_uninstall.yml index 83b4a7955..b3cdd05e5 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/matrix-client-element/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-client-element.service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-client-element.service" register: matrix_client_element_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_client_element_service_stat.stat.exists|bool" + when: "matrix_client_element_service_stat.stat.exists | bool" - name: Ensure matrix-client-element.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-client-element.service" state: absent - when: "matrix_client_element_service_stat.stat.exists|bool" + when: "matrix_client_element_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-client-element.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_client_element_service_stat.stat.exists|bool" + when: "matrix_client_element_service_stat.stat.exists | bool" - name: Ensure Element paths doesn't exist ansible.builtin.file: diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml index 70454d92e..561018e1a 100644 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ b/roles/matrix-client-hydrogen/tasks/init.yml @@ -8,4 +8,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}" - when: matrix_client_hydrogen_enabled|bool + when: matrix_client_hydrogen_enabled | bool diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index d027fe660..89133364e 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -1,30 +1,30 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_client_hydrogen_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_client_hydrogen_enabled | bool" tags: - setup-all - setup-client-hydrogen -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_client_hydrogen_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_client_hydrogen_enabled | bool" tags: - setup-all - setup-client-hydrogen -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_client_hydrogen_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_client_hydrogen_enabled | bool" tags: - setup-all - setup-client-hydrogen -- import_tasks: "{{ role_path }}/tasks/self_check.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool" + when: "run_self_check | bool and matrix_client_hydrogen_enabled | bool" tags: - self-check diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index b7a63fb7f..37877b87a 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -10,7 +10,7 @@ with_items: - {path: "{{ matrix_client_hydrogen_data_path }}", when: true} - {path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Hydrogen Docker image is pulled docker_image: @@ -18,7 +18,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" - when: "not matrix_client_hydrogen_container_image_self_build|bool" + when: "not matrix_client_hydrogen_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -33,7 +33,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_client_hydrogen_git_pull_results - when: "matrix_client_hydrogen_container_image_self_build|bool" + when: "matrix_client_hydrogen_container_image_self_build | bool" - name: Ensure Hydrogen configuration installed ansible.builtin.copy: @@ -42,7 +42,7 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: "matrix_client_hydrogen_container_image_self_build|bool" + when: "matrix_client_hydrogen_container_image_self_build | bool" - name: Ensure Hydrogen additional config files installed ansible.builtin.template: @@ -66,7 +66,7 @@ dockerfile: Dockerfile path: "{{ matrix_client_hydrogen_docker_src_files_path }}" pull: true - when: "matrix_client_hydrogen_container_image_self_build|bool" + when: "matrix_client_hydrogen_container_image_self_build | bool" - name: Ensure matrix-client-hydrogen.service installed ansible.builtin.template: @@ -78,4 +78,4 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_client_hydrogen_systemd_service_result.changed|bool" + when: "matrix_client_hydrogen_systemd_service_result.changed | bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml index ac0c11c7a..d543cbb32 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-client-hydrogen.service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" register: matrix_client_hydrogen_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_client_hydrogen_service_stat.stat.exists|bool" + when: "matrix_client_hydrogen_service_stat.stat.exists | bool" - name: Ensure matrix-client-hydrogen.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" state: absent - when: "matrix_client_hydrogen_service_stat.stat.exists|bool" + when: "matrix_client_hydrogen_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-client-hydrogen.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_client_hydrogen_service_stat.stat.exists|bool" + when: "matrix_client_hydrogen_service_stat.stat.exists | bool" - name: Ensure Hydrogen paths doesn't exist ansible.builtin.file: diff --git a/roles/matrix-client-hydrogen/tasks/validate_config.yml b/roles/matrix-client-hydrogen/tasks/validate_config.yml index 4188acba0..65b0e14f6 100644 --- a/roles/matrix-client-hydrogen/tasks/validate_config.yml +++ b/roles/matrix-client-hydrogen/tasks/validate_config.yml @@ -4,6 +4,6 @@ ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) to use Hydrogen. - when: "(vars[item] == '' or vars[item] is none) and matrix_client_hydrogen_container_image_self_build|bool" + when: "(vars[item] == '' or vars[item] is none) and matrix_client_hydrogen_container_image_self_build | bool" with_items: - "matrix_client_hydrogen_default_hs_url" diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index f3ccf3a52..1b360698d 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -1,19 +1,19 @@ --- -- import_tasks: "{{ role_path }}/tasks/start.yml" - when: run_start|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/start.yml" + when: run_start | bool tags: - start -- import_tasks: "{{ role_path }}/tasks/stop.yml" - when: run_stop|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/stop.yml" + when: run_stop | bool tags: - stop -- import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index 35126fc12..890eabfab 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -2,7 +2,7 @@ - name: Determine whether we should make services autostart ansible.builtin.set_fact: - matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled|default('') == '' else matrix_services_autostart_enabled|bool }}" + matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled | default('') == '' else matrix_services_autostart_enabled | bool }}" - name: Ensure systemd is reloaded ansible.builtin.service: @@ -29,14 +29,14 @@ # Waiting too long (30s) may not work for a similar reason, # as we may run into systemd's automatic restart logic retrying the service. - name: Wait a bit, so that services can start (or fail) - wait_for: + ansible.builtin.wait_for: timeout: "{{ matrix_common_after_systemd_service_start_wait_for_timeout_seconds }}" delegate_to: 127.0.0.1 become: false - block: - name: Populate service facts - service_facts: + ansible.builtin.service_facts: - name: Fail if service isn't detected to be running ansible.builtin.fail: diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index 08ef7c88f..c6686a37f 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -8,4 +8,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}" - when: matrix_corporal_enabled|bool + when: matrix_corporal_enabled | bool diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml index 7ff359d0c..1699262b1 100644 --- a/roles/matrix-corporal/tasks/main.yml +++ b/roles/matrix-corporal/tasks/main.yml @@ -1,24 +1,24 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_corporal_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_corporal_enabled | bool" tags: - setup-all - setup-corporal -- import_tasks: "{{ role_path }}/tasks/setup_corporal.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_corporal.yml" + when: run_setup | bool tags: - setup-all - setup-corporal -- import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check|bool and matrix_corporal_enabled|bool" + when: "run_self_check | bool and matrix_corporal_enabled | bool" tags: - self-check diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 58039bf49..2f745502c 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -15,7 +15,7 @@ - "{{ matrix_corporal_config_dir_path }}" - "{{ matrix_corporal_cache_dir_path }}" - "{{ matrix_corporal_var_dir_path }}" - when: matrix_corporal_enabled|bool + when: matrix_corporal_enabled | bool - name: Ensure Matrix Corporal repository is present on self-build ansible.builtin.git: @@ -26,7 +26,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_corporal_git_pull_results - when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" + when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" - name: Ensure Matrix Corporal Docker image is built docker_image: @@ -38,7 +38,7 @@ dockerfile: etc/docker/Dockerfile path: "{{ matrix_corporal_container_src_files_path }}" pull: true - when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" + when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" - name: Ensure Matrix Corporal Docker image is pulled docker_image: @@ -46,7 +46,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" - when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" + when: "matrix_corporal_enabled | bool and not matrix_corporal_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -59,7 +59,7 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_corporal_enabled|bool + when: matrix_corporal_enabled | bool - name: Ensure matrix-corporal.service installed ansible.builtin.template: @@ -67,12 +67,12 @@ dest: "{{ matrix_systemd_path }}/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result - when: matrix_corporal_enabled|bool + when: matrix_corporal_enabled | bool - name: Ensure systemd reloaded after matrix-corporal.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" + when: "matrix_corporal_enabled | bool and matrix_corporal_systemd_service_result.changed" # @@ -80,10 +80,10 @@ # - name: Check existence of matrix-corporal service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-corporal.service" register: matrix_corporal_service_stat - when: "not matrix_corporal_enabled|bool" + when: "not matrix_corporal_enabled | bool" - name: Ensure matrix-corporal is stopped ansible.builtin.service: @@ -92,18 +92,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" + when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-corporal.service" state: absent - when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" + when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-corporal.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" + when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal files don't exist ansible.builtin.file: @@ -112,10 +112,10 @@ with_items: - "{{ matrix_systemd_path }}/matrix-corporal.service" - "{{ matrix_corporal_config_dir_path }}/config.json" - when: "not matrix_corporal_enabled|bool" + when: "not matrix_corporal_enabled | bool" - name: Ensure Matrix Corporal Docker image doesn't exist docker_image: name: "{{ matrix_corporal_docker_image }}" state: absent - when: "not matrix_corporal_enabled|bool" + when: "not matrix_corporal_enabled | bool" diff --git a/roles/matrix-corporal/tasks/validate_config.yml b/roles/matrix-corporal/tasks/validate_config.yml index 50848810e..26d16c6df 100644 --- a/roles/matrix-corporal/tasks/validate_config.yml +++ b/roles/matrix-corporal/tasks/validate_config.yml @@ -14,7 +14,7 @@ - name: Fail if HTTP API enabled, but no token set ansible.builtin.fail: msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" - when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" + when: "matrix_corporal_http_api_enabled | bool and matrix_corporal_http_api_auth_token == ''" - name: (Deprecation) Catch and report renamed corporal variables ansible.builtin.fail: diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index 726e30655..60a772647 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -8,8 +8,8 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}" - when: matrix_coturn_enabled|bool + when: matrix_coturn_enabled | bool - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn-reload.timer'] }}" - when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" + when: "matrix_coturn_enabled | bool and matrix_coturn_tls_enabled | bool" diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/matrix-coturn/tasks/main.yml index 76352df12..78f712f01 100644 --- a/roles/matrix-coturn/tasks/main.yml +++ b/roles/matrix-coturn/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_coturn_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_coturn_enabled | bool" tags: - setup-all - setup-coturn -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_coturn_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_coturn_enabled | bool" tags: - setup-all - setup-coturn -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_coturn_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_coturn_enabled | bool" tags: - setup-all - setup-coturn diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index d24e43138..2a1af7310 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -15,7 +15,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Coturn image is pulled docker_image: @@ -23,7 +23,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" - when: "not matrix_coturn_container_image_self_build|bool" + when: "not matrix_coturn_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -50,7 +50,7 @@ dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_coturn_docker_src_files_path }}" pull: true - when: "matrix_coturn_container_image_self_build|bool" + when: "matrix_coturn_container_image_self_build | bool" - name: Ensure Coturn configuration path exists ansible.builtin.file: @@ -89,7 +89,7 @@ dest: "{{ matrix_systemd_path }}/{{ item }}" mode: 0644 register: "matrix_coturn_systemd_service_change_results" - when: "matrix_coturn_tls_enabled|bool" + when: "matrix_coturn_tls_enabled | bool" with_items: - matrix-coturn-reload.service - matrix-coturn-reload.timer @@ -100,7 +100,7 @@ path: "{{ item }}" state: absent register: "matrix_coturn_systemd_service_change_results" - when: "not matrix_coturn_tls_enabled|bool" + when: "not matrix_coturn_tls_enabled | bool" with_items: - matrix-coturn-reload.service - matrix-coturn-reload.timer diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/matrix-coturn/tasks/setup_uninstall.yml index b3d77e40c..5dd2788ef 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/matrix-coturn/tasks/setup_uninstall.yml @@ -1,10 +1,10 @@ --- - name: Check existence of matrix-coturn service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-coturn.service" register: matrix_coturn_service_stat - when: "not matrix_coturn_enabled|bool" + when: "not matrix_coturn_enabled | bool" - name: Ensure matrix-coturn is stopped ansible.builtin.service: @@ -12,7 +12,7 @@ state: stopped enabled: false daemon_reload: true - when: "matrix_coturn_service_stat.stat.exists|bool" + when: "matrix_coturn_service_stat.stat.exists | bool" - name: Ensure matrix-coturn-reload.timer is stopped ansible.builtin.service: @@ -21,7 +21,7 @@ enabled: false daemon_reload: true failed_when: false - when: "matrix_coturn_service_stat.stat.exists|bool" + when: "matrix_coturn_service_stat.stat.exists | bool" - name: Ensure systemd units don't exist ansible.builtin.file: @@ -36,7 +36,7 @@ - name: Ensure systemd reloaded after unit removal ansible.builtin.service: daemon_reload: true - when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool" + when: "matrix_coturn_systemd_unit_uninstallation_result.changed | bool" - name: Ensure Matrix coturn paths don't exist ansible.builtin.file: diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 450ae6324..d790fcc9f 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -167,8 +167,8 @@ matrix_dendrite_configuration_extension_yaml: | # system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ" # room_name: "Server Notices" -matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_extension_yaml|from_yaml if matrix_dendrite_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_extension_yaml | from_yaml if matrix_dendrite_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final Dendrite configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_dendrite_configuration_yaml`. -matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml|from_yaml|combine(matrix_dendrite_configuration_extension, recursive=True) }}" +matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml|combine(matrix_dendrite_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-dendrite/tasks/dendrite/setup.yml b/roles/matrix-dendrite/tasks/dendrite/setup.yml index f988d918f..1a8497294 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml" - when: matrix_dendrite_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml" + when: matrix_dendrite_enabled | bool -- import_tasks: "{{ role_path }}/tasks/dendrite/setup_uninstall.yml" - when: "not matrix_dendrite_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup_uninstall.yml" + when: "not matrix_dendrite_enabled | bool" diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index 47cf5513f..3052e1010 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -1,7 +1,7 @@ --- # This will throw a Permission Denied error if already mounted using fuse - name: Check Dendrite media store path - stat: + ansible.builtin.stat: path: "{{ matrix_dendrite_media_store_path }}" register: local_path_media_store_stat ignore_errors: true @@ -29,7 +29,7 @@ until: result is not failed - name: Check if a Dendrite signing key exists - stat: + ansible.builtin.stat: path: "{{ matrix_dendrite_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.pem" register: matrix_dendrite_signing_key_stat @@ -56,7 +56,7 @@ - name: Ensure Dendrite configuration installed ansible.builtin.copy: - content: "{{ matrix_dendrite_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_dendrite_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dendrite_config_dir_path }}/dendrite.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -72,7 +72,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_dendrite_systemd_service_result.changed|bool" + when: "matrix_dendrite_systemd_service_result.changed | bool" - name: Ensure matrix-dendrite-create-account script created ansible.builtin.template: diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index 881222561..b6d8cfaca 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-dendrite service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-dendrite.service" register: matrix_dendrite_service_stat diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/matrix-dendrite/tasks/init.yml index 20e34ef55..4ce641e9d 100644 --- a/roles/matrix-dendrite/tasks/init.yml +++ b/roles/matrix-dendrite/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}" - when: matrix_dendrite_enabled|bool + when: matrix_dendrite_enabled | bool diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/matrix-dendrite/tasks/main.yml index a08f45bdb..d14beb154 100644 --- a/roles/matrix-dendrite/tasks/main.yml +++ b/roles/matrix-dendrite/tasks/main.yml @@ -1,37 +1,37 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool tags: - setup-all - setup-dendrite -- import_tasks: "{{ role_path }}/tasks/setup_dendrite.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_dendrite.yml" + when: run_setup | bool tags: - setup-all - setup-dendrite -- import_tasks: "{{ role_path }}/tasks/register_user.yml" - when: run_dendrite_register_user|bool and matrix_dendrite_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml" + when: run_dendrite_register_user | bool and matrix_dendrite_enabled | bool tags: - register-user -- import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check|bool and matrix_dendrite_enabled|bool + when: run_self_check | bool and matrix_dendrite_enabled | bool tags: - self-check -- import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check|bool and matrix_dendrite_enabled|bool + when: run_self_check | bool and matrix_dendrite_enabled | bool tags: - self-check diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index e18af1383..d1ac111e6 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -17,7 +17,7 @@ register: start_result - name: Wait a while, so that Dendrite can manage to start - pause: + ansible.builtin.pause: seconds: 7 when: "start_result.changed" diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/matrix-dendrite/tasks/self_check_federation_api.yml index 0d817afeb..25b2871ce 100644 --- a/roles/matrix-dendrite/tasks/self_check_federation_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_federation_api.yml @@ -11,14 +11,14 @@ - name: Fail if Matrix Federation API not working ansible.builtin.fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_federation_api_url_endpoint_public }}`). Is Dendrite running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_dendrite_federation_api }}" - when: "matrix_dendrite_federation_enabled|bool and (result_matrix_dendrite_federation_api.failed or 'json' not in result_matrix_dendrite_federation_api)" + when: "matrix_dendrite_federation_enabled | bool and (result_matrix_dendrite_federation_api.failed or 'json' not in result_matrix_dendrite_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled ansible.builtin.fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_federation_api_url_endpoint_public }}`) despite being disabled." - when: "not matrix_dendrite_federation_enabled|bool and not result_matrix_dendrite_federation_api.failed" + when: "not matrix_dendrite_federation_enabled | bool and not result_matrix_dendrite_federation_api.failed" - name: Report working Matrix Federation API ansible.builtin.debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_dendrite_federation_api_url_endpoint_public }}`) is working" - when: "matrix_dendrite_federation_enabled|bool" + when: "matrix_dendrite_federation_enabled | bool" diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index 792e9c4f2..f74f08c2d 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -10,6 +10,6 @@ - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} - {path: "{{ matrix_dendrite_ext_path }}", when: true} - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true} - when: "matrix_dendrite_enabled|bool and item.when" + when: "matrix_dendrite_enabled | bool and item.when" -- import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/vars/main.yml b/roles/matrix-dendrite/vars/main.yml index 60d5f4eb5..d0c07c0cd 100644 --- a/roles/matrix-dendrite/vars/main.yml +++ b/roles/matrix-dendrite/vars/main.yml @@ -6,6 +6,6 @@ matrix_dendrite_federation_api_url_endpoint_public: "https://{{ matrix_server_fq matrix_dendrite_role_executed: false matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path|dirname }}" -matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path|basename }}" +matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path | basename }}" -matrix_dendrite_signing_key_file_name: "{{ matrix_dendrite_signing_key|basename }}" +matrix_dendrite_signing_key_file_name: "{{ matrix_dendrite_signing_key | basename }}" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 68bd79089..1af7f2933 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -93,8 +93,8 @@ matrix_dimension_configuration_extension_yaml: | # botToken: "YourTokenHere" # -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml | from_yaml if matrix_dimension_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final Dimension configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_dimension_configuration_yaml`. -matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml|from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}" +matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml | from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml index 4ee1bb0eb..c60a2fe2e 100644 --- a/roles/matrix-dimension/tasks/init.yml +++ b/roles/matrix-dimension/tasks/init.yml @@ -1,4 +1,4 @@ --- - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" - when: matrix_dimension_enabled|bool + when: matrix_dimension_enabled | bool diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml index c2f013993..6eef50d65 100644 --- a/roles/matrix-dimension/tasks/main.yml +++ b/roles/matrix-dimension/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool tags: - setup-all - setup-dimension -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup|bool and matrix_dimension_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: run_setup | bool and matrix_dimension_enabled | bool tags: - setup-all - setup-dimension -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup|bool and not matrix_dimension_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: run_setup | bool and not matrix_dimension_enabled | bool tags: - setup-all - setup-dimension diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 01bab7cf5..c5456174f 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -5,7 +5,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_dimension_sqlite_database_path_local }}" register: matrix_dimension_sqlite_database_path_local_stat_result @@ -53,7 +53,7 @@ matrix_postgres_db_migration_request: src: "{{ matrix_dimension_sqlite_database_path_local }}" dst: "{{ matrix_dimension_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_dimension_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-dimension.service'] @@ -61,11 +61,11 @@ additional_psql_statements_list: "{{ matrix_dimension_pgloader_additional_psql_statements_list }}" additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}" - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_dimension_requires_restart: true - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_dimension_database_engine == 'postgres'" - name: Ensure Dimension base path exists @@ -78,7 +78,7 @@ - name: Ensure Dimension config installed ansible.builtin.copy: - content: "{{ matrix_dimension_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_dimension_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dimension_base_path }}/config.yaml" mode: 0640 owner: "{{ matrix_user_username }}" @@ -90,7 +90,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" - when: "not matrix_dimension_container_image_self_build|bool" + when: "not matrix_dimension_container_image_self_build | bool" register: matrix_dimension_pull_results retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -104,7 +104,7 @@ force: "yes" become: true become_user: "{{ matrix_user_username }}" - when: "matrix_dimension_container_image_self_build|bool" + when: "matrix_dimension_container_image_self_build | bool" register: matrix_dimension_git_pull_results - name: Ensure Dimension Docker image is built @@ -117,7 +117,7 @@ dockerfile: Dockerfile path: "{{ matrix_dimension_docker_src_files_path }}" pull: true - when: "matrix_dimension_container_image_self_build|bool" + when: "matrix_dimension_container_image_self_build | bool" - name: Ensure matrix-dimension.service installed ansible.builtin.template: @@ -129,10 +129,10 @@ - name: Ensure systemd reloaded after matrix-dimension.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_dimension_systemd_service_result.changed|bool" + when: "matrix_dimension_systemd_service_result.changed | bool" - name: Ensure matrix-dimension.service restarted, if necessary ansible.builtin.service: name: "matrix-dimension.service" state: restarted - when: "matrix_dimension_requires_restart|bool" + when: "matrix_dimension_requires_restart | bool" diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml index 5a1818930..3e2026a11 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/matrix-dimension/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-dimension service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-dimension.service" register: matrix_dimension_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_dimension_service_stat.stat.exists|bool" + when: "matrix_dimension_service_stat.stat.exists | bool" - name: Ensure matrix-dimension.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-dimension.service" state: absent - when: "matrix_dimension_service_stat.stat.exists|bool" + when: "matrix_dimension_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-dimension.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_dimension_service_stat.stat.exists|bool" + when: "matrix_dimension_service_stat.stat.exists | bool" - name: Ensure Dimension base directory doesn't exist ansible.builtin.file: diff --git a/roles/matrix-dimension/vars/main.yml b/roles/matrix-dimension/vars/main.yml index 131024cc2..0415989fa 100644 --- a/roles/matrix-dimension/vars/main.yml +++ b/roles/matrix-dimension/vars/main.yml @@ -2,4 +2,4 @@ # Doing `|from_yaml` when the extension contains nothing yields an empty string (""). # We need to ensure it's a dictionary or `|combine` (when building `matrix_dimension_configuration`) will fail later. -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" +matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml | from_yaml if matrix_dimension_configuration_extension_yaml | from_yaml else {} }}" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index 2604270e2..1cd6170e3 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -8,4 +8,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}" - when: "matrix_dynamic_dns_enabled|bool" + when: "matrix_dynamic_dns_enabled | bool" diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index 664f18545..8c7f3fc79 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -6,7 +6,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" - when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build + when: matrix_dynamic_dns_enabled | bool and not matrix_dynamic_dns_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -23,7 +23,7 @@ - {path: "{{ matrix_dynamic_dns_base_path }}", when: true} - {path: "{{ matrix_dynamic_dns_config_path }}", when: true} - {path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}"} - when: matrix_dynamic_dns_enabled|bool and item.when|bool + when: matrix_dynamic_dns_enabled | bool and item.when | bool - name: Ensure Dynamic DNS repository is present on self build ansible.builtin.git: @@ -33,7 +33,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_dynamic_dns_git_pull_results - when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" + when: "matrix_dynamic_dns_enabled | bool and matrix_dynamic_dns_container_image_self_build | bool" - name: Ensure Dynamic DNS Docker image is built docker_image: @@ -45,7 +45,7 @@ dockerfile: Dockerfile path: "{{ matrix_dynamic_dns_docker_src_files_path }}" pull: true - when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" + when: "matrix_dynamic_dns_enabled | bool and matrix_dynamic_dns_container_image_self_build | bool" - name: Ensure Dynamic DNS ddclient.conf installed ansible.builtin.template: diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/matrix-dynamic-dns/tasks/main.yml index 8b8b306c3..2f33af86e 100644 --- a/roles/matrix-dynamic-dns/tasks/main.yml +++ b/roles/matrix-dynamic-dns/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_dynamic_dns_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_dynamic_dns_enabled | bool" tags: - setup-all - setup-dynamic-dns -- import_tasks: "{{ role_path }}/tasks/install.yml" - when: "run_setup|bool and matrix_dynamic_dns_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/install.yml" + when: "run_setup | bool and matrix_dynamic_dns_enabled | bool" tags: - setup-all - setup-dynamic-dns -- import_tasks: "{{ role_path }}/tasks/uninstall.yml" - when: "run_setup|bool and not matrix_dynamic_dns_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/uninstall.yml" + when: "run_setup | bool and not matrix_dynamic_dns_enabled | bool" tags: - setup-all - setup-dynamic-dns diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml index 1583344d0..5e6b429cf 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-dynamic-dns service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" register: matrix_dynamic_dns_service_stat diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml index 5e81b40ab..02dbc9ee3 100644 --- a/roles/matrix-email2matrix/tasks/init.yml +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" - when: matrix_email2matrix_enabled|bool + when: matrix_email2matrix_enabled | bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml index 35bda4fa8..3adbc6466 100644 --- a/roles/matrix-email2matrix/tasks/main.yml +++ b/roles/matrix-email2matrix/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_email2matrix_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_email2matrix_enabled | bool" tags: - setup-all - setup-email2matrix -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_email2matrix_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_email2matrix_enabled | bool" tags: - setup-all - setup-email2matrix -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_email2matrix_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_email2matrix_enabled | bool" tags: - setup-all - setup-email2matrix diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 3828e36e9..2a782a1a8 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -11,7 +11,7 @@ - {path: "{{ matrix_email2matrix_base_path }}", when: true} - {path: "{{ matrix_email2matrix_config_dir_path }}", when: true} - {path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure Email2Matrix configuration file created ansible.builtin.template: @@ -27,7 +27,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" - when: "not matrix_email2matrix_container_image_self_build|bool" + when: "not matrix_email2matrix_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -42,7 +42,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_email2matrix_git_pull_results - when: "matrix_email2matrix_container_image_self_build|bool" + when: "matrix_email2matrix_container_image_self_build | bool" - name: Ensure Email2Matrix Docker image is built docker_image: @@ -54,7 +54,7 @@ dockerfile: etc/docker/Dockerfile path: "{{ matrix_email2matrix_docker_src_files_path }}" pull: true - when: "matrix_email2matrix_container_image_self_build|bool" + when: "matrix_email2matrix_container_image_self_build | bool" - name: Ensure matrix-email2matrix.service installed ansible.builtin.template: @@ -66,4 +66,4 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_email2matrix_systemd_service_result.changed|bool" + when: "matrix_email2matrix_systemd_service_result.changed | bool" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml index 4b76adcc3..a713a65ad 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/matrix-email2matrix/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-email2matrix service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" register: matrix_email2matrix_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_email2matrix_service_stat.stat.exists|bool" + when: "matrix_email2matrix_service_stat.stat.exists | bool" - name: Ensure matrix-email2matrix.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" state: absent - when: "matrix_email2matrix_service_stat.stat.exists|bool" + when: "matrix_email2matrix_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-email2matrix.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_email2matrix_service_stat.stat.exists|bool" + when: "matrix_email2matrix_service_stat.stat.exists | bool" - name: Ensure Email2Matrix data path doesn't exist ansible.builtin.file: diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index a3cda0686..e16b78dd6 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -2,7 +2,7 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" - when: matrix_etherpad_enabled|bool + when: matrix_etherpad_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -12,7 +12,7 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Etherpad proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: @@ -20,7 +20,7 @@ rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; proxy_pass http://matrix-etherpad:9001/; @@ -45,13 +45,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([]) + [matrix_etherpad_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_etherpad_enabled|bool + when: matrix_etherpad_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -61,4 +61,4 @@ Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}` URL endpoint to the matrix-etherpad container. You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable. - when: "matrix_etherpad_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_etherpad_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/matrix-etherpad/tasks/main.yml index bf59d838c..b1c8ab557 100644 --- a/roles/matrix-etherpad/tasks/main.yml +++ b/roles/matrix-etherpad/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup|bool and matrix_etherpad_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: run_setup | bool and matrix_etherpad_enabled | bool tags: - setup-all - setup-etherpad -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup|bool and not matrix_etherpad_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: run_setup | bool and not matrix_etherpad_enabled | bool tags: - setup-all - setup-etherpad -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool and matrix_etherpad_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool and matrix_etherpad_enabled | bool tags: - setup-all - setup-etherpad diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index d11545a50..e3b1397fb 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -37,4 +37,4 @@ - name: Ensure systemd reloaded after matrix-etherpad.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_etherpad_systemd_service_result.changed|bool" + when: "matrix_etherpad_systemd_service_result.changed | bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml index b72b70bc9..38697366c 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-etherpad service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-etherpad.service" register: matrix_etherpad_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_etherpad_service_stat.stat.exists|bool" + when: "matrix_etherpad_service_stat.stat.exists | bool" - name: Ensure matrix-etherpad.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-etherpad.service" state: absent - when: "matrix_etherpad_service_stat.stat.exists|bool" + when: "matrix_etherpad_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-etherpad.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_etherpad_service_stat.stat.exists|bool" + when: "matrix_etherpad_service_stat.stat.exists | bool" - name: Ensure Etherpad base directory doesn't exist ansible.builtin.file: diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml index 07194d65c..bf78c36fc 100644 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ b/roles/matrix-etherpad/tasks/validate_config.yml @@ -4,7 +4,7 @@ ansible.builtin.fail: msg: >- To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true - when: "not matrix_dimension_enabled|bool" + when: "not matrix_dimension_enabled | bool" - name: Fail if no database is configured for Etherpad ansible.builtin.fail: diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/matrix-grafana/tasks/init.yml index e01743b7b..7b363ee77 100644 --- a/roles/matrix-grafana/tasks/init.yml +++ b/roles/matrix-grafana/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/matrix-grafana/tasks/main.yml index c93fd5002..34a3f415b 100644 --- a/roles/matrix-grafana/tasks/main.yml +++ b/roles/matrix-grafana/tasks/main.yml @@ -1,16 +1,16 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_grafana_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_grafana_enabled | bool" tags: - setup-all - setup-grafana -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" tags: - setup-all - setup-grafana diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index da25db594..591c02224 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -10,7 +10,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" - when: "matrix_grafana_enabled|bool" + when: "matrix_grafana_enabled | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -31,7 +31,7 @@ - "{{ matrix_grafana_config_path }}/provisioning/dashboards" - "{{ matrix_grafana_config_path }}/dashboards" - "{{ matrix_grafana_data_path }}" - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool - name: Ensure grafana.ini present ansible.builtin.template: @@ -40,7 +40,7 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool - name: Ensure provisioning/datasources/default.yaml present ansible.builtin.template: @@ -49,7 +49,7 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool - name: Ensure provisioning/dashboards/default.yaml present ansible.builtin.template: @@ -58,7 +58,7 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool - name: Ensure dashboard(s) downloaded ansible.builtin.get_url: @@ -69,7 +69,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool register: result retries: "{{ matrix_geturl_retries_count }}" delay: "{{ matrix_geturl_retries_delay }}" @@ -81,19 +81,19 @@ dest: "{{ matrix_systemd_path }}/matrix-grafana.service" mode: 0644 register: matrix_grafana_systemd_service_result - when: matrix_grafana_enabled|bool + when: matrix_grafana_enabled | bool - name: Ensure systemd reloaded after matrix-grafana.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed" + when: "matrix_grafana_enabled | bool and matrix_grafana_systemd_service_result.changed" # # Tasks related to getting rid of matrix-grafana (if it was previously enabled) # - name: Check existence of matrix-grafana service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-grafana.service" register: matrix_grafana_service_stat @@ -104,15 +104,15 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" + when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" - name: Ensure matrix-grafana.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-grafana.service" state: absent - when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" + when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-grafana.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" + when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index 9a64ac63c..8606c4b3e 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -2,9 +2,9 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Fail if on an unsupported architecture ansible.builtin.fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] + when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64'] diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml index fe9da205b..7da6ebf95 100644 --- a/roles/matrix-jitsi/tasks/main.yml +++ b/roles/matrix-jitsi/tasks/main.yml @@ -1,41 +1,41 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_jitsi_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_jitsi_enabled | bool" tags: - setup-all - setup-jitsi -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" + when: run_setup | bool tags: - setup-all - setup-jitsi -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" + when: run_setup | bool tags: - setup-all - setup-jitsi -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" + when: run_setup | bool tags: - setup-all - setup-jitsi -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" + when: run_setup | bool tags: - setup-all - setup-jitsi -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" + when: run_setup | bool tags: - setup-all - setup-jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml index a945450ec..a91949e11 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" # # Tasks related to setting up jitsi @@ -15,7 +15,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_jitsi_base_path }}", when: true} - when: matrix_jitsi_enabled|bool and item.when + when: matrix_jitsi_enabled | bool and item.when # # Tasks related to getting rid of jitsi (if it was previously enabled) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 98569a136..8b2ec6a7a 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -14,7 +14,7 @@ with_items: - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true} - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true} - when: matrix_jitsi_enabled|bool and item.when + when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-jicofo Docker image is pulled docker_image: @@ -22,7 +22,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -35,7 +35,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0640 - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure jitsi-jicofo configuration files created ansible.builtin.template: @@ -47,7 +47,7 @@ with_items: - sip-communicator.properties - logging.properties - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-jicofo.service installed ansible.builtin.template: @@ -55,7 +55,7 @@ dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" mode: 0644 register: matrix_jitsi_jicofo_systemd_service_result - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation ansible.builtin.service: @@ -67,10 +67,10 @@ # - name: Check existence of matrix-jitsi-jicofo service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" register: matrix_jitsi_jicofo_service_stat - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" - name: Ensure matrix-jitsi-jicofo is stopped ansible.builtin.service: @@ -79,24 +79,24 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure matrix-jitsi-jicofo.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure Matrix jitsi-jicofo paths doesn't exist ansible.builtin.file: path: "{{ matrix_jitsi_jicofo_base_path }}" state: absent - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 94425dc55..cdb94ebdd 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -14,7 +14,7 @@ with_items: - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true} - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true} - when: matrix_jitsi_enabled|bool and item.when + when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-jvb Docker image is pulled docker_image: @@ -22,7 +22,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -38,7 +38,7 @@ with_items: - custom-sip-communicator.properties - logging.properties - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure jitsi-jvb environment variables file created ansible.builtin.template: @@ -47,7 +47,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0640 - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-jvb.service installed ansible.builtin.template: @@ -55,7 +55,7 @@ dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" mode: 0644 register: matrix_jitsi_jvb_systemd_service_result - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation ansible.builtin.service: @@ -67,10 +67,10 @@ # - name: Check existence of matrix-jitsi-jvb service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" register: matrix_jitsi_jvb_service_stat - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" - name: Ensure matrix-jitsi-jvb is stopped ansible.builtin.service: @@ -79,24 +79,24 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure matrix-jitsi-jvb.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure Matrix jitsi-jvb paths doesn't exist ansible.builtin.file: path: "{{ matrix_jitsi_jvb_base_path }}" state: absent - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 17122231b..92715e6b7 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -15,7 +15,7 @@ - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true} - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true} - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true} - when: matrix_jitsi_enabled|bool and item.when + when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-prosody Docker image is pulled docker_image: @@ -23,7 +23,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -36,7 +36,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0640 - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-prosody.service file is installed ansible.builtin.template: @@ -44,7 +44,7 @@ dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" mode: 0644 register: matrix_jitsi_prosody_systemd_service_result - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation ansible.builtin.service: @@ -52,11 +52,11 @@ when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - name: Ensure authentication is properly configured - include_tasks: + ansible.builtin.include_tasks: ansible.builtin.file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" when: - - matrix_jitsi_enabled|bool - - matrix_jitsi_enable_auth|bool + - matrix_jitsi_enabled | bool + - matrix_jitsi_enable_auth | bool # @@ -64,10 +64,10 @@ # - name: Ensure matrix-jitsi-prosody.service file exists - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" register: matrix_jitsi_prosody_service_stat - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" - name: Ensure matrix-jitsi-prosody is stopped ansible.builtin.service: @@ -76,24 +76,24 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure matrix-jitsi-prosody.service file doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure Matrix jitsi-prosody paths doesn't exist ansible.builtin.file: path: "{{ matrix_jitsi_prosody_base_path }}" state: absent - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 586f703a9..1c7daa4b9 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -16,7 +16,7 @@ - {path: "{{ matrix_jitsi_web_config_path }}", when: true} - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true} - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true} - when: matrix_jitsi_enabled|bool and item.when + when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-web Docker image is pulled docker_image: @@ -24,7 +24,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -37,7 +37,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0640 - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure jitsi-web configuration files created ansible.builtin.template: @@ -49,7 +49,7 @@ with_items: - custom-config.js - custom-interface_config.js - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-web.service installed ansible.builtin.template: @@ -57,7 +57,7 @@ dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" mode: 0644 register: matrix_jitsi_web_systemd_service_result - when: matrix_jitsi_enabled|bool + when: matrix_jitsi_enabled | bool - name: Ensure systemd reloaded after matrix-jitsi-web.service installation ansible.builtin.service: @@ -69,10 +69,10 @@ # - name: Check existence of matrix-jitsi-web service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" register: matrix_jitsi_web_service_stat - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" - name: Ensure matrix-jitsi-web is stopped ansible.builtin.service: @@ -81,24 +81,24 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure matrix-jitsi-web.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-jitsi-web.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure Matrix jitsi-web paths doesn't exist ansible.builtin.file: path: "{{ matrix_jitsi_web_base_path }}" state: absent - when: "not matrix_jitsi_enabled|bool" + when: "not matrix_jitsi_enabled | bool" # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 5176a7c03..8c25fa3a4 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -36,4 +36,4 @@ ansible.builtin.systemd: state: stopped name: matrix-jitsi-prosody - when: matrix_jitsi_prosody_start_result.changed|bool + when: matrix_jitsi_prosody_start_result.changed | bool diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml index 5655ea45d..df87b7589 100644 --- a/roles/matrix-jitsi/tasks/validate_config.yml +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -27,7 +27,7 @@ If you're setting up Jitsi for the first time, you may have missed a step. Refer to our setup instructions (docs/configuring-playbook-jitsi.md). when: - - matrix_jitsi_enable_auth|bool + - matrix_jitsi_enable_auth | bool - matrix_jitsi_auth_type == 'internal' - matrix_jitsi_prosody_auth_internal_accounts|length == 0 diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 19aaf189a..b62225e72 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -156,8 +156,8 @@ matrix_ma1sd_configuration_extension_yaml: | # bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org # bindPassword: TheUserPassword -matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml | from_yaml if matrix_ma1sd_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final ma1sd configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`. -matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml|from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}" +matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml | from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index f3059bb48..1d425006f 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -4,8 +4,8 @@ - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled|bool" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled | bool" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}" - when: matrix_ma1sd_enabled|bool + when: matrix_ma1sd_enabled | bool diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/matrix-ma1sd/tasks/main.yml index 2902c05d9..f55e7891c 100644 --- a/roles/matrix-ma1sd/tasks/main.yml +++ b/roles/matrix-ma1sd/tasks/main.yml @@ -1,30 +1,30 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_ma1sd_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_ma1sd_enabled | bool" tags: - setup-all - setup-ma1sd -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_ma1sd_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_ma1sd_enabled | bool" tags: - setup-all - setup-ma1sd -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_ma1sd_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_ma1sd_enabled | bool" tags: - setup-all - setup-ma1sd -- import_tasks: "{{ role_path }}/tasks/self_check_ma1sd.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_ma1sd.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check|bool and matrix_ma1sd_enabled|bool" + when: "run_self_check | bool and matrix_ma1sd_enabled | bool" tags: - self-check diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index 36ca89599..f80af0fd5 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -3,7 +3,7 @@ # This task is for migrating existing mxisd data when transitioning to the ma1sd fork. - name: Check for existent mxisd data - stat: + ansible.builtin.stat: path: "{{ matrix_base_data_path }}/mxisd/data" register: ma1sd_migrate_mxisd_data_dir_stat @@ -15,7 +15,7 @@ when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Check existence of old matrix-mxisd service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mxisd.service" register: matrix_mxisd_service_stat @@ -28,7 +28,7 @@ when: "matrix_mxisd_service_stat.stat.exists" - name: Check existence of matrix-ma1sd service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" @@ -47,7 +47,7 @@ ansible.builtin.command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - name: Check existence of mxisd.db file - stat: + ansible.builtin.stat: path: "{{ matrix_ma1sd_data_path }}/mxisd.db" register: matrix_ma1sd_mxisd_db_stat diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 2233067aa..3995da244 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -11,9 +11,9 @@ - {path: "{{ matrix_ma1sd_config_path }}", when: true} - {path: "{{ matrix_ma1sd_data_path }}", when: true} - {path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" -- import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" # These (SQLite -> Postgres) migration tasks are usually at the top, @@ -23,7 +23,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_ma1sd_sqlite_database_path_local }}" register: matrix_ma1sd_sqlite_database_path_local_stat_result @@ -32,17 +32,17 @@ matrix_postgres_db_migration_request: src: "{{ matrix_ma1sd_sqlite_database_path_local }}" dst: "{{ matrix_ma1sd_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_ma1sd_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-ma1sd.service'] pgloader_options: ['--with "quote identifiers"'] - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: true - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_ma1sd_database_engine == 'postgres'" - name: Ensure ma1sd image is pulled @@ -51,7 +51,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" - when: "not matrix_ma1sd_container_image_self_build|bool" + when: "not matrix_ma1sd_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -107,11 +107,11 @@ repository: "{{ matrix_ma1sd_docker_image }}" force_tag: true source: local - when: "matrix_ma1sd_container_image_self_build|bool" + when: "matrix_ma1sd_container_image_self_build | bool" - name: Ensure ma1sd config installed ansible.builtin.copy: - content: "{{ matrix_ma1sd_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_ma1sd_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_ma1sd_config_path }}/ma1sd.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -127,7 +127,7 @@ with_items: - {value: "{{ matrix_ma1sd_view_session_custom_onTokenSubmit_success_template }}", location: 'tokenSubmitSuccess.html'} - {value: "{{ matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template }}", location: 'tokenSubmitFailure.html'} - when: "matrix_ma1sd_view_session_custom_templates_enabled|bool and item.value" + when: "matrix_ma1sd_view_session_custom_templates_enabled | bool and item.value" - name: Ensure custom email templates are installed, if any ansible.builtin.copy: @@ -141,7 +141,7 @@ - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'} - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template }}", location: 'unbind-notification.eml'} - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'} - when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value" + when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled | bool and item.value" # Only cleaning up for people who define the respective templates - name: (Cleanup) Ensure custom email templates are not in data/ anymore (we've put them in config/) @@ -153,7 +153,7 @@ - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'} - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template }}", location: 'unbind-notification.eml'} - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'} - when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value" + when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled | bool and item.value" - name: Ensure matrix-ma1sd.service installed ansible.builtin.template: @@ -165,10 +165,10 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_ma1sd_systemd_service_result.changed|bool" + when: "matrix_ma1sd_systemd_service_result.changed | bool" - name: Ensure matrix-ma1sd.service restarted, if necessary ansible.builtin.service: name: "matrix-ma1sd.service" state: restarted - when: "matrix_ma1sd_requires_restart|bool" + when: "matrix_ma1sd_requires_restart | bool" diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml index d50cd6137..2bc505b0f 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-ma1sd service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_ma1sd_service_stat.stat.exists|bool" + when: "matrix_ma1sd_service_stat.stat.exists | bool" - name: Ensure matrix-ma1sd.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" state: absent - when: "matrix_ma1sd_service_stat.stat.exists|bool" + when: "matrix_ma1sd_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-ma1sd.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_ma1sd_service_stat.stat.exists|bool" + when: "matrix_ma1sd_service_stat.stat.exists | bool" - name: Ensure Matrix ma1sd paths don't exist ansible.builtin.file: diff --git a/roles/matrix-ma1sd/vars/main.yml b/roles/matrix-ma1sd/vars/main.yml index b6c97a593..3adc735e9 100644 --- a/roles/matrix-ma1sd/vars/main.yml +++ b/roles/matrix-ma1sd/vars/main.yml @@ -2,4 +2,4 @@ # Doing `|from_yaml` when the extension contains nothing yields an empty string (""). # We need to ensure it's a dictionary or `|combine` (when building `matrix_ma1sd_configuration`) will fail later. -matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml else {} }}" +matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml | from_yaml if matrix_ma1sd_configuration_extension_yaml | from_yaml else {} }}" diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index c0afe9622..e83902d7a 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -8,4 +8,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}" - when: matrix_mailer_enabled|bool + when: matrix_mailer_enabled | bool diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/matrix-mailer/tasks/main.yml index c69dad201..e49ff26d6 100644 --- a/roles/matrix-mailer/tasks/main.yml +++ b/roles/matrix-mailer/tasks/main.yml @@ -1,11 +1,11 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup_mailer.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_mailer.yml" + when: run_setup | bool tags: - setup-all - setup-mailer diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index aa1e725a3..2ab39df5d 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -14,14 +14,14 @@ with_items: - {path: "{{ matrix_mailer_base_path }}", when: true} - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"} - when: "matrix_mailer_enabled|bool and item.when" + when: "matrix_mailer_enabled | bool and item.when" - name: Ensure mailer environment variables file created ansible.builtin.template: src: "{{ role_path }}/templates/env-mailer.j2" dest: "{{ matrix_mailer_base_path }}/env-mailer" mode: 0640 - when: matrix_mailer_enabled|bool + when: matrix_mailer_enabled | bool - name: Ensure exim-relay repository is present on self-build ansible.builtin.git: @@ -32,7 +32,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mailer_git_pull_results - when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" + when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" - name: Ensure exim-relay Docker image is built docker_image: @@ -44,7 +44,7 @@ dockerfile: Dockerfile path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" pull: true - when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" + when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" - name: Ensure exim-relay image is pulled docker_image: @@ -52,7 +52,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" - when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" + when: "matrix_mailer_enabled | bool and not matrix_mailer_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -64,22 +64,22 @@ dest: "{{ matrix_systemd_path }}/matrix-mailer.service" mode: 0644 register: matrix_mailer_systemd_service_result - when: matrix_mailer_enabled|bool + when: matrix_mailer_enabled | bool - name: Ensure systemd reloaded after matrix-mailer.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed" + when: "matrix_mailer_enabled | bool and matrix_mailer_systemd_service_result.changed" # # Tasks related to getting rid of the mailer (if it was previously enabled) # - name: Check existence of matrix-mailer service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-mailer.service" register: matrix_mailer_service_stat - when: "not matrix_mailer_enabled|bool" + when: "not matrix_mailer_enabled | bool" - name: Ensure matrix-mailer is stopped ansible.builtin.service: @@ -88,27 +88,27 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" + when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" - name: Ensure matrix-mailer.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-mailer.service" state: absent - when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" + when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mailer.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" + when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" - name: Ensure Matrix mailer environment variables path doesn't exist ansible.builtin.file: path: "{{ matrix_mailer_base_path }}" state: absent - when: "not matrix_mailer_enabled|bool" + when: "not matrix_mailer_enabled | bool" - name: Ensure mailer Docker image doesn't exist docker_image: name: "{{ matrix_mailer_docker_image }}" state: absent - when: "not matrix_mailer_enabled|bool" + when: "not matrix_mailer_enabled | bool" diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml index 3f31470c1..eb4249cb8 100644 --- a/roles/matrix-nginx-proxy/tasks/init.yml +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -1,9 +1,9 @@ --- - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}" - when: matrix_nginx_proxy_enabled|bool + when: matrix_nginx_proxy_enabled | bool - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}" - when: "item.applicable|bool and item.enableable|bool" + when: "item.applicable | bool and item.enableable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml index 066e62d35..9c34d1f56 100644 --- a/roles/matrix-nginx-proxy/tasks/main.yml +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -1,34 +1,34 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always # Always validating the configuration, even if `matrix_nginx_proxy: false`. # This role performs actions even if the role is disabled, so we need # to ensure there's a valid configuration in any case. -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool tags: - setup-all - setup-nginx-proxy -- import_tasks: "{{ role_path }}/tasks/ssl/main.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/main.yml" + when: run_setup | bool tags: - setup-all - setup-nginx-proxy - setup-ssl -- import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml" + when: run_setup | bool tags: - setup-all - setup-nginx-proxy -- import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check|bool + when: run_self_check | bool tags: - self-check diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml index ad53084d0..2a5042d5a 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml @@ -21,10 +21,10 @@ - name: Determine domains that we require certificates for (ma1sd) ansible.builtin.set_fact: well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}" - when: matrix_well_known_matrix_server_enabled|bool + when: matrix_well_known_matrix_server_enabled | bool - name: Perform well-known checks - include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml" with_items: "{{ well_known_file_checks }}" loop_control: loop_var: well_known_file_check diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 7a71c739e..e2d3c36e8 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -22,128 +22,128 @@ - {path: "{{ matrix_nginx_proxy_data_path }}", when: true} - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true} - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"} - when: item.when|bool + when: item.when | bool - name: Ensure Matrix nginx-proxy configured (main config override) ansible.builtin.template: src: "{{ role_path }}/templates/nginx/nginx.conf.j2" dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf" mode: 0644 - when: matrix_nginx_proxy_enabled|bool + when: matrix_nginx_proxy_enabled | bool - name: Setup metrics - include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" - when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" + when: matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool - name: Ensure Matrix nginx-proxy configured (generic) ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf" mode: 0644 - when: matrix_nginx_proxy_enabled|bool + when: matrix_nginx_proxy_enabled | bool - name: Ensure Matrix nginx-proxy configuration for matrix-synapse exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_synapse_enabled|bool + when: matrix_nginx_proxy_proxy_synapse_enabled | bool - name: Ensure Matrix nginx-proxy configuration for matrix-synapse deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_enabled|bool" + when: "not matrix_nginx_proxy_proxy_synapse_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for matrix-dendrite exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dendrite.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_dendrite_enabled|bool + when: matrix_nginx_proxy_proxy_dendrite_enabled | bool - name: Ensure Matrix nginx-proxy configuration for matrix-dendrite deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf" state: absent - when: "not matrix_nginx_proxy_proxy_dendrite_enabled|bool" + when: "not matrix_nginx_proxy_proxy_dendrite_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for Element domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_element_enabled|bool + when: matrix_nginx_proxy_proxy_element_enabled | bool - name: Ensure Matrix nginx-proxy configuration for riot domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool + when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_hydrogen_enabled|bool + when: matrix_nginx_proxy_proxy_hydrogen_enabled | bool - name: Ensure Matrix nginx-proxy configuration for Cinny domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-cinny.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_cinny_enabled|bool + when: matrix_nginx_proxy_proxy_cinny_enabled | bool - name: Ensure Matrix nginx-proxy configuration for buscarron domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_buscarron_enabled|bool + when: matrix_nginx_proxy_proxy_buscarron_enabled | bool - name: Ensure Matrix nginx-proxy configuration for dimension domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_dimension_enabled|bool + when: matrix_nginx_proxy_proxy_dimension_enabled | bool - name: Ensure Matrix nginx-proxy configuration for goneb domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool + when: matrix_nginx_proxy_proxy_bot_go_neb_enabled | bool - name: Ensure Matrix nginx-proxy configuration for jitsi domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_jitsi_enabled|bool + when: matrix_nginx_proxy_proxy_jitsi_enabled | bool - name: Ensure Matrix nginx-proxy configuration for grafana domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-grafana.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_grafana_enabled|bool + when: matrix_nginx_proxy_proxy_grafana_enabled | bool - name: Ensure Matrix nginx-proxy configuration for sygnal domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_sygnal_enabled|bool + when: matrix_nginx_proxy_proxy_sygnal_enabled | bool - name: Ensure Matrix nginx-proxy configuration for ntfy domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" mode: 0644 - when: matrix_nginx_proxy_proxy_ntfy_enabled|bool + when: matrix_nginx_proxy_proxy_ntfy_enabled | bool - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists ansible.builtin.template: @@ -158,7 +158,7 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool + when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool - name: Ensure Matrix nginx-proxy homepage for base domain exists ansible.builtin.copy: @@ -167,14 +167,14 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool + when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_homepage_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool - name: Ensure Matrix nginx-proxy configuration for base domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-base-domain.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf" mode: 0644 - when: matrix_nginx_proxy_base_domain_serving_enabled|bool + when: matrix_nginx_proxy_base_domain_serving_enabled | bool # # Tasks related to setting up matrix-nginx-proxy @@ -185,7 +185,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" - when: matrix_nginx_proxy_enabled|bool + when: matrix_nginx_proxy_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -197,7 +197,7 @@ dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 register: matrix_nginx_proxy_systemd_service_result - when: matrix_nginx_proxy_enabled|bool + when: matrix_nginx_proxy_enabled | bool - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation ansible.builtin.service: @@ -210,10 +210,10 @@ # - name: Check existence of matrix-nginx-proxy service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" register: matrix_nginx_proxy_service_stat - when: "not matrix_nginx_proxy_enabled|bool" + when: "not matrix_nginx_proxy_enabled | bool" - name: Ensure matrix-nginx-proxy is stopped ansible.builtin.service: @@ -222,102 +222,102 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" + when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure matrix-nginx-proxy.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" state: absent - when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" + when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" + when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf" state: absent - when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool" + when: "not matrix_nginx_proxy_proxy_matrix_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for riot domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf" state: absent - when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool" + when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf" state: absent - when: "not matrix_nginx_proxy_proxy_hydrogen_enabled|bool" + when: "not matrix_nginx_proxy_proxy_hydrogen_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for Cinny domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf" state: absent - when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool" + when: "not matrix_nginx_proxy_proxy_cinny_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" state: absent - when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool" + when: "not matrix_nginx_proxy_proxy_buscarron_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" state: absent - when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" + when: "not matrix_nginx_proxy_proxy_dimension_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for goneb domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" state: absent - when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool" + when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" state: absent - when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool" + when: "not matrix_nginx_proxy_proxy_jitsi_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for grafana domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf" state: absent - when: "not matrix_nginx_proxy_proxy_grafana_enabled|bool" + when: "not matrix_nginx_proxy_proxy_grafana_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf" state: absent - when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool" + when: "not matrix_nginx_proxy_proxy_sygnal_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" state: absent - when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool" + when: "not matrix_nginx_proxy_proxy_ntfy_enabled | bool" - name: Ensure Matrix nginx-proxy homepage for base domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" state: absent - when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool" + when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for base domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf" state: absent - when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool" + when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool" - name: Ensure Matrix nginx-proxy configuration for main config override deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf" state: absent - when: "not matrix_nginx_proxy_enabled|bool" + when: "not matrix_nginx_proxy_enabled | bool" - name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI) ansible.builtin.file: @@ -334,4 +334,4 @@ ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" state: absent - when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool" + when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml index d6a2627bb..0fa735b4a 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -29,8 +29,8 @@ # Method specific tasks follow -- import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml +- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml -- import_tasks: tasks/ssl/setup_ssl_self_signed.yml +- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_self_signed.yml -- import_tasks: tasks/ssl/setup_ssl_manually_managed.yml +- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_manually_managed.yml diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 46be689ca..0e5339a9a 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -25,7 +25,7 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}" - name: Obtain Let's Encrypt certificates - include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" loop_control: loop_var: domain_name @@ -41,7 +41,7 @@ src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2" dest: "{{ matrix_systemd_path }}/{{ item.name }}" mode: 0644 - when: "item.applicable|bool" + when: "item.applicable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" @@ -54,7 +54,7 @@ ansible.builtin.file: path: "{{ matrix_systemd_path }}/{{ item.name }}" state: absent - when: "not item.applicable|bool" + when: "not item.applicable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" - name: Ensure Let's Encrypt SSL renewal script removed diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 02a137f3f..18cae090e 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -6,7 +6,7 @@ domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem" - name: Check if a certificate for the domain already exists - stat: + ansible.builtin.stat: path: "{{ domain_name_certificate_path }}" register: domain_name_certificate_path_stat @@ -21,10 +21,10 @@ register: matrix_ssl_pre_obtaining_required_service_start_result - name: Wait some time, so that the required service for obtaining can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" - when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" - when: "domain_name_needs_cert|bool and matrix_ssl_pre_obtaining_required_service_name != ''" + when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool" + when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''" # This will fail if there is something running on port 80 (like matrix-nginx-proxy). # We suppress the error, as we'll try another method below. @@ -51,7 +51,7 @@ --agree-tos --email={{ matrix_ssl_lets_encrypt_support_email }} -d {{ domain_name }} - when: domain_name_needs_cert|bool + when: domain_name_needs_cert | bool register: result_certbot_direct ignore_errors: true diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index 7bcd3d748..f6fc5a817 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -1,7 +1,7 @@ --- - name: Verify certificates - include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" loop_control: loop_var: domain_name diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml index 8bab1128e..ab0ffa2fe 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml @@ -5,7 +5,7 @@ matrix_ssl_certificate_verification_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem" - name: Check if SSL certificate file exists - stat: + ansible.builtin.stat: path: "{{ matrix_ssl_certificate_verification_cert_path }}" register: matrix_ssl_certificate_verification_cert_path_stat_result @@ -14,7 +14,7 @@ when: "not matrix_ssl_certificate_verification_cert_path_stat_result.stat.exists" - name: Check if SSL certificate key file exists - stat: + ansible.builtin.stat: path: "{{ matrix_ssl_certificate_verification_cert_key_path }}" register: matrix_ssl_certificate_verification_cert_key_path_stat_result diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 47ec40aaf..3a7f19587 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -1,10 +1,10 @@ --- -- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" when: "matrix_ssl_retrieval_method == 'self-signed'" - name: Generate self-signed certificates - include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" loop_control: loop_var: domain_name diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml index 873420c3e..889a33ba4 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml @@ -6,7 +6,7 @@ matrix_ssl_certificate_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem" - name: Check if SSL certificate file exists - stat: + ansible.builtin.stat: path: "{{ matrix_ssl_certificate_cert_path }}" register: matrix_ssl_certificate_cert_path_stat_result diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 7e3b1eccb..6c87a4bb2 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -33,7 +33,7 @@ Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) - when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" + when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" - block: - name: (Deprecation) Catch and report renamed settings diff --git a/roles/matrix-nginx-proxy/vars/main.yml b/roles/matrix-nginx-proxy/vars/main.yml index 5c51fe5bd..1a9ed929c 100644 --- a/roles/matrix-nginx-proxy/vars/main.yml +++ b/roles/matrix-nginx-proxy/vars/main.yml @@ -11,8 +11,8 @@ matrix_ssl_renewal_systemd_units_list: applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}" enableable: true - name: matrix-ssl-nginx-proxy-reload.service - applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}" + applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}" enableable: false - name: matrix-ssl-nginx-proxy-reload.timer - applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}" + applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}" enableable: true diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 96e9e69df..9f0a6eb80 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -41,8 +41,8 @@ matrix_ntfy_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_ntfy_configuration_yaml`. -matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml|from_yaml if matrix_ntfy_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml | from_yaml if matrix_ntfy_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final ntfy configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. -matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml|from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" +matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml | from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/matrix-ntfy/tasks/init.yml index 997be03f7..6222ada0c 100644 --- a/roles/matrix-ntfy/tasks/init.yml +++ b/roles/matrix-ntfy/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" - when: matrix_ntfy_enabled|bool + when: matrix_ntfy_enabled | bool diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index 5dd0d172a..200d38c4a 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -1,24 +1,24 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_ntfy_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_ntfy_enabled | bool" tags: - setup-all - setup-ntfy -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_ntfy_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_ntfy_enabled | bool" tags: - setup-all - setup-ntfy -- import_tasks: "{{ role_path }}/tasks/self_check.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check|bool and matrix_ntfy_enabled|bool" + when: "run_self_check | bool and matrix_ntfy_enabled | bool" tags: - self-check diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/matrix-ntfy/tasks/setup_install.yml index 510110c18..9afabc4cd 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -25,7 +25,7 @@ - name: Ensure matrix-ntfy config installed ansible.builtin.copy: - content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_ntfy_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/matrix-ntfy/tasks/setup_uninstall.yml index 93ecad3dc..f6d9cc8aa 100644 --- a/roles/matrix-ntfy/tasks/setup_uninstall.yml +++ b/roles/matrix-ntfy/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-ntfy service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-ntfy.service" register: matrix_ntfy_service_stat diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml index aea1c337c..5ece870a4 100644 --- a/roles/matrix-postgres-backup/tasks/init.yml +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" - when: matrix_postgres_backup_enabled|bool + when: matrix_postgres_backup_enabled | bool diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/matrix-postgres-backup/tasks/main.yml index 19e3db5b8..1403fa5b2 100644 --- a/roles/matrix-postgres-backup/tasks/main.yml +++ b/roles/matrix-postgres-backup/tasks/main.yml @@ -1,17 +1,17 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_postgres_backup_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_postgres_backup_enabled | bool" tags: - setup-all - setup-postgres-backup -- import_tasks: "{{ role_path }}/tasks/setup_postgres_backup.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres_backup.yml" + when: run_setup | bool tags: - setup-all - setup-postgres-backup diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index deb80d8e3..d45c152ce 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -3,16 +3,16 @@ # # Tasks related to setting up an internal postgres server # -- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" - when: 'matrix_postgres_backup_enabled|bool and matrix_postgres_backup_postgres_data_path != ""' +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" + when: 'matrix_postgres_backup_enabled | bool and matrix_postgres_backup_postgres_data_path != ""' # If we have found an existing version (installed from before), we use its corresponding Docker image. # If not, we install using the latest Postgres. # # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). - ansible.builtin.set_fact: - matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image|default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" - when: matrix_postgres_backup_enabled|bool + matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image | default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" + when: matrix_postgres_backup_enabled | bool - name: Ensure postgres backup Docker image is pulled docker_image: @@ -20,7 +20,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" - when: matrix_postgres_backup_enabled|bool + when: matrix_postgres_backup_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -35,7 +35,7 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_postgres_backup_path }}" - when: matrix_postgres_backup_enabled|bool + when: matrix_postgres_backup_enabled | bool - name: Ensure Postgres environment variables file created ansible.builtin.template: @@ -46,7 +46,7 @@ mode: 0640 with_items: - "env-postgres-backup" - when: matrix_postgres_backup_enabled|bool + when: matrix_postgres_backup_enabled | bool - name: Ensure matrix-postgres-backup.service installed ansible.builtin.template: @@ -54,22 +54,22 @@ dest: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" mode: 0644 register: matrix_postgres_backup_systemd_service_result - when: matrix_postgres_backup_enabled|bool + when: matrix_postgres_backup_enabled | bool - name: Ensure systemd reloaded after matrix-postgres-backup.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" + when: "matrix_postgres_backup_enabled | bool and matrix_postgres_backup_systemd_service_result.changed" # # Tasks related to getting rid of the internal postgres backup server (if it was previously enabled) # - name: Check existence of matrix-postgres-backup service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" register: matrix_postgres_backup_service_stat - when: "not matrix_postgres_backup_enabled|bool" + when: "not matrix_postgres_backup_enabled | bool" - name: Ensure matrix-postgres-backup is stopped ansible.builtin.service: @@ -77,34 +77,34 @@ state: stopped enabled: false daemon_reload: true - when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure matrix-postgres-backup.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" state: absent - when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-postgres-backup.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" - name: Check existence of matrix-postgres-backup backup path - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_backup_path }}" register: matrix_postgres_backup_path_stat - when: "not matrix_postgres_backup_enabled|bool" + when: "not matrix_postgres_backup_enabled | bool" # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres backup data remains ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it." ] }} - when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_path_stat.stat.exists" + when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_path_stat.stat.exists" diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml index 33120453d..cce35e00f 100644 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -11,7 +11,7 @@ matrix_postgres_backup_detected_version_corresponding_docker_image: "" - name: Determine existing Postgres version (check PG_VERSION file) - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_backup_detection_pg_version_path }}" register: result_pg_version_stat @@ -23,12 +23,12 @@ ansible.builtin.slurp: src: "{{ matrix_postgres_backup_detection_pg_version_path }}" register: result_pg_version - when: matrix_postgres_backup_detected_existing|bool + when: matrix_postgres_backup_detected_existing | bool - name: Determine existing Postgres version (make sense of PG_VERSION file) ansible.builtin.set_fact: matrix_postgres_backup_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" - when: matrix_postgres_backup_detected_existing|bool + when: matrix_postgres_backup_detected_existing | bool - name: Determine corresponding Docker image to detected version (assume default of latest) ansible.builtin.set_fact: diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 3a4d73be1..b5442309f 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -78,7 +78,7 @@ matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username] # which is unsupported by default by newer Postgres versions (v14+). # When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+. # If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default. -matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore|join('|') }})(;| WITH)" +matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" # A list of databases to avoid creating when importing (or upgrading) the database. # If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`), @@ -86,7 +86,7 @@ matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_post # We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump. matrix_postgres_import_databases_to_ignore: [matrix_postgres_db_name] -matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore|join('|') }})\\s" +matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" # The number of seconds to wait after starting `matrix-postgres.service` # and before trying to run queries for creating additional databases/users against it. diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml index 81f370500..37f3353e1 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -5,7 +5,7 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Fail if playbook called incorrectly ansible.builtin.fail: @@ -13,7 +13,7 @@ when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')" - name: Check if the provided SQLite database file exists - stat: + ansible.builtin.stat: path: "{{ sqlite_database_path }}" register: sqlite_database_path_stat_result @@ -48,7 +48,7 @@ - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" # Actual import work @@ -61,11 +61,11 @@ register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed|bool" + when: "matrix_postgres_service_start_result.changed | bool" - name: Import SQLite database from {{ sqlite_database_path }} into Postgres ansible.builtin.command: @@ -89,7 +89,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: Your SQLite database file has been imported into Postgres. The original file has been moved from `{{ sqlite_database_path }}` to `{{ sqlite_database_path }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index 899dc78c8..d74afe1db 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -5,7 +5,7 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Fail if playbook called incorrectly ansible.builtin.fail: @@ -13,7 +13,7 @@ when: "server_path_postgres_dump is not defined or server_path_postgres_dump.startswith('<')" - name: Check if the provided Postgres dump file exists - stat: + ansible.builtin.stat: path: "{{ server_path_postgres_dump }}" register: result_server_path_postgres_dump_stat @@ -28,19 +28,19 @@ - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" - name: Set postgres_import_wait_time, if not provided ansible.builtin.set_fact: postgres_import_wait_time: "{{ 7 * 86400 }}" - when: "postgres_import_wait_time|default('') == ''" + when: "postgres_import_wait_time | default('') == ''" # By default, we connect and import into the main (`matrix`) database. # Single-database dumps for Synapse may wish to import into `synapse` instead. - name: Set postgres_default_import_database, if not provided ansible.builtin.set_fact: postgres_default_import_database: "{{ matrix_postgres_db_name }}" - when: "postgres_default_import_database|default('') == ''" + when: "postgres_default_import_database | default('') == ''" # Actual import work @@ -51,17 +51,17 @@ daemon_reload: true - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false -- import_tasks: tasks/util/detect_existing_postgres_version.yml +- ansible.builtin.import_tasks: tasks/util/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected ansible.builtin.fail: msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing|bool" + when: "not matrix_postgres_detected_existing | bool" # Starting the database container had automatically created the default # role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`). @@ -76,10 +76,10 @@ --cap-drop=ALL --network={{ matrix_docker_network }} --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --mount type=bind,src={{ server_path_postgres_dump }},dst=/{{ server_path_postgres_dump|basename }},ro + --mount type=bind,src={{ server_path_postgres_dump }},dst=/{{ server_path_postgres_dump | basename }},ro --entrypoint=/bin/sh {{ matrix_postgres_docker_image_latest }} - -c "cat /{{ server_path_postgres_dump|basename }} | + -c "cat /{{ server_path_postgres_dump | basename }} | {{ 'gunzip |' if server_path_postgres_dump.endswith('.gz') else '' }} grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' | grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' | diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml index d10831dda..636b7b8e5 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -5,7 +5,7 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Fail if playbook called incorrectly ansible.builtin.fail: @@ -13,7 +13,7 @@ when: "server_path_homeserver_db is not defined or server_path_homeserver_db.startswith('<')" - name: Check if the provided SQLite homeserver.db file exists - stat: + ansible.builtin.stat: path: "{{ server_path_homeserver_db }}" register: result_server_path_homeserver_db_stat @@ -28,7 +28,7 @@ - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" # Actual import work @@ -59,7 +59,7 @@ daemon_reload: true - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false @@ -81,6 +81,6 @@ --entrypoint=python --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store - --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db|basename }} + --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} {{ matrix_synapse_docker_image }} - /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml + /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml index 0a46fa86c..659380f10 100644 --- a/roles/matrix-postgres/tasks/init.yml +++ b/roles/matrix-postgres/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}" - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/matrix-postgres/tasks/main.yml index 79890417f..8e21b3c63 100644 --- a/roles/matrix-postgres/tasks/main.yml +++ b/roles/matrix-postgres/tasks/main.yml @@ -1,45 +1,45 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_postgres_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_postgres_enabled | bool" tags: - setup-all - setup-postgres -- import_tasks: "{{ role_path }}/tasks/setup_postgres.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres.yml" + when: run_setup | bool tags: - setup-all - setup-postgres -- import_tasks: "{{ role_path }}/tasks/import_postgres.yml" - when: run_postgres_import|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_postgres.yml" + when: run_postgres_import | bool tags: - import-postgres # The `run_postgres_import_sqlite_db` variable had better be renamed to be consistent, # but that's a breaking change which may cause trouble for people. -- import_tasks: "{{ role_path }}/tasks/import_synapse_sqlite_db.yml" - when: run_postgres_import_sqlite_db|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_synapse_sqlite_db.yml" + when: run_postgres_import_sqlite_db | bool tags: - import-synapse-sqlite-db # Perhaps we need a new variable here, instead of `run_postgres_import_sqlite_db`. -- import_tasks: "{{ role_path }}/tasks/import_generic_sqlite_db.yml" - when: run_postgres_import_sqlite_db|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_generic_sqlite_db.yml" + when: run_postgres_import_sqlite_db | bool tags: - import-generic-sqlite-db -- import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml" - when: run_postgres_upgrade|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml" + when: run_postgres_upgrade | bool tags: - upgrade-postgres -- import_tasks: "{{ role_path }}/tasks/run_vacuum.yml" - when: run_postgres_vacuum|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_vacuum.yml" + when: run_postgres_vacuum | bool tags: - run-postgres-vacuum diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index 4713fcd6d..8c92e3e9c 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -11,7 +11,7 @@ # which still store it in the parent directory (`/matrix/postgres`). - name: Check if old Postgres data directory is used - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_base_path }}/PG_VERSION" register: result_pg_old_data_dir_stat @@ -33,7 +33,7 @@ when: "result_pg_old_data_dir_stat.stat.exists" - name: Find files and directories in old Postgres data path - find: + ansible.builtin.find: paths: "{{ matrix_postgres_base_path }}" file_type: any excludes: ["data"] @@ -51,7 +51,7 @@ - block: - name: Relocate Postgres data files from old directory to new - ansible.builtin.command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path|basename }}" + ansible.builtin.command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}" with_items: "{{ result_pg_old_data_dir_find.files }}" when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index f3c59775b..040885880 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -5,7 +5,7 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run vacuum." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" # Defaults @@ -13,12 +13,12 @@ - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" - name: Set postgres_vacuum_wait_time, if not provided ansible.builtin.set_fact: postgres_vacuum_wait_time: "{{ 7 * 86400 }}" - when: "postgres_vacuum_wait_time|default('') == ''" + when: "postgres_vacuum_wait_time | default('') == ''" # Actual vacuuming work @@ -30,17 +30,17 @@ daemon_reload: true - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false -- import_tasks: tasks/util/detect_existing_postgres_version.yml +- ansible.builtin.import_tasks: tasks/util/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected ansible.builtin.fail: msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing|bool" + when: "not matrix_postgres_detected_existing | bool" - name: Generate Postgres database vacuum command ansible.builtin.set_fact: @@ -62,7 +62,7 @@ and manually run the above command directly on the server. - name: Populate service facts - service_facts: + ansible.builtin.service_facts: - ansible.builtin.set_fact: matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service']|default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" @@ -87,4 +87,4 @@ name: matrix-synapse state: started daemon_reload: true - when: "matrix_postgres_synapse_was_running|bool" + when: "matrix_postgres_synapse_was_running | bool" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 3cdde8073..695876f60 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -4,11 +4,11 @@ # Tasks related to setting up an internal postgres server # -- import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml" - when: matrix_postgres_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml" + when: matrix_postgres_enabled | bool -- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" - when: matrix_postgres_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" + when: matrix_postgres_enabled | bool # If we have found an existing version (installed from before), we use its corresponding Docker image. # If not, we install using the latest Postgres. @@ -16,24 +16,24 @@ # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). - ansible.builtin.set_fact: matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Abort if on an unsupported Postgres version ansible.builtin.fail: msg: "You're on Postgres {{ matrix_postgres_detected_version }}, which is no longer supported. To upgrade, see docs/maintenance-postgres.md" - when: "matrix_postgres_enabled|bool and matrix_postgres_detected_version.startswith('9.')" + when: "matrix_postgres_enabled | bool and matrix_postgres_detected_version.startswith('9.')" - name: Inject warning if on an old version of Postgres ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres" ] }} - when: "matrix_postgres_enabled|bool and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest" + when: "matrix_postgres_enabled | bool and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest" # Even if we don't run the internal server, we still need this for running the CLI - name: Ensure postgres Docker image is pulled @@ -42,7 +42,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -58,7 +58,7 @@ with_items: - "{{ matrix_postgres_base_path }}" - "{{ matrix_postgres_data_path }}" - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool # We do this as a separate task, because: # - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) @@ -70,7 +70,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" recurse: true - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure Postgres environment variables file created ansible.builtin.template: @@ -82,41 +82,41 @@ with_items: - "env-postgres-psql" - "env-postgres-server" - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure matrix-postgres-cli script created ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2" dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli" mode: 0755 - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure matrix-postgres-cli-non-interactive script created ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2" dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive" mode: 0755 - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure matrix-change-user-admin-status script created ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status" mode: 0755 - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: (Migration) Ensure old matrix-make-user-admin script deleted ansible.builtin.file: path: "{{ matrix_local_bin_path }}/matrix-make-user-admin" state: absent - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure matrix-postgres-update-user-password-hash script created ansible.builtin.template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash" mode: 0755 - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure matrix-postgres.service installed ansible.builtin.template: @@ -124,37 +124,37 @@ dest: "{{ matrix_systemd_path }}/matrix-postgres.service" mode: 0644 register: matrix_postgres_systemd_service_result - when: matrix_postgres_enabled|bool + when: matrix_postgres_enabled | bool - name: Ensure systemd reloaded after matrix-postgres.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed" + when: "matrix_postgres_enabled | bool and matrix_postgres_systemd_service_result.changed" -- include_tasks: +- ansible.builtin.include_tasks: ansible.builtin.file: "{{ role_path }}/tasks/util/create_additional_databases.yml" apply: tags: - always - when: "matrix_postgres_enabled|bool and matrix_postgres_additional_databases|length > 0" + when: "matrix_postgres_enabled | bool and matrix_postgres_additional_databases|length > 0" - name: Check existence of matrix-postgres backup data path - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup" register: matrix_postgres_data_backup_path_stat - when: "matrix_postgres_enabled|bool" + when: "matrix_postgres_enabled | bool" - name: Inject warning if backup data remains ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory." ] }} - when: "matrix_postgres_enabled|bool and matrix_postgres_data_backup_path_stat.stat.exists" + when: "matrix_postgres_enabled | bool and matrix_postgres_data_backup_path_stat.stat.exists" # @@ -162,47 +162,47 @@ # - name: Check existence of matrix-postgres service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-postgres.service" register: matrix_postgres_service_stat - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Ensure matrix-postgres is stopped ansible.builtin.service: name: matrix-postgres state: stopped daemon_reload: true - when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" + when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" - name: Ensure matrix-postgres.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent - when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" + when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-postgres.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" + when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" - name: Check existence of matrix-postgres local data path - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_data_path }}" register: matrix_postgres_data_path_stat - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres local data remains ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it." ] }} - when: "not matrix_postgres_enabled|bool and matrix_postgres_data_path_stat.stat.exists" + when: "not matrix_postgres_enabled | bool and matrix_postgres_data_path_stat.stat.exists" - name: Remove Postgres scripts ansible.builtin.file: @@ -212,4 +212,4 @@ - matrix-postgres-cli - matrix-change-user-admin-status - matrix-postgres-update-user-password-hash - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 012f292de..8e0d480db 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -3,35 +3,35 @@ - name: Set default postgres_dump_dir, if not provided ansible.builtin.set_fact: postgres_dump_dir: "/tmp" - when: "postgres_dump_dir|default('') == ''" + when: "postgres_dump_dir | default('') == ''" - name: Set postgres_dump_name, if not provided ansible.builtin.set_fact: postgres_dump_name: "matrix-postgres-dump.sql.gz" - when: "postgres_dump_name|default('') == ''" + when: "postgres_dump_name | default('') == ''" - name: Set postgres_auto_upgrade_backup_data_path, if not provided ansible.builtin.set_fact: postgres_auto_upgrade_backup_data_path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup" - when: "postgres_auto_upgrade_backup_data_path|default('') == ''" + when: "postgres_auto_upgrade_backup_data_path | default('') == ''" - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" - name: Set postgres_force_upgrade, if not provided ansible.builtin.set_fact: postgres_force_upgrade: false - when: "postgres_force_upgrade|default('') == ''" + when: "postgres_force_upgrade | default('') == ''" - name: Fail, if trying to upgrade external Postgres database ansible.builtin.fail: msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Check Postgres auto-upgrade backup data directory - stat: + ansible.builtin.stat: path: "{{ postgres_auto_upgrade_backup_data_path }}" register: result_auto_upgrade_path @@ -40,12 +40,12 @@ msg: "Detected that a left-over {{ postgres_auto_upgrade_backup_data_path }} exists. You should rename it to {{ matrix_postgres_data_path }} if the previous upgrade went wrong, or delete it if it went well." when: "result_auto_upgrade_path.stat.exists" -- import_tasks: tasks/util/detect_existing_postgres_version.yml +- ansible.builtin.import_tasks: tasks/util/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected ansible.builtin.fail: msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing|bool" + when: "not matrix_postgres_detected_existing | bool" - name: Abort, if already at latest Postgres version ansible.builtin.fail: @@ -67,7 +67,7 @@ daemon_reload: true - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false @@ -102,7 +102,7 @@ - ansible.builtin.debug: msg: "NOTE: Your Postgres data directory has been moved from `{{ matrix_postgres_data_path }}` to `{{ postgres_auto_upgrade_backup_data_path }}`. In the event of failure, you can move it back and run the playbook with --tags=setup-postgres to restore operation." -- import_tasks: tasks/setup_postgres.yml +- ansible.builtin.import_tasks: tasks/setup_postgres.yml - name: Ensure matrix-postgres autoruns and is restarted ansible.builtin.service: @@ -112,7 +112,7 @@ daemon_reload: true - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/matrix-postgres/tasks/util/create_additional_databases.yml index c1b5cd517..7fe5713e1 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_databases.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_databases.yml @@ -8,14 +8,14 @@ register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed|bool" + when: "matrix_postgres_service_start_result.changed | bool" - name: Create additional Postgres user and database - include_tasks: "{{ role_path }}/tasks/util/create_additional_database.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/create_additional_database.yml" with_items: "{{ matrix_postgres_additional_databases }}" loop_control: loop_var: additional_db diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index 932ca336a..e19dfbea2 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -11,7 +11,7 @@ matrix_postgres_detected_version_corresponding_docker_image: "" - name: Determine existing Postgres version (check PG_VERSION file) - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_detection_pg_version_path }}" register: result_pg_version_stat @@ -23,12 +23,12 @@ ansible.builtin.slurp: src: "{{ matrix_postgres_detection_pg_version_path }}" register: result_pg_version - when: matrix_postgres_detected_existing|bool + when: matrix_postgres_detected_existing | bool - name: Determine existing Postgres version (make sense of PG_VERSION file) ansible.builtin.set_fact: matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" - when: matrix_postgres_detected_existing|bool + when: matrix_postgres_detected_existing | bool - name: Determine corresponding Docker image to detected version (assume default of latest) ansible.builtin.set_fact: diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index 7b1fb6aaa..469eb86a7 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -3,7 +3,7 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Fail if util called incorrectly (missing matrix_postgres_db_migration_request) ansible.builtin.fail: @@ -22,7 +22,7 @@ when: "item not in matrix_postgres_db_migration_request" - name: Check if the provided source database file exists - stat: + ansible.builtin.stat: path: "{{ matrix_postgres_db_migration_request.src }}" register: matrix_postgres_db_migration_request_src_stat_result @@ -69,7 +69,7 @@ dockerfile: Dockerfile path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" pull: true - when: "matrix_postgres_pgloader_container_image_self_build|bool" + when: "matrix_postgres_pgloader_container_image_self_build | bool" - name: Ensure pgloader Docker image is pulled docker_image: @@ -84,7 +84,7 @@ - name: Set postgres_start_wait_time, if not provided ansible.builtin.set_fact: postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" + when: "postgres_start_wait_time | default('') == ''" # Actual import work @@ -97,11 +97,11 @@ register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start - wait_for: + ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed|bool" + when: "matrix_postgres_service_start_result.changed | bool" # We only stop services here, leaving it to the caller to start them later. # @@ -130,12 +130,12 @@ --entrypoint=/bin/sh {{ matrix_postgres_pgloader_docker_image }} -c - 'pgloader {{ matrix_postgres_db_migration_request.pgloader_options|default([])|join(' ') }} /in.db {{ matrix_postgres_db_migration_request.dst }}' + 'pgloader {{ matrix_postgres_db_migration_request.pgloader_options | default([]) | join(' ') }} /in.db {{ matrix_postgres_db_migration_request.dst }}' - block: # We can't use `{{ role_path }}` here, neither with `import_tasks`, nor with `include_tasks`, # because it refers to the role that included this util, and not to the role this file belongs to. - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" - ansible.builtin.set_fact: matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" @@ -153,7 +153,7 @@ psql --host=matrix-postgres --dbname={{ matrix_postgres_db_migration_request.additional_psql_statements_db_name }} --command='{{ item }}' with_items: "{{ matrix_postgres_db_migration_request.additional_psql_statements_list }}" - when: "matrix_postgres_db_migration_request.additional_psql_statements_list|default([])|length > 0" + when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([])|length > 0" - name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) ansible.builtin.command: @@ -163,7 +163,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [ "NOTE: Your {{ matrix_postgres_db_migration_request.engine_old }} database file has been imported into Postgres. The original database file has been moved from `{{ matrix_postgres_db_migration_request.src }}` to `{{ matrix_postgres_db_migration_request.src }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index 4e53b0c35..51dd94f2a 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -2,7 +2,7 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" - when: matrix_prometheus_node_exporter_enabled|bool + when: matrix_prometheus_node_exporter_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -12,13 +12,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) ansible.builtin.set_fact: matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | location /metrics/node-exporter { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-node-exporter:9100"; @@ -34,8 +34,8 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] }} - when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool + when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/matrix-prometheus-node-exporter/tasks/main.yml index 71bbb8d74..81b0c7022 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/main.yml @@ -1,10 +1,10 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" tags: - setup-all - setup-prometheus-node-exporter diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index ee2c18359..0c6e77fcb 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -10,7 +10,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" - when: "matrix_prometheus_node_exporter_enabled|bool" + when: "matrix_prometheus_node_exporter_enabled | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -22,19 +22,19 @@ dest: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" mode: 0644 register: matrix_prometheus_node_exporter_systemd_service_result - when: matrix_prometheus_node_exporter_enabled|bool + when: matrix_prometheus_node_exporter_enabled | bool - name: Ensure systemd reloaded after matrix-prometheus.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_systemd_service_result.changed" + when: "matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_systemd_service_result.changed" # # Tasks related to getting rid of matrix-prometheus-node-exporter (if it was previously enabled) # - name: Check existence of matrix-prometheus-node-exporter service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" register: matrix_prometheus_node_exporter_service_stat @@ -45,15 +45,15 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" + when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - name: Ensure matrix-prometheus-node-exporter.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" state: absent - when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" + when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" + when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 3c7b5b012..6da169370 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -2,7 +2,7 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" - when: matrix_prometheus_postgres_exporter_enabled|bool + when: matrix_prometheus_postgres_exporter_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -12,13 +12,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) ansible.builtin.set_fact: matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | location /metrics/postgres-exporter { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-postgres-exporter:9187"; @@ -34,8 +34,8 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] }} - when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool + when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml index e94970995..434735877 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml @@ -1,10 +1,10 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" tags: - setup-all - setup-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index 2c263eb28..00a61df62 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -10,7 +10,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" - when: "matrix_prometheus_postgres_exporter_enabled|bool" + when: "matrix_prometheus_postgres_exporter_enabled | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -22,19 +22,19 @@ dest: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" mode: 0644 register: matrix_prometheus_postgres_exporter_systemd_service_result - when: matrix_prometheus_postgres_exporter_enabled|bool + when: matrix_prometheus_postgres_exporter_enabled | bool - name: Ensure systemd reloaded after matrix-prometheus.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" + when: "matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" # # Tasks related to getting rid of matrix-prometheus-postgres-exporter (if it was previously enabled) # - name: Check existence of matrix-prometheus-postgres-exporter service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" register: matrix_prometheus_postgres_exporter_service_stat @@ -45,15 +45,15 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" + when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" state: absent - when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" + when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" + when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 547a868ff..aeb6ea6d3 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -75,8 +75,8 @@ matrix_prometheus_configuration_extension_yaml: | # If you need something more special, you can take full control by # completely redefining `matrix_prometheus_configuration_yaml`. -matrix_prometheus_configuration_extension: "{{ matrix_prometheus_configuration_extension_yaml|from_yaml if matrix_prometheus_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_prometheus_configuration_extension: "{{ matrix_prometheus_configuration_extension_yaml | from_yaml if matrix_prometheus_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_prometheus_configuration_yaml`. -matrix_prometheus_configuration: "{{ matrix_prometheus_configuration_yaml|from_yaml|combine(matrix_prometheus_configuration_extension, recursive=True) }}" +matrix_prometheus_configuration: "{{ matrix_prometheus_configuration_yaml | from_yaml|combine(matrix_prometheus_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/matrix-prometheus/tasks/init.yml index 946410e34..298536730 100644 --- a/roles/matrix-prometheus/tasks/init.yml +++ b/roles/matrix-prometheus/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" - when: matrix_prometheus_enabled|bool + when: matrix_prometheus_enabled | bool diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/matrix-prometheus/tasks/main.yml index c74918fa8..1a5a37089 100644 --- a/roles/matrix-prometheus/tasks/main.yml +++ b/roles/matrix-prometheus/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_prometheus_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_prometheus_enabled | bool" tags: - setup-all - setup-prometheus -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_prometheus_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_prometheus_enabled | bool" tags: - setup-all - setup-prometheus -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_prometheus_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_prometheus_enabled | bool" tags: - setup-all - setup-prometheus diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index ad2b94aad..c3aeaa7a6 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -31,7 +31,7 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: "matrix_prometheus_scraper_synapse_rules_enabled|bool" + when: "matrix_prometheus_scraper_synapse_rules_enabled | bool" register: result retries: "{{ matrix_geturl_retries_count }}" delay: "{{ matrix_geturl_retries_delay }}" @@ -39,7 +39,7 @@ - name: Ensure prometheus.yml installed ansible.builtin.copy: - content: "{{ matrix_prometheus_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_prometheus_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_prometheus_config_path }}/prometheus.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -55,4 +55,4 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_prometheus_systemd_service_result.changed|bool" + when: "matrix_prometheus_systemd_service_result.changed | bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index f1a624819..7dd944591 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-prometheus service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-prometheus.service" register: matrix_prometheus_service_stat @@ -12,15 +12,15 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_prometheus_service_stat.stat.exists|bool" + when: "matrix_prometheus_service_stat.stat.exists | bool" - name: Ensure matrix-prometheus.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-prometheus.service" state: absent - when: "matrix_prometheus_service_stat.stat.exists|bool" + when: "matrix_prometheus_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-prometheus.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_prometheus_service_stat.stat.exists|bool" + when: "matrix_prometheus_service_stat.stat.exists | bool" diff --git a/roles/matrix-redis/tasks/init.yml b/roles/matrix-redis/tasks/init.yml index 08d7ec5a0..00154b336 100644 --- a/roles/matrix-redis/tasks/init.yml +++ b/roles/matrix-redis/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" - when: matrix_redis_enabled|bool + when: matrix_redis_enabled | bool diff --git a/roles/matrix-redis/tasks/main.yml b/roles/matrix-redis/tasks/main.yml index 430b6a646..1bcac7d6a 100644 --- a/roles/matrix-redis/tasks/main.yml +++ b/roles/matrix-redis/tasks/main.yml @@ -1,11 +1,11 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/setup_redis.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_redis.yml" + when: run_setup | bool tags: - setup-all - setup-redis diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index 7ff55552d..7dd7ea9f2 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -10,7 +10,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" - when: matrix_redis_enabled|bool + when: matrix_redis_enabled | bool register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -26,7 +26,7 @@ with_items: - "{{ matrix_redis_base_path }}" - "{{ matrix_redis_data_path }}" - when: matrix_redis_enabled|bool + when: matrix_redis_enabled | bool # We do this as a separate task, because: # - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) @@ -38,7 +38,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" recurse: true - when: matrix_redis_enabled|bool + when: matrix_redis_enabled | bool - name: Ensure redis environment variables file created ansible.builtin.template: @@ -47,7 +47,7 @@ mode: 0644 with_items: - "redis.conf" - when: matrix_redis_enabled|bool + when: matrix_redis_enabled | bool - name: Ensure matrix-redis.service installed ansible.builtin.template: @@ -55,22 +55,22 @@ dest: "{{ matrix_systemd_path }}/matrix-redis.service" mode: 0644 register: matrix_redis_systemd_service_result - when: matrix_redis_enabled|bool + when: matrix_redis_enabled | bool - name: Ensure systemd reloaded after matrix-redis.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_redis_enabled|bool and matrix_redis_systemd_service_result.changed" + when: "matrix_redis_enabled | bool and matrix_redis_systemd_service_result.changed" # # Tasks related to getting rid of the internal redis server (if it was previously enabled) # - name: Check existence of matrix-redis service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-redis.service" register: matrix_redis_service_stat - when: "not matrix_redis_enabled|bool" + when: "not matrix_redis_enabled | bool" - name: Ensure matrix-redis is stopped ansible.builtin.service: @@ -78,27 +78,27 @@ state: stopped enabled: false daemon_reload: true - when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" + when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" - name: Ensure matrix-redis.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-redis.service" state: absent - when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" + when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-redis.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" + when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" - name: Check existence of matrix-redis local data path - stat: + ansible.builtin.stat: path: "{{ matrix_redis_data_path }}" register: matrix_redis_data_path_stat - when: "not matrix_redis_enabled|bool" + when: "not matrix_redis_enabled | bool" # We just want to notify the user. Deleting data is too destructive. - name: Notify if matrix-redis local data remains ansible.builtin.debug: msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it." - when: "not matrix_redis_enabled|bool and matrix_redis_data_path_stat.stat.exists" + when: "not matrix_redis_enabled | bool and matrix_redis_data_path_stat.stat.exists" diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index 9f4c673cd..060f51a2e 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -115,8 +115,8 @@ matrix_registration_configuration_extension_yaml: | # password: # min_length: 12 -matrix_registration_configuration_extension: "{{ matrix_registration_configuration_extension_yaml|from_yaml if matrix_registration_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_registration_configuration_extension: "{{ matrix_registration_configuration_extension_yaml | from_yaml if matrix_registration_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final matrix-registration configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_registration_configuration_yaml`. -matrix_registration_configuration: "{{ matrix_registration_configuration_yaml|from_yaml|combine(matrix_registration_configuration_extension, recursive=True) }}" +matrix_registration_configuration: "{{ matrix_registration_configuration_yaml | from_yaml|combine(matrix_registration_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/matrix-registration/tasks/generate_token.yml index 4b01957ca..c910bf63b 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/matrix-registration/tasks/generate_token.yml @@ -23,7 +23,7 @@ body: | { "one_time": {{ 'true' if one_time == 'yes' else 'false' }}, - "ex_date": {{ ex_date|to_json }} + "ex_date": {{ ex_date | to_json }} } check_mode: false register: matrix_registration_api_result @@ -45,7 +45,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [matrix_registration_api_result_message] }} diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index 5267f2b2b..064f895c1 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -8,7 +8,7 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" - when: matrix_registration_enabled|bool + when: matrix_registration_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -18,7 +18,7 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: @@ -27,7 +27,7 @@ rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-registration:5000"; @@ -50,13 +50,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_registration_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_registration_enabled|bool + when: matrix_registration_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -66,4 +66,4 @@ Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` URL endpoint to the matrix-registration container. You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. - when: "matrix_registration_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_registration_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/matrix-registration/tasks/list_tokens.yml index d83d29769..4bcd14605 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/matrix-registration/tasks/list_tokens.yml @@ -24,7 +24,7 @@ ansible.builtin.set_fact: matrix_playbook_runtime_results: | {{ - matrix_playbook_runtime_results|default([]) + matrix_playbook_runtime_results | default([]) + [matrix_registration_api_result_message] }} diff --git a/roles/matrix-registration/tasks/main.yml b/roles/matrix-registration/tasks/main.yml index ca5743846..99b89e3da 100644 --- a/roles/matrix-registration/tasks/main.yml +++ b/roles/matrix-registration/tasks/main.yml @@ -1,33 +1,33 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_registration_enabled | bool" tags: - setup-all - setup-matrix-registration -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_registration_enabled | bool" tags: - setup-all - setup-matrix-registration -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_registration_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_registration_enabled | bool" tags: - setup-all - setup-matrix-registration -- import_tasks: "{{ role_path }}/tasks/generate_token.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/generate_token.yml" + when: "run_setup | bool and matrix_registration_enabled | bool" tags: - generate-matrix-registration-token -- import_tasks: "{{ role_path }}/tasks/list_tokens.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/list_tokens.yml" + when: "run_setup | bool and matrix_registration_enabled | bool" tags: - list-matrix-registration-tokens diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 3a8e71e79..dbdb4aea1 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -5,7 +5,7 @@ - block: - name: Check if an SQLite database already exists - stat: + ansible.builtin.stat: path: "{{ matrix_registration_sqlite_database_path_local }}" register: matrix_registration_sqlite_database_path_local_stat_result @@ -14,7 +14,7 @@ matrix_postgres_db_migration_request: src: "{{ matrix_registration_sqlite_database_path_local }}" dst: "{{ matrix_registration_database_connection_string }}" - caller: "{{ role_path|basename }}" + caller: "{{ role_path | basename }}" engine_variable_name: 'matrix_registration_database_engine' engine_old: 'sqlite' systemd_services_to_stop: ['matrix-registration.service'] @@ -24,11 +24,11 @@ - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE; additional_psql_statements_db_name: "{{ matrix_registration_database_name }}" - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - ansible.builtin.set_fact: matrix_registration_requires_restart: true - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool" when: "matrix_registration_database_engine == 'postgres'" - name: Ensure matrix-registration paths exist @@ -43,7 +43,7 @@ - {path: "{{ matrix_registration_config_path }}", when: true} - {path: "{{ matrix_registration_data_path }}", when: true} - {path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} - when: "item.when|bool" + when: "item.when | bool" - name: Ensure matrix-registration image is pulled docker_image: @@ -51,7 +51,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" - when: "not matrix_registration_container_image_self_build|bool" + when: "not matrix_registration_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -66,7 +66,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_registration_git_pull_results - when: "matrix_registration_container_image_self_build|bool" + when: "matrix_registration_container_image_self_build | bool" # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864 - name: Patch setup.py to allow self-built version to work @@ -74,7 +74,7 @@ path: "{{ matrix_registration_docker_src_files_path }}/setup.py" regexp: 'flask-limiter' line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",' - when: "matrix_registration_container_image_self_build|bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled|bool" + when: "matrix_registration_container_image_self_build | bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled | bool" - name: Ensure matrix-registration Docker image is built docker_image: @@ -86,11 +86,11 @@ dockerfile: Dockerfile path: "{{ matrix_registration_docker_src_files_path }}" pull: true - when: "matrix_registration_container_image_self_build|bool" + when: "matrix_registration_container_image_self_build | bool" - name: Ensure matrix-registration config installed ansible.builtin.copy: - content: "{{ matrix_registration_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_registration_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_registration_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -106,10 +106,10 @@ - name: Ensure systemd reloaded after matrix-registration.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_registration_systemd_service_result.changed|bool" + when: "matrix_registration_systemd_service_result.changed | bool" - name: Ensure matrix-registration.service restarted, if necessary ansible.builtin.service: name: "matrix-registration.service" state: restarted - when: "matrix_registration_requires_restart|bool" + when: "matrix_registration_requires_restart | bool" diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml index 54f5483be..e3d713dc5 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/matrix-registration/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-registration service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-registration.service" register: matrix_registration_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_registration_service_stat.stat.exists|bool" + when: "matrix_registration_service_stat.stat.exists | bool" - name: Ensure matrix-registration.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-registration.service" state: absent - when: "matrix_registration_service_stat.stat.exists|bool" + when: "matrix_registration_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-registration.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_registration_service_stat.stat.exists|bool" + when: "matrix_registration_service_stat.stat.exists | bool" - name: Ensure matrix-registration Docker image doesn't exist docker_image: diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index b19ce6141..2c0f3a864 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -69,8 +69,8 @@ matrix_sygnal_configuration_extension_yaml: | # opentracing: # enabled: true -matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension_yaml|from_yaml if matrix_sygnal_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension_yaml | from_yaml if matrix_sygnal_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final sygnal configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_sygnal_configuration_yaml`. -matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml|from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}" +matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml | from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/matrix-sygnal/tasks/init.yml index 1543435c1..dae7a299c 100644 --- a/roles/matrix-sygnal/tasks/init.yml +++ b/roles/matrix-sygnal/tasks/init.yml @@ -2,4 +2,4 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" - when: matrix_sygnal_enabled|bool + when: matrix_sygnal_enabled | bool diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/matrix-sygnal/tasks/main.yml index 385798225..b001bb825 100644 --- a/roles/matrix-sygnal/tasks/main.yml +++ b/roles/matrix-sygnal/tasks/main.yml @@ -1,23 +1,23 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool tags: - setup-all - setup-sygnal -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup|bool and matrix_sygnal_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: run_setup | bool and matrix_sygnal_enabled | bool tags: - setup-all - setup-sygnal -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup|bool and not matrix_sygnal_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: run_setup | bool and not matrix_sygnal_enabled | bool tags: - setup-all - setup-sygnal diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index 26b59d995..8f5f69377 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -25,7 +25,7 @@ - name: Ensure Sygnal config installed ansible.builtin.copy: - content: "{{ matrix_sygnal_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_sygnal_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml" mode: 0640 owner: "{{ matrix_user_username }}" @@ -41,4 +41,4 @@ - name: Ensure systemd reloaded after matrix-sygnal.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_sygnal_systemd_service_result.changed|bool" + when: "matrix_sygnal_systemd_service_result.changed | bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml index 37b7db22a..eff4a74b8 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/matrix-sygnal/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-sygnal service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-sygnal.service" register: matrix_sygnal_service_stat @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_sygnal_service_stat.stat.exists|bool" + when: "matrix_sygnal_service_stat.stat.exists | bool" - name: Ensure matrix-sygnal.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-sygnal.service" state: absent - when: "matrix_sygnal_service_stat.stat.exists|bool" + when: "matrix_sygnal_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-sygnal.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_sygnal_service_stat.stat.exists|bool" + when: "matrix_sygnal_service_stat.stat.exists | bool" - name: Ensure Sygnal base directory doesn't exist ansible.builtin.file: diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index e274e1868..4d8a5eb0b 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -8,7 +8,7 @@ - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" - when: matrix_synapse_admin_enabled|bool + when: matrix_synapse_admin_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -18,7 +18,7 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: @@ -26,7 +26,7 @@ rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-synapse-admin:80"; @@ -41,13 +41,13 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_synapse_admin_matrix_nginx_proxy_configuration] }} tags: - always - when: matrix_synapse_admin_enabled|bool + when: matrix_synapse_admin_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: @@ -57,4 +57,4 @@ Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` URL endpoint to the matrix-synapse-admin container. You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. - when: "matrix_synapse_admin_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" + when: "matrix_synapse_admin_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/matrix-synapse-admin/tasks/main.yml index 0095f753a..0c6bd942c 100644 --- a/roles/matrix-synapse-admin/tasks/main.yml +++ b/roles/matrix-synapse-admin/tasks/main.yml @@ -1,16 +1,16 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool tags: - setup-all - setup-synapse-admin -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" tags: - setup-all - setup-synapse-admin diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 5f117a12c..660212724 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -10,7 +10,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" - when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_image_self_build|bool" + when: "matrix_synapse_admin_enabled | bool and not matrix_synapse_admin_container_image_self_build | bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -25,7 +25,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_synapse_admin_git_pull_results - when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" + when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool" - name: Ensure matrix-synapse-admin Docker image is built docker_image: @@ -37,7 +37,7 @@ dockerfile: Dockerfile path: "{{ matrix_synapse_admin_docker_src_files_path }}" pull: true - when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" + when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool" - name: Ensure matrix-synapse-admin.service installed ansible.builtin.template: @@ -45,19 +45,19 @@ dest: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" mode: 0644 register: matrix_synapse_admin_systemd_service_result - when: matrix_synapse_admin_enabled|bool + when: matrix_synapse_admin_enabled | bool - name: Ensure systemd reloaded after matrix-synapse-admin.service installation ansible.builtin.service: daemon_reload: true - when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed" + when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_systemd_service_result.changed" # # Tasks related to getting rid of matrix-synapse-admin (if it was previously enabled) # - name: Check existence of matrix-synapse-admin service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" register: matrix_synapse_admin_service_stat @@ -68,21 +68,21 @@ enabled: false daemon_reload: true register: stopping_result - when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" + when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" state: absent - when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" + when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-synapse-admin.service removal ansible.builtin.service: daemon_reload: true - when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" + when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin Docker image doesn't exist docker_image: name: "{{ matrix_synapse_admin_docker_image }}" state: absent - when: "not matrix_synapse_admin_enabled|bool" + when: "not matrix_synapse_admin_enabled | bool" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index de8bfdcac..279730bf2 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -521,11 +521,11 @@ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true # We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605 matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false -matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}" +matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml | from_yaml }}" matrix_synapse_ext_password_provider_shared_secret_config_yaml: | - shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} - m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|to_json }} - com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }} + shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string | to_json }} + m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled | to_json }} + com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled | to_json }} # Enable this to activate LDAP password provider matrix_synapse_ext_password_provider_ldap_enabled: false @@ -586,11 +586,11 @@ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix # Enabling this may have incompatiblity consequences with servers / clients. # Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler matrix_synapse_ext_encryption_disabler_patch_power_levels: false -matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}" +matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml | from_yaml }}" matrix_synapse_ext_encryption_config_yaml: | - deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }} - deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }} - patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels|to_json }} + deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of | to_json }} + deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of | to_json }} + patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels | to_json }} matrix_s3_media_store_enabled: false @@ -678,8 +678,8 @@ matrix_synapse_configuration_extension_yaml: | # system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ" # room_name: "Server Notices" -matrix_synapse_configuration_extension: "{{ matrix_synapse_configuration_extension_yaml|from_yaml if matrix_synapse_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_synapse_configuration_extension: "{{ matrix_synapse_configuration_extension_yaml | from_yaml if matrix_synapse_configuration_extension_yaml | from_yaml is mapping else {} }}" # Holds the final Synapse configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_synapse_configuration_yaml`. -matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml|from_yaml|combine(matrix_synapse_configuration_extension, recursive=True) }}" +matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml | from_yaml|combine(matrix_synapse_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml index 8fda082da..e0e61df8e 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" - when: matrix_synapse_ext_encryption_disabler_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" + when: matrix_synapse_ext_encryption_disabler_enabled | bool -- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" - when: "not matrix_synapse_ext_encryption_disabler_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" + when: "not matrix_synapse_ext_encryption_disabler_enabled | bool" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 41970cde7..00cc1650c 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -16,7 +16,7 @@ - ansible.builtin.set_fact: matrix_synapse_modules: | {{ - matrix_synapse_modules|default([]) + matrix_synapse_modules | default([]) + [ { @@ -28,7 +28,7 @@ matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] }} diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index d5f54db3b..5d648c848 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -9,4 +9,4 @@ + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} - when: matrix_synapse_ext_password_provider_ldap_enabled|bool + when: matrix_synapse_ext_password_provider_ldap_enabled | bool diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml index 6c45f4693..1a3e097dc 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" + when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool -- import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml" - when: "not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml" + when: "not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool" diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index 4dd122ff5..3869f1aa7 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -50,7 +50,7 @@ matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"] }} diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml index 0270784ad..6df360ce9 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" - when: matrix_synapse_ext_password_provider_rest_auth_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" + when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool -- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml" - when: "not matrix_synapse_ext_password_provider_rest_auth_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml" + when: "not matrix_synapse_ext_password_provider_rest_auth_enabled | bool" diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 685b2922f..489f11405 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -23,7 +23,7 @@ matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }} diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 25c8809d3..d944f2574 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -1,13 +1,13 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml index ed8d01978..6dc385d37 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" + when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool -- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml" - when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml" + when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index f4229538b..055d671ac 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -26,7 +26,7 @@ - ansible.builtin.set_fact: matrix_synapse_modules: | {{ - matrix_synapse_modules|default([]) + matrix_synapse_modules | default([]) + [ { @@ -38,7 +38,7 @@ matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }} diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml index efd4a0271..038eea749 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" + when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool -- import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml" - when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml" + when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool" diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 7eb67debf..23a382f26 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -52,7 +52,7 @@ matrix_synapse_container_extra_arguments: > {{ - matrix_synapse_container_extra_arguments|default([]) + matrix_synapse_container_extra_arguments | default([]) + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] }} diff --git a/roles/matrix-synapse/tasks/goofys/setup.yml b/roles/matrix-synapse/tasks/goofys/setup.yml index 6370408d0..2f9eaa870 100644 --- a/roles/matrix-synapse/tasks/goofys/setup.yml +++ b/roles/matrix-synapse/tasks/goofys/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" - when: matrix_s3_media_store_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" + when: matrix_s3_media_store_enabled | bool -- import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" - when: "not matrix_s3_media_store_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" + when: "not matrix_s3_media_store_enabled | bool" diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index b9e99747b..e3c341502 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" - name: Ensure Goofys Docker image is pulled docker_image: @@ -15,7 +15,7 @@ # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path - stat: + ansible.builtin.stat: path: "{{ matrix_s3_media_store_path }}" register: local_path_matrix_s3_media_store_path_stat ignore_errors: true diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 8f7e32373..da78003f5 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-goofys service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-goofys.service" register: matrix_goofys_service_stat diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index edfad27e5..133debe33 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -10,10 +10,10 @@ - name: Fail if media store is on Amazon S3 ansible.builtin.fail: msg: "Your media store is on Amazon S3. Due to technical limitations, restoring is not supported." - when: matrix_s3_media_store_enabled|bool + when: matrix_s3_media_store_enabled | bool - name: Check if the provided media store directory exists - stat: + ansible.builtin.stat: path: "{{ server_path_media_store }}" register: server_path_media_store_stat @@ -23,12 +23,12 @@ when: "not server_path_media_store_stat.stat.exists or not server_path_media_store_stat.stat.isdir" - name: Check if media store contains local_content - stat: + ansible.builtin.stat: path: "{{ server_path_media_store }}/local_content" register: server_path_media_store_local_content_stat - name: Check if media store contains remote_content - stat: + ansible.builtin.stat: path: "{{ server_path_media_store }}/remote_content" register: server_path_media_store_remote_content_stat @@ -69,7 +69,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" recurse: true - when: "not matrix_s3_media_store_enabled|bool" + when: "not matrix_s3_media_store_enabled | bool" # We don't chown for Goofys, because due to the way it's mounted, # all files become owned by whoever needs to own them. diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index c76b4f6c8..77696bced 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -8,23 +8,23 @@ # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. -- import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" - when: matrix_synapse_enabled|bool + when: matrix_synapse_enabled | bool - name: Ensure systemd services for workers are injected - include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details - when: matrix_synapse_enabled|bool and matrix_synapse_workers_enabled|bool + when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" - when: matrix_s3_media_store_enabled|bool + when: matrix_s3_media_store_enabled | bool - block: - name: Fail if matrix-nginx-proxy role already executed @@ -34,13 +34,13 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your playbook, so that the matrix-nginx-proxy role would run after the matrix-synapse role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + when: matrix_nginx_proxy_role_executed | default(False) | bool - name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) ansible.builtin.set_fact: matrix_synapse_nginx_metrics_configuration_block: | location /metrics/synapse/main-process { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-synapse:{{ matrix_synapse_metrics_port }}"; @@ -55,7 +55,7 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + [matrix_synapse_nginx_metrics_configuration_block] }} @@ -79,9 +79,9 @@ ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + [matrix_synapse_worker_nginx_metrics_configuration_block] }} when: matrix_synapse_workers_enabled_list|length > 0 - when: matrix_synapse_enabled|bool and matrix_synapse_metrics_proxying_enabled|bool + when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 31a8c3684..7068dcefc 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -1,52 +1,52 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool and matrix_synapse_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool and matrix_synapse_enabled | bool tags: - setup-all - setup-synapse -- import_tasks: "{{ role_path }}/tasks/setup_synapse.yml" - when: run_setup|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_synapse.yml" + when: run_setup | bool tags: - setup-all - setup-synapse -- import_tasks: "{{ role_path }}/tasks/import_media_store.yml" - when: run_synapse_import_media_store|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_media_store.yml" + when: run_synapse_import_media_store | bool tags: - import-synapse-media-store -- import_tasks: "{{ role_path }}/tasks/register_user.yml" - when: run_synapse_register_user|bool and matrix_synapse_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml" + when: run_synapse_register_user | bool and matrix_synapse_enabled | bool tags: - register-user -- import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check|bool + when: run_self_check | bool tags: - self-check -- import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check|bool + when: run_self_check | bool tags: - self-check -- import_tasks: "{{ role_path }}/tasks/update_user_password.yml" - when: run_synapse_update_user_password|bool and matrix_synapse_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/update_user_password.yml" + when: run_synapse_update_user_password | bool and matrix_synapse_enabled | bool tags: - update-user-password -- import_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml" - when: run_synapse_rust_synapse_compress_state|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml" + when: run_synapse_rust_synapse_compress_state | bool tags: - rust-synapse-compress-state diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 48ce33bb8..d7354d05e 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -23,7 +23,7 @@ register: start_result - name: Wait a while, so that Synapse can manage to start - pause: + ansible.builtin.pause: seconds: 7 when: "start_result.changed" diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 33a18ac63..097b816a2 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -4,7 +4,7 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state." - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" # Defaults @@ -12,24 +12,24 @@ - name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800 - when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''" + when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time | default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600 - when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''" + when: "matrix_synapse_rust_synapse_compress_state_compress_room_time | default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600 - when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''" + when: "matrix_synapse_rust_synapse_compress_state_psql_import_time | default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided ansible.builtin.set_fact: # The minimum number of state groups we're looking for before we consider a room eligible for compression. # Rooms with a smaller state groups count will not be compressed. matrix_synapse_rust_synapse_compress_state_min_state_groups_required: 100000 - when: "matrix_synapse_rust_synapse_compress_state_min_state_groups_required|default('') == ''" + when: "matrix_synapse_rust_synapse_compress_state_min_state_groups_required | default('') == ''" # Actual compression work @@ -108,7 +108,7 @@ {{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }} - name: Compress room state - include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/compress_room.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/compress_room.yml" with_items: "{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}" loop_control: loop_var: room_details diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index c09063045..1c03ba5b0 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -8,14 +8,14 @@ register: result_matrix_synapse_client_api ignore_errors: true check_mode: false - when: matrix_synapse_enabled|bool + when: matrix_synapse_enabled | bool - name: Fail if Matrix Client API not working ansible.builtin.fail: msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" - when: "matrix_synapse_enabled|bool and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" + when: "matrix_synapse_enabled | bool and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" - name: Report working Matrix Client API ansible.builtin.debug: msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" - when: matrix_synapse_enabled|bool + when: matrix_synapse_enabled | bool diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 447e3e262..80ec4fc21 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -8,19 +8,19 @@ register: result_matrix_synapse_federation_api ignore_errors: true check_mode: false - when: matrix_synapse_enabled|bool + when: matrix_synapse_enabled | bool - name: Fail if Matrix Federation API not working ansible.builtin.fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" - when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" + when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled ansible.builtin.fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." - when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed" + when: "matrix_synapse_enabled | bool and not matrix_synapse_federation_enabled | bool and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API ansible.builtin.debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" - when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool" + when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool" diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index c2b33f0b0..d4e6ae95a 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -14,12 +14,12 @@ # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. - when: "(matrix_synapse_enabled|bool or matrix_s3_media_store_enabled|bool) and item.when" + when: "(matrix_synapse_enabled | bool or matrix_s3_media_store_enabled | bool) and item.when" -- import_tasks: "{{ role_path }}/tasks/ext/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/setup.yml" -- import_tasks: "{{ role_path }}/tasks/synapse/workers/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/setup.yml" -- import_tasks: "{{ role_path }}/tasks/synapse/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/setup.yml" -- import_tasks: "{{ role_path }}/tasks/goofys/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup.yml" diff --git a/roles/matrix-synapse/tasks/synapse/setup.yml b/roles/matrix-synapse/tasks/synapse/setup.yml index b5d27c36c..80f761e59 100644 --- a/roles/matrix-synapse/tasks/synapse/setup.yml +++ b/roles/matrix-synapse/tasks/synapse/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" - when: matrix_synapse_enabled|bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" + when: matrix_synapse_enabled | bool -- import_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" - when: "not matrix_synapse_enabled|bool" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" + when: "not matrix_synapse_enabled | bool" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index e0d470720..51e22d753 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -2,7 +2,7 @@ # This will throw a Permission Denied error if already mounted using fuse - name: Check Synapse media store path - stat: + ansible.builtin.stat: path: "{{ matrix_synapse_media_store_path }}" register: local_path_media_store_stat ignore_errors: true @@ -46,8 +46,8 @@ . environment: DOCKER_BUILDKIT: 1 - when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''" - when: "matrix_synapse_container_image_self_build|bool" + when: "matrix_synapse_git_pull_results.changed | bool or matrix_synapse_docker_image_check_result.stdout == ''" + when: "matrix_synapse_container_image_self_build | bool" - name: Ensure Synapse Docker image is pulled docker_image: @@ -62,7 +62,7 @@ until: result is not failed - name: Check if a Synapse signing key exists - stat: + ansible.builtin.stat: path: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key" register: matrix_synapse_signing_key_stat @@ -90,7 +90,7 @@ - name: Ensure Synapse homeserver config installed ansible.builtin.copy: - content: "{{ matrix_synapse_configuration|to_nice_yaml(indent=2, width=999999) }}" + content: "{{ matrix_synapse_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -127,4 +127,4 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0644 - when: matrix_synapse_metrics_proxying_enabled|bool + when: matrix_synapse_metrics_proxying_enabled | bool diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 1f2d3fe5a..17b1b8c45 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-synapse service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-synapse.service" register: matrix_synapse_service_stat @@ -34,4 +34,4 @@ ansible.builtin.file: path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" state: absent - when: "not matrix_synapse_metrics_proxying_enabled|bool" + when: "not matrix_synapse_metrics_proxying_enabled | bool" diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 6d75d9f64..7c3964226 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -12,7 +12,7 @@ port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_generic_workers" - loop: "{{ range(0, matrix_synapse_workers_generic_workers_count|int)|list }}" + loop: "{{ range(0, matrix_synapse_workers_generic_workers_count|int) | list }}" - name: Build federation sender workers ansible.builtin.set_fact: @@ -22,7 +22,7 @@ port: 0 metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_federation_sender_workers" - loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list }}" + loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count|int) | list }}" # This type of worker can only have a count of 1, at most - name: Build pusher workers @@ -33,7 +33,7 @@ port: 0 metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_pusher_workers" - loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count|int)|list }}" + loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count|int) | list }}" # This type of worker can only have a count of 1, at most - name: Build appservice workers @@ -44,7 +44,7 @@ port: 0 metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_appservice_workers" - loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count|int)|list }}" + loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count|int) | list }}" - name: Build media_repository workers ansible.builtin.set_fact: @@ -54,7 +54,7 @@ port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_media_repository_workers" - loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count|int)|list }}" + loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count|int) | list }}" - name: Build frontend_proxy workers ansible.builtin.set_fact: @@ -64,10 +64,10 @@ port: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_frontend_proxy_workers" - loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count|int)|list }}" + loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count|int) | list }}" - ansible.builtin.set_fact: - matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list|default([]) + [item.ansible_facts.worker] }}" + matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" with_items: | {{ matrix_synapse_workers_list_results_generic_workers.results diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup.yml b/roles/matrix-synapse/tasks/synapse/workers/setup.yml index 7fcce2b49..836d5a668 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup.yml @@ -14,8 +14,8 @@ path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid" state: absent -- include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" - when: "matrix_synapse_enabled|bool and matrix_synapse_workers_enabled|bool" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" + when: "matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool" -- include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml" - when: "not matrix_synapse_workers_enabled|bool" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml" + when: "not matrix_synapse_workers_enabled | bool" diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml index ce86e35f3..c264805ae 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Determine current worker configs - find: + ansible.builtin.find: path: "{{ matrix_synapse_config_dir_path }}" patterns: "worker.*.yaml" use_regex: true @@ -15,7 +15,7 @@ with_items: "{{ matrix_synapse_workers_current_config_files.files }}" - name: Determine current worker systemd services - find: + ansible.builtin.find: path: "{{ matrix_systemd_path }}" patterns: "matrix-synapse-worker.*.service" use_regex: true @@ -23,11 +23,11 @@ - name: Ensure unnecessary worker systemd services are stopped and disabled ansible.builtin.service: - name: "{{ item.path|basename }}" + name: "{{ item.path | basename }}" state: stopped enabled: false with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}" - when: "not ansible_check_mode and item.path|basename not in matrix_systemd_services_list" + when: "not ansible_check_mode and item.path | basename not in matrix_systemd_services_list" - name: Ensure unnecessary worker systemd services are cleaned ansible.builtin.file: @@ -36,7 +36,7 @@ with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}" - name: Ensure creation of worker systemd service files and configuration files - include_tasks: "{{ role_path }}/tasks/synapse/workers/util/setup_files_for_worker.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/setup_files_for_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index 8b70dec58..f79a4115c 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -1,17 +1,17 @@ --- - name: Populate service facts - service_facts: + ansible.builtin.service_facts: - name: Ensure any worker services are stopped ansible.builtin.service: name: "{{ item.key }}" state: stopped - with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" + with_dict: "{{ ansible_facts.services | default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 - name: Find worker configs to be cleaned - find: + ansible.builtin.find: path: "{{ matrix_synapse_config_dir_path }}" patterns: "worker.*.yaml" use_regex: true @@ -24,7 +24,7 @@ with_items: "{{ matrix_synapse_workers_current_config_files.files }}" - name: Find worker systemd services to be cleaned - find: + ansible.builtin.find: path: "{{ matrix_systemd_path }}" patterns: "matrix-synapse-worker.*.service" use_regex: true diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml index dfbb8316d..2ecb3f2bf 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml @@ -9,7 +9,7 @@ # Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. - name: Fail if instanceId not defined for worker ansible.builtin.fail: - msg: "Synapse workers (like {{ matrix_synapse_worker_details|to_json }}) need to define an instanceId property (type + instanceId must be unique)" + msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define an instanceId property (type + instanceId must be unique)" when: "'instanceId' not in matrix_synapse_worker_details" - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 171159ff8..1ae3183ed 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -13,7 +13,7 @@ - name: Fail if not using matrix-postgres container ansible.builtin.fail: msg: "This command is working only when matrix-postgres container is being used" - when: "not matrix_postgres_enabled|bool" + when: "not matrix_postgres_enabled | bool" - name: Ensure matrix-synapse is started ansible.builtin.service: @@ -31,7 +31,7 @@ - name: Wait a while, so that Matrix Synapse can manage to start - pause: + ansible.builtin.pause: seconds: 7 when: "start_result.changed or postgres_start_result.changed" diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index 5839aa81b..62fa0ac2e 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -6,7 +6,7 @@ matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn # Tells whether this role had executed or not. Toggled to `true` during runtime. matrix_synapse_role_executed: false -matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path|basename }}" +matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" # A Synapse generic worker can handle both federation and client-server API endpoints. # We wish to split these, as we normally serve federation separately and don't want them mixed up. @@ -24,11 +24,11 @@ matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path|b # so it's not that important whether we forward them or not. # # Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. -matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints|default([]) | map('regex_search', '.*/_matrix/client.*')| list | difference([none]) }}" +matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*' | list | difference([none]) }}" # A Synapse generic worker can handle both federation and client-server API endpoints. # We wish to split these, as we normally serve federation separately and don't want them mixed up. # # This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), # which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. -matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints|default([]) | map('regex_search', '.*(/_matrix/federation|/_matrix/key).*')| list | difference([none]) }}" +matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*(/_matrix/federation|/_matrix/key).*' | list | difference([none]) }}" From 983bf819ef83f0312f1a5ed6ea36bfb9ef8a22c0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 11:23:09 +0300 Subject: [PATCH 268/381] Explictly set Synapse's worker configuration's owner/permissions --- .../tasks/synapse/workers/util/setup_files_for_worker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index 883558a75..d6d4924fb 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -13,6 +13,9 @@ ansible.builtin.template: src: "{{ role_path }}/templates/synapse/worker.yaml.j2" dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" - name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }} ansible.builtin.template: From d073c7ecb36aab9ef664c813c91a6993802d7a24 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 12:28:39 +0300 Subject: [PATCH 269/381] More ansible-lint fixes --- group_vars/matrix_servers | 46 ++++++++-------- roles/matrix-backup-borg/defaults/main.yml | 2 +- roles/matrix-base/defaults/main.yml | 12 ++--- roles/matrix-base/tasks/sanity_check.yml | 2 +- roles/matrix-base/tasks/server_base/setup.yml | 8 +-- .../tasks/server_base/setup_debian.yml | 10 ++-- .../tasks/server_base/setup_fedora.yml | 4 +- .../tasks/server_base/setup_raspbian.yml | 4 +- .../tasks/server_base/setup_redhat.yml | 2 +- .../tasks/server_base/setup_redhat8.yml | 4 +- roles/matrix-bot-go-neb/defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- .../defaults/main.yml | 6 +-- .../templates/config.yaml.j2 | 2 +- .../defaults/main.yml | 2 +- .../tasks/setup_install.yml | 2 +- .../defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 6 +-- .../matrix-bridge-hookshot/defaults/main.yml | 4 +- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 2 +- .../templates/registration.yaml.j2 | 6 +-- .../defaults/main.yml | 8 +-- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 6 +-- .../defaults/main.yml | 8 +-- .../defaults/main.yml | 8 +-- .../defaults/main.yml | 8 +-- .../defaults/main.yml | 8 +-- .../defaults/main.yml | 8 +-- .../defaults/main.yml | 8 +-- .../tasks/setup_install.yml | 1 + roles/matrix-bridge-sms/defaults/main.yml | 6 +-- roles/matrix-client-cinny/defaults/main.yml | 4 +- .../tasks/setup_install.yml | 2 +- .../templates/config.json.j2 | 2 +- roles/matrix-client-element/defaults/main.yml | 4 +- .../tasks/setup_install.yml | 2 +- .../templates/config.json.j2 | 18 +++---- .../matrix-client-hydrogen/defaults/main.yml | 4 +- .../tasks/setup_install.yml | 2 +- .../templates/config.json.j2 | 2 +- roles/matrix-corporal/defaults/main.yml | 4 +- .../matrix-corporal/tasks/setup_corporal.yml | 2 +- roles/matrix-dendrite/defaults/main.yml | 6 +-- .../templates/dendrite/dendrite.yaml.j2 | 2 +- roles/matrix-dendrite/vars/main.yml | 2 +- roles/matrix-dimension/defaults/main.yml | 2 +- roles/matrix-dynamic-dns/defaults/main.yml | 1 + roles/matrix-dynamic-dns/tasks/install.yml | 1 + .../templates/config.json.j2 | 2 +- roles/matrix-etherpad/defaults/main.yml | 4 +- roles/matrix-etherpad/tasks/setup_install.yml | 2 +- .../tasks/util/setup_jitsi_auth.yml | 4 +- roles/matrix-ma1sd/defaults/main.yml | 2 +- roles/matrix-ma1sd/tasks/setup_install.yml | 6 ++- .../tasks/nginx-proxy/setup_metrics_auth.yml | 1 + .../tasks/self_check_well_known_file.yml | 4 +- ...etup_ssl_self_signed_obtain_for_domain.yml | 2 +- .../nginx/conf.d/matrix-synapse.conf.j2 | 8 +-- roles/matrix-ntfy/defaults/main.yml | 2 +- .../util/detect_existing_postgres_version.yml | 2 +- .../tasks/util/create_additional_database.yml | 1 + .../util/detect_existing_postgres_version.yml | 2 +- .../tasks/util/migrate_db_to_postgres.yml | 6 +++ .../defaults/main.yml | 4 +- roles/matrix-prometheus/defaults/main.yml | 2 +- roles/matrix-registration/defaults/main.yml | 2 +- roles/matrix-sygnal/defaults/main.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 4 +- roles/matrix-synapse/tasks/register_user.yml | 2 + .../compress_room.yml | 2 + .../rust-synapse-compress-state/main.yml | 1 + .../tasks/synapse/setup_install.yml | 1 + .../tasks/synapse/workers/init.yml | 12 ++--- .../tasks/synapse/workers/setup_uninstall.yml | 2 +- .../tasks/update_user_password.yml | 3 ++ .../templates/synapse/homeserver.yaml.j2 | 52 +++++++++---------- 84 files changed, 230 insertions(+), 206 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 221662c5d..a7290f9de 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -22,16 +22,16 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matri matrix_homeserver_container_url: |- {{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else { - 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string), - 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string), + 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port | string), + 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port | string), }[matrix_homeserver_implementation] }} matrix_homeserver_container_federation_url: |- {{ 'http://matrix-nginx-proxy:12088' if matrix_nginx_proxy_enabled else { - 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string), - 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string), + 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | string), + 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port | string), }[matrix_homeserver_implementation] }} @@ -1158,7 +1158,7 @@ matrix_backup_borg_postgresql_databases: | 'name': matrix_synapse_database_database }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + - matrix_postgres_additional_databases)|map(attribute='name')|list + matrix_postgres_additional_databases)|map(attribute='name') | list }} matrix_backup_borg_location_source_directories: - "{{ matrix_base_data_path }}" @@ -1431,7 +1431,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # ma1sd's web-server port. -matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_container_port|string }}" +matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_container_port | string }}" # We enable Synapse integration via its Postgres database by default. @@ -1540,14 +1540,14 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port | string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port | string}}" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" -matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" -matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port|string }}" -matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" -matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port|string }}" +matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}" +matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}" +matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}" +matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}" # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" @@ -1885,14 +1885,14 @@ matrix_postgres_import_roles_to_ignore: | {{ [matrix_postgres_connection_username] + - matrix_postgres_additional_databases|map(attribute='username')|list + matrix_postgres_additional_databases|map(attribute='username') | list }} matrix_postgres_import_databases_to_ignore: | {{ [matrix_postgres_db_name] + - matrix_postgres_additional_databases|map(attribute='name')|list + matrix_postgres_additional_databases|map(attribute='name') | list }} ###################################################################### @@ -2058,18 +2058,18 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6 # When ma1sd is enabled, we can use it to validate email addresses and phone numbers. # Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. -matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}" -matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, # you can expose Synapse's ports to the host. # # For exposing the Matrix Client API's port (plain HTTP) to the local host. -matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port|string }}" +matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port | string }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. -matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}" +matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port | string }}" # # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" @@ -2213,10 +2213,10 @@ matrix_prometheus_scraper_node_enabled: "{{ matrix_prometheus_node_exporter_enab matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:9100'] if matrix_prometheus_node_exporter_enabled else [] }}" matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" -matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" +matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port | string] if matrix_prometheus_scraper_postgres_enabled else [] }}" matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}" -matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" +matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### # @@ -2345,7 +2345,7 @@ matrix_postgres_backup_databases: | 'name': matrix_synapse_database_database }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + - matrix_postgres_additional_databases)|map(attribute='name')|list + matrix_postgres_additional_databases)|map(attribute='name') | list }} ###################################################################### @@ -2367,10 +2367,10 @@ matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}" # you can expose Dendrite's ports to the host. # # For exposing Dendrite's plain HTTP server to the local host. -matrix_dendrite_container_http_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_dendrite_http_bind_port|string) }}" +matrix_dendrite_container_http_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_dendrite_http_bind_port | string) }}" # # For exposing Dendrite's HTTPS server to the local host. -matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled or not matrix_dendrite_https_bind_port else ('127.0.0.1:' + matrix_dendrite_https_bind_port|string) }}" +matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled or not matrix_dendrite_https_bind_port else ('127.0.0.1:' + matrix_dendrite_https_bind_port | string) }}" matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}" diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index ed2ffb722..83a5ca448 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -97,4 +97,4 @@ matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration # Holds the final borgmatic configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`. -matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml | from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}" +matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml | from_yaml | combine(matrix_backup_borg_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index a0c0da9bb..b3aa3a750 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -134,8 +134,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" @@ -202,11 +202,11 @@ matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 't # } matrix_well_known_matrix_client_configuration_extension_json: '{}' -matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json|from_json if matrix_well_known_matrix_client_configuration_extension_json|from_json is mapping else {} }}" +matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json | from_json if matrix_well_known_matrix_client_configuration_extension_json | from_json is mapping else {} }}" # Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`. -matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default|combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}" +matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default | combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}" # Default `/.well-known/matrix/server` configuration - it covers the generic use case. # You can customize it by controlling the various variables inside the template file that it references. @@ -234,11 +234,11 @@ matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 't # } matrix_well_known_matrix_server_configuration_extension_json: '{}' -matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json|from_json if matrix_well_known_matrix_server_configuration_extension_json|from_json is mapping else {} }}" +matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json | from_json if matrix_well_known_matrix_server_configuration_extension_json | from_json is mapping else {} }}" # Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`. -matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}" +matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default | combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}" # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. # This is unlike what it does when looking up YAML template files (no automatic parsing there). diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 03ff0afb4..761006870 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -64,7 +64,7 @@ - "{{ matrix_domain }}" - "{{ matrix_server_fqn_matrix }}" - "{{ matrix_server_fqn_element }}" - when: "item != item|lower" + when: "item != item | lower" - name: Fail if using python2 on Archlinux ansible.builtin.fail: diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index cec745902..40d5a4d01 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,13 +1,13 @@ --- - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8 + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30 + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7 and ansible_distribution_major_version | int < 30 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30 + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30 - block: # ansible_lsb is only available if lsb-release is installed. @@ -20,7 +20,7 @@ register: lsb_release_installation_result - name: Reread ansible_lsb facts if lsb-release got installed - setup: filter=ansible_lsb* + ansible.builtin.setup: filter=ansible_lsb* when: lsb_release_installation_result.changed - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml" diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index c463738b4..d6ef5cd90 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -10,8 +10,8 @@ update_cache: true - name: Ensure Docker's APT key is trusted - apt_key: - url: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" + ansible.builtin.apt_key: + url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 state: present register: add_repository_key @@ -19,8 +19,8 @@ when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker repository is enabled - apt_repository: - repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" + ansible.builtin.apt_repository: + repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" state: present update_cache: true when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' @@ -36,6 +36,6 @@ ansible.builtin.apt: name: - "{{ matrix_docker_package_name }}" - - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" + - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" state: latest when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml index e9ddf54b0..b5646c8f6 100644 --- a/roles/matrix-base/tasks/server_base/setup_fedora.yml +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -12,7 +12,7 @@ when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted - rpm_key: + ansible.builtin.rpm_key: state: present key: https://download.docker.com/linux/fedora/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' @@ -33,7 +33,7 @@ when: matrix_docker_installation_enabled | bool - name: Ensure Docker-Py is installed - pip: + ansible.builtin.pip: name: docker-py state: latest when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index 6f0b1467c..b5eb40168 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -10,7 +10,7 @@ update_cache: true - name: Ensure Docker's APT key is trusted - apt_key: + ansible.builtin.apt_key: url: https://download.docker.com/linux/raspbian/gpg id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 state: present @@ -19,7 +19,7 @@ when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker repository is enabled - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present update_cache: true diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml index 92615ac79..189fcecdd 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -10,7 +10,7 @@ when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted - rpm_key: + ansible.builtin.rpm_key: state: present key: https://download.docker.com/linux/centos/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml index 7b50160d0..9e1aaa010 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -10,7 +10,7 @@ when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted - rpm_key: + ansible.builtin.rpm_key: state: present key: https://download.docker.com/linux/centos/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' @@ -38,7 +38,7 @@ when: matrix_docker_installation_enabled | bool - name: Ensure Docker-Py is installed - pip: + ansible.builtin.pip: name: docker-py state: latest when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index f01f28fc5..61c5d54d4 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -228,4 +228,4 @@ matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_e # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. -matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml | from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" +matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml | from_yaml | combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 8a63413e2..9eebed0aa 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -97,4 +97,4 @@ matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_re # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_matrix_reminder_bot_configuration_yaml`. -matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml | from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}" +matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml | from_yaml | combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index e03dff40a..0be97eaec 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -56,4 +56,4 @@ matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. -matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml | from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" +matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml | from_yaml | combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 0d0d35fbe..683d7ecba 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -89,7 +89,7 @@ matrix_appservice_discord_configuration_extension_yaml: | matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml | from_yaml if matrix_appservice_discord_configuration_extension_yaml | from_yaml is mapping else {} }}" -matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml | from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" +matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml | from_yaml | combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" matrix_appservice_discord_registration_yaml: | #jinja2: lstrip_blocks: "True" @@ -99,10 +99,10 @@ matrix_appservice_discord_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_discord_.*:{{ matrix_appservice_discord_homeserver_domain|regex_escape }}' + regex: '@_discord_.*:{{ matrix_appservice_discord_homeserver_domain | regex_escape }}' aliases: - exclusive: true - regex: '#_discord_.*:{{ matrix_appservice_discord_homeserver_domain|regex_escape }}' + regex: '#_discord_.*:{{ matrix_appservice_discord_homeserver_domain | regex_escape }}' url: {{ matrix_appservice_discord_appservice_url }} sender_localpart: _discord_bot rate_limited: false diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 index 569a30304..a530af2e5 100644 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -34,7 +34,7 @@ bridge: determineCodeLanguage: false # Authentication configuration for the discord bot. auth: - clientID: {{ matrix_appservice_discord_client_id|string|to_json }} + clientID: {{ matrix_appservice_discord_client_id | string|to_json }} botToken: {{ matrix_appservice_discord_bot_token|to_json }} # You must enable "Privileged Gateway Intents" in your bot settings on discord.com (e.g. https://discord.com/developers/applications/12345/bot) # for this to work diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 19dd9e59f..268a05dc3 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -384,7 +384,7 @@ matrix_appservice_irc_configuration_extension_yaml: | matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml | from_yaml if matrix_appservice_irc_configuration_extension_yaml | from_yaml is mapping else {} }}" -matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml | from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" +matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml | from_yaml | combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" # The original registration.yaml file generated by AppService IRC is merged with this config override, # to produce the final registration.yaml file ultimately used by both the bridge and the homeserver. diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index b04b1adec..c3bdd6399 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -173,7 +173,7 @@ - name: Combine registration-template.yaml and own registration override config ansible.builtin.set_fact: - matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}" + matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template | combine(matrix_appservice_irc_registration_override, recursive=True) }}" - name: Ensure Appservice IRC registration.yaml installed ansible.builtin.copy: diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 8f88c308f..bbbbec998 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -97,7 +97,7 @@ matrix_appservice_slack_configuration_extension_yaml: | matrix_appservice_slack_configuration_extension: "{{ matrix_appservice_slack_configuration_extension_yaml | from_yaml if matrix_appservice_slack_configuration_extension_yaml | from_yaml else {} }}" -matrix_appservice_slack_configuration: "{{ matrix_appservice_slack_configuration_yaml | from_yaml|combine(matrix_appservice_slack_configuration_extension, recursive=True) }}" +matrix_appservice_slack_configuration: "{{ matrix_appservice_slack_configuration_yaml | from_yaml | combine(matrix_appservice_slack_configuration_extension, recursive=True) }}" matrix_appservice_slack_registration_yaml: | id: "{{ matrix_appservice_slack_id_token }}" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 0824dc1c8..f181f0958 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -63,7 +63,7 @@ matrix_appservice_webhooks_configuration_extension_yaml: | matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml | from_yaml if matrix_appservice_webhooks_configuration_extension_yaml | from_yaml else {} }}" -matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml | from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}" +matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml | from_yaml | combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}" matrix_appservice_webhooks_registration_yaml: | id: "{{ matrix_appservice_webhooks_id_token }}" diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 18ca90e9c..a83380932 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -92,7 +92,7 @@ matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_confi # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`. -matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml | from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" +matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml | from_yaml | combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" matrix_beeper_linkedin_registration_yaml: | id: linkedin @@ -104,10 +104,10 @@ matrix_beeper_linkedin_registration_yaml: | rate_limited: false namespaces: users: - - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' + - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain | regex_escape }}$' exclusive: true - exclusive: true - regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username | regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index dd08fc40b..b05e78a58 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -105,7 +105,7 @@ matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_confi # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`. -matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml | from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" +matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml | from_yaml | combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}" matrix_go_skype_bridge_registration_yaml: | id: skype @@ -117,10 +117,10 @@ matrix_go_skype_bridge_registration_yaml: | rate_limited: false namespaces: users: - - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain | regex_escape }}$' exclusive: true - exclusive: true - regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username | regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index ed99ef6da..6ca33b8a6 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -237,7 +237,7 @@ matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_exten # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_hookshot_configuration_yaml`. -matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml | from_yaml|combine(matrix_hookshot_configuration_extension, recursive=True) }}" +matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml | from_yaml | combine(matrix_hookshot_configuration_extension, recursive=True) }}" # Default registration template which covers the generic use case. # You can customize it by controlling the various variables inside it. @@ -259,4 +259,4 @@ matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extensi # Holds the final registration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_hookshot_registration_yaml`. -matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml | from_yaml|combine(matrix_hookshot_registration_extension, recursive=True) }}" +matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml | from_yaml | combine(matrix_hookshot_registration_extension, recursive=True) }}" diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 0deb244da..51b4f357d 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -114,7 +114,7 @@ matrix_mautrix_facebook_configuration_extension: "{{ matrix_mautrix_facebook_con # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_facebook_configuration_yaml`. -matrix_mautrix_facebook_configuration: "{{ matrix_mautrix_facebook_configuration_yaml | from_yaml|combine(matrix_mautrix_facebook_configuration_extension, recursive=True) }}" +matrix_mautrix_facebook_configuration: "{{ matrix_mautrix_facebook_configuration_yaml | from_yaml | combine(matrix_mautrix_facebook_configuration_extension, recursive=True) }}" matrix_mautrix_facebook_registration_yaml: | id: facebook @@ -123,9 +123,9 @@ matrix_mautrix_facebook_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$' + regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain | regex_escape }}$' url: {{ matrix_mautrix_facebook_appservice_address }} # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }} diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index ebac567e9..956d7174e 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -103,7 +103,7 @@ matrix_mautrix_googlechat_configuration_extension: "{{ matrix_mautrix_googlechat # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_googlechat_configuration_yaml`. -matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml | from_yaml|combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}" +matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml | from_yaml | combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}" matrix_mautrix_googlechat_registration_yaml: | id: googlechat @@ -112,9 +112,9 @@ matrix_mautrix_googlechat_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@googlechat_.+:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$' + regex: '^@googlechat_.+:{{ matrix_mautrix_googlechat_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_googlechat_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_googlechat_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_googlechat_homeserver_domain | regex_escape }}$' url: {{ matrix_mautrix_googlechat_appservice_address }} # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_googlechat_appservice_bot_username }} diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 77db85fec..aaa9b3055 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -100,7 +100,7 @@ matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_con # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_hangouts_configuration_yaml`. -matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml | from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" +matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml | from_yaml | combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" matrix_mautrix_hangouts_registration_yaml: | id: hangouts @@ -109,9 +109,9 @@ matrix_mautrix_hangouts_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' + regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain | regex_escape }}$' url: {{ matrix_mautrix_hangouts_appservice_address }} # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }} diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 8452d6f39..888123973 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -93,7 +93,7 @@ matrix_mautrix_instagram_configuration_extension: "{{ matrix_mautrix_instagram_c # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_instagram_configuration_yaml`. -matrix_mautrix_instagram_configuration: "{{ matrix_mautrix_instagram_configuration_yaml | from_yaml|combine(matrix_mautrix_instagram_configuration_extension, recursive=True) }}" +matrix_mautrix_instagram_configuration: "{{ matrix_mautrix_instagram_configuration_yaml | from_yaml | combine(matrix_mautrix_instagram_configuration_extension, recursive=True) }}" matrix_mautrix_instagram_registration_yaml: | id: instagram @@ -102,9 +102,9 @@ matrix_mautrix_instagram_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@instagram_.+:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$' + regex: '^@instagram_.+:{{ matrix_mautrix_instagram_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_instagram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_instagram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_instagram_homeserver_domain | regex_escape }}$' url: {{ matrix_mautrix_instagram_appservice_address }} # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }} diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 429d8ea81..81ddb8cd7 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -128,7 +128,7 @@ matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configu # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`. -matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml | from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" +matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml | from_yaml | combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 index 32e913a19..5d6da2c44 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 @@ -5,12 +5,12 @@ hs_token: "{{ matrix_mautrix_signal_homeserver_token }}" namespaces: users: - exclusive: true - regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' + regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_signal_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_signal_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$' aliases: - exclusive: true - regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' + regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$' url: {{ matrix_mautrix_signal_appservice_address }} # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }} diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index a76186aea..fd7bf685a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -121,7 +121,7 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`. -matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" +matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" matrix_mautrix_telegram_registration_yaml: | id: telegram @@ -130,12 +130,12 @@ matrix_mautrix_telegram_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' + regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' aliases: - exclusive: true - regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' + regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} url: {{ matrix_mautrix_telegram_appservice_address }} diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 4943d715a..8bf855dc2 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -91,7 +91,7 @@ matrix_mautrix_twitter_configuration_extension: "{{ matrix_mautrix_twitter_confi # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_twitter_configuration_yaml`. -matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml | from_yaml|combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}" +matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml | from_yaml | combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}" matrix_mautrix_twitter_registration_yaml: | id: twitter @@ -100,9 +100,9 @@ matrix_mautrix_twitter_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@twitter_.+:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$' + regex: '^@twitter_.+:{{ matrix_mautrix_twitter_homeserver_domain | regex_escape }}$' - exclusive: true - regex: '^@{{ matrix_mautrix_twitter_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_twitter_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_twitter_homeserver_domain | regex_escape }}$' url: {{ matrix_mautrix_twitter_appservice_address }} # See https://github.com/tulir/mautrix-signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_twitter_appservice_bot_username }} diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9c8652fb7..7a511651e 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -110,7 +110,7 @@ matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_con # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_whatsapp_configuration_yaml`. -matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml | from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}" +matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml | from_yaml | combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}" matrix_mautrix_whatsapp_registration_yaml: | id: whatsapp @@ -122,10 +122,10 @@ matrix_mautrix_whatsapp_registration_yaml: | rate_limited: false namespaces: users: - - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$' + - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain | regex_escape }}$' exclusive: true - exclusive: true - regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$' + regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 3402bbbcc..085a19aa4 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -36,7 +36,7 @@ matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix } # "@.*:yourserver.com" to allow users on a specific homeserver # "@.*" to allow anyone matrix_mx_puppet_discord_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" + - "@.*:{{ matrix_domain | regex_escape }}" # Leave empty to disable blacklist # "@user:server.com" disallow a specific user @@ -92,7 +92,7 @@ matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_c # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`. -matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml | from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" +matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml | from_yaml | combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" matrix_mx_puppet_discord_registration_yaml: | as_token: "{{ matrix_mx_puppet_discord_appservice_token }}" @@ -101,11 +101,11 @@ matrix_mx_puppet_discord_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' + regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain | regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' + regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain | regex_escape }}' protocols: [] rate_limited: false sender_localpart: _discordpuppet_bot diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index f2f7d963d..9f0918b62 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -32,7 +32,7 @@ matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ # "@.*:yourserver.com" to allow users on a specific homeserver # "@.*" to allow anyone matrix_mx_puppet_groupme_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" + - "@.*:{{ matrix_domain | regex_escape }}" # Leave empty to disable blacklist # "@user:server.com" disallow a specific user @@ -87,7 +87,7 @@ matrix_mx_puppet_groupme_configuration_extension: "{{ matrix_mx_puppet_groupme_c # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_groupme_configuration_yaml`. -matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml | from_yaml|combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}" +matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml | from_yaml | combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}" matrix_mx_puppet_groupme_registration_yaml: | as_token: "{{ matrix_mx_puppet_groupme_appservice_token }}" @@ -96,11 +96,11 @@ matrix_mx_puppet_groupme_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}' + regex: '@_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain | regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}' + regex: '#_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain | regex_escape }}' protocols: [] rate_limited: false sender_localpart: _groupmepuppet_bot diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 8c68f9804..32f287d57 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -26,7 +26,7 @@ matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagra # "@.*:yourserver.com" to allow users on a specific homeserver # "@.*" to allow anyone matrix_mx_puppet_instagram_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" + - "@.*:{{ matrix_domain | regex_escape }}" # Leave empty to disable blacklist # "@user:server.com" disallow a specific user @@ -81,7 +81,7 @@ matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagr # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`. -matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml | from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" +matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml | from_yaml | combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" matrix_mx_puppet_instagram_registration_yaml: | as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}" @@ -90,11 +90,11 @@ matrix_mx_puppet_instagram_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain | regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain | regex_escape }}' protocols: [] rate_limited: false sender_localpart: _instagrampuppet_bot diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index cc437ad82..eae0b933b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -40,7 +40,7 @@ matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ m # "@.*:yourserver.com" to allow users on a specific homeserver # "@.*" to allow anyone matrix_mx_puppet_slack_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" + - "@.*:{{ matrix_domain | regex_escape }}" # Leave empty to disable blacklist # "@user:server.com" disallow a specific user @@ -96,7 +96,7 @@ matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_confi # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_slack_configuration_yaml`. -matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml | from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}" +matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml | from_yaml | combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}" matrix_mx_puppet_slack_registration_yaml: | as_token: "{{ matrix_mx_puppet_slack_appservice_token }}" @@ -105,11 +105,11 @@ matrix_mx_puppet_slack_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}' + regex: '@_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain | regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}' + regex: '#_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain | regex_escape }}' protocols: [] rate_limited: false sender_localpart: _slackpuppet_bot diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 933b043c9..e4140333c 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -32,7 +32,7 @@ matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ mat # "@.*:yourserver.com" to allow users on a specific homeserver # "@.*" to allow anyone matrix_mx_puppet_steam_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" + - "@.*:{{ matrix_domain | regex_escape }}" # Leave empty to disable blacklist # "@user:server.com" disallow a specific user @@ -87,7 +87,7 @@ matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_confi # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`. -matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml | from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" +matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml | from_yaml | combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" matrix_mx_puppet_steam_registration_yaml: | as_token: "{{ matrix_mx_puppet_steam_appservice_token }}" @@ -96,11 +96,11 @@ matrix_mx_puppet_steam_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' + regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain | regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' + regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain | regex_escape }}' protocols: [] rate_limited: false sender_localpart: _steampuppet_bot diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index bcd6b4fff..73674220f 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -41,7 +41,7 @@ matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ # "@.*:yourserver.com" to allow users on a specific homeserver # "@.*" to allow anyone matrix_mx_puppet_twitter_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" + - "@.*:{{ matrix_domain | regex_escape }}" # Leave empty to disable blacklist # "@user:server.com" disallow a specific user @@ -97,7 +97,7 @@ matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_c # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`. -matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml | from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" +matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml | from_yaml | combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" # The prefix for user IDs and aliases matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ @@ -110,11 +110,11 @@ matrix_mx_puppet_twitter_registration_yaml: | namespaces: users: - exclusive: true - regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix | regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain | regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix | regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain | regex_escape }}' protocols: [] rate_limited: false sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 23d4a3a6c..52c02fa96 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -81,6 +81,7 @@ - name: Ensure MX Puppet Twitter repository is present on self build ansible.builtin.git: repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}" + version: master dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 28a88e311..b4755d71d 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -106,7 +106,7 @@ matrix_sms_bridge_configuration_extension_yaml: | matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml | from_yaml if matrix_sms_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}" -matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml | from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" +matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml | from_yaml | combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" matrix_sms_bridge_registration_yaml: | id: sms @@ -115,10 +115,10 @@ matrix_sms_bridge_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$' + regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain | regex_escape }}$' aliases: - exclusive: true - regex: '^#sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$' + regex: '^#sms_.+:{{ matrix_sms_bridge_homserver_domain | regex_escape }}$' url: {{ matrix_sms_bridge_appservice_url }} sender_localpart: smsbot rate_limited: false diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 277f6e0cf..efd880104 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -50,8 +50,8 @@ matrix_client_cinny_configuration_default: "{{ lookup('template', 'templates/con # completely redefining `matrix_client_cinny_configuration_default`. matrix_client_cinny_configuration_extension_json: '{}' -matrix_client_cinny_configuration_extension: "{{ matrix_client_cinny_configuration_extension_json|from_json if matrix_client_cinny_configuration_extension_json|from_json is mapping else {} }}" +matrix_client_cinny_configuration_extension: "{{ matrix_client_cinny_configuration_extension_json | from_json if matrix_client_cinny_configuration_extension_json | from_json is mapping else {} }}" # Holds the final cinny configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_client_cinny_configuration_default`. -matrix_client_cinny_configuration: "{{ matrix_client_cinny_configuration_default|combine(matrix_client_cinny_configuration_extension, recursive=True) }}" +matrix_client_cinny_configuration: "{{ matrix_client_cinny_configuration_default | combine(matrix_client_cinny_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 0159ea354..755b872fd 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -36,7 +36,7 @@ - name: Ensure Cinny configuration installed ansible.builtin.copy: - content: "{{ matrix_client_cinny_configuration|to_nice_json }}" + content: "{{ matrix_client_cinny_configuration | to_nice_json }}" dest: "{{ matrix_client_cinny_data_path }}/config.json" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-client-cinny/templates/config.json.j2 b/roles/matrix-client-cinny/templates/config.json.j2 index 9731a3722..0da710acc 100644 --- a/roles/matrix-client-cinny/templates/config.json.j2 +++ b/roles/matrix-client-cinny/templates/config.json.j2 @@ -1,6 +1,6 @@ { "defaultHomeserver": 0, "homeserverList": [ - {{ matrix_client_cinny_default_hs_url|string|to_json }} + {{ matrix_client_cinny_default_hs_url | string|to_json }} ] } diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index e93b2c7c5..e710d0f72 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -129,8 +129,8 @@ matrix_client_element_configuration_default: "{{ lookup('template', 'templates/c # } matrix_client_element_configuration_extension_json: '{}' -matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json|from_json if matrix_client_element_configuration_extension_json|from_json is mapping else {} }}" +matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json | from_json if matrix_client_element_configuration_extension_json | from_json is mapping else {} }}" # Holds the final Element configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`. -matrix_client_element_configuration: "{{ matrix_client_element_configuration_default|combine(matrix_client_element_configuration_extension, recursive=True) }}" +matrix_client_element_configuration: "{{ matrix_client_element_configuration_default | combine(matrix_client_element_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 356d53424..5fa34fa6e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -63,7 +63,7 @@ - name: Ensure Element configuration installed ansible.builtin.copy: - content: "{{ matrix_client_element_configuration|to_nice_json }}" + content: "{{ matrix_client_element_configuration | to_nice_json }}" dest: "{{ matrix_client_element_data_path }}/config.json" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-client-element/templates/config.json.j2 b/roles/matrix-client-element/templates/config.json.j2 index e87907e43..e34773981 100644 --- a/roles/matrix-client-element/templates/config.json.j2 +++ b/roles/matrix-client-element/templates/config.json.j2 @@ -1,25 +1,25 @@ { "default_server_config": { "m.homeserver": { - "base_url": {{ matrix_client_element_default_hs_url|string|to_json }}, - "server_name": {{ matrix_client_element_default_server_name|string|to_json }} + "base_url": {{ matrix_client_element_default_hs_url | string|to_json }}, + "server_name": {{ matrix_client_element_default_server_name | string|to_json }} }, "m.identity_server": { - "base_url": {{ matrix_client_element_default_is_url|string|to_json }} + "base_url": {{ matrix_client_element_default_is_url | string|to_json }} } }, "settingDefaults": { "custom_themes": {{ matrix_client_element_settingDefaults_custom_themes|to_json }} }, - "default_theme": {{ matrix_client_element_default_theme|string|to_json }}, - "permalinkPrefix": {{ matrix_client_element_permalinkPrefix|string|to_json }}, + "default_theme": {{ matrix_client_element_default_theme | string|to_json }}, + "permalinkPrefix": {{ matrix_client_element_permalinkPrefix | string|to_json }}, "disable_custom_urls": {{ matrix_client_element_disable_custom_urls|to_json }}, "disable_guests": {{ matrix_client_element_disable_guests|to_json }}, "brand": {{ matrix_client_element_brand|to_json }}, - "integrations_ui_url": {{ matrix_client_element_integrations_ui_url|string|to_json }}, - "integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }}, + "integrations_ui_url": {{ matrix_client_element_integrations_ui_url | string|to_json }}, + "integrations_rest_url": {{ matrix_client_element_integrations_rest_url | string|to_json }}, "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }}, - "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }}, + "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string|to_json }}, "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }}, "showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }}, "roomDirectory": { @@ -30,7 +30,7 @@ "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url|to_json }}, {% endif %} "embeddedPages": { - "homeUrl": {{ matrix_client_element_embedded_pages_home_url|string|to_json }} + "homeUrl": {{ matrix_client_element_embedded_pages_home_url | string|to_json }} }, {% if matrix_client_element_jitsi_preferredDomain %} "jitsi": { diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 8171fc120..1baccdd30 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -64,8 +64,8 @@ matrix_client_hydrogen_configuration_default: "{{ lookup('template', 'templates/ # } matrix_client_hydrogen_configuration_extension_json: '{}' -matrix_client_hydrogen_configuration_extension: "{{ matrix_client_hydrogen_configuration_extension_json|from_json if matrix_client_hydrogen_configuration_extension_json|from_json is mapping else {} }}" +matrix_client_hydrogen_configuration_extension: "{{ matrix_client_hydrogen_configuration_extension_json | from_json if matrix_client_hydrogen_configuration_extension_json | from_json is mapping else {} }}" # Holds the final Hydrogen configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_client_hydrogen_configuration_default`. -matrix_client_hydrogen_configuration: "{{ matrix_client_hydrogen_configuration_default|combine(matrix_client_hydrogen_configuration_extension, recursive=True) }}" +matrix_client_hydrogen_configuration: "{{ matrix_client_hydrogen_configuration_default | combine(matrix_client_hydrogen_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index 37877b87a..4cd445d01 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -37,7 +37,7 @@ - name: Ensure Hydrogen configuration installed ansible.builtin.copy: - content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" + content: "{{ matrix_client_hydrogen_configuration | to_nice_json }}" dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/src/platform/web/assets/config.json" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 index 3e5563546..0c4331b60 100644 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ b/roles/matrix-client-hydrogen/templates/config.json.j2 @@ -4,7 +4,7 @@ "gatewayUrl": "https://matrix.org", "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" }, - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }}, + "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string|to_json }}, "bugReportEndpointUrl": "https://element.io/bugreports/submit", "themeManifests": [ "assets/theme-Element.json" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 1aa512eec..bb1b8fa19 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -100,8 +100,8 @@ matrix_corporal_configuration_default: "{{ lookup('template', 'templates/config. # } matrix_corporal_configuration_extension_json: '{}' -matrix_corporal_configuration_extension: "{{ matrix_corporal_configuration_extension_json|from_json if matrix_corporal_configuration_extension_json|from_json is mapping else {} }}" +matrix_corporal_configuration_extension: "{{ matrix_corporal_configuration_extension_json | from_json if matrix_corporal_configuration_extension_json | from_json is mapping else {} }}" # Holds the final Corporal configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_corporal_configuration_default`. -matrix_corporal_configuration: "{{ matrix_corporal_configuration_default|combine(matrix_corporal_configuration_extension, recursive=True) }}" +matrix_corporal_configuration: "{{ matrix_corporal_configuration_default | combine(matrix_corporal_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 2f745502c..583c27eba 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -54,7 +54,7 @@ - name: Ensure Matrix Corporal config installed ansible.builtin.copy: - content: "{{ matrix_corporal_configuration|to_nice_json }}" + content: "{{ matrix_corporal_configuration | to_nice_json }}" dest: "{{ matrix_corporal_config_dir_path }}/config.json" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index d790fcc9f..dd6d351ed 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -27,10 +27,10 @@ matrix_dendrite_http_bind_port: 8008 matrix_dendrite_https_bind_port: ~ # This is passed as an `-http-bind-address` flag to the Dendrite server in the container -matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port|string) if matrix_dendrite_http_bind_port else '' }}" +matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port | string) if matrix_dendrite_http_bind_port else '' }}" # This is passed as an `-https-bind-address` flag to the Dendrite server in the container -matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port|string) if matrix_dendrite_https_bind_port else '' }}" +matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port | string) if matrix_dendrite_https_bind_port else '' }}" # Controls whether the matrix-dendrite container exposes the HTTP port (tcp/{{ matrix_dendrite_http_bind_port }} in the container). # @@ -171,4 +171,4 @@ matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_exten # Holds the final Dendrite configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_dendrite_configuration_yaml`. -matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml|combine(matrix_dendrite_configuration_extension, recursive=True) }}" +matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml | combine(matrix_dendrite_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index fcede4055..29f5c55f0 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -165,7 +165,7 @@ client_api: # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. - registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }} + registration_shared_secret: {{ matrix_dendrite_registration_shared_secret | string|to_json }} # Whether to require reCAPTCHA for registration. enable_registration_captcha: {{ matrix_dendrite_enable_registration_captcha|to_json }} diff --git a/roles/matrix-dendrite/vars/main.yml b/roles/matrix-dendrite/vars/main.yml index d0c07c0cd..fcf020c2c 100644 --- a/roles/matrix-dendrite/vars/main.yml +++ b/roles/matrix-dendrite/vars/main.yml @@ -5,7 +5,7 @@ matrix_dendrite_federation_api_url_endpoint_public: "https://{{ matrix_server_fq # Tells whether this role had executed or not. Toggled to `true` during runtime. matrix_dendrite_role_executed: false -matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path|dirname }}" +matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path | dirname }}" matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path | basename }}" matrix_dendrite_signing_key_file_name: "{{ matrix_dendrite_signing_key | basename }}" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 1af7f2933..a330accbc 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -97,4 +97,4 @@ matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_ext # Holds the final Dimension configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_dimension_configuration_yaml`. -matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml | from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}" +matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml | from_yaml | combine(matrix_dimension_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 1da87f38d..bdeea0f10 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -29,6 +29,7 @@ matrix_dynamic_dns_systemd_required_services_list: ['docker.service'] # Build the container from source when running in mode matrix_dynamic_dns_container_image_self_build: false matrix_dynamic_dns_container_image_self_build_repo: "https://github.com/linuxserver/docker-ddclient.git" +matrix_dynamic_dns_container_image_self_build_repo_branch: "{{ matrix_dynamic_dns_version }}" # Config paths matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns" diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index 8c7f3fc79..e83637bfc 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -28,6 +28,7 @@ - name: Ensure Dynamic DNS repository is present on self build ansible.builtin.git: repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}" + version: "{{ matrix_dynamic_dns_container_image_self_build_repo_branch }}" dest: "{{ matrix_dynamic_dns_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-email2matrix/templates/config.json.j2 b/roles/matrix-email2matrix/templates/config.json.j2 index c1be97fdb..a7ca7bc47 100644 --- a/roles/matrix-email2matrix/templates/config.json.j2 +++ b/roles/matrix-email2matrix/templates/config.json.j2 @@ -6,7 +6,7 @@ "Workers": 10 }, "Matrix": { - "Mappings": {{ matrix_email2matrix_matrix_mappings|to_nice_json }} + "Mappings": {{ matrix_email2matrix_matrix_mappings | to_nice_json }} }, "Misc": { "Debug": {{ matrix_email2matrix_misc_debug|to_json }} diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 656e43f9d..8281f27ff 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -88,8 +88,8 @@ matrix_etherpad_configuration_default: "{{ lookup('template', 'templates/setting # matrix_etherpad_configuration_extension_json: '{}' -matrix_etherpad_configuration_extension: "{{ matrix_etherpad_configuration_extension_json|from_json if matrix_etherpad_configuration_extension_json|from_json is mapping else {} }}" +matrix_etherpad_configuration_extension: "{{ matrix_etherpad_configuration_extension_json | from_json if matrix_etherpad_configuration_extension_json | from_json is mapping else {} }}" # Holds the final Etherpad configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_etherpad_configuration_json`. -matrix_etherpad_configuration: "{{ matrix_etherpad_configuration_default|combine(matrix_etherpad_configuration_extension, recursive=True) }}" +matrix_etherpad_configuration: "{{ matrix_etherpad_configuration_default | combine(matrix_etherpad_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index e3b1397fb..0243e9d7e 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -10,7 +10,7 @@ - name: Ensure Etherpad config installed ansible.builtin.copy: - content: "{{ matrix_etherpad_configuration|to_nice_json }}" + content: "{{ matrix_etherpad_configuration | to_nice_json }}" dest: "{{ matrix_etherpad_base_path }}/settings.json" mode: 0640 owner: "{{ matrix_etherpad_user_uid }}" diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 8c25fa3a4..d9da9ebe1 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -15,11 +15,13 @@ # - name: Ensure Jitsi internal authentication users are configured - ansible.builtin.shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" + ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}" when: - matrix_jitsi_auth_type == "internal" - matrix_jitsi_prosody_auth_internal_accounts|length > 0 + register: matrix_jitsi_user_configuration_result + changed_when: matrix_jitsi_user_configuration_result.rc == 0 # # Tasks related to configuring other Jitsi authentication mechanisms diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index b62225e72..657682656 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -160,4 +160,4 @@ matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_y # Holds the final ma1sd configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`. -matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml | from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}" +matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml | from_yaml | combine(matrix_ma1sd_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 3995da244..61f01b292 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -90,9 +90,11 @@ register: matrix_ma1sd_git_pull_results - name: Ensure ma1sd Docker image is built - ansible.builtin.shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" - args: + ansible.builtin.command: + cmd: ./gradlew dockerBuild chdir: "{{ matrix_ma1sd_docker_src_files_path }}" + environment: + DOCKER_BUILDKIT: 1 when: matrix_ma1sd_git_pull_results.changed - name: Ensure ma1sd Docker image is tagged correctly diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index 5d1005770..c511e402c 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -51,6 +51,7 @@ {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} -c 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' + changed_when: true - name: Delete temporary metrics password file ansible.builtin.file: diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 0a7b5845c..95a43dead 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -25,7 +25,7 @@ - name: Parse JSON for well-known payload at the matrix hostname ansible.builtin.set_fact: - well_known_matrix_payload: "{{ result_well_known_matrix.content|from_json }}" + well_known_matrix_payload: "{{ result_well_known_matrix.content | from_json }}" - name: Fail if .well-known not CORS-aware on the matrix hostname ansible.builtin.fail: @@ -55,7 +55,7 @@ - name: Parse JSON for well-known payload at the identity hostname ansible.builtin.set_fact: - well_known_identity_payload: "{{ result_well_known_identity.content|from_json }}" + well_known_identity_payload: "{{ result_well_known_identity.content | from_json }}" - name: Fail if .well-known not CORS-aware on the identity hostname ansible.builtin.fail: diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml index 889a33ba4..d0b254a26 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml @@ -13,7 +13,7 @@ # In order to do any sort of generation (below), we need to ensure the directory exists first - name: Ensure SSL certificate directory exists ansible.builtin.file: - path: "{{ matrix_ssl_certificate_csr_path|dirname }}" + path: "{{ matrix_ssl_certificate_csr_path | dirname }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 69f13a1aa..735f45383 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,9 +1,9 @@ #jinja2: lstrip_blocks: "True" -{% set generic_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'generic_worker')|list %} -{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'media_repository')|list %} -{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'user_dir')|list %} -{% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %} +{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} +{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} +{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} +{% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'frontend_proxy') | list %} {% if matrix_nginx_proxy_synapse_workers_enabled %} {% if matrix_nginx_proxy_synapse_cache_enabled %} proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 9f0a6eb80..66bc5be45 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -45,4 +45,4 @@ matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yam # Holds the final ntfy configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. -matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml | from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" +matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml | from_yaml | combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml index cce35e00f..877e5934d 100644 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -27,7 +27,7 @@ - name: Determine existing Postgres version (make sense of PG_VERSION file) ansible.builtin.set_fact: - matrix_postgres_backup_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + matrix_postgres_backup_detected_version: "{{ result_pg_version['content'] | b64decode | replace('\n', '') }}" when: matrix_postgres_backup_detected_existing | bool - name: Determine corresponding Docker image to detected version (assume default of latest) diff --git a/roles/matrix-postgres/tasks/util/create_additional_database.yml b/roles/matrix-postgres/tasks/util/create_additional_database.yml index b4fee2c8a..da95b8704 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_database.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_database.yml @@ -33,6 +33,7 @@ {{ matrix_postgres_docker_image_to_use }} -c 'psql -h {{ matrix_postgres_connection_hostname }} --file=/matrix-postgres-init-additional-db-user-and-role.sql' + changed_when: true - name: Delete additional database initialization SQL file for {{ additional_db.name }} ansible.builtin.file: diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index e19dfbea2..2d03cd7fe 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -27,7 +27,7 @@ - name: Determine existing Postgres version (make sense of PG_VERSION file) ansible.builtin.set_fact: - matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + matrix_postgres_detected_version: "{{ result_pg_version['content'] | b64decode | replace('\n', '') }}" when: matrix_postgres_detected_existing | bool - name: Determine corresponding Docker image to detected version (assume default of latest) diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index 469eb86a7..83d0d4e91 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -131,6 +131,8 @@ {{ matrix_postgres_pgloader_docker_image }} -c 'pgloader {{ matrix_postgres_db_migration_request.pgloader_options | default([]) | join(' ') }} /in.db {{ matrix_postgres_db_migration_request.dst }}' + register: matrix_postgres_migrate_db_to_postgres_import_result + changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0 - block: # We can't use `{{ role_path }}` here, neither with `import_tasks`, nor with `include_tasks`, @@ -152,12 +154,16 @@ {{ matrix_postgres_docker_image_to_use }} psql --host=matrix-postgres --dbname={{ matrix_postgres_db_migration_request.additional_psql_statements_db_name }} --command='{{ item }}' with_items: "{{ matrix_postgres_db_migration_request.additional_psql_statements_list }}" + register: matrix_postgres_migrate_db_to_postgres_additional_queries_result + changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0 when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([])|length > 0" - name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) ansible.builtin.command: cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup" + register: matrix_postgres_migrate_db_to_postgres_move_result + changed_when: matrix_postgres_migrate_db_to_postgres_move_result.rc == 0 - name: Inject result ansible.builtin.set_fact: diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index b7cd08b9a..82a12f42e 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -12,8 +12,8 @@ matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_promethe # A list of extra arguments to pass to the container matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true", - "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", - "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\""] + "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{ matrix_prometheus_postgres_exporter_port }}\"", + "-e DATA_SOURCE_NAME=\"postgresql://{{ matrix_prometheus_postgres_exporter_database_username }}:{{ matrix_prometheus_postgres_exporter_database_password }}@{{ matrix_prometheus_postgres_exporter_database_hostname }}:5432/{{ matrix_prometheus_postgres_exporter_database_name }}?sslmode=disable\""] # List of systemd services that matrix-prometheus-postgres-exporter.service depends on matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service'] diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index aeb6ea6d3..8f5c21481 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -79,4 +79,4 @@ matrix_prometheus_configuration_extension: "{{ matrix_prometheus_configuration_e # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_prometheus_configuration_yaml`. -matrix_prometheus_configuration: "{{ matrix_prometheus_configuration_yaml | from_yaml|combine(matrix_prometheus_configuration_extension, recursive=True) }}" +matrix_prometheus_configuration: "{{ matrix_prometheus_configuration_yaml | from_yaml | combine(matrix_prometheus_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index 060f51a2e..1e53ae982 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -119,4 +119,4 @@ matrix_registration_configuration_extension: "{{ matrix_registration_configurati # Holds the final matrix-registration configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_registration_configuration_yaml`. -matrix_registration_configuration: "{{ matrix_registration_configuration_yaml | from_yaml|combine(matrix_registration_configuration_extension, recursive=True) }}" +matrix_registration_configuration: "{{ matrix_registration_configuration_yaml | from_yaml | combine(matrix_registration_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 2c0f3a864..1268d6029 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -73,4 +73,4 @@ matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension # Holds the final sygnal configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_sygnal_configuration_yaml`. -matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml | from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}" +matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml | from_yaml | combine(matrix_sygnal_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 279730bf2..87ef3d6a6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -523,7 +523,7 @@ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml | from_yaml }}" matrix_synapse_ext_password_provider_shared_secret_config_yaml: | - shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string | to_json }} + shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret | string | to_json }} m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled | to_json }} com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled | to_json }} @@ -682,4 +682,4 @@ matrix_synapse_configuration_extension: "{{ matrix_synapse_configuration_extensi # Holds the final Synapse configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_synapse_configuration_yaml`. -matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml | from_yaml|combine(matrix_synapse_configuration_extension, recursive=True) }}" +matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml | from_yaml | combine(matrix_synapse_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index d7354d05e..8c344b2de 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -29,3 +29,5 @@ - name: Register user ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" + register: matrix_synapse_register_user_result + changed_when: matrix_synapse_register_user_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 30849ded6..221a75700 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -21,6 +21,7 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_compress_room_command_result + changed_when: matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc == 0 - ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result" @@ -43,6 +44,7 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_psql_import_command_result + changed_when: matrix_synapse_rust_synapse_compress_state_psql_import_command_result.rc == 0 - name: Clean up ansible.builtin.file: diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 097b816a2..fcea86064 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -70,6 +70,7 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_find_rooms_command_result + changed_when: false # We expect the output to be like this: # diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 51e22d753..e4ec0f670 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -32,6 +32,7 @@ - name: Check if Synapse Docker image exists ansible.builtin.command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" register: matrix_synapse_docker_image_check_result + changed_when: false # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, # because the latter does not support BuildKit. diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 7c3964226..4b007bc30 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -12,7 +12,7 @@ port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_generic_workers" - loop: "{{ range(0, matrix_synapse_workers_generic_workers_count|int) | list }}" + loop: "{{ range(0, matrix_synapse_workers_generic_workers_count | int) | list }}" - name: Build federation sender workers ansible.builtin.set_fact: @@ -22,7 +22,7 @@ port: 0 metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_federation_sender_workers" - loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count|int) | list }}" + loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count | int) | list }}" # This type of worker can only have a count of 1, at most - name: Build pusher workers @@ -33,7 +33,7 @@ port: 0 metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_pusher_workers" - loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count|int) | list }}" + loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count | int) | list }}" # This type of worker can only have a count of 1, at most - name: Build appservice workers @@ -44,7 +44,7 @@ port: 0 metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_appservice_workers" - loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count|int) | list }}" + loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count | int) | list }}" - name: Build media_repository workers ansible.builtin.set_fact: @@ -54,7 +54,7 @@ port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_media_repository_workers" - loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count|int) | list }}" + loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count | int) | list }}" - name: Build frontend_proxy workers ansible.builtin.set_fact: @@ -64,7 +64,7 @@ port: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_frontend_proxy_workers" - loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count|int) | list }}" + loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count | int) | list }}" - ansible.builtin.set_fact: matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index f79a4115c..98c81a2e5 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -7,7 +7,7 @@ ansible.builtin.service: name: "{{ item.key }}" state: stopped - with_dict: "{{ ansible_facts.services | default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" + with_dict: "{{ ansible_facts.services | default({}) | dict2items | selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service') | list | items2dict }}" when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 - name: Find worker configs to be cleaned diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 1ae3183ed..586bf51b3 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -38,6 +38,9 @@ - name: Generate password hash ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" register: password_hash + changed_when: false - name: Update user password hash ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" + register: matrix_synapse_update_user_password_result + changed_when: matrix_synapse_update_user_password_result.rc == 0 diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index c2364650d..87cedb404 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -352,13 +352,13 @@ worker_app: synapse.app.homeserver # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ # reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'federation_sender')|list %} +{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list %} send_federation: false {% endif %} -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'media_repository')|list %} +{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list %} enable_media_repo: false {% endif %} -{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'pusher')|list %} +{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list %} start_pushers: false {% endif %} @@ -870,8 +870,8 @@ database: name: "psycopg2" txn_limit: {{ matrix_synapse_database_txn_limit }} args: - user: {{ matrix_synapse_database_user|string|to_json }} - password: {{ matrix_synapse_database_password|string|to_json }} + user: {{ matrix_synapse_database_user | string|to_json }} + password: {{ matrix_synapse_database_password | string|to_json }} database: "{{ matrix_synapse_database_database }}" host: "{{ matrix_synapse_database_host }}" port: {{ matrix_synapse_database_port }} @@ -1256,7 +1256,7 @@ turn_uris: {{ matrix_synapse_turn_uris|to_json }} # The shared secret used to compute passwords for the TURN server # -turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }} +turn_shared_secret: {{ matrix_synapse_turn_shared_secret | string|to_json }} # The Username and password if the TURN server needs them and # does not use a token @@ -1393,7 +1393,7 @@ registration_requires_token: {{ matrix_synapse_registration_requires_token|to_js # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. # -registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string|to_json }} +registration_shared_secret: {{ matrix_synapse_registration_shared_secret | string|to_json }} # Set the number of bcrypt rounds used to generate password hash. # Larger numbers increase the work factor needed to generate the hash. @@ -1657,13 +1657,13 @@ app_service_config_files: {{ matrix_synapse_app_service_config_files|to_json }} # the registration_shared_secret is used, if one is given; otherwise, # a secret key is derived from the signing key. # -macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|string|to_json }} +macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key | string|to_json }} # a secret which is used to calculate HMACs for form values, to stop # falsification of values. Must be specified for the User Consent # forms to work. # -form_secret: {{ matrix_synapse_form_secret|string|to_json }} +form_secret: {{ matrix_synapse_form_secret | string|to_json }} ## Signing Keys ## @@ -2263,7 +2263,7 @@ password_config: # Uncomment and change to a secret random string for extra security. # DO NOT CHANGE THIS AFTER INITIAL SETUP! # - pepper: {{ matrix_synapse_password_config_pepper|string|to_json }} + pepper: {{ matrix_synapse_password_config_pepper | string|to_json }} # Define and enforce a password policy. Each parameter is optional. # This is an implementation of MSC2000. @@ -2330,7 +2330,7 @@ email: # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. # #smtp_host: mail.server - smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }} + smtp_host: {{ matrix_synapse_email_smtp_host | string|to_json }} # The port on the mail server for outgoing SMTP. Defaults to 25. # @@ -2340,8 +2340,8 @@ email: # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. {% if matrix_synapse_email_smtp_user %} - smtp_user: {{ matrix_synapse_email_smtp_user|string|to_json }} - smtp_pass: {{ matrix_synapse_email_smtp_pass|string|to_json }} + smtp_user: {{ matrix_synapse_email_smtp_user | string|to_json }} + smtp_pass: {{ matrix_synapse_email_smtp_pass | string|to_json }} {% endif %} # Uncomment the following to require TLS transport security for SMTP. @@ -2371,7 +2371,7 @@ email: # trailing 's'. # #notif_from: "Your Friendly %(app)s homeserver " - notif_from: {{ matrix_synapse_email_notif_from|string|to_json }} + notif_from: {{ matrix_synapse_email_notif_from | string|to_json }} # app_name defines the default value for '%(app)s' in notif_from and email # subjects. It defaults to 'Matrix'. @@ -2398,7 +2398,7 @@ email: # supported for backwards-compatibility but is now deprecated.) # #client_base_url: "http://localhost/riot" - client_base_url: {{ matrix_synapse_email_client_base_url|string|to_json }} + client_base_url: {{ matrix_synapse_email_client_base_url | string|to_json }} # Configure the time that a validation email will expire after sending. # Defaults to 1h. @@ -2409,7 +2409,7 @@ email: # to the identity server as the org.matrix.web_client_location key. Defaults # to unset, giving no guidance to the identity server. # - invite_client_location: {{ matrix_synapse_email_invite_client_location|string|to_json }} + invite_client_location: {{ matrix_synapse_email_invite_client_location | string|to_json }} # Subjects to use when sending emails from Synapse. # @@ -2510,7 +2510,7 @@ password_providers: {% if matrix_synapse_ext_password_provider_rest_auth_enabled %} - module: "rest_auth_provider.RestAuthProvider" config: - endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint|string|to_json }} + endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint | string|to_json }} policy: registration: username: @@ -2525,20 +2525,20 @@ password_providers: - module: "ldap_auth_provider.LdapAuthProvider" config: enabled: true - uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }} + uri: {{ matrix_synapse_ext_password_provider_ldap_uri | string|to_json }} start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} - base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }} + base: {{ matrix_synapse_ext_password_provider_ldap_base | string|to_json }} active_directory: {{ matrix_synapse_ext_password_provider_ldap_active_directory|to_json }} - default_domain: {{ matrix_synapse_ext_password_provider_ldap_default_domain|string|to_json }} + default_domain: {{ matrix_synapse_ext_password_provider_ldap_default_domain | string|to_json }} attributes: - uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} - mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }} - name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }} + uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid | string|to_json }} + mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail | string|to_json }} + name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name | string|to_json }} {% if matrix_synapse_ext_password_provider_ldap_bind_dn %} - bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }} - bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }} + bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn | string|to_json }} + bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password | string|to_json }} {% endif %} - filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }} + filter: {{ matrix_synapse_ext_password_provider_ldap_filter | string|to_json }} {% endif %} {% endif %} From bb8b8c4bf0b44b2e5048b56ca7ad5046b0777f61 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 13:03:13 +0300 Subject: [PATCH 270/381] Fix tasks include regression --- roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 2 +- roles/matrix-postgres/tasks/setup_postgres.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 92715e6b7..9383b48b6 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -53,7 +53,7 @@ - name: Ensure authentication is properly configured ansible.builtin.include_tasks: - ansible.builtin.file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" + file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" when: - matrix_jitsi_enabled | bool - matrix_jitsi_enable_auth | bool diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 695876f60..c292c92ec 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -132,7 +132,7 @@ when: "matrix_postgres_enabled | bool and matrix_postgres_systemd_service_result.changed" - ansible.builtin.include_tasks: - ansible.builtin.file: "{{ role_path }}/tasks/util/create_additional_databases.yml" + file: "{{ role_path }}/tasks/util/create_additional_databases.yml" apply: tags: - always From 318bfa84d5d887abb90959387c6966379cc22122 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 13:21:32 +0300 Subject: [PATCH 271/381] Fix spacing around filter invocations --- roles/matrix-base/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index b3aa3a750..056b2694b 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -246,11 +246,11 @@ matrix_well_known_matrix_support_configuration_default: "{{ lookup('template', ' matrix_well_known_matrix_support_configuration_extension_json: '{}' -matrix_well_known_matrix_support_configuration_extension: "{{ matrix_well_known_matrix_support_configuration_extension_json|from_json if matrix_well_known_matrix_support_configuration_extension_json|from_json is mapping else {} }}" +matrix_well_known_matrix_support_configuration_extension: "{{ matrix_well_known_matrix_support_configuration_extension_json | from_json if matrix_well_known_matrix_support_configuration_extension_json | from_json is mapping else {} }}" # Holds the final `/.well-known/matrix/support` configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_support_configuration_default` and `matrix_well_known_matrix_support_configuration_extension_json`. -matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_support_configuration_default|combine(matrix_well_known_matrix_support_configuration_extension, recursive=True) }}" +matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_support_configuration_default | combine(matrix_well_known_matrix_support_configuration_extension, recursive=True) }}" # The Docker network that all services would be put into matrix_docker_network: "matrix" From 211ff20891747f638ad953b884c227d5344901af Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 14:08:35 +0300 Subject: [PATCH 272/381] Fix package-latest ansible-lint errors Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#package-latest --- roles/matrix-base/tasks/server_base/setup_archlinux.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup_debian.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup_fedora.yml | 6 +++--- roles/matrix-base/tasks/server_base/setup_raspbian.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup_redhat.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup_redhat8.yml | 8 ++++---- roles/matrix-base/tasks/util/ensure_fuse_installed.yml | 6 +++--- roles/matrix-base/tasks/util/ensure_openssl_installed.yml | 6 +++--- roles/matrix-ma1sd/tasks/setup_install.yml | 2 +- 9 files changed, 22 insertions(+), 22 deletions(-) diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/matrix-base/tasks/server_base/setup_archlinux.yml index 73c18ceef..c912e58f3 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/matrix-base/tasks/server_base/setup_archlinux.yml @@ -5,12 +5,12 @@ name: - python-docker - python-dnspython - state: latest + state: present update_cache: true - name: Ensure Docker is installed pacman: name: - docker - state: latest + state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index d6ef5cd90..271fab41f 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -29,7 +29,7 @@ ansible.builtin.apt: name: - "{{ matrix_ntpd_package }}" - state: latest + state: present update_cache: true - name: Ensure Docker is installed @@ -37,5 +37,5 @@ name: - "{{ matrix_docker_package_name }}" - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" - state: latest + state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml index b5646c8f6..2c7d528fb 100644 --- a/roles/matrix-base/tasks/server_base/setup_fedora.yml +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -21,7 +21,7 @@ ansible.builtin.yum: name: - "{{ matrix_ntpd_package }}" - state: latest + state: present update_cache: true - name: Ensure Docker is installed @@ -29,11 +29,11 @@ name: - "{{ matrix_docker_package_name }}" - python3-pip - state: latest + state: present when: matrix_docker_installation_enabled | bool - name: Ensure Docker-Py is installed ansible.builtin.pip: name: docker-py - state: latest + state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index b5eb40168..54ea4d185 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -29,7 +29,7 @@ ansible.builtin.apt: name: - "{{ matrix_ntpd_package }}" - state: latest + state: present update_cache: true - name: Ensure Docker is installed @@ -37,5 +37,5 @@ name: - "{{ matrix_docker_package_name }}" - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" - state: latest + state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml index 189fcecdd..4e5c97d4d 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -19,7 +19,7 @@ ansible.builtin.yum: name: - "{{ matrix_ntpd_package }}" - state: latest + state: present update_cache: true - name: Ensure Docker is installed @@ -27,5 +27,5 @@ name: - "{{ matrix_docker_package_name }}" - docker-python - state: latest + state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml index 9e1aaa010..932dbab50 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -19,14 +19,14 @@ ansible.builtin.yum: name: - epel-release - state: latest + state: present update_cache: true - name: Ensure yum packages are installed ansible.builtin.yum: name: - "{{ matrix_ntpd_package }}" - state: latest + state: present update_cache: true - name: Ensure Docker is installed @@ -34,11 +34,11 @@ name: - "{{ matrix_docker_package_name }}" - python3-pip - state: latest + state: present when: matrix_docker_installation_enabled | bool - name: Ensure Docker-Py is installed ansible.builtin.pip: name: docker-py - state: latest + state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index dfb1ddc80..47d2d9e85 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -4,7 +4,7 @@ ansible.builtin.yum: name: - fuse - state: latest + state: present when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian @@ -12,12 +12,12 @@ ansible.builtin.apt: name: - fuse - state: latest + state: present when: ansible_os_family == 'Debian' - name: Ensure fuse installed (Archlinux) pacman: name: - fuse3 - state: latest + state: present when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml index 909c0f1cb..ae22fb495 100644 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -4,7 +4,7 @@ ansible.builtin.yum: name: - openssl - state: latest + state: present when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian @@ -12,12 +12,12 @@ ansible.builtin.apt: name: - openssl - state: latest + state: present when: ansible_os_family == 'Debian' - name: Ensure openssl installed (Archlinux) pacman: name: - openssl - state: latest + state: present when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 61f01b292..073f22aa2 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -75,7 +75,7 @@ pacman: name: - gradle - state: latest + state: present update_cache: true when: ansible_distribution == 'Archlinux' From 0ab2001ce79f85ec5a06b0ef973c0818788090b0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 14:43:52 +0300 Subject: [PATCH 273/381] Fix git-latest ansible-lint errors Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#git-latest Our variable naming is not necessarily consistent across roles. I've tried to follow the naming conventions of each individual role. All new variables are suffixed with `_version`, but the prefix may be somewhat different. --- roles/matrix-backup-borg/defaults/main.yml | 1 + roles/matrix-backup-borg/tasks/setup_install.yml | 1 + roles/matrix-bot-buscarron/defaults/main.yml | 1 + roles/matrix-bot-buscarron/tasks/setup_install.yml | 1 + roles/matrix-bot-honoroit/defaults/main.yml | 1 + roles/matrix-bot-honoroit/tasks/setup_install.yml | 1 + .../matrix-bot-matrix-registration-bot/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bridge-appservice-irc/defaults/main.yml | 8 ++++++-- .../matrix-bridge-appservice-irc/tasks/setup_install.yml | 1 + roles/matrix-bridge-appservice-slack/defaults/main.yml | 8 ++++++-- .../tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 ++ .../matrix-bridge-mautrix-signal/tasks/setup_install.yml | 2 ++ roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ .../tasks/setup_install.yml | 2 ++ roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 1 + .../matrix-bridge-mautrix-twitter/tasks/setup_install.yml | 2 +- roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml | 1 + .../tasks/setup_install.yml | 1 + roles/matrix-bridge-mx-puppet-steam/defaults/main.yml | 1 + .../matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 1 + roles/matrix-client-element/defaults/main.yml | 1 + roles/matrix-client-element/tasks/prepare_themes.yml | 1 + 34 files changed, 48 insertions(+), 5 deletions(-) diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 83a5ca448..893817888 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -8,6 +8,7 @@ matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" matrix_backup_borg_container_image_self_build: false matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic" +matrix_backup_borg_docker_repo_version: main matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src" # version determined automatically, based on postgres server version (if enabled), otherwise latest is used diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 686313a29..95f1a5de9 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -63,6 +63,7 @@ - name: Ensure borg repository is present on self-build ansible.builtin.git: repo: "{{ matrix_backup_borg_docker_repo }}" + version: "{{ matrix_backup_borg_docker_repo_version }}" dest: "{{ matrix_backup_borg_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index aff54ceb0..6d289bb9c 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -6,6 +6,7 @@ matrix_bot_buscarron_enabled: true matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" +matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" matrix_bot_buscarron_version: v1.2.0 diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml index e9ba12586..b2ed24f50 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -62,6 +62,7 @@ - name: Ensure buscarron repository is present on self-build ansible.builtin.git: repo: "{{ matrix_bot_buscarron_docker_repo }}" + version: "{{ matrix_bot_buscarron_docker_repo_version }}" dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 665c64e9c..a48fb8789 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -6,6 +6,7 @@ matrix_bot_honoroit_enabled: true matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" +matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" matrix_bot_honoroit_version: v0.9.9 diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index f41c4a26f..b2a6e0d42 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -62,6 +62,7 @@ - name: Ensure honoroit repository is present on self-build ansible.builtin.git: repo: "{{ matrix_bot_honoroit_docker_repo }}" + version: "{{ matrix_bot_honoroit_docker_repo_version }}" dest: "{{ matrix_bot_honoroit_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml index 6cd0d15ae..d8e52b719 100644 --- a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -5,6 +5,7 @@ matrix_bot_matrix_registration_bot_enabled: true matrix_bot_matrix_registration_bot_container_image_self_build: false matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" +matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" matrix_bot_matrix_registration_bot_version: latest diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index e5155cddb..d4522321e 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -36,6 +36,7 @@ - name: Ensure matrix-registration-bot repository is present on self-build ansible.builtin.git: repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}" + version: "{{ matrix_bot_matrix_registration_bot_docker_repo_version }}" dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 9eebed0aa..610a43a32 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -6,6 +6,7 @@ matrix_bot_matrix_reminder_bot_enabled: true matrix_bot_matrix_reminder_bot_container_image_self_build: false matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git" +matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ matrix_bot_matrix_reminder_bot_version }}" matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src" matrix_bot_matrix_reminder_bot_version: release-v0.2.1 diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 915831d3f..f66542b88 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -55,6 +55,7 @@ - name: Ensure matrix-reminder-bot repository is present on self-build ansible.builtin.git: repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}" + version: "{{ matrix_bot_matrix_reminder_bot_docker_repo_version }}" dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 268a05dc3..aaee2b484 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -6,10 +6,14 @@ matrix_appservice_irc_enabled: true matrix_appservice_irc_container_image_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" +matrix_appservice_irc_docker_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.34.0 -matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" +# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). +# It's a bare version number now. We try to somewhat retain compatibility below. +matrix_appservice_irc_version: 0.34.0 +matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" +matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index c3bdd6399..5362491c6 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -72,6 +72,7 @@ - name: Ensure matrix-appservice-irc repository is present when self-building ansible.builtin.git: repo: "{{ matrix_appservice_irc_docker_repo }}" + version: "{{ matrix_appservice_irc_docker_repo_version }}" dest: "{{ matrix_appservice_irc_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index bbbbec998..a27f4db5f 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -6,10 +6,14 @@ matrix_appservice_slack_enabled: true matrix_appservice_slack_container_image_self_build: false matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git" +matrix_appservice_slack_docker_repo_version: "{{ 'master' if matrix_appservice_slack_version == 'latest' else matrix_appservice_slack_version }}" matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src" -matrix_appservice_slack_version: release-1.11.0 -matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}" +# matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). +# It's a bare version number now. We try to somewhat retain compatibility below. +matrix_appservice_slack_version: 1.11.0 +matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" +matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 32428f73a..a2921d980 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -46,6 +46,7 @@ - name: Ensure matrix-appservice-slack repository is present when self-building ansible.builtin.git: repo: "{{ matrix_appservice_slack_docker_repo }}" + version: "{{ matrix_appservice_slack_docker_repo_version }}" dest: "{{ matrix_appservice_slack_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 956d7174e..85d534e54 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" +matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_version: v0.3.3 # See: https://mau.dev/mautrix/googlechat/container_registry diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 8a9b55df0..47dd9b122 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -63,6 +63,7 @@ - name: Ensure Mautrix Hangots repository is present on self build ansible.builtin.git: repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}" + version: "{{ matrix_mautrix_googlechat_container_image_self_build_repo_version }}" dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index aaa9b3055..fc467871c 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mautrix_hangouts_enabled: true matrix_mautrix_hangouts_container_image_self_build: false matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/mautrix/hangouts.git" +matrix_mautrix_hangouts_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_hangouts_version == 'latest' else matrix_mautrix_googlechat_version }}" matrix_mautrix_hangouts_version: latest # See: https://mau.dev/mautrix/hangouts/container_registry diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index a135fd1f8..45a79fb48 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -63,6 +63,7 @@ - name: Ensure Mautrix Hangots repository is present on self build ansible.builtin.git: repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}" + version: "{{ matrix_mautrix_hangouts_container_image_self_build_repo_version }}" dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 888123973..e31f3f466 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mautrix_instagram_enabled: true matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" +matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_version: v0.1.3 # See: https://mau.dev/tulir/mautrix-instagram/container_registry diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index cac885adc..88b0286e7 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -36,6 +36,7 @@ - name: Ensure Mautrix instagram repository is present on self-build ansible.builtin.git: repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}" + version: "{{ matrix_mautrix_instagram_container_image_self_build_repo_version }}" dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 81ddb8cd7..84ef38cd5 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mautrix_signal_enabled: true matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" +matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 @@ -16,6 +17,7 @@ matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_ matrix_mautrix_signal_daemon_container_image_self_build: false matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald" +matrix_mautrix_signal_daemon_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_daemon_version == 'latest' else matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index d92f2b3fa..3a7ad508d 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -24,6 +24,7 @@ - name: Ensure Mautrix Signal repository is present on self-build ansible.builtin.git: repo: "{{ matrix_mautrix_signal_docker_repo }}" + version: "{{ matrix_mautrix_signal_docker_repo_version }}" dest: "{{ matrix_mautrix_signal_docker_src_files_path }}" force: "yes" become: true @@ -56,6 +57,7 @@ - name: Ensure Mautrix Signal Daemon repository is present on self-build ansible.builtin.git: repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}" + version: "{{ matrix_mautrix_signal_daemon_docker_repo_version }}" dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index fd7bf685a..2ac9fe04f 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -7,11 +7,13 @@ matrix_mautrix_telegram_enabled: true matrix_telegram_lottieconverter_container_image_self_build: false matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" +matrix_telegram_lottieconverter_docker_repo_version: "master" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" +matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" matrix_mautrix_telegram_version: v0.11.3 diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 52bb8328b..b6a0a745a 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -63,6 +63,7 @@ - name: Ensure lottieconverter is present when self-building ansible.builtin.git: repo: "{{ matrix_telegram_lottieconverter_docker_repo }}" + version: "{{ matrix_telegram_lottieconverter_docker_repo_version }}" dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" force: "yes" become: true @@ -85,6 +86,7 @@ - name: Ensure matrix-mautrix-telegram repository is present when self-building ansible.builtin.git: repo: "{{ matrix_mautrix_telegram_docker_repo }}" + version: "{{ matrix_mautrix_telegram_docker_repo_version }}" dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 8bf855dc2..512195cb3 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mautrix_twitter_enabled: true matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" +matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_version: v0.1.4 # See: https://mau.dev/tulir/mautrix-twitter/container_registry diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index a611f3527..05887c6d7 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -40,8 +40,8 @@ - name: Ensure Mautrix Twitter repository is present on self-build ansible.builtin.git: repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}" + version: "{{ matrix_mautrix_twitter_container_image_self_build_repo_version }}" dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" - # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" force: "yes" become: true become_user: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 9f0918b62..a7016b303 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mx_puppet_groupme_enabled: true matrix_mx_puppet_groupme_container_image_self_build: false matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme" +matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if matrix_mx_puppet_groupme_version == 'latest' else matrix_mx_puppet_groupme_version }}" # Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container). # diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 3393db217..812f8560c 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -81,6 +81,7 @@ - name: Ensure MX Puppet Groupme repository is present on self build ansible.builtin.git: repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}" + version: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo_version }}" dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 32f287d57..aae6eb5a7 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mx_puppet_instagram_enabled: true matrix_mx_puppet_instagram_container_image_self_build: false matrix_mx_puppet_instagram_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-instagram.git" +matrix_mx_puppet_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mx_puppet_instagram_version == 'latest' else matrix_mx_puppet_instagram_version }}" matrix_mx_puppet_instagram_version: latest matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:{{ matrix_mx_puppet_instagram_version }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 9222266b1..abd78144b 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -64,6 +64,7 @@ - name: Ensure mx-puppet-instagram repository is present on self build ansible.builtin.git: repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}" + version: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo_version }}" dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index e4140333c..895411624 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -6,6 +6,7 @@ matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo_version: "{{ 'master' if matrix_mx_puppet_steam_version == 'latest' else matrix_mx_puppet_steam_version }}" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 87c2a4244..89de24561 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -81,6 +81,7 @@ - name: Ensure MX Puppet Steam repository is present on self build ansible.builtin.git: repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}" + version: "{{ matrix_mx_puppet_steam_container_image_self_build_repo_version }}" dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" force: "yes" become: true diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index e710d0f72..152187603 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -89,6 +89,7 @@ matrix_client_element_enable_presence_by_hs_url: ~ # will be installed and enabled automatically. matrix_client_element_themes_enabled: false matrix_client_element_themes_repository_url: https://github.com/aaronraimist/element-themes +matrix_client_element_themes_repository_version: master # Controls the default theme matrix_client_element_default_theme: 'light' diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index 4ba38943e..c8ab93882 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -8,6 +8,7 @@ - name: Ensure Element themes repository is pulled ansible.builtin.git: repo: "{{ matrix_client_element_themes_repository_url }}" + version: "{{ matrix_client_element_themes_repository_version }}" dest: "{{ role_path }}/files/scratchpad/themes" - name: Find all Element theme files From 1693c4ca1d4cd3276966d5818d19c505081da86a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 15:08:10 +0300 Subject: [PATCH 274/381] Fix no-changed-when ansible-lint errors Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#no-changed-when --- .../tasks/migrate_nedb_to_postgres.yml | 4 ++ .../tasks/setup_install.yml | 10 ++++- .../tasks/migrate_nedb_to_postgres.yml | 4 ++ .../tasks/setup_install.yml | 19 ++++++---- .../tasks/setup_install.yml | 18 +++++---- .../tasks/setup_install.yml | 5 ++- .../tasks/run_docker_prune.yml | 5 ++- roles/matrix-dendrite/tasks/register_user.yml | 7 +++- roles/matrix-ma1sd/tasks/migrate_mxisd.yml | 15 ++++++-- .../tasks/import_generic_sqlite_db.yml | 4 ++ .../matrix-postgres/tasks/import_postgres.yml | 5 ++- .../tasks/import_synapse_sqlite_db.yml | 31 +++++++++------- .../tasks/migrate_postgres_data_directory.yml | 5 ++- roles/matrix-postgres/tasks/run_vacuum.yml | 3 +- .../tasks/upgrade_postgres.yml | 37 ++++++++++++------- 15 files changed, 116 insertions(+), 56 deletions(-) diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 6b87ab014..d5f4eefd3 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -52,6 +52,8 @@ {{ matrix_appservice_irc_docker_image }} -c '/usr/local/bin/node /app/lib/scripts/migrate-db-to-pgres.js --dbdir /data --privateKey /data/passkey.pem --connectionString {{ matrix_appservice_irc_database_connection_string }}' + register: matrix_appservice_irc_import_nedb_to_postgres_result + changed_when: matrix_appservice_irc_import_nedb_to_postgres_result.rc == 0 - name: Archive NeDB database files ansible.builtin.command: @@ -59,6 +61,8 @@ with_items: - rooms.db - users.db + register: matrix_appservice_irc_import_nedb_to_postgres_move_result + changed_when: matrix_appservice_irc_import_nedb_to_postgres_move_result.rc == 0 - name: Inject result ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 5362491c6..6b7fc92d9 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -30,10 +30,16 @@ failed_when: false - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory - ansible.builtin.command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" + ansible.builtin.command: + cmd: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" + register: matrix_appservice_irc_move_passkey_result + changed_when: matrix_appservice_irc_move_passkey_result.rc == 0 - name: (Data relocation) Move AppService IRC database files to ./data directory - ansible.builtin.command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" + ansible.builtin.command: + cmd: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" + register: matrix_appservice_irc_move_dbs_result + changed_when: matrix_appservice_irc_move_dbs_result.rc == 0 with_items: - rooms.db - users.db diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index a13d9cc2c..b9aca080a 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -46,10 +46,14 @@ {{ matrix_appservice_slack_docker_image }} -c '/usr/local/bin/node /usr/src/app/lib/scripts/migrateToPostgres.js --dbdir /data --connectionString {{ matrix_appservice_slack_database_connection_string }}' + register: matrix_appservice_slack_import_nedb_to_postgres_result + changed_when: matrix_appservice_slack_import_nedb_to_postgres_result.rc == 0 - name: Archive NeDB database files ansible.builtin.command: cmd: "mv {{ matrix_appservice_slack_data_path }}/{{ item }} {{ matrix_appservice_slack_data_path }}/{{ item }}.backup" + register: matrix_appservice_slack_import_nedb_to_postgres_move_result + changed_when: matrix_appservice_slack_import_nedb_to_postgres_move_result.rc == 0 with_items: - teams.db - room-store.db diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index bfbc1a6b4..04a787b83 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -48,14 +48,17 @@ # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image - ansible.builtin.command: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ - -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" + ansible.builtin.command: + cmd: | + {{ matrix_host_command_docker }} run \ + --rm \ + --entrypoint=/bin/sh \ + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ + -w /work \ + docker.io/python:3.9.6-buster \ + -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" + register: matrix_beeper_linkedin_generate_docker_requirements_result + changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0 - name: Ensure Beeper LinkedIn Docker image is built docker_image: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index e1ced948f..0c6bfc34b 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -69,15 +69,17 @@ group: "{{ matrix_user_groupname }}" - name: Validate hookshot config.yml - ansible.builtin.command: | - {{ matrix_host_command_docker }} run - --rm - --name={{ matrix_hookshot_container_url }}-validate - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - -v {{ matrix_hookshot_base_path }}/config.yml:/config.yml - {{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml + ansible.builtin.command: + cmd: | + {{ matrix_host_command_docker }} run + --rm + --name={{ matrix_hookshot_container_url }}-validate + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + -v {{ matrix_hookshot_base_path }}/config.yml:/config.yml + {{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml register: hookshot_config_validation_result + changed_when: false - name: Fail if hookshot config.yml invalid ansible.builtin.fail: diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 48c92bf08..77b4d1cd3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -36,7 +36,10 @@ failed_when: false - name: (Data relocation) Move mx-puppet-discord database file to ./data directory - ansible.builtin.command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" + ansible.builtin.command: + cmd: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" + register: matrix_mx_puppet_discord_relocate_database_result + changed_when: matrix_mx_puppet_discord_relocate_database_result.rc == 0 when: "matrix_mx_puppet_discord_stat_database.stat.exists" - ansible.builtin.set_fact: diff --git a/roles/matrix-common-after/tasks/run_docker_prune.yml b/roles/matrix-common-after/tasks/run_docker_prune.yml index 27fc16155..02dfadc5c 100644 --- a/roles/matrix-common-after/tasks/run_docker_prune.yml +++ b/roles/matrix-common-after/tasks/run_docker_prune.yml @@ -1,4 +1,7 @@ --- - name: Run Docker System Prune - ansible.builtin.command: "{{ matrix_host_command_docker }} system prune -a -f" + ansible.builtin.command: + cmd: "{{ matrix_host_command_docker }} system prune -a -f" + register: matrix_common_after_docker_prune_result + changed_when: matrix_common_after_docker_prune_result.rc == 0 diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index d1ac111e6..52544d5c8 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -19,7 +19,10 @@ - name: Wait a while, so that Dendrite can manage to start ansible.builtin.pause: seconds: 7 - when: "start_result.changed" + when: start_result.changed | bool - name: Register user - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username|quote }} {{ password|quote }}" + ansible.builtin.command: + cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username|quote }} {{ password|quote }}" + register: matrix_dendrite_register_user_result + changed_when: matrix_dendrite_register_user_result.rc == 0 diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index f80af0fd5..7457001c8 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -44,7 +44,10 @@ # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. - block: - name: Copy mxisd data files to ma1sd folder - ansible.builtin.command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" + ansible.builtin.command: + cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" + register: matrix_ma1sd_migrate_mxisd_data_files_copying_result + changed_when: matrix_ma1sd_migrate_mxisd_data_files_copying_result.rc == 0 - name: Check existence of mxisd.db file ansible.builtin.stat: @@ -52,11 +55,17 @@ register: matrix_ma1sd_mxisd_db_stat - name: Rename database (mxisd.db -> ma1sd.db) - ansible.builtin.command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" + ansible.builtin.command: + cmd: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" + register: matrix_ma1sd_migrate_mxisd_move_db_result + changed_when: matrix_ma1sd_migrate_mxisd_move_db_result.rc == 0 when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - name: Rename mxisd folder - ansible.builtin.command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" + ansible.builtin.command: + cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" + register: matrix_ma1sd_migrate_mxisd_move_directory_result + changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0 when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml index 37f3353e1..671cb33f5 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -80,10 +80,14 @@ {{ matrix_postgres_pgloader_docker_image }} -c 'pgloader /in.db {{ postgres_db_connection_string }}' + register: matrix_postgres_import_generic_sqlite_db_import_result + changed_when: matrix_postgres_import_generic_sqlite_db_import_result.rc == 0 - name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) ansible.builtin.command: cmd: "mv {{ sqlite_database_path }} {{ sqlite_database_path }}.backup" + register: matrix_postgres_import_generic_sqlite_db_move_result + changed_when: matrix_postgres_import_generic_sqlite_db_move_result.rc == 0 - name: Inject result ansible.builtin.set_fact: diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index d74afe1db..00d7ee3d7 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -101,6 +101,9 @@ and manually run the above import command directly on the server. - name: Perform Postgres database import - ansible.builtin.command: "{{ matrix_postgres_import_command }}" + ansible.builtin.command: + cmd: "{{ matrix_postgres_import_command }}" async: "{{ postgres_import_wait_time }}" poll: 10 + register: matrix_postgres_import_postgres_command_result + changed_when: matrix_postgres_import_postgres_command_result.rc == 0 diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml index 636b7b8e5..a459b6e1d 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -70,17 +70,20 @@ # Also, some old `docker_container` versions were buggy and would leave containers behind # on failure, which we had to work around to allow retries (by re-running the playbook). - name: Import SQLite database into Postgres - ansible.builtin.command: | - docker run - --rm - --name=matrix-synapse-migrate - --log-driver=none - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --entrypoint=python - --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data - --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store - --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} - {{ matrix_synapse_docker_image }} - /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml + ansible.builtin.command: + cmd: | + docker run + --rm + --name=matrix-synapse-migrate + --log-driver=none + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + --network={{ matrix_docker_network }} + --entrypoint=python + --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data + --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store + --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} + {{ matrix_synapse_docker_image }} + /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml + register: matrix_postgres_import_synapse_sqlite_db_result + changed_when: matrix_postgres_import_synapse_sqlite_db_result.rc == 0 diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index 8c92e3e9c..aeb54680a 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -51,8 +51,11 @@ - block: - name: Relocate Postgres data files from old directory to new - ansible.builtin.command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}" + ansible.builtin.command: + cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}" with_items: "{{ result_pg_old_data_dir_find.files }}" + register: matrix_postgres_migrate_postgres_data_directory_move_result + changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0 when: "result_pg_old_data_dir_stat.stat.exists" # Intentionally not starting matrix-postgres here. diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 040885880..39761fc6e 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -65,7 +65,7 @@ ansible.builtin.service_facts: - ansible.builtin.set_fact: - matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service']|default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" + matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service'] | default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" - name: Ensure matrix-synapse is stopped ansible.builtin.service: @@ -78,6 +78,7 @@ async: "{{ postgres_vacuum_wait_time }}" poll: 10 register: matrix_postgres_synapse_vacuum_result + changed_when: matrix_postgres_synapse_vacuum_result.rc == 0 # Intentionally show the results - ansible.builtin.debug: var="matrix_postgres_synapse_vacuum_result" diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 8e0d480db..6adeaa29b 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -78,18 +78,21 @@ # role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`) by itself on startup, # we need to remove these from the dump, or we'll get errors saying these already exist. - name: Perform Postgres database dump - ansible.builtin.command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump - --log-driver=none - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --entrypoint=/bin/sh - --mount type=bind,src={{ postgres_dump_dir }},dst=/out - {{ matrix_postgres_detected_version_corresponding_docker_image }} - -c "pg_dumpall -h matrix-postgres - {{ '| gzip -c ' if postgres_dump_name.endswith('.gz') else '' }} - > /out/{{ postgres_dump_name }}" + ansible.builtin.command: + cmd: >- + {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump + --log-driver=none + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --network={{ matrix_docker_network }} + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql + --entrypoint=/bin/sh + --mount type=bind,src={{ postgres_dump_dir }},dst=/out + {{ matrix_postgres_detected_version_corresponding_docker_image }} + -c "pg_dumpall -h matrix-postgres + {{ '| gzip -c ' if postgres_dump_name.endswith('.gz') else '' }} + > /out/{{ postgres_dump_name }}" + register: matrix_postgres_upgrade_postgres_dump_command_result + changed_when: matrix_postgres_upgrade_postgres_dump_command_result.rc == 0 - name: Ensure matrix-postgres is stopped ansible.builtin.service: @@ -97,7 +100,10 @@ state: stopped - name: Rename existing Postgres data directory - ansible.builtin.command: "mv {{ matrix_postgres_data_path }} {{ postgres_auto_upgrade_backup_data_path }}" + ansible.builtin.command: + cmd: "mv {{ matrix_postgres_data_path }} {{ postgres_auto_upgrade_backup_data_path }}" + register: matrix_postgres_upgrade_postgres_move_command_result + changed_when: matrix_postgres_upgrade_postgres_move_command_result.rc == 0 - ansible.builtin.debug: msg: "NOTE: Your Postgres data directory has been moved from `{{ matrix_postgres_data_path }}` to `{{ postgres_auto_upgrade_backup_data_path }}`. In the event of failure, you can move it back and run the playbook with --tags=setup-postgres to restore operation." @@ -155,7 +161,10 @@ and restore the automatically-made backup (`mv {{ postgres_auto_upgrade_backup_data_path }} {{ matrix_postgres_data_path }}`). - name: Perform Postgres database import - ansible.builtin.command: "{{ matrix_postgres_import_command }}" + ansible.builtin.command: + cmd: "{{ matrix_postgres_import_command }}" + register: matrix_postgres_upgrade_postgres_import_command_result + changed_when: matrix_postgres_upgrade_postgres_import_command_result.rc == 0 - name: Delete Postgres database dump file ansible.builtin.file: From cac9bf2637fd37b72bb62752e7c0cbc6fb75a4f5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 15:13:09 +0300 Subject: [PATCH 275/381] Fix syntax error regression --- roles/matrix-synapse/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index 62fa0ac2e..e049fcd1b 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -24,11 +24,11 @@ matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | # so it's not that important whether we forward them or not. # # Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. -matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*' | list | difference([none]) }}" +matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}" # A Synapse generic worker can handle both federation and client-server API endpoints. # We wish to split these, as we normally serve federation separately and don't want them mixed up. # # This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), # which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. -matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*(/_matrix/federation|/_matrix/key).*' | list | difference([none]) }}" +matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*(/_matrix/federation|/_matrix/key).*') | list | difference([none]) }}" From c1849ae888133ad8e69b29f719a62416b355234f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 15:33:41 +0300 Subject: [PATCH 276/381] Fix the remaining var-spacing ansible-lint errors Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#var-spacing --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- roles/matrix-dendrite/tasks/register_user.yml | 2 +- roles/matrix-postgres/defaults/main.yml | 4 ++-- roles/matrix-postgres/tasks/import_postgres.yml | 2 ++ roles/matrix-postgres/tasks/upgrade_postgres.yml | 4 ++++ roles/matrix-synapse/vars/main.yml | 6 +++++- 6 files changed, 15 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index a27f4db5f..6e5285cfe 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -115,7 +115,7 @@ matrix_appservice_slack_registration_yaml: | - exclusive: false regex: '#{{ matrix_appservice_slack_user_prefix }}.*' rooms: [] - url: "{{matrix_appservice_slack_appservice_url}}:{{ matrix_appservice_slack_matrix_port }}" + url: "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_matrix_port }}" sender_localpart: slackbot rate_limited: true protocols: null diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index 52544d5c8..e1b974825 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -23,6 +23,6 @@ - name: Register user ansible.builtin.command: - cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username|quote }} {{ password|quote }}" + cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }}" register: matrix_dendrite_register_user_result changed_when: matrix_dendrite_register_user_result.rc == 0 diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index b5442309f..39481f2e7 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -78,7 +78,7 @@ matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username] # which is unsupported by default by newer Postgres versions (v14+). # When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+. # If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default. -matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" +matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" # noqa var-spacing # A list of databases to avoid creating when importing (or upgrading) the database. # If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`), @@ -86,7 +86,7 @@ matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_post # We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump. matrix_postgres_import_databases_to_ignore: [matrix_postgres_db_name] -matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" +matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" # noqa var-spacing # The number of seconds to wait after starting `matrix-postgres.service` # and before trying to run queries for creating additional databases/users against it. diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index 00d7ee3d7..24a87dfb2 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -84,6 +84,8 @@ grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' | grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname={{ postgres_default_import_database }}" + tags: + - skip_ansible_lint # This is a hack. # See: https://ansibledaily.com/print-to-standard-output-without-escaping/ diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 6adeaa29b..53e5796b4 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -93,6 +93,8 @@ > /out/{{ postgres_dump_name }}" register: matrix_postgres_upgrade_postgres_dump_command_result changed_when: matrix_postgres_upgrade_postgres_dump_command_result.rc == 0 + tags: + - skip_ansible_lint - name: Ensure matrix-postgres is stopped ansible.builtin.service: @@ -144,6 +146,8 @@ grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' | grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' | psql -v ON_ERROR_STOP=1 -h matrix-postgres" + tags: + - skip_ansible_lint # This is a hack. # See: https://ansibledaily.com/print-to-standard-output-without-escaping/ diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index e049fcd1b..2d9b62cf7 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -31,4 +31,8 @@ matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synaps # # This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), # which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. -matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*(/_matrix/federation|/_matrix/key).*') | list | difference([none]) }}" +matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}" + +# matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints. +# It's intentionally put in a separate variable, to avoid tripping ansible-lint's var-spacing rule. +matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*' From 3408c710ee0e9d9ad5e525ca9b8ecd0d16780146 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 15:43:02 +0300 Subject: [PATCH 277/381] Add ansible-lint configuration file --- .config/ansible-lint.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .config/ansible-lint.yml diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml new file mode 100644 index 000000000..9b409a061 --- /dev/null +++ b/.config/ansible-lint.yml @@ -0,0 +1,14 @@ +--- + +use_default_rules: true + +skip_list: + - unnamed-task + - no-handler + - no-jinja-nesting + - schema + - var-naming + - command-instead-of-shell + - role-name + +offline: false From 7831dc91b3a9617642660b069855fbfd96c76750 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 16:15:04 +0300 Subject: [PATCH 278/381] Import tasks from other roles in a better way One that doesn't trip up ansible-lint, causing `load-failure` errors. --- roles/matrix-backup-borg/tasks/setup_install.yml | 5 ++++- roles/matrix-bot-buscarron/tasks/setup_install.yml | 4 +++- roles/matrix-bot-honoroit/tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../matrix-bridge-go-skype-bridge/tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- .../matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 4 +++- .../matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 4 +++- .../tasks/setup_install.yml | 4 +++- roles/matrix-dimension/tasks/setup_install.yml | 4 +++- roles/matrix-ma1sd/tasks/setup_install.yml | 4 +++- .../tasks/setup_postgres_backup.yml | 8 +++++--- .../tasks/{util => }/detect_existing_postgres_version.yml | 3 +++ roles/matrix-postgres/tasks/import_postgres.yml | 2 +- .../tasks/{util => }/migrate_db_to_postgres.yml | 6 +++--- .../tasks/migrate_postgres_data_directory.yml | 3 +++ roles/matrix-postgres/tasks/run_vacuum.yml | 2 +- roles/matrix-postgres/tasks/setup_postgres.yml | 2 +- roles/matrix-postgres/tasks/upgrade_postgres.yml | 2 +- roles/matrix-registration/tasks/setup_install.yml | 4 +++- 28 files changed, 79 insertions(+), 30 deletions(-) rename roles/matrix-postgres/tasks/{util => }/detect_existing_postgres_version.yml (92%) rename roles/matrix-postgres/tasks/{util => }/migrate_db_to_postgres.yml (96%) diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index 95f1a5de9..cc9816fa9 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,9 @@ --- + - block: - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: detect_existing_postgres_version - name: Fail if detected Postgres version is unsupported ansible.builtin.fail: diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml index b2ed24f50..0db7b728b 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -18,7 +18,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-buscarron.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: true diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index b2a6e0d42..9bb979fc2 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -18,7 +18,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-honoroit.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: true diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index f66542b88..0ad895af3 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -19,7 +19,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: true diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 4b12442bb..af17613c6 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -19,7 +19,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-appservice-discord.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: true diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index ba37c59c2..7403ff5c5 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -28,7 +28,9 @@ systemd_services_to_stop: ['matrix-go-skype-bridge.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: true diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 0855c1974..3e7d8f051 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -27,7 +27,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-facebook.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: true diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 47dd9b122..f2192a342 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -27,7 +27,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: true diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 45a79fb48..4087162e2 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -27,7 +27,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: true diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index b6a0a745a..6ce396573 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -27,7 +27,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-telegram.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: true diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index c80407e1d..c3edd6a75 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -28,7 +28,9 @@ systemd_services_to_stop: ['matrix-mautrix-whatsapp.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: true diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 77b4d1cd3..d60f73f9f 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -61,7 +61,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-discord.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: true diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 812f8560c..497f0109b 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -59,7 +59,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-groupme.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: true diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index abd78144b..7695d88ec 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -28,7 +28,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-instagram.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: true diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 5dab3c4a9..70dac9ace 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -55,7 +55,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-slack.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: true diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 89de24561..804876303 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -59,7 +59,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-steam.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: true diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 52c02fa96..305cd5dea 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -59,7 +59,9 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-twitter.service'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: true diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index c5456174f..7060285a6 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -61,7 +61,9 @@ additional_psql_statements_list: "{{ matrix_dimension_pgloader_additional_psql_statements_list }}" additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}" - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_dimension_requires_restart: true diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 073f22aa2..ef32288fa 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -38,7 +38,9 @@ systemd_services_to_stop: ['matrix-ma1sd.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: true diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index d45c152ce..a62467572 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -1,9 +1,11 @@ --- # -# Tasks related to setting up an internal postgres server +# Tasks related to setting up postgres backup # -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" +- ansible.builtin.import_role: + name: matrix-postgres + tasks_from: detect_existing_postgres_version when: 'matrix_postgres_backup_enabled | bool and matrix_postgres_backup_postgres_data_path != ""' # If we have found an existing version (installed from before), we use its corresponding Docker image. @@ -62,7 +64,7 @@ when: "matrix_postgres_backup_enabled | bool and matrix_postgres_backup_systemd_service_result.changed" # -# Tasks related to getting rid of the internal postgres backup server (if it was previously enabled) +# Tasks related to getting rid of postgres backup (if it was previously enabled) # - name: Check existence of matrix-postgres-backup service diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml similarity index 92% rename from roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml rename to roles/matrix-postgres/tasks/detect_existing_postgres_version.yml index 2d03cd7fe..4f4e5e9a7 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml @@ -2,6 +2,9 @@ # This utility aims to determine if there is some existing Postgres version in use or not. # If there is, it also tries to detect the Docker image that corresponds to that version. +# +# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible +# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html - name: Initialize Postgres version determination variables (default to empty) ansible.builtin.set_fact: diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index 24a87dfb2..53d67436b 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -56,7 +56,7 @@ delegate_to: 127.0.0.1 become: false -- ansible.builtin.import_tasks: tasks/util/detect_existing_postgres_version.yml +- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected ansible.builtin.fail: diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml similarity index 96% rename from roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml rename to roles/matrix-postgres/tasks/migrate_db_to_postgres.yml index 83d0d4e91..be967d684 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml @@ -135,9 +135,9 @@ changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0 - block: - # We can't use `{{ role_path }}` here, neither with `import_tasks`, nor with `include_tasks`, - # because it refers to the role that included this util, and not to the role this file belongs to. - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: detect_existing_postgres_version - ansible.builtin.set_fact: matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index aeb54680a..fde580f55 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -9,6 +9,9 @@ # # For this reason, we store the Postgres data in `/matrix/postgres/data` and need to relocate any installations # which still store it in the parent directory (`/matrix/postgres`). +# +# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible +# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html - name: Check if old Postgres data directory is used ansible.builtin.stat: diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 39761fc6e..ce2bee6b9 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -35,7 +35,7 @@ delegate_to: 127.0.0.1 become: false -- ansible.builtin.import_tasks: tasks/util/detect_existing_postgres_version.yml +- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected ansible.builtin.fail: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index c292c92ec..49eb3249b 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -7,7 +7,7 @@ - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml" when: matrix_postgres_enabled | bool -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/detect_existing_postgres_version.yml" when: matrix_postgres_enabled | bool # If we have found an existing version (installed from before), we use its corresponding Docker image. diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 53e5796b4..2f228a4c2 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -40,7 +40,7 @@ msg: "Detected that a left-over {{ postgres_auto_upgrade_backup_data_path }} exists. You should rename it to {{ matrix_postgres_data_path }} if the previous upgrade went wrong, or delete it if it went well." when: "result_auto_upgrade_path.stat.exists" -- ansible.builtin.import_tasks: tasks/util/detect_existing_postgres_version.yml +- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml - name: Abort, if no existing Postgres version detected ansible.builtin.fail: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index dbdb4aea1..d3048337d 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -24,7 +24,9 @@ - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE; additional_psql_statements_db_name: "{{ matrix_registration_database_name }}" - - ansible.builtin.import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_registration_requires_restart: true From c73680712b9d954f668584c7cfdfca4a4d59e415 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 16:43:12 +0300 Subject: [PATCH 279/381] Fix (suppress) var-naming ansible-lint errors Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#var-naming We don't really fix these, but just suppress them, because they're like that intentionally. We try to name variables in a way that is consistent with the configuration key they control. If the upstream component uses camelCase, we also need to include camelCase in the variable name. --- .config/ansible-lint.yml | 1 - roles/matrix-base/defaults/main.yml | 2 +- .../defaults/main.yml | 12 ++++++------ .../defaults/main.yml | 17 +++++++++-------- .../defaults/main.yml | 13 +++++++------ roles/matrix-bridge-hookshot/defaults/main.yml | 16 ++++++++-------- .../defaults/main.yml | 2 +- roles/matrix-client-element/defaults/main.yml | 14 +++++++------- .../tasks/prepare_themes.yml | 2 +- roles/matrix-dimension/defaults/main.yml | 2 +- roles/matrix-jitsi/defaults/main.yml | 2 +- roles/matrix-ma1sd/defaults/main.yml | 4 ++-- 12 files changed, 44 insertions(+), 43 deletions(-) diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index 9b409a061..beff46585 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -7,7 +7,6 @@ skip_list: - no-handler - no-jinja-nesting - schema - - var-naming - command-instead-of-shell - role-name diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 056b2694b..b658f4e24 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -157,7 +157,7 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server -matrix_client_element_jitsi_preferredDomain: '' +matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 683d7ecba..9f6109ed5 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -39,10 +39,10 @@ matrix_appservice_discord_appservice_url: 'http://matrix-appservice-discord:9005 matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}" # As of right now, the homeserver URL must be a public URL. See below. -matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" -matrix_appservice_discord_bridge_disablePresence: false -matrix_appservice_discord_bridge_enableSelfServiceBridging: false -matrix_appservice_discord_bridge_disablePortalBridging: false +matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" # noqa var-naming +matrix_appservice_discord_bridge_disablePresence: false # noqa var-naming +matrix_appservice_discord_bridge_enableSelfServiceBridging: false # noqa var-naming +matrix_appservice_discord_bridge_disablePortalBridging: false # noqa var-naming # Database-related configuration fields. # @@ -65,7 +65,7 @@ matrix_appservice_discord_database_name: 'matrix_appservice_discord' # These 2 variables are what actually ends up in the bridge configuration. # It's best if you don't change them directly, but rather redefine the sub-variables that constitute them. matrix_appservice_discord_database_filename: "{{ matrix_appservice_discord_sqlite_database_path_in_container }}" -matrix_appservice_discord_database_connString: 'postgresql://{{ matrix_appservice_discord_database_username }}:{{ matrix_appservice_discord_database_password }}@{{ matrix_appservice_discord_database_hostname }}:{{ matrix_appservice_discord_database_port }}/{{ matrix_appservice_discord_database_name }}' +matrix_appservice_discord_database_connString: 'postgresql://{{ matrix_appservice_discord_database_username }}:{{ matrix_appservice_discord_database_password }}@{{ matrix_appservice_discord_database_hostname }}:{{ matrix_appservice_discord_database_port }}/{{ matrix_appservice_discord_database_name }}' # noqa var-naming # Tells whether the bot should make use of "Privileged Gateway Intents". @@ -74,7 +74,7 @@ matrix_appservice_discord_database_connString: 'postgresql://{{ matrix_appservic # by triggering all Intent checkboxes on a page like this: `https://discord.com/developers/applications/694448564151123988/bot` # # Learn more: https://gist.github.com/advaith1/e69bcc1cdd6d0087322734451f15aa2f -matrix_appservice_discord_auth_usePrivilegedIntents: false +matrix_appservice_discord_auth_usePrivilegedIntents: false # noqa var-naming matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index aaee2b484..93a8e0844 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -23,7 +23,7 @@ matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data" matrix_appservice_irc_homeserver_url: "{{ matrix_homeserver_container_url }}" matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}' matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}' -matrix_appservice_irc_homeserver_enablePresence: true +matrix_appservice_irc_homeserver_enablePresence: true # noqa var-naming matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999' matrix_appservice_irc_database_engine: nedb @@ -38,14 +38,15 @@ matrix_appservice_irc_database_name: matrix_appservice_irc matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode=disable' # This is what actually goes into `database.connectionString` for the bridge. -matrix_appservice_irc_database_connectionString: "{{ - { - 'nedb': 'nedb:///data', - 'postgres': matrix_appservice_irc_database_connection_string, - }[matrix_appservice_irc_database_engine] -}}" +matrix_appservice_irc_database_connectionString: |- # noqa var-naming + {{ + { + 'nedb': 'nedb:///data', + 'postgres': matrix_appservice_irc_database_connection_string, + }[matrix_appservice_irc_database_engine] + }} -matrix_appservice_irc_ircService_servers: [] +matrix_appservice_irc_ircService_servers: [] # noqa var-naming # Example of `matrix_appservice_irc_ircService_servers` with one server (and all its options): # diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 6e5285cfe..71fca8e6e 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -67,12 +67,13 @@ matrix_appservice_slack_database_name: matrix_appservice_slack matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode=disable' # This is what actually goes into `database.connectionString` for the bridge. -matrix_appservice_slack_database_connectionString: "{{ - { - 'nedb': 'nedb:///data', - 'postgres': matrix_appservice_slack_database_connection_string, - }[matrix_appservice_slack_database_engine] -}}" +matrix_appservice_slack_database_connectionString: |- # noqa var-naming + {{ + { + 'nedb': 'nedb:///data', + 'postgres': matrix_appservice_slack_database_connection_string, + }[matrix_appservice_slack_database_engine] + }} matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 6ca33b8a6..62f797d08 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -72,7 +72,7 @@ matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hook # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' -matrix_hookshot_github_showIssueRoomLink: false +matrix_hookshot_github_showIssueRoomLink: false # noqa var-naming matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' @@ -97,7 +97,7 @@ matrix_hookshot_gitlab_secret: '' matrix_hookshot_figma_enabled: false # Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" -matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_figma_endpoint }}" +matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_figma_endpoint }}" # noqa var-naming # To bridge figma webhooks, you need to configure one of multiple instances like this: # matrix_hookshot_figma_instances: # your-instance: @@ -144,9 +144,9 @@ matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_enabled: true matrix_hookshot_widgets_port: 9003 -matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature -matrix_hookshot_widgets_roomSetupWidget_enabled: true -matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false +matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature # noqa var-naming +matrix_hookshot_widgets_roomSetupWidget_enabled: true # noqa var-naming +matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false # noqa var-naming # `disallowedIpRanges` describes which IP ranges should be disallowed when resolving homeserver IP addresses (for security reasons). Unless you know what you are doing, it is recommended to not include this key. The following IPs are blocked by default, unless you supply another list. # matrix_hookshot_widgets_disallowedIpRanges: # - 127.0.0.0/8 @@ -168,12 +168,12 @@ matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false # - 2001:db8::/32 # - ff00::/8 # - fec0::/10 -matrix_hookshot_widgets_disallowedIpRanges: '' +matrix_hookshot_widgets_disallowedIpRanges: '' # noqa var-naming matrix_hookshot_widgets_internal: "/widgetapi" # Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" -matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" -matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" # noqa var-naming +matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" # noqa var-naming # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 085a19aa4..771af9922 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -30,7 +30,7 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' -matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}" +matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}" # noqa var-naming # "@user:server.com" to allow specific user # "@.*:yourserver.com" to allow users on a specific homeserver diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 152187603..119f31a2e 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -39,9 +39,9 @@ matrix_client_element_integrations_ui_url: "https://scalar.vector.im/" matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" -matrix_client_element_permalinkPrefix: "https://matrix.to" +matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" -matrix_client_element_showLabsSettings: true +matrix_client_element_showLabsSettings: true # noqa var-naming # Element public room directory server(s) matrix_client_element_roomdir_servers: ['matrix.org'] matrix_client_element_welcome_user_id: ~ @@ -59,13 +59,13 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & col # Links, shown in footer of welcome page: # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}] -matrix_client_element_branding_authFooterLinks: ~ +matrix_client_element_branding_authFooterLinks: ~ # noqa var-naming # URL to image, shown during Login -matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" +matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming # URL to Wallpaper, shown in background of welcome page -matrix_client_element_branding_welcomeBackgroundUrl: ~ +matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" @@ -73,7 +73,7 @@ matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/wel # point this to a `home.html` template file on your local filesystem. matrix_client_element_embedded_pages_home_path: ~ -matrix_client_element_jitsi_preferredDomain: '' +matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming # Controls whether the self-check feature should validate SSL certificates. matrix_client_element_self_check_validate_certificates: true @@ -101,7 +101,7 @@ matrix_client_element_default_theme: 'light' # If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well. # # Note that for a custom theme to work well, all Element instances that you use must have the same theme installed. -matrix_client_element_settingDefaults_custom_themes: [] +matrix_client_element_settingDefaults_custom_themes: [] # noqa var-naming # Default Element configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index c8ab93882..8185122c6 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -26,7 +26,7 @@ - name: Load Element theme ansible.builtin.set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" + matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming with_items: "{{ matrix_client_element_theme_file_contents.results }}" run_once: true diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index a330accbc..ea1dde108 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -48,7 +48,7 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" -matrix_dimension_homeserver_federationUrl: "" +matrix_dimension_homeserver_federationUrl: "" # noqa var-naming # Database-related configuration fields. diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index ef6a5735e..5546d19c7 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -132,7 +132,7 @@ matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~ # Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10) matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~ -matrix_jitsi_web_config_defaultLanguage: 'en' +matrix_jitsi_web_config_defaultLanguage: 'en' # noqa var-naming # Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280) matrix_jitsi_web_config_resolution_width_ideal_and_max: ~ diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 657682656..3755a46ab 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -93,9 +93,9 @@ matrix_ma1sd_dns_overwrite_homeserver_client_value: "" # https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/session/session-views.md matrix_ma1sd_view_session_custom_templates_enabled: false # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitSuccess.html -matrix_ma1sd_view_session_custom_onTokenSubmit_success_template: "" +matrix_ma1sd_view_session_custom_onTokenSubmit_success_template: "" # noqa var-naming # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitFailure.html -matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template: "" +matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template: "" # noqa var-naming # Override the default email templates # To use this, fill in the template variables with the full desired template as a multi-line YAML variable From 8ad1fa085e205b3aefbe4efc10428093a0bf0144 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 16:48:25 +0300 Subject: [PATCH 280/381] Use full path when importing SSL setup tasks This is an attempt to make ansible-lint happy. --- roles/matrix-nginx-proxy/tasks/ssl/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml index 0fa735b4a..e9d270cfe 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -29,8 +29,8 @@ # Method specific tasks follow -- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt.yml" -- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_self_signed.yml +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed.yml" -- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_manually_managed.yml +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed.yml" From 2dc418a416abe9e4792657ff65ab21a0245a030e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 18 Jul 2022 16:51:33 +0300 Subject: [PATCH 281/381] Add Makefile and lint target --- Makefile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..f0aeb3971 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: lint + +help: ## Show this help. + @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' + +lint: ## Runs ansible-lint against all roles in the playbook + ansible-lint From 05ccee9f6f436c0b6f1e84b8f74fa002f205ef67 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 18 Jul 2022 15:37:04 +0000 Subject: [PATCH 282/381] Update Hookshot 1.8.0 -> 1.8.1 No docker tag published yet, [keep an eye on it](https://hub.docker.com/r/halfshot/matrix-hookshot/tags?page=1&ordering=last_updated&name=1.8.1) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 62f797d08..7ffb26a2c 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.8.0 +matrix_hookshot_version: 1.8.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 5b0bdced1d131d17e4335a704169ef3ba3764854 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 18 Jul 2022 21:24:17 +0300 Subject: [PATCH 283/381] update Honoroit 0.9.9 -> 0.9.10 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index a48fb8789..bbb6ecd3a 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.9 +matrix_bot_honoroit_version: v0.9.10 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -97,6 +97,9 @@ matrix_bot_honoroit_text_prefix_open: '' # Text prefix: done matrix_bot_honoroit_text_prefix_done: '' +# Text: no encryption +matrix_bot_honoroit_text_noencryption: '' + # Text: greetings matrix_bot_honoroit_text_greetings: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index de8b9d848..c5f2025be 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -11,6 +11,7 @@ HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} +HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }} HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }} From 0aca676f7ff7088869d1b3f9b7627df80c45b11f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 18 Jul 2022 18:35:42 +0000 Subject: [PATCH 284/381] Update Redis 7.0.3 -> 7.0.4 --- roles/matrix-redis/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 1534afdb2..4eefbce4c 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -8,7 +8,7 @@ matrix_redis_connection_password: "" matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" -matrix_redis_version: 7.0.3-alpine +matrix_redis_version: 7.0.4-alpine matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}" matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' From 24a027c6b9c5c822ee4202d8b5afc23beabf5d14 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Jul 2022 13:24:27 +0000 Subject: [PATCH 285/381] Update Synapse 1.62.0 -> 1.63.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 87ef3d6a6..faf9b3ef7 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.62.0 +matrix_synapse_version: v1.63.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 65bfc1396e0ded8839b66791dc0b8f33d6834d74 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 Jul 2022 16:47:01 +0300 Subject: [PATCH 286/381] Revert "Update Hookshot 1.8.0 -> 1.8.1" This reverts commit 05ccee9f6f436c0b6f1e84b8f74fa002f205ef67. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1952 --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 7ffb26a2c..62f797d08 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.8.1 +matrix_hookshot_version: 1.8.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 817830bb3de4594f9552058e0f94ce482f0d992d Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 19 Jul 2022 14:58:19 +0000 Subject: [PATCH 287/381] Update telemetry documentation to more closely match upstream Synapse no longer describes the stats as anonymized since the `server_name` is included. https://github.com/matrix-org/synapse/pull/13321 --- docs/configuring-playbook-telemetry.md | 30 ++----------------- .../templates/synapse/homeserver.yaml.j2 | 4 +-- 2 files changed, 5 insertions(+), 29 deletions(-) diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md index da5838385..22728b09e 100644 --- a/docs/configuring-playbook-telemetry.md +++ b/docs/configuring-playbook-telemetry.md @@ -3,8 +3,7 @@ By default, this playbook configures your Matrix homeserver to not send any telemetry data anywhere. The [matrix.org](https://matrix.org) team would really appreciate it if you could help the project out by reporting -anonymized usage statistics from your homeserver. Only very [basic aggregate -data](#usage-statistics-being-submitted) (e.g. number of users) will be reported, but it helps track the +usage statistics from your homeserver. Enabling usage statistics helps track the growth of the Matrix community, and helps to make Matrix a success. @@ -19,28 +18,5 @@ matrix_synapse_report_stats: true ## Usage statistics being submitted -If statistics reporting is enabled, the information that gets submitted to the matrix.org team [according to the source code](https://github.com/matrix-org/synapse/blob/master/synapse/app/homeserver.py) is: - -- your homeserver's domain name - -- uptime of the homeserver program - -- [Python](https://www.python.org/) version powering your homeserver - -- total number of users on your home server (including bridged users) - -- total number of native Matrix users on your home server - -- total number of rooms on your homeserver - -- total number of daily active users on your homeserver - -- total number of daily active rooms on your homeserver - -- total number of messages sent per day - -- cache setting information - -- CPU and memory statistics for the homeserver program - -- database engine type and version +See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) +for a list of the individual parameters that are reported. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index c2364650d..3f023ca21 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1587,11 +1587,11 @@ metrics_flags: # #known_servers: true -# Whether or not to report anonymized homeserver usage statistics. +# Whether or not to report homeserver usage statistics. # report_stats: {{ matrix_synapse_report_stats|to_json }} -# The endpoint to report the anonymized homeserver usage statistics to. +# The endpoint to report homeserver usage statistics to. # Defaults to https://matrix.org/report-usage-stats/push # #report_stats_endpoint: https://example.com/report-usage-stats/push From 66d4c7e0720ad0d253dd41721899fa20dfbdedc2 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 19 Jul 2022 15:25:32 +0000 Subject: [PATCH 288/381] [DO NOT MERGE]Update Coturn 4.5.2-r12 -> 4.5.2-r13 **no docker tag yet**, [keep an eye on it](https://hub.docker.com/r/coturn/coturn/tags?page=1&name=4.5.2-r13) --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 0b48616be..e1a544ba5 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r12 +matrix_coturn_version: 4.5.2-r13 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From efec303a229b7842898f9e2ea3eebb3a7a8afede Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 19 Jul 2022 16:42:53 +0000 Subject: [PATCH 289/381] Explicitly mention that your homeserver's domain is included in telemetry --- docs/configuring-playbook-telemetry.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md index 22728b09e..a97fa59c8 100644 --- a/docs/configuring-playbook-telemetry.md +++ b/docs/configuring-playbook-telemetry.md @@ -18,5 +18,9 @@ matrix_synapse_report_stats: true ## Usage statistics being submitted +When enabled, Synapse will regularly upload a few dozen statistics about your server. +This data includes your homeserver's domain, the total number of users, the number of active +users, the total number of rooms, and the number of messages sent per day on your homeserver. + See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) -for a list of the individual parameters that are reported. +for the full list of statistics that are reported. From 2e02e694b41078488672860ce1b4dfe67bfd9f95 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 19 Jul 2022 16:31:01 -0600 Subject: [PATCH 290/381] Update configuring-well-known.md Make use of `example.com` more consistent (replace `DOMAIN`) and simplify Caddy 2 config. Remove Caddy 1 config since Caddy 1 is long past EOL. --- docs/configuring-well-known.md | 48 ++++++++++------------------------ 1 file changed, 14 insertions(+), 34 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 53a353860..d4a8dc7ec 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -15,7 +15,7 @@ All services created by this playbook are meant to be installed on their own ser As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@:` while hosting services on a subdomain like `matrix.`, the Matrix network needs to be instructed of such delegation/redirection. -Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (``). +Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (``). Both methods have their place and will continue to do so. You only need to use just one of these delegation methods. For simplicity reasons, our setup advocates for the `/.well-known/matrix/server` method and guides you into using that. @@ -79,7 +79,7 @@ If you're managing the base domain by yourself somehow, you'll need to set up se To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them. -You have 3 options when it comes to installing the files on the base domain's server: +You have 4 options when it comes to installing the files on the base domain's server: ### (Option 1): **Copying the files manually** to your base domain's server @@ -116,12 +116,12 @@ With this method, you **don't need** to add special HTTP headers for [CORS](http **For nginx**, it would be something like this: ```nginx -# This is your HTTPS-enabled server for DOMAIN. +# This is your HTTPS-enabled server for example.com. server { - server_name DOMAIN; + server_name example.com; location /.well-known/matrix { - proxy_pass https://matrix.DOMAIN/.well-known/matrix; + proxy_pass https://matrix.example.com/.well-known/matrix; proxy_set_header X-Forwarded-For $remote_addr; } @@ -133,11 +133,11 @@ server { ```apache - ServerName DOMAIN + ServerName example.com SSLProxyEngine on - ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon - ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPass /.well-known/matrix https://matrix.example.com/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.example.com/.well-known/matrix nocanon # other configuration @@ -146,30 +146,10 @@ server { **For Caddy 2**, it would be something like this: ```caddy -DOMAIN.com { - @wellknown { - path /.well-known/matrix/*:x - } - - handle @wellknown { - reverse_proxy https://matrix.DOMAIN.com { - header_up Host {http.reverse_proxy.upstream.hostport} - } - } - # Configration for the base domain goes here - # handle { - # header -Server - # encode zstd gzip - # reverse_proxy localhost:4020 - # } -} -``` - -**For Caddy 1**, it would be something like this: - -```caddy -proxy /.well-known/matrix/ https://matrix.DOMAIN { - header_upstream Host {http.reverse_proxy.upstream.hostport} +example.com { + reverse_proxy /.well-known/matrix/* https://matrix.example.com { + header_up Host {upstream_hostport} + } } ``` @@ -196,7 +176,7 @@ backend matrix-backend ``` # In the _redirects file in the website's root -/.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! +/.well-known/matrix/* https://matrix.example.com/.well-known/matrix/:splat 200! ``` **For AWS CloudFront** @@ -206,7 +186,7 @@ backend matrix-backend Make sure to: -- **replace `DOMAIN`** in the server configuration with your actual domain name +- **replace `example.com`** in the server configuration with your actual domain name - and: to **do this for the HTTPS-enabled server block**, as that's where Matrix expects the file to be From dbddd9f989414911f7f81bd59dfa16c575792c2f Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 19 Jul 2022 19:02:32 -0400 Subject: [PATCH 291/381] Migrate mx-puppet-groupme to new repo --- README.md | 2 +- docs/configuring-playbook-bridge-mx-puppet-groupme.md | 2 +- docs/container-images.md | 2 +- .../matrix-bridge-mx-puppet-groupme/defaults/main.yml | 10 +++++----- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 251df0436..832f430cd 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation -- (optional) the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation +- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation diff --git a/docs/configuring-playbook-bridge-mx-puppet-groupme.md b/docs/configuring-playbook-bridge-mx-puppet-groupme.md index 2f0eda192..4d03d5d96 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-groupme.md +++ b/docs/configuring-playbook-bridge-mx-puppet-groupme.md @@ -1,7 +1,7 @@ # Setting up MX Puppet GroupMe (optional) The playbook can install and configure -[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you. +[mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/docs/container-images.md b/docs/container-images.md index a587d932f..357164b22 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -76,7 +76,7 @@ These services are not part of our default installation, but can be enabled by [ - [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional) -- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional) +- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional) - [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional) diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index a7016b303..59b8c1936 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,11 +1,11 @@ --- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge -# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme +# Project source code URL: https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme matrix_mx_puppet_groupme_enabled: true matrix_mx_puppet_groupme_container_image_self_build: false -matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme" +matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme" matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if matrix_mx_puppet_groupme_version == 'latest' else matrix_mx_puppet_groupme_version }}" # Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container). @@ -13,9 +13,9 @@ matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if # Takes an ":" or "" value (e.g. "127.0.0.1:8437"), or empty string to not expose. matrix_mx_puppet_groupme_container_http_host_bind_port: '' -matrix_mx_puppet_groupme_version: latest -matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" -matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_groupme_version: 533cccc8 +matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix-pub/matrix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" +matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}" matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme" From 1dea35209ba82f30d363cf7b21628656b5efb1be Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 19 Jul 2022 19:46:45 -0400 Subject: [PATCH 292/381] Fix self-build error image names --- roles/matrix-bridge-appservice-irc/tasks/init.yml | 2 +- roles/matrix-bridge-appservice-slack/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-facebook/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-googlechat/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-hangouts/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-instagram/tasks/init.yml | 2 +- roles/matrix-bridge-mautrix-telegram/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-discord/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-slack/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-steam/tasks/init.yml | 2 +- roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml | 2 +- roles/matrix-corporal/tasks/init.yml | 2 +- roles/matrix-coturn/tasks/init.yml | 2 +- roles/matrix-dynamic-dns/tasks/init.yml | 2 +- roles/matrix-ma1sd/tasks/init.yml | 2 +- roles/matrix-mailer/tasks/init.yml | 2 +- roles/matrix-registration/tasks/init.yml | 2 +- roles/matrix-synapse-admin/tasks/init.yml | 2 +- 20 files changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index d22dd5d71..9713e9b7f 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the matrix-appservice-irc image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index b4895aea7..e11125ed9 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the matrix-appservice-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index a5debc0b7..c5eb58bec 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Facebook image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index af1e7d30a..7f846526a 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Google Chat image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 28ca1cdbc..8ad9bc02a 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Hangouts image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index 858e29179..5a78afed9 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index e83bc6631..fac5a86c3 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Telegram image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 1a821d7d8..9fbba3c81 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-discord image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index 92f041d40..1a06b09ea 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-groupme image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index 5e89275cf..850c68592 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index fd9d62ae4..2213df55c 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index 6c9a9a4fe..fb3257b23 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-steam image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 3667ebc75..d6e659643 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-twitter image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index c6686a37f..dffdbe908 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Matrix Corporal image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index 60a772647..315dfb656 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the coturn image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index 1cd6170e3..9c906441f 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Dynamic DNS image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index 1d425006f..48226aa07 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the ma1sd image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled | bool" - ansible.builtin.set_fact: diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index e83902d7a..487ed0c9c 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Matrix Mailer image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index 064f895c1..922db0f71 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Matrix Registration image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index 4d8a5eb0b..f934eced2 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Synapse Admin image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_image_self_build and matrix_synapse_admin_enabled" - ansible.builtin.set_fact: From d6d311e810d45d6d4ba5464cc47a988b618fa5d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:27:20 +0200 Subject: [PATCH 293/381] Fix plugin database issue --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index d542fe914..254c836e7 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -27,7 +27,7 @@ plugin_directories: # Configuration for storing plugin databases plugin_databases: - type: default + postgres: default server: # The IP and port to listen to. From 73ebbdcacd75e701a80c5ee31921121f4c75bbaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:29:03 +0200 Subject: [PATCH 294/381] Move maubot nginx config Reasoning: setup_install.yml only runs on --tags=setup-all or on --tags=setup-bot-maubot. If --tags=setup-nginx-proxy or similar commands are run, setup_install.yml will not run and the nginx configuration will be incomplete. --- roles/matrix-bot-maubot/tasks/init.yml | 39 ++++++++++++++++++ .../matrix-bot-maubot/tasks/setup_install.yml | 40 ------------------- 2 files changed, 39 insertions(+), 40 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 6f55c7472..032fdbf7b 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -3,3 +3,42 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool + +- name: Generate Maubot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:29316/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + when: matrix_bot_maubot_proxy_management_interface|bool + +- name: Register Maubot's proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + when: matrix_bot_maubot_proxy_management_interface|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index b4b03165b..8b27cd03f 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -24,46 +24,6 @@ group: "{{ matrix_user_groupname }}" mode: "u=rwx" -- name: Generate Maubot proxying configuration for matrix-nginx-proxy - set_fact: - matrix_bot_maubot_matrix_nginx_proxy_configuration: | - location ~ ^/(_matrix/maubot/.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-bot-maubot:29316/$1"; - proxy_pass http://$backend; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% endif %} - } - when: matrix_bot_maubot_proxy_management_interface|bool - -- name: Register Maubot's proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_bot_maubot_matrix_nginx_proxy_configuration] - }} - when: matrix_bot_maubot_proxy_management_interface|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `/_matrix/maubot` - URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" - - - name: Ensure maubot image is pulled docker_image: name: "{{ matrix_bot_maubot_docker_image }}" From d2e6ab6c3885dfa267c0ce5cdfb6163b7782d88b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:41:17 +0200 Subject: [PATCH 295/381] Fix some CI lint errors --- roles/matrix-bot-maubot/tasks/init.yml | 73 +++++++++++++------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 032fdbf7b..09a5f9a8a 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -4,41 +4,42 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool -- name: Generate Maubot proxying configuration for matrix-nginx-proxy - set_fact: - matrix_bot_maubot_matrix_nginx_proxy_configuration: | - location ~ ^/(_matrix/maubot/.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-bot-maubot:29316/$1"; - proxy_pass http://$backend; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% endif %} - } - when: matrix_bot_maubot_proxy_management_interface|bool +- block: + - name: Generate Maubot proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:29316/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + when: matrix_bot_maubot_proxy_management_interface|bool -- name: Register Maubot's proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_bot_maubot_matrix_nginx_proxy_configuration] - }} - when: matrix_bot_maubot_proxy_management_interface|bool + - name: Register Maubot's proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + when: matrix_bot_maubot_proxy_management_interface|bool -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `/_matrix/maubot` - URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" From f8a88707119feea06042cdba20f6e57d4848aadf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:48:26 +0200 Subject: [PATCH 296/381] Use FQCN --- roles/matrix-bot-maubot/tasks/init.yml | 2 +- roles/matrix-bot-maubot/tasks/setup_install.yml | 16 ++++++++-------- .../matrix-bot-maubot/tasks/setup_uninstall.yml | 12 ++++++------ .../matrix-bot-maubot/tasks/validate_config.yml | 2 +- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 09a5f9a8a..fe33da9b6 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 8b27cd03f..cf350c02c 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure maubot paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0755 @@ -17,7 +17,7 @@ when: "item.when|bool" - name: Ensure maubot configuration file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/config/config.yaml.j2" dest: "{{ matrix_bot_maubot_data_path }}/config.yaml" owner: "{{ matrix_user_username }}" @@ -25,7 +25,7 @@ mode: "u=rwx" - name: Ensure maubot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -37,7 +37,7 @@ until: result is not failed - name: Ensure maubot repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_maubot_docker_repo }}" dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" @@ -47,7 +47,7 @@ when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure maubot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: build force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -59,18 +59,18 @@ when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure matrix-bot-maubot.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" mode: 0644 register: matrix_bot_maubot_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-maubot.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_maubot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-maubot.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-maubot.service" state: restarted diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index f1d2fca26..8812eeed6 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -1,12 +1,12 @@ --- - name: Check existence of matrix-maubot service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" register: matrix_bot_maubot_service_stat - name: Ensure matrix-bot-maubot is stopped - service: + ansible.builtin.service: name: matrix-bot-maubot state: stopped enabled: false @@ -15,22 +15,22 @@ when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure matrix-bot-maubot.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" state: absent when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-maubot.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure Matrix maubot paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_maubot_base_path }}" state: absent - name: Ensure maubot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" state: absent diff --git a/roles/matrix-bot-maubot/tasks/validate_config.yml b/roles/matrix-bot-maubot/tasks/validate_config.yml index 18070160a..5b28d9c0e 100644 --- a/roles/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/matrix-bot-maubot/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" From 04a817aeaadf8db96f7e81db7a33c1d4edd0b486 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:55:10 +0200 Subject: [PATCH 297/381] Use explicit version for self build --- roles/matrix-bot-maubot/defaults/main.yml | 2 ++ roles/matrix-bot-maubot/tasks/setup_install.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index d5be023f9..7c5cb0eb6 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -4,6 +4,8 @@ matrix_bot_maubot_enabled: true matrix_bot_maubot_container_image_self_build: false matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" +matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" + matrix_bot_maubot_version: v0.3.1 matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index cf350c02c..c136fd897 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -39,6 +39,7 @@ - name: Ensure maubot repository is present on self-build ansible.builtin.git: repo: "{{ matrix_bot_maubot_docker_repo }}" + version: "{{ matrix_bot_maubot_docker_repo_version }}" dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" become: true From f2dcbe5c9cd5119a671d57c00002f4ef778b7961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 09:00:47 +0200 Subject: [PATCH 298/381] Name all tasks --- roles/matrix-bot-maubot/defaults/main.yml | 8 +++++++- roles/matrix-bot-maubot/tasks/init.yml | 6 ++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 7c5cb0eb6..57c3f5f7d 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -29,7 +29,13 @@ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot -matrix_bot_maubot_database_connection_string: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' +matrix_bot_maubot_database_connection_string: > + postgres://{{ matrix_bot_maubot_database_username }} + :{{ matrix_bot_maubot_database_password }} + @{{ matrix_bot_maubot_database_hostname }} + :{{ matrix_bot_maubot_database_port }} + /{{ matrix_bot_maubot_database_name }} + ?sslmode=disable' matrix_bot_maubot_database_uri: "{{ { diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index fe33da9b6..54fd714b5 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -1,10 +1,12 @@ --- -- ansible.builtin.set_fact: +- name: Add maubot to the systemd service list + ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool -- block: +- name: Configure nginx for maubot + block: - name: Generate Maubot proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_bot_maubot_matrix_nginx_proxy_configuration: | From 492d430cb00948defab71107935db966d5489c35 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 10:01:42 +0300 Subject: [PATCH 299/381] Revert "Revert "Update Hookshot 1.8.0 -> 1.8.1"" This reverts commit 65bfc1396e0ded8839b66791dc0b8f33d6834d74. The 1.8.1 image is published now, so we can finally upgrade. --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 62f797d08..7ffb26a2c 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.8.0 +matrix_hookshot_version: 1.8.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From e306d0051e22b4e69e457e4048ceb7c6198d1a4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 10:07:03 +0300 Subject: [PATCH 300/381] Add project introduction to maubot's defaults file --- roles/matrix-bot-maubot/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 57c3f5f7d..49437ece1 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -1,5 +1,8 @@ --- +# maubot is a plugin-based Matrix bot system. +# Project source code URL: https://mau.dev/maubot/maubot + matrix_bot_maubot_enabled: true matrix_bot_maubot_container_image_self_build: false matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" From b8832e30143107e003e51f509e4f92a7ac6b99f8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 10:27:13 +0300 Subject: [PATCH 301/381] Fix some Jinja2 inconsistencies in maubot role --- roles/matrix-bot-maubot/tasks/init.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 54fd714b5..001a3c477 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -3,7 +3,7 @@ - name: Add maubot to the systemd service list ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" - when: matrix_bot_maubot_enabled|bool + when: matrix_bot_maubot_enabled | bool - name: Configure nginx for maubot block: @@ -11,7 +11,7 @@ ansible.builtin.set_fact: matrix_bot_maubot_matrix_nginx_proxy_configuration: | location ~ ^/(_matrix/maubot/.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} + {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-bot-maubot:29316/$1"; @@ -25,13 +25,13 @@ proxy_set_header Connection "upgrade"; {% endif %} } - when: matrix_bot_maubot_proxy_management_interface|bool + when: matrix_bot_maubot_proxy_management_interface | bool - name: Register Maubot's proxying configuration with matrix-nginx-proxy ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + [matrix_bot_maubot_matrix_nginx_proxy_configuration] }} @@ -44,4 +44,4 @@ reverse proxy. Please make sure that you're proxying the `/_matrix/maubot` URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_bot_maubot_enabled | bool and matrix_bot_maubot_proxy_management_interface | bool and matrix_nginx_proxy_enabled is not defined" From a1bfad1e9babb1c430f9f89e0c4a98c8051ccdfa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 11:16:49 +0300 Subject: [PATCH 302/381] Fix whitespace in matrix_bot_maubot_database_connection_string --- roles/matrix-bot-maubot/defaults/main.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 49437ece1..f210ba517 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -32,13 +32,7 @@ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot -matrix_bot_maubot_database_connection_string: > - postgres://{{ matrix_bot_maubot_database_username }} - :{{ matrix_bot_maubot_database_password }} - @{{ matrix_bot_maubot_database_hostname }} - :{{ matrix_bot_maubot_database_port }} - /{{ matrix_bot_maubot_database_name }} - ?sslmode=disable' +matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable matrix_bot_maubot_database_uri: "{{ { From b20cfc5015317afc4f8d9a7e0f8ba5d80153591e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 11:23:32 +0200 Subject: [PATCH 303/381] Clear up maubot role (#1960) * Make interface hidden behind proxy by default * Remove expose option and replace with http_bind_port Reasoning: This is a similar binary trigger but allows to bin not on all interfaces * Clarify maubot admin purpose * Remove unnecessary edif * Extend docs to prevent common misconceptions * Make http_bind_port singular, do not allow multiple values * Make optional again --- docs/configuring-playbook-bot-maubot.md | 10 +++++++++- roles/matrix-bot-maubot/defaults/main.yml | 3 +-- .../templates/systemd/matrix-bot-maubot.service.j2 | 6 +++--- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index 1fbe8d173..d74cfb2fc 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -18,7 +18,8 @@ matrix_bot_maubot_admins: - yourusername: securepassword ``` -You can add multiple admins. +You can add multiple admins. The admin accounts are not connected to any matrix ID and are only used to access the +maubot administration interface. ## Installing @@ -32,6 +33,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. + +You should start in the following order +1. **Create one or more clients:** A client is a matrix account which the bot will use to message. +2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source. +3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use +and the plugin (how the bot will behave) + To add a client you first need to create an account and obtain a valid access token. ## Registering the bot user diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index f210ba517..c6d92215c 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -19,8 +19,7 @@ matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" matrix_bot_maubot_bot_server_public_url: "https://{{ matrix_server_fqn_matrix }}" -matrix_bot_maubot_proxy_management_interface: false -matrix_bot_maubot_expose_management_interface: true +matrix_bot_maubot_proxy_management_interface: true matrix_bot_maubot_database_engine: sqlite matrix_bot_maubot_sqlite_database_path_local: "{{ matrix_bot_maubot_data_path }}/maubot.db" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 594356676..6f8ec6f6b 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -26,9 +26,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ - {% if matrix_bot_maubot_expose_management_interface|bool %} - -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ - {% endif %} + {% if matrix_bot_maubot_management_interface_http_bind_port | bool %} + -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:29316 + {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /data/config.yaml From d1649ff67b93f145bbbc3766590b0b62242fa5ba Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 12:40:30 +0300 Subject: [PATCH 304/381] Do not restart matrix-bot-maubot.service on every playbook run Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- roles/matrix-bot-maubot/tasks/setup_install.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index c136fd897..5d9965a03 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -70,8 +70,3 @@ ansible.builtin.service: daemon_reload: true when: "matrix_bot_maubot_systemd_service_result.changed|bool" - -- name: Ensure matrix-bot-maubot.service restarted, if necessary - ansible.builtin.service: - name: "matrix-bot-maubot.service" - state: restarted From 46ced6134ca3ebdea1bcd20d65921fe90b68855f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 12:48:12 +0300 Subject: [PATCH 305/381] Store maubot configuration separately from data Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 Because the configuration file is now mounted as readonly and maubot tries to update it on start, we get this warning: > Failed to create tempfile to write updated config to disk: [Errno 30] Read-only file system: '/config/tmpfa8vcb3y.yaml' It doesn't seem to cause issues though. Because the configuration is no longer overwritten on every bot start, each next Ansible run should no longer overwrite it again and report a "changed" task. --- roles/matrix-bot-maubot/tasks/setup_install.yml | 3 ++- .../templates/systemd/matrix-bot-maubot.service.j2 | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 5d9965a03..50e48254c 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -9,6 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} + - {path: "{{ matrix_bot_maubot_config_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true} - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true} @@ -19,7 +20,7 @@ - name: Ensure maubot configuration file created ansible.builtin.template: src: "{{ role_path }}/templates/config/config.yaml.j2" - dest: "{{ matrix_bot_maubot_data_path }}/config.yaml" + dest: "{{ matrix_bot_maubot_config_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: "u=rwx" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 6f8ec6f6b..18b32c98d 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -21,16 +21,17 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ --cap-drop=ALL \ - -v {{ matrix_bot_maubot_data_path }}:/data:z \ + --mount type=bind,src={{ matrix_bot_maubot_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_bot_maubot_data_path }},dst=/data \ {% for arg in matrix_bot_maubot_container_extra_arguments %} {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ - {% if matrix_bot_maubot_management_interface_http_bind_port | bool %} + {% if matrix_bot_maubot_management_interface_http_bind_port %} -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:29316 {% endif %} {{ matrix_bot_maubot_docker_image }} \ - python3 -m maubot -c /data/config.yaml + python3 -m maubot -c /config/config.yaml ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From d2fb6a86e11b4c2cc197c05597a532ea023b69a9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 12:50:00 +0300 Subject: [PATCH 306/381] Fix matrix-bot-maubot.service.j2 indentation (tabs only) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- .../templates/systemd/matrix-bot-maubot.service.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 18b32c98d..8957da5e5 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -27,9 +27,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ - {% if matrix_bot_maubot_management_interface_http_bind_port %} - -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:29316 - {% endif %} + {% if matrix_bot_maubot_management_interface_http_bind_port %} + -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:29316 + {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /config/config.yaml From e5238bf7d52128372042de94a41c94f6eb2df8ed Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 12:54:04 +0300 Subject: [PATCH 307/381] Announce maubot Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- CHANGELOG.md | 9 +++++++++ docs/container-images.md | 2 ++ docs/self-building.md | 1 + 3 files changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8d31abae..66f740ed7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-20 + +## maubot support + +Thanks to [Stuart Mumford (@Cadair)](https://github.com/cadair) for starting ([PR #373](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/373) and [PR #622](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/622)) and to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s) for finishing up (in [PR #1894](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894)), the playbook can now help you set up [maubot](https://github.com/maubot/maubot) - a plugin-based Matrix bot system. + +See our [Setting up maubot](docs/configuring-playbook-bot-maubot.md) documentation to get started. + + # 2022-07-14 ## mx-puppet-skype removal diff --git a/docs/container-images.md b/docs/container-images.md index a587d932f..3821cd8c0 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -92,6 +92,8 @@ These services are not part of our default installation, but can be enabled by [ - [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional) +- [dock.mau.dev/maubot/maubot](https://mau.dev/maubot/maubot/container_registry) - the [maubot](https://github.com/maubot/maubot) bot (a plugin-based Matrix bot system) (optional) + - [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional) - [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional) diff --git a/docs/self-building.md b/docs/self-building.md index ab6e17d3a..3351a1f8f 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -37,6 +37,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bot-mjolnir` - `matrix-bot-honoroit` - `matrix-bot-matrix-reminder-bot` +- `matrix-bot-maubot` - `matrix-email2matrix` Adding self-building support to other roles is welcome. Feel free to contribute! From b575409ed74d575a63a415003304b6305cd1ec71 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 13:02:19 +0300 Subject: [PATCH 308/381] Use |to_json in maubot configuration Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 254c836e7..ef46fe76e 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -34,7 +34,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_bot_maubot_bot_server_public_url }} + public_url: {{ matrix_bot_maubot_bot_server_public_url|to_json }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. @@ -65,7 +65,7 @@ homeservers: # List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password # to prevent normal login. Root is a special user that can't have a password and will always exist. -admins: {{ matrix_bot_maubot_admins | combine( {"root": ""} ) }} +admins: {{ matrix_bot_maubot_admins | combine( {"root": ""} )|to_json }} api_features: login: true From 5ce2732899aea2c35903333b4c783ea7124292ef Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 13:03:50 +0300 Subject: [PATCH 309/381] Make maubot logging level configurable Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- roles/matrix-bot-maubot/defaults/main.yml | 3 +++ roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index c6d92215c..376af1886 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -57,6 +57,9 @@ matrix_bot_maubot_management_interface_http_bind_port: '' matrix_bot_maubot_port: 29316 matrix_bot_maubot_unshared_secret: 'generate' +# Specifies the default log level for all bot loggers. +matrix_bot_maubot_logging_level: WARNING + # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index ef46fe76e..041522f82 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -97,11 +97,11 @@ logging: formatter: colored loggers: maubot: - level: DEBUG + level: {{ matrix_bot_maubot_logging_level|to_json }} mau: - level: DEBUG + level: {{ matrix_bot_maubot_logging_level|to_json }} aiohttp: - level: INFO + level: {{ matrix_bot_maubot_logging_level|to_json }} root: - level: DEBUG + level: {{ matrix_bot_maubot_logging_level|to_json }} handlers: [console] From 8a689813ffa8233e6a66b91a52bccdf08953f8f1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 13:04:35 +0300 Subject: [PATCH 310/381] Remove unused maubot variable Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 376af1886..0a73d92e0 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -54,7 +54,6 @@ matrix_bot_maubot_management_interface_port: 29316 matrix_bot_maubot_management_interface_http_bind_port: '' -matrix_bot_maubot_port: 29316 matrix_bot_maubot_unshared_secret: 'generate' # Specifies the default log level for all bot loggers. From 90551e82ec6be265b56d43e78c0a76030121b58f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 13:06:11 +0300 Subject: [PATCH 311/381] Make use of matrix_bot_maubot_management_interface_port variable to actually make maubot port configurable Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 --- roles/matrix-bot-maubot/tasks/init.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 001a3c477..251d0b4a2 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -14,7 +14,7 @@ {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-bot-maubot:29316/$1"; + set $backend "matrix-bot-maubot:{{ matrix_bot_maubot_management_interface_port }}/$1"; proxy_pass http://$backend; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 041522f82..938901eab 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -32,7 +32,7 @@ plugin_databases: server: # The IP and port to listen to. hostname: 0.0.0.0 - port: 29316 + port: {{ matrix_bot_maubot_management_interface_port|to_json }} # Public base URL where the server is visible. public_url: {{ matrix_bot_maubot_bot_server_public_url|to_json }} # The base management API path. diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 8957da5e5..2773c69db 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -28,7 +28,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_management_interface_http_bind_port %} - -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:29316 + -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /config/config.yaml From ff2ba1d5b158761a6d67902545ea5c3864073d34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 12:18:11 +0200 Subject: [PATCH 312/381] Add matrix-registreation-bot docker image --- docs/container-images.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/container-images.md b/docs/container-images.md index 3821cd8c0..dcc369733 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -92,6 +92,8 @@ These services are not part of our default installation, but can be enabled by [ - [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional) +- [moanos/matrix-registration-bot/](https://hub.docker.com/r/moanos/matrix-registration-bot/) - the [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) bot (manage registration tokens for invitations to the server) (optional) + - [dock.mau.dev/maubot/maubot](https://mau.dev/maubot/maubot/container_registry) - the [maubot](https://github.com/maubot/maubot) bot (a plugin-based Matrix bot system) (optional) - [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional) From 89bd25995a235ab30a1896e47b69c714b673c3b5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 16:06:01 +0300 Subject: [PATCH 313/381] Upgrade Synapse (v1.63.0 -> v1.63.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index faf9b3ef7..e6138bbaf 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.63.0 +matrix_synapse_version: v1.63.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 592c88b021fa0f6ff14040808608dfd9676713b6 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 20 Jul 2022 16:52:03 +0000 Subject: [PATCH 314/381] Update Grafana 9.0.3 -> 9.0.4 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 3765a0e4d..a1cd32733 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.3 +matrix_grafana_version: 9.0.4 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From db604f81ec38caeff0822d11982cf19b661d66c6 Mon Sep 17 00:00:00 2001 From: Simone Date: Wed, 20 Jul 2022 19:21:23 +0200 Subject: [PATCH 315/381] Upgrade heisenbridge 1.13.0 1.13.1 --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 68c5d75bc..da74ed215 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.13.0 +matrix_heisenbridge_version: 1.13.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 9e87f9d885d72e7ff95d98eb70379f1d45cd8538 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 20 Jul 2022 12:10:34 -0600 Subject: [PATCH 316/381] Update configuring-well-known.md --- docs/configuring-well-known.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index d4a8dc7ec..81caf04cb 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -79,7 +79,7 @@ If you're managing the base domain by yourself somehow, you'll need to set up se To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them. -You have 4 options when it comes to installing the files on the base domain's server: +You have 3 options when it comes to installing the files on the base domain's server: ### (Option 1): **Copying the files manually** to your base domain's server From ca5d7df16129edf18a502b08c0b335df126262fe Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 21 Jul 2022 03:12:42 +0000 Subject: [PATCH 317/381] Allow new Hydrogen options from #1940 to be customized --- roles/matrix-client-hydrogen/defaults/main.yml | 7 +++++++ roles/matrix-client-hydrogen/templates/config.json.j2 | 10 +++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 1baccdd30..6bb563846 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -31,7 +31,14 @@ matrix_client_hydrogen_systemd_required_services_list: ['docker.service'] matrix_client_hydrogen_self_check_validate_certificates: true # config.json +matrix_client_hydrogen_push: { + "appId": "io.element.hydrogen.web", + "gatewayUrl": "https://matrix.org", + "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" +} matrix_client_hydrogen_default_hs_url: "" +matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" + # Default Hydrogen configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 index 0c4331b60..161ee47bb 100644 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ b/roles/matrix-client-hydrogen/templates/config.json.j2 @@ -1,11 +1,7 @@ { - "push": { - "appId": "io.element.hydrogen.web", - "gatewayUrl": "https://matrix.org", - "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" - }, - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string|to_json }}, - "bugReportEndpointUrl": "https://element.io/bugreports/submit", + "push": {{ matrix_client_hydrogen_push | to_json }}, + "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }}, + "bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }}, "themeManifests": [ "assets/theme-Element.json" ], From 0e77d2c2f596cc4508a2faedf8e4b5ea0372f394 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 21 Jul 2022 03:15:35 +0000 Subject: [PATCH 318/381] lint --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 6bb563846..649d49bb1 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -37,7 +37,7 @@ matrix_client_hydrogen_push: { "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" } matrix_client_hydrogen_default_hs_url: "" -matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" +matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming # Default Hydrogen configuration template which covers the generic use case. From b8d3453e32fe6f700755e1464a785cda176be798 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 21 Jul 2022 03:17:34 +0000 Subject: [PATCH 319/381] lint --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 649d49bb1..f7f2f92c0 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -37,7 +37,7 @@ matrix_client_hydrogen_push: { "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" } matrix_client_hydrogen_default_hs_url: "" -matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming +matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming # Default Hydrogen configuration template which covers the generic use case. From 4155ed2518d781f18f2e3ecaf6f1f4b4b3d5b609 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Jul 2022 11:23:57 +0300 Subject: [PATCH 320/381] Leave docker_image module calls unprefixed to increase compatibility Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1965 --- roles/matrix-bot-maubot/tasks/setup_install.yml | 4 ++-- roles/matrix-bot-maubot/tasks/setup_uninstall.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 50e48254c..185a29889 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -26,7 +26,7 @@ mode: "u=rwx" - name: Ensure maubot image is pulled - community.docker.docker_image: + docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -49,7 +49,7 @@ when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure maubot image is built - community.docker.docker_image: + docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: build force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index 8812eeed6..0be7089ce 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -31,6 +31,6 @@ state: absent - name: Ensure maubot Docker image doesn't exist - community.docker.docker_image: + docker_image: name: "{{ matrix_bot_maubot_docker_image }}" state: absent From db94653b425ee8418b0cabb3ff5ea925ad443a33 Mon Sep 17 00:00:00 2001 From: kleo Date: Thu, 21 Jul 2022 21:56:52 +0800 Subject: [PATCH 321/381] Borg backup provide ssh key example format --- docs/configuring-playbook-backup-borg.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 44c970af9..3371a312e 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -43,7 +43,13 @@ matrix_backup_borg_location_repositories: - USER@HOST:REPO matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | - PRIVATE KEY + -----BEGIN OPENSSH PRIVATE KEY----- + TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZW + xpdCwgc2VkIGRvIGVpdXNtb2QgdGVtcG9yIGluY2lkaWR1bnQgdXQgbGFib3JlIGV0IGRv + bG9yZSBtYWduYSBhbGlxdWEuIFV0IGVuaW0gYWQgbWluaW0gdmVuaWFtLCBxdWlzIG5vc3 + RydWQgZXhlcmNpdGF0aW9uIHVsbGFtY28gbGFib3JpcyBuaXNpIHV0IGFsaXF1aXAgZXgg + ZWEgY29tbW9kbyBjb25zZXF1YXQuIA== + -----END OPENSSH PRIVATE KEY----- ``` where: From 57e8769c5ea735ba5feab3671e809610fb09a266 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Jul 2022 17:07:06 +0300 Subject: [PATCH 322/381] Add hint about matrix_backup_borg_ssh_key_private indentation --- docs/configuring-playbook-backup-borg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 3371a312e..41ca0156c 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -58,7 +58,7 @@ where: * HOST - SSH host of a provider/server * REPO - borg repository name, it will be initialized on backup start, eg: `matrix` * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager -* PRIVATE KEY - the content of the **private** part of the SSH key you created before +* PRIVATE KEY - the content of the **private** part of the SSH key you created before. The whole key (all of its belonging lines) under `matrix_backup_borg_ssh_key_private` needs to be indented with 2 spaces To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable. From e05abfb9d1b52ed4a97354e64b68a0082ae76898 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Thu, 21 Jul 2022 15:20:47 +0100 Subject: [PATCH 323/381] Fix link to maubot docs in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8b19ef549..1df5801cb 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation -- (optional) [matrix-maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-matrix-maubot.md](docs/configuring-playbook-bot-matrix-maubot.md) for setup documentation +- (optional) [matrix-maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation - (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation From d81a186f49e5d1976aa672e6e01dddd2afecb728 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Jul 2022 17:26:48 +0300 Subject: [PATCH 324/381] matrix-maubot -> maubot --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1df5801cb..47f67f4e5 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation -- (optional) [matrix-maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation +- (optional) [maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation - (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation From 14296db9ef3582b3d0eece7f1ced9835c0a2b90f Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 21 Jul 2022 15:24:08 +0000 Subject: [PATCH 325/381] Update roles/matrix-client-hydrogen/defaults/main.yml Co-authored-by: Slavi Pantaleev --- roles/matrix-client-hydrogen/defaults/main.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index f7f2f92c0..6d7fb5cf5 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -31,11 +31,10 @@ matrix_client_hydrogen_systemd_required_services_list: ['docker.service'] matrix_client_hydrogen_self_check_validate_certificates: true # config.json -matrix_client_hydrogen_push: { - "appId": "io.element.hydrogen.web", - "gatewayUrl": "https://matrix.org", - "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" -} +matrix_client_hydrogen_push: + appId: io.element.hydrogen.web + gatewayUrl: https://matrix.org + applicationServerKey: "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" matrix_client_hydrogen_default_hs_url: "" matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming From 75961359fb42909e66982950dcb55bce201bbf61 Mon Sep 17 00:00:00 2001 From: Maxdeso Date: Thu, 21 Jul 2022 20:54:56 +0300 Subject: [PATCH 326/381] dendrite_recaptcha_siteverify_api --- roles/matrix-dendrite/defaults/main.yml | 1 + roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index dd6d351ed..f3987af9b 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -89,6 +89,7 @@ matrix_dendrite_registration_disabled: false matrix_dendrite_enable_registration_captcha: false matrix_dendrite_recaptcha_public_key: "" matrix_dendrite_recaptcha_private_key: "" +matrix_dendrite_recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Dendrite extensions that have been enabled. diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 29f5c55f0..62f8caba7 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -174,7 +174,7 @@ client_api: recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }} recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }} recaptcha_bypass_secret: "" - recaptcha_siteverify_api: "" + recaptcha_siteverify_api: {{ matrix_dendrite_recaptcha_siteverify_api|to_json }} # TURN server information that this homeserver should send to clients. turn: From 8621ff1379583d5154499f39d1e642f76d5d1d8d Mon Sep 17 00:00:00 2001 From: MdotAmaan Date: Fri, 22 Jul 2022 18:55:44 +0400 Subject: [PATCH 327/381] Add Mautrix Discord Bridge --- ...iguring-playbook-bridge-mautrix-discord.md | 43 ++++ docs/configuring-playbook.md | 2 + group_vars/matrix_servers | 44 ++++ .../defaults/main.yml | 136 +++++++++++ .../tasks/init.yml | 21 ++ .../tasks/main.yml | 22 ++ .../tasks/setup_install.yml | 149 ++++++++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 20 ++ .../templates/config.yaml.j2 | 225 ++++++++++++++++++ .../systemd/matrix-mautrix-discord.service.j2 | 43 ++++ setup.yml | 1 + 12 files changed, 731 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mautrix-discord.md create mode 100644 roles/matrix-bridge-mautrix-discord/defaults/main.yml create mode 100644 roles/matrix-bridge-mautrix-discord/tasks/init.yml create mode 100644 roles/matrix-bridge-mautrix-discord/tasks/main.yml create mode 100644 roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md new file mode 100644 index 000000000..73c762a8c --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -0,0 +1,43 @@ +# Setting up Mautrix Discord (optional) + +The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. + +See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you. + +Use the following playbook configuration: + +```yaml +matrix_mautrix_discord_enabled: true +``` + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Discord", "initial_device_display_name": "Mautrix-Discord"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-Discord` device some time in the future, as that would break the Double Puppeting feature + +## Usage + +You then need to start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 88f81607d..1e1719017 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -92,6 +92,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bridging other networks +- [Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md) (optional) + - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional) - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ea17edb40..1d52c3ad2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -624,6 +624,44 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-discord +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_discord_enabled: false + +matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.as.token') | to_uuid }}" + +matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.hs.token') | to_uuid }}" + +matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-discord +# +###################################################################### + ###################################################################### # # matrix-sms-bridge @@ -1871,6 +1909,12 @@ matrix_postgres_additional_databases: | 'password': matrix_mautrix_whatsapp_database_password, }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_mautrix_discord_database_name, + 'username': matrix_mautrix_discord_database_username, + 'password': matrix_mautrix_discord_database_password, + }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, diff --git a/roles/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/matrix-bridge-mautrix-discord/defaults/main.yml new file mode 100644 index 000000000..a1ff83cd2 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/defaults/main.yml @@ -0,0 +1,136 @@ +--- +# mautrix-discord is a Matrix <-> Discord bridge +# Project source code URL: https://github.com/mautrix/discord + +matrix_mautrix_discord_enabled: true + +matrix_mautrix_discord_container_image_self_build: false +matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" +matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" + +matrix_mautrix_discord_version: latest +# See: https://mau.dev/mautrix/discord/container_registry +matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" +matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" +matrix_mautrix_discord_docker_image_force_pull: "{{ matrix_mautrix_discord_docker_image.endswith(':latest') }}" + +matrix_mautrix_discord_base_path: "{{ matrix_base_data_path }}/mautrix-discord" +matrix_mautrix_discord_config_path: "{{ matrix_mautrix_discord_base_path }}/config" +matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data" +matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src" + +matrix_mautrix_discord_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" + +matrix_mautrix_discord_command_prefix: "!discord" + +# A list of extra arguments to pass to the container +matrix_mautrix_discord_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-discord.service depends on. +matrix_mautrix_discord_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-discord.service wants +matrix_mautrix_discord_systemd_wanted_services_list: [] + +matrix_mautrix_discord_appservice_token: '' +matrix_mautrix_discord_homeserver_token: '' + +matrix_mautrix_discord_appservice_bot_username: discordbot + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_discord_logging_level: 'warn' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_discord_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_mautrix_discord_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_mautrix_discord_database_*` variables +matrix_mautrix_discord_database_engine: 'sqlite' + +matrix_mautrix_discord_sqlite_database_path_local: "{{ matrix_mautrix_discord_data_path }}/mautrix-discord.db" +matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord.db" + +matrix_mautrix_discord_database_username: 'matrix_mautrix_discord' +matrix_mautrix_discord_database_password: 'some-password' +matrix_mautrix_discord_database_hostname: 'matrix-postgres' +matrix_mautrix_discord_database_port: 5432 +matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' + +matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode=disable' + +matrix_mautrix_discord_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_mautrix_discord_database_engine] +}}" + +matrix_mautrix_discord_appservice_database_uri: "{{ + { + 'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container, + 'postgres': matrix_mautrix_discord_database_connection_string, + }[matrix_mautrix_discord_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_discord_login_shared_secret: '' +matrix_mautrix_discord_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_discord_homeserver_domain: matrix_mautrix_discord_login_shared_secret} if matrix_mautrix_discord_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_mautrix_discord_bridge_double_puppet_server_map: + "{{ matrix_mautrix_discord_homeserver_domain : matrix_mautrix_discord_homeserver_address }}" + +# Default mautrix-discord configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_discord_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_discord_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_discord_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_discord_configuration_yaml`. + +matrix_mautrix_discord_configuration_extension: "{{ matrix_mautrix_discord_configuration_extension_yaml | from_yaml if matrix_mautrix_discord_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_discord_configuration_yaml`. +matrix_mautrix_discord_configuration: "{{ matrix_mautrix_discord_configuration_yaml | from_yaml | combine(matrix_mautrix_discord_configuration_extension, recursive=True) }}" + +matrix_mautrix_discord_registration_yaml: | + id: discord + url: {{ matrix_mautrix_discord_appservice_address }} + as_token: "{{ matrix_mautrix_discord_appservice_token }}" + hs_token: "{{ matrix_mautrix_discord_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_mautrix_discord_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@discord_[0-9]+:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_discord_bridge_encryption_allow: false +matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" +matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/init.yml b/roles/matrix-bridge-mautrix-discord/tasks/init.yml new file mode 100644 index 000000000..30baf0178 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}" + when: matrix_mautrix_discord_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files | default([]) + + + ["/matrix-mautrix-discord-registration.yaml"] + }} + when: matrix_mautrix_discord_enabled | bool diff --git a/roles/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/matrix-bridge-mautrix-discord/tasks/main.yml new file mode 100644 index 000000000..9eaadf684 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_discord_enabled | bool" + tags: + - setup-all + - setup-mautrix-discord + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup and matrix_mautrix_discord_enabled" + tags: + - setup-all + - setup-mautrix-discord + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup and not matrix_mautrix_discord_enabled" + tags: + - setup-all + - setup-mautrix-discord diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml new file mode 100644 index 000000000..935371ef7 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -0,0 +1,149 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- ansible.builtin.set_fact: + matrix_mautrix_discord_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" + register: matrix_mautrix_discord_sqlite_database_path_local_stat_result + + - block: + - ansible.builtin.set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" + dst: "{{ matrix_mautrix_discord_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_mautrix_discord_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-mautrix-discord.service'] + pgloader_options: ['--with "quote identifiers"'] + + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres + + - ansible.builtin.set_fact: + matrix_mautrix_discord_requires_restart: true + when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + when: "matrix_mautrix_discord_database_engine == 'postgres'" + + +- name: Ensure Mautrix Discord paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_mautrix_discord_base_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_config_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_data_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_docker_src_files_path }}", when: "{{ matrix_mautrix_discord_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure Mautrix Discord image is pulled + docker_image: + name: "{{ matrix_mautrix_discord_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_docker_image_force_pull }}" + when: not matrix_mautrix_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure Mautrix discord repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_mautrix_discord_container_image_self_build_repo }}" + dest: "{{ matrix_mautrix_discord_docker_src_files_path }}" + version: "{{ matrix_mautrix_discord_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_mautrix_discord_git_pull_results + when: "matrix_mautrix_discord_container_image_self_build | bool" + +- name: Ensure Mautrix discord Docker image is built + docker_image: + name: "{{ matrix_mautrix_discord_docker_image }}" + source: build + force_source: "{{ matrix_mautrix_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_mautrix_discord_docker_src_files_path }}" + pull: true + when: "matrix_mautrix_discord_container_image_self_build | bool" + +- name: Check if an old database file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_discord_base_path }}/mautrix-discord.db" + register: matrix_mautrix_discord_stat_database + +- name: Check if an old matrix state file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_discord_base_path }}/mx-state.json" + register: matrix_mautrix_discord_stat_mx_state + +- name: (Data relocation) Ensure matrix-mautrix-discord.service is stopped + ansible.builtin.service: + name: matrix-mautrix-discord + state: stopped + enabled: false + daemon_reload: true + failed_when: false + when: "matrix_mautrix_discord_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-discord database file to ./data directory + ansible.builtin.command: "mv {{ matrix_mautrix_discord_base_path }}/mautrix-discord.db {{ matrix_mautrix_discord_data_path }}/mautrix-discord.db" + when: "matrix_mautrix_discord_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-discord mx-state file to ./data directory + ansible.builtin.command: "mv {{ matrix_mautrix_discord_base_path }}/mx-state.json {{ matrix_mautrix_discord_data_path }}/mx-state.json" + when: "matrix_mautrix_discord_stat_mx_state.stat.exists" + +- name: Ensure mautrix-discord config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_discord_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-discord registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_discord_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_discord_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mautrix-discord.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-discord.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + mode: 0644 + register: matrix_mautrix_discord_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_discord_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-discord.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-discord.service" + state: restarted + when: "matrix_mautrix_discord_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml new file mode 100644 index 000000000..94fef89a2 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-mautrix-discord service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + register: matrix_mautrix_discord_service_stat + +- name: Ensure matrix-mautrix-discord is stopped + ansible.builtin.service: + name: matrix-mautrix-discord + state: stopped + enabled: false + daemon_reload: true + when: "matrix_mautrix_discord_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-discord.service doesn't exist + ansible.builtin.file: + path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + state: absent + when: "matrix_mautrix_discord_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml new file mode 100644 index 000000000..ddf785243 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml @@ -0,0 +1,20 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_discord_appservice_token" + - "matrix_mautrix_discord_homeserver_token" + + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_mautrix_discord_log_level', 'new': 'matrix_mautrix_discord_logging_level'} diff --git a/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 new file mode 100644 index 000000000..fb10b1ac5 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -0,0 +1,225 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_discord_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_discord_homeserver_domain }} + # Is the homeserver actually mautrix-asmux? + asmux: false + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_discord_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_mautrix_discord_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_mautrix_discord_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: discord + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_mautrix_discord_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Discord bridge bot + avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_mautrix_discord_appservice_token }}" + hs_token: "{{ matrix_mautrix_discord_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Discord users. + # {{ '{{.}}' }} is replaced with the internal ID of the Discord user. + username_template: "{{ 'discord_{{.}}' }}" + # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. + # Available variables: + # {{ '{{.ID}}' }} - Internal user ID + # {{ '{{.Username}}' }} - User's displayname on Discord + # {{ '{{.Discriminator}}' }} - The 4 numbers after the name on Discord + # {{ '{{.Bot}}' }} - Whether the user is a bot + # {{ '{{.System}}' }} - Whether the user is an official system user + displayname_template: "{{ '{{.Username}} {{if .Bot}} (bot){{end}}' }}" + # Displayname template for Discord channels (bridged as rooms, or spaces when type=4). + # Available variables: + # {{ '{{.Name}}' }} - Channel name, or user displayname (pre-formatted with displayname_template) in DMs. + # {{ '{{.ParentName}}' }} - Parent channel name (used for categories). + # {{ '{{.GuildName}}' }} - Guild name. + # {{ '{{.NSFW}}' }} - Whether the channel is marked as NSFW. + # {{ '{{.Type}}' }} - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267) + channel_name_template: "{{ '{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}' }}" + # Displayname template for Discord guilds (bridged as spaces). + # Available variables: + # {{ '{{.Name}}' }} - Guild name + guild_name_template: "{{ '{{.Name}}' }}" + # Should the bridge explicitly set the avatar and room name for DM portal rooms? + # This is implicitly enabled in encrypted rooms. + private_chat_portal_meta: false + portal_message_buffer: 128 + # Number of private channel portals to create on bridge startup. + # Other portals will be created when receiving messages. + startup_private_channel_create_limit: 5 + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: true + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should the bridge use space-restricted join rules instead of invite-only for guild rooms? + # This can avoid unnecessary invite events in guild rooms when members are synced in. + restricted_rooms: true + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord? + # If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave. + delete_portal_on_channel_delete: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_discord_federate_rooms|to_json }} + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_mautrix_discord_homeserver_domain }}": {{ matrix_mautrix_discord_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_mautrix_discord_bridge_login_shared_secret_map|to_json }} + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "{{ matrix_mautrix_discord_command_prefix }}" + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Discord bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }} + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }} + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Discord account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_mautrix_discord_homeserver_domain }}": user + {% if matrix_admin %} + "{{ matrix_admin }}": admin + {% endif %} + +logging: + directory: ./logs + file_name_format: '' + file_date_format: "2006-01-02" + file_mode: 384 + timestamp_format: Jan _2, 2006 15:04:05 + print_level: {{ matrix_mautrix_discord_logging_level }} + print_json: false + file_json: false diff --git a/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 new file mode 100644 index 000000000..76046b441 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix Discord bridge +{% for service in matrix_mautrix_discord_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_discord_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discord \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_discord_config_path }}:/config:z \ + -v {{ matrix_mautrix_discord_data_path }}:/data:z \ + --workdir=/data \ + {% for arg in matrix_mautrix_discord_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_discord_docker_image }} \ + /usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-discord + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 49612a8cd..60d40346d 100755 --- a/setup.yml +++ b/setup.yml @@ -27,6 +27,7 @@ - matrix-bridge-mautrix-signal - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp + - matrix-bridge-mautrix-discord - matrix-bridge-mx-puppet-discord - matrix-bridge-mx-puppet-groupme - matrix-bridge-mx-puppet-steam From 50ae4d2422bfaa5d68dc3c83582598f8b17a9300 Mon Sep 17 00:00:00 2001 From: Onisokien Ayonoadu <55804238+ayonoaduo@users.noreply.github.com> Date: Fri, 22 Jul 2022 13:11:38 -0600 Subject: [PATCH 328/381] Minor typo update --- docs/configuring-playbook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 88f81607d..e5301df13 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -51,7 +51,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) -- [Configure Nginx (optional, advanced)](configuring-playbook-nginx.md) (optional, advanced) +- [Configure Nginx](configuring-playbook-nginx.md) (optional, advanced) - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced) From 53ea0ccca5c009f5701ec0d356a76c5353f7288a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 23 Jul 2022 09:07:20 +0300 Subject: [PATCH 329/381] Fix linkedin bridge building regression Regression since 1693c4ca1d4cd3276 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1975 --- .../tasks/setup_install.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 04a787b83..9df4d75b3 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -50,12 +50,12 @@ - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image ansible.builtin.command: cmd: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ + {{ matrix_host_command_docker }} run + --rm + --entrypoint=/bin/sh + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work + -w /work + docker.io/python:3.9.6-buster -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" register: matrix_beeper_linkedin_generate_docker_requirements_result changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0 From b2f47fcfcd30523b964593b51b7ac449e12887bd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 15:38:55 +0300 Subject: [PATCH 330/381] Make linkedin logging level configurable --- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index a83380932..45afd0f18 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -72,6 +72,9 @@ matrix_beeper_linkedin_appservice_database_uri: "{{ # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). matrix_beeper_linkedin_login_shared_secret: '' +# Specifies the default log level for all bridge loggers. +matrix_beeper_linkedin_logging_level: WARNING + # Default beeper-linkedin configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index e07295497..a91eb416f 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -259,12 +259,12 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} root: - level: WARNING - handlers: [ console] + level: {{ matrix_beeper_linkedin_logging_level|to_json }} + handlers: [console] From ac72879bf5ad04ebb034feb779d8f12db784965a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 15:55:16 +0300 Subject: [PATCH 331/381] Make bridge permissions more easily configurable Not doing {% if matrix_admin %} checks in the YAML also fixes some issues with indentation being incorrect sometimes. This should be backward compatible, except for mautrix-signal's case where `matrix_mautrix_signal_bridge_permissions` previously existed as a string, not a dictionary. `tasks/validate_config.yml` will catch the problem an even provide a quick fix. --- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 8 ++----- .../defaults/main.yml | 22 ++++++++++++------- .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 12 +++++----- .../tasks/validate_config.yml | 9 ++++++++ .../templates/config.yaml.j2 | 3 +-- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 6 +++++ .../templates/config.yaml.j2 | 6 +---- .../defaults/main.yml | 15 +++++++++---- .../templates/config.yaml.j2 | 6 +---- 21 files changed, 94 insertions(+), 65 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 45afd0f18..fc2cc8980 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -29,6 +29,12 @@ matrix_beeper_linkedin_bridge_presence: true matrix_beeper_linkedin_command_prefix: "!li" +matrix_beeper_linkedin_bridge_permissions: | + {{ + {matrix_beeper_linkedin_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index a91eb416f..a30f24253 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -56,7 +56,7 @@ appservice: # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. displayname: LinkedIn bridge bot - avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB + avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). @@ -236,11 +236,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_beeper_linkedin_bridge_permissions|to_json }} diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index b05e78a58..cc456538c 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -85,6 +85,20 @@ matrix_go_skype_bridge_bridge_login_shared_secret_map: matrix_go_skype_bridge_bridge_double_puppet_server_map: "{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}" +# Enable End-to-bridge encryption +matrix_go_skype_bridge_bridge_encryption_allow: false +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_go_skype_bridge_log_level: 'warn' + +matrix_go_skype_bridge_bridge_permissions: | + {{ + {matrix_go_skype_bridge_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Default go-skype-bridge configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -124,11 +138,3 @@ matrix_go_skype_bridge_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}" - -# Enable End-to-bridge encryption -matrix_go_skype_bridge_bridge_encryption_allow: false -matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" - -# Minimum severity of journal log messages. -# Options: debug, info, warn, error, fatal -matrix_go_skype_bridge_log_level: 'warn' diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 56e37f84c..2a1dc6c16 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -197,11 +197,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_go_skype_bridge_bridge_permissions|to_json }} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 51b4f357d..719c86dc0 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -46,6 +46,12 @@ matrix_mautrix_facebook_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_facebook_federate_rooms: true +matrix_mautrix_facebook_bridge_permissions: | + {{ + {matrix_mautrix_facebook_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Controls whether the matrix-mautrix-facebook container exposes its HTTP port. # # Takes an ":" or "" value (e.g. "127.0.0.1:9008"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 4b27e66a4..3318255dc 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -201,11 +201,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_facebook_bridge_permissions|to_json }} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 85d534e54..a4b1438b0 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -48,6 +48,12 @@ matrix_mautrix_googlechat_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_googlechat_federate_rooms: true +matrix_mautrix_googlechat_bridge_permissions: | + {{ + {matrix_mautrix_googlechat_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index ad86219cb..a2560a9fc 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -117,11 +117,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_googlechat_bridge_permissions|to_json }} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index fc467871c..8b338fd76 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -27,6 +27,12 @@ matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080 matrix_mautrix_hangouts_command_prefix: "!HO" +matrix_mautrix_hangouts_bridge_permissions: | + {{ + {matrix_mautrix_hangouts_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 6dca06ff5..d737f3f17 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -114,11 +114,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_hangouts_bridge_permissions|to_json }} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index e31f3f466..bcb6ddb11 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -25,6 +25,12 @@ matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29 matrix_mautrix_instagram_command_prefix: "!ig" +matrix_mautrix_instagram_bridge_permissions: | + {{ + {matrix_mautrix_instagram_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 11b1d9977..039b9bfea 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -185,11 +185,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_instagram_bridge_permissions|to_json }} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 84ef38cd5..161fa8924 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -103,12 +103,14 @@ matrix_mautrix_signal_relaybot_enabled: false # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user +# +# This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary. matrix_mautrix_signal_bridge_permissions: | - '*': relay - '{{ matrix_mautrix_signal_homeserver_domain }}': user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + {{ + {'*': 'relay'} + | combine({matrix_mautrix_signal_homeserver_domain: 'user'}) + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml index 01a02c2f3..ea2c1c430 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml @@ -11,6 +11,15 @@ - "matrix_mautrix_signal_homeserver_token" - "matrix_mautrix_signal_appservice_token" +- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary + ansible.builtin.fail: + msg: >- + The `matrix_mautrix_signal_bridge_permissions` variable in your configuration is specified as a YAML string. + The playbook now expects a hashmap/dictionary in this variable. + Change your configuration like this: + matrix_mautrix_signal_bridge_permissions: {{ matrix_mautrix_signal_bridge_permissions | from_yaml | to_json }} + when: "matrix_mautrix_signal_bridge_permissions is string" + - name: (Deprecation) Catch and report renamed Signal variables ansible.builtin.fail: msg: >- diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index f0644ee26..796a6e41a 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,8 +223,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 2ac9fe04f..101889c19 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -27,6 +27,12 @@ matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data matrix_mautrix_telegram_command_prefix: "!tg" +matrix_mautrix_telegram_bridge_permissions: | + {{ + {matrix_mautrix_telegram_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 19bacbde8..3a7ab7f1e 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -289,11 +289,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_telegram_bridge_permissions|to_json }} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 512195cb3..29999c450 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -25,6 +25,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' matrix_mautrix_twitter_command_prefix: "!tw" +matrix_mautrix_twitter_bridge_permissions: | + {{ + {matrix_mautrix_twitter_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index b59864f11..da823d1eb 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -173,11 +173,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_twitter_bridge_permissions|to_json }} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 7a511651e..ed13bbd07 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -90,6 +90,17 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: matrix_mautrix_whatsapp_bridge_double_puppet_server_map: "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" +# Enable End-to-bridge encryption +matrix_mautrix_whatsapp_bridge_encryption_allow: false +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" + +matrix_mautrix_whatsapp_bridge_permissions: | + {{ + {matrix_mautrix_whatsapp_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -130,7 +141,3 @@ matrix_mautrix_whatsapp_registration_yaml: | matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" -# Enable End-to-bridge encryption -matrix_mautrix_whatsapp_bridge_encryption_allow: false -matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" -matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 8e0e300b8..fab8d9641 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -368,11 +368,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }} # Settings for relay mode relay: From 163a423f42439d5defa8863b7a3b61ed2be844c8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 16:01:04 +0300 Subject: [PATCH 332/381] Fix ansible-lint error --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index ed13bbd07..2bc34a917 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -140,4 +140,3 @@ matrix_mautrix_whatsapp_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" - From e46ba5debaf34ee6abc5e09c0e19ff5c666edc85 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 14:34:21 +0300 Subject: [PATCH 333/381] Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration) --- ...ng-playbook-bridge-appservice-kakaotalk.md | 83 ++++++ docs/configuring-playbook.md | 6 +- group_vars/matrix_servers | 43 +++ .../defaults/main.yml | 196 +++++++++++++ .../tasks/init.yml | 28 ++ .../tasks/main.yml | 23 ++ .../tasks/setup_install.yml | 125 ++++++++ .../tasks/setup_uninstall.yml | 41 +++ .../tasks/validate_config.yml | 10 + .../templates/config.yaml.j2 | 276 ++++++++++++++++++ .../templates/node-config.json.j2 | 13 + ...atrix-appservice-kakaotalk-node.service.j2 | 38 +++ .../matrix-appservice-kakaotalk.service.j2 | 42 +++ setup.yml | 1 + 14 files changed, 923 insertions(+), 2 deletions(-) create mode 100644 docs/configuring-playbook-bridge-appservice-kakaotalk.md create mode 100644 roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml create mode 100644 roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml create mode 100644 roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml create mode 100644 roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 create mode 100644 roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 create mode 100644 roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md new file mode 100644 index 000000000..0b284db1f --- /dev/null +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -0,0 +1,83 @@ +# Setting up Appservice Kakaotalk (optional) + +The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. + +See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you. + +## Installing + +To enable the bridge, add this to your `vars.yml` file: + +```yaml +matrix_appservice_kakaotalk_enabled: true +``` + +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the Kakaotalk bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable + +Here's some example configuration (which goes into your `vars.yml` file): +```yaml +# This configuration: +# - enables encryption (it's off by default) +# - grants some user on your homeserver 'admin' access to the bridge +# (note: the user specified in the `matrix_admin` (part of `roles/matrix-base/defaults/main.yml`) is made an admin by default) +matrix_appservice_kakaotalk_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + + encryption: + allow: true + default: true +``` + + +### Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +#### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +#### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Appservice-Kakaotalk", "initial_device_display_name": "Appservice-Kakaotalk"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Appservice-Kakaotalk` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +Start a chat with `@kakaotalkbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login --save EMAIL_OR_PHONE_NUMBER` to the bridge bot to enable bridging for your Kakaotalk account. The `--save` flag may be omitted, if you'd rather not save your password. + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index e5301df13..cce74778a 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -110,14 +110,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) -- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) - - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional) +- [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md) (optional) + +- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) + - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) - ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ea17edb40..3f33c7c1b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -213,6 +213,43 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_gen # ###################################################################### +###################################################################### +# +# matrix-bridge-appservice-kakaotalk +# +###################################################################### + +# We don't enable bridges by default. +matrix_appservice_kakaotalk_enabled: false + +matrix_appservice_kakaotalk_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-appservice-kakaotalk-node.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + }} + +matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" + +matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" + +matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-appservice-kakaotalk +# +###################################################################### + ###################################################################### # @@ -1811,6 +1848,12 @@ matrix_postgres_additional_databases: | 'password': matrix_appservice_irc_database_password, }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_appservice_kakaotalk_database_name, + 'username': matrix_appservice_kakaotalk_database_username, + 'password': matrix_appservice_kakaotalk_database_password, + }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_beeper_linkedin_database_name, 'username': matrix_beeper_linkedin_database_username, diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml new file mode 100644 index 000000000..482f1fb7c --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -0,0 +1,196 @@ +--- +# matrix-appservice-kakaotalk is a Matrix <-> Kakaotalk bridge +# Project source code URL: https://src.miscworks.net/fair/matrix-appservice-kakaotalk/ + +matrix_appservice_kakaotalk_enabled: true + +# No images are published for neither of the container images (appservice or node), so we're self-building everything. +matrix_appservice_kakaotalk_container_image_self_build: true +# matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/fair/matrix-appservice-kakaotalk.git" +# +# hnarjis' fork is used instead of upstream (fair's), because upstream is currently broken. +# The following error happens when chatting up the bot without this fix: +# [2022-07-25 09:04:53,784] [ERROR@mau.as] Exception in Matrix event handler +# Traceback (most recent call last): +# File "/usr/lib/python3.9/site-packages/mautrix/appservice/as_handler.py", line 239, in try_handle +# await handler_func(event) +# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 820, in int_handle_event +# await self.int_handle_invite(evt) +# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 441, in int_handle_invite +# inviter = await self.bridge.get_user(evt.sender) +# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/__main__.py", line 112, in get_user +# return await User.get_by_mxid(user_id, create=create) +# File "/usr/lib/python3.9/site-packages/mautrix/util/async_getter_lock.py", line 60, in wrapper +# return await fn(cls, *args, **kwargs) +# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/user.py", line 227, in get_by_mxid +# user = cls(mxid) +# TypeError: __init__() missing 2 required positional arguments: 'force_login' and 'was_connected' +matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/hnarjis/matrix-appservice-kakaotalk.git" +matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}" + +matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}" +matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}" +matrix_appservice_kakaotalk_node_docker_image_prefix: "localhost/" +matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}" + +matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e +matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_name_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}" +matrix_appservice_kakaotalk_docker_image_name_prefix: "localhost/" +matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}" + +matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk" +matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config" +matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data" +matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src" + +matrix_appservice_kakaotalk_command_prefix: "!kt" + +matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}' +matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115' + + +# A list of extra arguments to pass to the appservice-kakaotalk container +matrix_appservice_kakaotalk_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-kakaotalk.service depends on. +matrix_appservice_kakaotalk_systemd_required_services_list: ['docker.service', 'matrix-appservice-kakaotalk-node.service'] + +# List of systemd services that matrix-appservice-kakaotalk.service wants +matrix_appservice_kakaotalk_systemd_wanted_services_list: [] + + +# A list of extra arguments to pass to the appservice-kakaotalk-node container +matrix_appservice_kakaotalk_node_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-kakaotalk-node.service depends on. +matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-appservice-kakaotalk-node.service wants +matrix_appservice_kakaotalk_node_systemd_wanted_services_list: [] + + +matrix_appservice_kakaotalk_appservice_token: '' +matrix_appservice_kakaotalk_homeserver_token: '' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_appservice_kakaotalk_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite: +# - change the engine (`matrix_appservice_kakaotalk_database_engine: 'sqlite'`) +# To use Postgres: +# - adjust your database credentials via the `matrix_appservice_kakaotalk_database_*` variables +matrix_appservice_kakaotalk_database_engine: 'postgres' + +matrix_appservice_kakaotalk_sqlite_database_path_local: "{{ matrix_appservice_kakaotalk_data_path }}/appservice-kakaotalk.db" +matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice-kakaotalk.db" + +matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk' +matrix_appservice_kakaotalk_database_password: 'some-password' +matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres' +matrix_appservice_kakaotalk_database_port: 5432 +matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk' + +matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}' + +matrix_appservice_kakaotalk_appservice_database: "{{ + { + 'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container), + 'postgres': matrix_appservice_kakaotalk_database_connection_string, + }[matrix_appservice_kakaotalk_database_engine] +}}" + + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +# Also see: matrix_appservice_kakaotalk_bridge_login_shared_secret_map +matrix_appservice_kakaotalk_login_shared_secret: '' + +matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}" + +matrix_appservice_kakaotalk_bridge_permissions: | + {{ + {matrix_appservice_kakaotalk_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot +matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_as_' + +# Specifies the default log level for all bridge loggers. +matrix_appservice_kakaotalk_logging_level: WARNING + + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_appservice_kakaotalk_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_appservice_kakaotalk_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_kakaotalk_configuration_yaml`. + +matrix_appservice_kakaotalk_configuration_extension: "{{ matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml if matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_configuration_yaml`. +matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_configuration_yaml | from_yaml | combine(matrix_appservice_kakaotalk_configuration_extension, recursive=True) }}" + + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_node_configuration_extension_yaml`) +# or completely replace this variable with your own template. +# +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}" + +# Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_appservice_kakaotalk_node_configuration_default`. +# +# Example configuration extension follows: +# +# matrix_appservice_kakaotalk_node_configuration_extension_json: | +# { +# "register_timeout": 5000 +# } +matrix_appservice_kakaotalk_node_configuration_extension_json: '{}' + +matrix_appservice_kakaotalk_node_configuration_extension: "{{ matrix_appservice_kakaotalk_node_configuration_extension_json | from_json if matrix_appservice_kakaotalk_node_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final appservice-kakaotalk-node configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_node_configuration_default`. +matrix_appservice_kakaotalk_node_configuration: "{{ matrix_appservice_kakaotalk_node_configuration_default | combine(matrix_appservice_kakaotalk_node_configuration_extension, recursive=True) }}" + + +matrix_appservice_kakaotalk_registration_yaml: | + id: appservice-kakaotalk + as_token: {{ matrix_appservice_kakaotalk_appservice_token|to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token|to_json }} + namespaces: + users: + - exclusive: true + regex: '^@{{ matrix_appservice_kakaotalk_user_prefix | regex_escape }}.*:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' + - exclusive: true + regex: '^@{{ matrix_appservice_kakaotalk_appservice_bot_username | regex_escape }}:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' + url: {{ matrix_appservice_kakaotalk_appservice_address|to_json }} + sender_localpart: _appservice_kakaotalk + rate_limited: false + +matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml new file mode 100644 index 000000000..c2679b356 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml @@ -0,0 +1,28 @@ +--- +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 +- name: Fail if trying to self-build on Ansible < 2.8 + ansible.builtin.fail: + msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}" + when: matrix_appservice_kakaotalk_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files | default([]) + + + ["/matrix-appservice-kakaotalk-registration.yaml"] + }} + when: matrix_appservice_kakaotalk_enabled | bool diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml new file mode 100644 index 000000000..dfb286f2c --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml new file mode 100644 index 000000000..def73c595 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -0,0 +1,125 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- name: Ensure matrix-appservice-kakaotalk image is pulled + docker_image: + name: "{{ matrix_appservice_kakaotalk_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}" + when: not matrix_appservice_kakaotalk_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-appservice-kakaotalk-node image is pulled + docker_image: + name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}" + when: not matrix_appservice_kakaotalk_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-appservice-kakaotalk paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure matrix-appservice-kakaotalk repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}" + dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}" + version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_appservice_kakaotalk_git_pull_results + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk-node Docker image is built + docker_image: + name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" + source: build + force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node" + pull: true + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk Docker image is built + docker_image: + name: "{{ matrix_appservice_kakaotalk_docker_image }}" + source: build + force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}" + pull: true + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk-node config.json installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk-node.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + mode: 0644 + register: matrix_appservice_kakaotalk_node_systemd_service_result + +- name: Ensure matrix-appservice-kakaotalk.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + mode: 0644 + register: matrix_appservice_kakaotalk_systemd_service_result + +- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation + ansible.builtin.service: + daemon_reload: true + when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml new file mode 100644 index 000000000..fb11c3833 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- + +- name: Check existence of matrix-appservice-kakaotalk service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + register: matrix_appservice_kakaotalk_service_stat + +- name: Ensure matrix-appservice-kakaotalk is stopped + ansible.builtin.service: + name: matrix-appservice-kakaotalk + state: stopped + enabled: false + daemon_reload: true + when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + +- name: Check existence of matrix-appservice-kakaotalk-node service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + register: matrix_appservice_kakaotalk_node_service_stat + +- name: Ensure matrix-appservice-kakaotalk-node is stopped + ansible.builtin.service: + name: matrix-appservice-kakaotalk-node + state: stopped + enabled: false + daemon_reload: true + when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists" + +- name: Ensure matrix-appservice-kakaotalk.service files don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml new file mode 100644 index 000000000..4f838e7a5 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_appservice_kakaotalk_appservice_token" + - "matrix_appservice_kakaotalk_homeserver_token" diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 new file mode 100644 index 000000000..186e58d08 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -0,0 +1,276 @@ +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_appservice_kakaotalk_homeserver_address|to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_appservice_kakaotalk_homeserver_domain|to_json }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + # Whether or not the homeserver supports asmux-specific endpoints, + # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically + # updating m.direct. + asmux: false + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's MQTT connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_appservice_kakaotalk_appservice_address|to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 11115 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are supported. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: {{ matrix_appservice_kakaotalk_appservice_database|to_json }} + # Additional arguments for asyncpg.create_pool() or sqlite3.connect() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect + # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. + database_opts: + min_size: 5 + max_size: 10 + + # The unique ID of this appservice. + id: appservice-kakaotalk + # Username of the appservice bot. + bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: KakaoTalk bridge bot + bot_avatar: + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_appservice_kakaotalk_appservice_token|to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token|to_json }} + +# Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/matrix-appservice-kakaotalk.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 + +# Config for things that are directly sent to KakaoTalk. +kakaotalk: + device_name: "KakaoTalk Bridge" + +# Bridge config +bridge: + # Localpart template of MXIDs for KakaoTalk users. + # {userid} is replaced with the user ID of the KakaoTalk user. + username_template: "{{ matrix_appservice_kakaotalk_user_prefix }}{userid}" + # Displayname template for KakaoTalk users. + # {displayname} is replaced with the display name of the KakaoTalk user. + displayname_template: "{displayname} (KT)" + + # The prefix for commands. Only required in non-management rooms. + command_prefix: {{ matrix_appservice_kakaotalk_command_prefix|to_json }} + + # Number of chats to sync (and create portals for) on startup/login. + # Set to 0 to disable automatic syncing, or -1 to sync as much as possible. + initial_chat_sync: 20 + # Whether or not the KakaoTalk users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications + # when double puppeting is enabled + sync_with_custom_puppets: true + # Whether or not to update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Servers to always allow double puppeting from + double_puppet_server_map: {} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + # If using this for other servers than the bridge's server, + # you must also set the URL in the double_puppet_server_map. + login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map|to_json }} + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: false + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to KakaoTalk. + delivery_receipts: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms|to_json }} + # Settings for backfilling messages from KakaoTalk. + backfill: + # Whether or not the KakaoTalk users of logged in Matrix users should be + # invited to private chats when backfilling history from KakaoTalk. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal, or -1 to backfill as much as possible. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while + # the bridge was disconnected. + # Set to 0 to disable backfilling missed messages, or -1 to backfill as much as possible. + missed_limit: 1000 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 + # Should users remain logged in after being disconnected from chatroom updates? + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + remain_logged_in_on_disconnect: true + # May the bridge restore user logins with session tokens instead of requiring a password? + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + # Note that password-based login will be tried first for users who have saved their password. + allow_token_relogin: true + # Should the bridge connect users to chatroom updates after a token-based login? + # This will disconnect any KakaoTalk PC/bridge sessions that were started since the last connection. + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + reconnect_on_token_relogin: true + # Should the bridge do a resync for connected users on startup? + sync_on_startup: true + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: true + # Disable bridge notices entirely + disable_bridge_notices: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + # If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or + # other configuration. This may be useful if you don't want to use the default proxy for large files. + sandbox_media_download: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Allowed to be relayed through the bridge, no access to commands. + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_appservice_kakaotalk_bridge_permissions|to_json }} + + relay: + # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to KakaoTalk via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: 'File from $sender_displayname: $message' + m.image: 'Image from $sender_displayname: $message' + m.audio: 'Audio from $sender_displayname: $message' + m.video: 'Video from $sender_displayname: $message' + m.location: '$sender_displayname sent a location' + +rpc: + connection: + # Either unix or tcp + type: tcp + # Only for type: unix + # path: /rpc/rpc.sock + # Only for type: tcp + host: matrix-appservice-kakaotalk-node + port: 8000 + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): matrix_appservice_kakaotalk.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + paho: + level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + aiohttp: + level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + root: + level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + handlers: [console] diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 new file mode 100644 index 000000000..340add39e --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 @@ -0,0 +1,13 @@ +{ + "listen": { + "type": "tcp", + "host": "0.0.0.0", + "port": 8000, + "force": true + }, + "register_timeout": 3000, + "logging_keys": { + "request": ["mxid"], + "response": ["status"] + } +} diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 new file mode 100644 index 000000000..1a526ee61 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=appservice-kakaotalk-node bridge helper +{% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_kakaotalk_node_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/node-config.json,dst=/config.json,ro \ + {% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_kakaotalk_node_docker_image }} \ + node src/main.js --config /config.json + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-kakaotalk-node + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 new file mode 100644 index 000000000..83a8d4dc9 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=appservice-kakaotalk bridge +{% for service in matrix_appservice_kakaotalk_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_kakaotalk_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_data_path }},dst=/data \ + {% for arg in matrix_appservice_kakaotalk_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_kakaotalk_docker_image }} \ + python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-kakaotalk + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 49612a8cd..30538d819 100755 --- a/setup.yml +++ b/setup.yml @@ -17,6 +17,7 @@ - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc + - matrix-bridge-appservice-kakaotalk - matrix-bridge-beeper-linkedin - matrix-bridge-go-skype-bridge - matrix-bridge-mautrix-facebook From 7b937cf9a9aae4dff62c5e51beb6f8fdaf72d45b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 14:56:08 +0300 Subject: [PATCH 334/381] Make ansible-lint happy --- .../defaults/main.yml | 6 ++-- .../templates/config.yaml.j2 | 30 +++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml index 482f1fb7c..dc5e2591f 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -181,15 +181,15 @@ matrix_appservice_kakaotalk_node_configuration: "{{ matrix_appservice_kakaotalk_ matrix_appservice_kakaotalk_registration_yaml: | id: appservice-kakaotalk - as_token: {{ matrix_appservice_kakaotalk_appservice_token|to_json }} - hs_token: {{ matrix_appservice_kakaotalk_homeserver_token|to_json }} + as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }} namespaces: users: - exclusive: true regex: '^@{{ matrix_appservice_kakaotalk_user_prefix | regex_escape }}.*:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' - exclusive: true regex: '^@{{ matrix_appservice_kakaotalk_appservice_bot_username | regex_escape }}:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' - url: {{ matrix_appservice_kakaotalk_appservice_address|to_json }} + url: {{ matrix_appservice_kakaotalk_appservice_address | to_json }} sender_localpart: _appservice_kakaotalk rate_limited: false diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 186e58d08..183377f36 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -1,9 +1,9 @@ # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_appservice_kakaotalk_homeserver_address|to_json }} + address: {{ matrix_appservice_kakaotalk_homeserver_address | to_json }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_appservice_kakaotalk_homeserver_domain|to_json }} + domain: {{ matrix_appservice_kakaotalk_homeserver_domain | to_json }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -27,7 +27,7 @@ homeserver: # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_appservice_kakaotalk_appservice_address|to_json }} + address: {{ matrix_appservice_kakaotalk_appservice_address | to_json }} # The hostname and port where this appservice should listen. hostname: 0.0.0.0 @@ -40,7 +40,7 @@ appservice: # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgres://username:password@hostname/dbname - database: {{ matrix_appservice_kakaotalk_appservice_database|to_json }} + database: {{ matrix_appservice_kakaotalk_appservice_database | to_json }} # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect @@ -52,7 +52,7 @@ appservice: # The unique ID of this appservice. id: appservice-kakaotalk # Username of the appservice bot. - bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username|to_json }} + bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. bot_displayname: KakaoTalk bridge bot @@ -64,8 +64,8 @@ appservice: ephemeral_events: false # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: {{ matrix_appservice_kakaotalk_appservice_token|to_json }} - hs_token: {{ matrix_appservice_kakaotalk_homeserver_token|to_json }} + as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }} # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: @@ -97,7 +97,7 @@ bridge: displayname_template: "{displayname} (KT)" # The prefix for commands. Only required in non-management rooms. - command_prefix: {{ matrix_appservice_kakaotalk_command_prefix|to_json }} + command_prefix: {{ matrix_appservice_kakaotalk_command_prefix | to_json }} # Number of chats to sync (and create portals for) on startup/login. # Set to 0 to disable automatic syncing, or -1 to sync as much as possible. @@ -123,7 +123,7 @@ bridge: # manually. # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. - login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map|to_json }} + login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map | to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true # End-to-bridge encryption support options. These require matrix-nio to be installed with pip @@ -156,7 +156,7 @@ bridge: allow_invites: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms|to_json }} + federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms | to_json }} # Settings for backfilling messages from KakaoTalk. backfill: # Whether or not the KakaoTalk users of logged in Matrix users should be @@ -215,7 +215,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: {{ matrix_appservice_kakaotalk_bridge_permissions|to_json }} + permissions: {{ matrix_appservice_kakaotalk_bridge_permissions | to_json }} relay: # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any @@ -266,11 +266,11 @@ logging: formatter: colored loggers: mau: - level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} paho: - level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} aiohttp: - level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} root: - level: {{ matrix_appservice_kakaotalk_logging_level|to_json }} + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} handlers: [console] From d14e499365b2710ad90b073e7bc71adc005636d4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 14:58:36 +0300 Subject: [PATCH 335/381] Add dedicated variables for controlling Kakaotalk encryption --- ...ing-playbook-bridge-appservice-kakaotalk.md | 18 +----------------- .../defaults/main.yml | 4 ++++ .../templates/config.yaml.j2 | 4 ++-- 3 files changed, 7 insertions(+), 19 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md index 0b284db1f..0b1a03f70 100644 --- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -26,23 +26,7 @@ There are some additional things you may wish to configure about the bridge. Take a look at: - `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file -- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable - -Here's some example configuration (which goes into your `vars.yml` file): -```yaml -# This configuration: -# - enables encryption (it's off by default) -# - grants some user on your homeserver 'admin' access to the bridge -# (note: the user specified in the `matrix_admin` (part of `roles/matrix-base/defaults/main.yml`) is made an admin by default) -matrix_appservice_kakaotalk_configuration_extension_yaml: | - bridge: - permissions: - '@YOUR_USERNAME:{{ matrix_domain }}': admin - - encryption: - allow: true - default: true -``` +- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable ### Set up Double Puppeting diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml index dc5e2591f..d2bc94f2c 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -119,6 +119,10 @@ matrix_appservice_kakaotalk_bridge_permissions: | matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_as_' +# End-to-bridge encryption configuration +matrix_appservice_kakaotalk_bridge_encryption_allow: false +matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}" + # Specifies the default log level for all bridge loggers. matrix_appservice_kakaotalk_logging_level: WARNING diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 183377f36..1bb87cb41 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -133,10 +133,10 @@ bridge: # application service. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_appservice_kakaotalk_bridge_encryption_allow | to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false + default: {{ matrix_appservice_kakaotalk_bridge_encryption_default| to_json }} # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. From e5c4731f6812f8884fc330522a7dd4bdc284a0d3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 15:08:04 +0300 Subject: [PATCH 336/381] Use kakaotalk_ as the puppet prefix This is what upstream uses and also what https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 used. Initially, I wanted to make the prefix more unique, in case another Kakaotalk bridge comes along, but.. it's probably on the new bridge to come up with a unique puppet prefix, not on us now to override upstream decisions. --- roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml index d2bc94f2c..f27f75c55 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -117,7 +117,7 @@ matrix_appservice_kakaotalk_bridge_permissions: | }} matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot -matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_as_' +matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_' # End-to-bridge encryption configuration matrix_appservice_kakaotalk_bridge_encryption_allow: false From 532c4ffb7101b3242786457d3cb57f76c4c9714f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Jul 2022 16:54:37 +0300 Subject: [PATCH 337/381] Use force=false for appservice-kakaotalk-node Not that it matters. This option is only used when `type` is `unix`. --- .../templates/node-config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 index 340add39e..827091382 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 @@ -3,7 +3,7 @@ "type": "tcp", "host": "0.0.0.0", "port": 8000, - "force": true + "force": false }, "register_timeout": 3000, "logging_keys": { From c85c062c01e6d31ee146b997d95b96f371ccda77 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Jul 2022 09:08:33 +0300 Subject: [PATCH 338/381] Upgrade ddclient (v3.9.1-ls92 -> v3.9.1-ls93) --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index bdeea0f10..c077ee126 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls92 +matrix_dynamic_dns_version: v3.9.1-ls93 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From d5f1e5e8f4756ac7d4e1484366736494aef16ceb Mon Sep 17 00:00:00 2001 From: mcnesium Date: Tue, 26 Jul 2022 11:32:58 +0200 Subject: [PATCH 339/381] Double quote to prevent globbing and word splitting. --- inventory/scripts/jitsi-generate-passwords.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/inventory/scripts/jitsi-generate-passwords.sh b/inventory/scripts/jitsi-generate-passwords.sh index c48a0c2de..f24a3fba5 100755 --- a/inventory/scripts/jitsi-generate-passwords.sh +++ b/inventory/scripts/jitsi-generate-passwords.sh @@ -18,7 +18,7 @@ JIBRI_XMPP_PASSWORD=$(generatePassword) echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:" echo "" -echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD -echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD -echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD -echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD +echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" +echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" +echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" +echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" From 72309ed0a16178de55f2b31fd6c7dc49db5fff03 Mon Sep 17 00:00:00 2001 From: mcnesium Date: Tue, 26 Jul 2022 15:34:55 +0200 Subject: [PATCH 340/381] run the playbook on multiple hosts with different credentials (#1980) * run the playbook on multiple hosts with different credentials with this script * fix: add yaml missing document start "---" * fix: *now really* allow this script to be run from any directory * add about-note to examples/host.yml Co-authored-by: Slavi Pantaleev * improve ansible-all-hosts.sh related docs/configuring-playbook.md Co-authored-by: Slavi Pantaleev * fix typos :) Co-authored-by: Slavi Pantaleev --- docs/configuring-playbook.md | 1 + examples/host.yml | 11 +++++++++ inventory/scripts/ansible-all-hosts.sh | 32 ++++++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 examples/host.yml create mode 100755 inventory/scripts/ansible-all-hosts.sh diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index e5301df13..bd652ed37 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -18,6 +18,7 @@ You can then follow these steps inside the playbook directory: 1. edit the inventory hosts file (`inventory/hosts`) to your liking +1. (optional, advanced) to run Ansible against multiple servers with different `sudo` credentials, you can copy the sample inventory hosts yaml file for each of your hosts: (`cp examples/host.yml inventory/my_host1.yml` …) and use the [`ansible-all-hosts.sh`](../inventory/scripts/ansible-all-hosts.sh) script [in the installation step](installing.md). For a basic Matrix installation, that's all you need. For a more custom setup, see the [Other configuration options](#other-configuration-options) below. diff --git a/examples/host.yml b/examples/host.yml new file mode 100644 index 000000000..e9ba2810b --- /dev/null +++ b/examples/host.yml @@ -0,0 +1,11 @@ +--- + +# This is a host file for usage with the `ansible-all-hosts.sh` script, +# which runs Ansible against a bunch of hosts, each with its own `sudo` password. +matrix_servers: + hosts: + matrix.: + ansible_host: + ansible_ssh_user: + become: true + become_user: root diff --git a/inventory/scripts/ansible-all-hosts.sh b/inventory/scripts/ansible-all-hosts.sh new file mode 100755 index 000000000..3b611ab35 --- /dev/null +++ b/inventory/scripts/ansible-all-hosts.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +# +# Run the playbook on multiple hosts with different credentials with this script +# It defaults to ansible tags "setup-all,start". You can pass alternative tags +# to this script as arguments, e.g. +# +# ./inventory/scripts/ansible-all-hosts.sh self-check +# + +# set playbook root path +root=$(dirname "$(readlink -f "$0")")/../.. + +# set default tags or get from first argument if any +tags="${1:-setup-all,start}" + +# init password array +declare -A pws + +# capture passwords for all hosts +for host in "$root"/inventory/*.yml; do + read -rp "sudo password for $(basename "$host"): " -s pw + pws[$host]="$pw" + echo +done + +# run ansible on all captured passwords/hosts +for host in "${!pws[@]}"; do + ansible-playbook "$root"/setup.yml \ + --inventory-file "$host" \ + --extra-vars "ansible_become_pass=${pws[$host]}" \ + --tags="$tags" +done From 9c15474d94e44de3375dea167644f7bf1485377f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Jul 2022 17:10:00 +0300 Subject: [PATCH 341/381] Upgrade Grafana (9.0.4 -> 9.0.5) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index a1cd32733..c0e64b4b2 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.4 +matrix_grafana_version: 9.0.5 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 10a5b0d831b321667e45783e50aefc4952edb555 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Jul 2022 17:31:06 +0300 Subject: [PATCH 342/381] Add warnings about using Borg backup with external Postgres Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1982 --- roles/matrix-backup-borg/tasks/setup_install.yml | 7 +++++++ .../tasks/detect_existing_postgres_version.yml | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index cc9816fa9..e3401a13f 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,13 @@ --- - block: + - name: Fail with matrix_backup_borg_version advice if Postgres not enabled + ansible.builtin.fail: + msg: >- + You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. + Consider setting `matrix_backup_borg_version` to your Postgres version manually. + when: not matrix_postgres_enabled + - ansible.builtin.import_role: name: matrix-postgres tasks_from: detect_existing_postgres_version diff --git a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml index 4f4e5e9a7..687d5e3a5 100644 --- a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml @@ -6,6 +6,12 @@ # This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible # to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html + +- name: Fail detection if expectation fails (Postgres not enabled) + ansible.builtin.fail: + msg: "Trying to detect the version of the built-in Postgres server, but Postgres installation is not enabled (`matrix_postgres_enabled: false`)" + when: not matrix_postgres_enabled + - name: Initialize Postgres version determination variables (default to empty) ansible.builtin.set_fact: matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" From a1469c8e14953194456a47a800990d6c5d96834e Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 26 Jul 2022 16:08:04 +0000 Subject: [PATCH 343/381] Update Element v1.11.0 -> v1.11.1 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 119f31a2e..7951e8917 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.0 +matrix_client_element_version: v1.11.1 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 2e40ad7d4ee4d3a2cc48f8c2e052510274546cc0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 27 Jul 2022 09:36:58 +0300 Subject: [PATCH 344/381] Announce Kakaotalk support --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-bridge-appservice-kakaotalk.md | 1 + 2 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66f740ed7..7acc9d3e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-27 + +## matrix-appservice-kakaotalk support + +The playbook now supports bridging to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) via [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) - a bridge based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. Thanks to [hnarjis](https://github.com/hnarjis) for helping us add support for this! + +See our [Setting up Appservice Kakaotalk bridging](docs/configuring-playbook-bridge-appservice-kakaotalk.md) documentation to get started. + + # 2022-07-20 ## maubot support diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md index 0b1a03f70..9ea7a3d13 100644 --- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -4,6 +4,7 @@ The playbook can install and configure [matrix-appservice-kakaotalk](https://src See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you. + ## Installing To enable the bridge, add this to your `vars.yml` file: From c77f2b8a64ccb0d405cc48522d94f7129f431092 Mon Sep 17 00:00:00 2001 From: snailed Date: Thu, 28 Jul 2022 13:11:42 +0000 Subject: [PATCH 345/381] Make http_host_bind_port vars more useful (#1984) * if variable to bind an exporter container to a host port is set, have matrix-domain.conf (nginx) support this * manipulate some variables to account for just port numbers or 0.0.0.0 IPs * Make sure to use the right variable in the init.yml files * Update roles/matrix-prometheus-node-exporter/tasks/init.yml Co-authored-by: Slavi Pantaleev * Update roles/matrix-prometheus-postgres-exporter/tasks/init.yml Co-authored-by: Slavi Pantaleev * remove extraneous variables and whitespace Co-authored-by: Luca Bilke Co-authored-by: Slavi Pantaleev --- roles/matrix-prometheus-node-exporter/defaults/main.yml | 8 +++++++- roles/matrix-prometheus-node-exporter/tasks/init.yml | 6 +++--- roles/matrix-prometheus-node-exporter/vars/main.yml | 5 +++++ .../matrix-prometheus-postgres-exporter/defaults/main.yml | 8 +++++++- roles/matrix-prometheus-postgres-exporter/tasks/init.yml | 6 +++--- roles/matrix-prometheus-postgres-exporter/vars/main.yml | 5 +++++ 6 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 roles/matrix-prometheus-node-exporter/vars/main.yml create mode 100644 roles/matrix-prometheus-postgres-exporter/vars/main.yml diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index d90776976..c7d6512f6 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -38,7 +38,7 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9100"), just a port number or empty string to not expose. # # You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. # @@ -54,3 +54,9 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false # because node-exporter can't see all interfaces, etc. # For now, we'll live with that, until someone develops a better solution. matrix_prometheus_node_exporter_container_http_host_bind_port: '' + +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index 51dd94f2a..42f216677 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -23,10 +23,10 @@ resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-node-exporter:9100"; proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} - {# Generic configuration for use outside of our container setup #} - {# This may be implemented in the future. #} - return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} } diff --git a/roles/matrix-prometheus-node-exporter/vars/main.yml b/roles/matrix-prometheus-node-exporter/vars/main.yml new file mode 100644 index 000000000..952dc2050 --- /dev/null +++ b/roles/matrix-prometheus-node-exporter/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# `matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_node_exporter_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_node_exporter_container_http_host_bind_port == '' else (matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else matrix_prometheus_node_exporter_container_http_host_bind_port) }}" diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 82a12f42e..b530df857 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -35,7 +35,7 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), just a port number or an empty string to not expose. # # You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. # @@ -52,5 +52,11 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # For now, we'll live with that, until someone develops a better solution. matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" + matrix_prometheus_postgres_exporter_dashboard_urls: - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 6da169370..03fe965c1 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -23,10 +23,10 @@ resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-postgres-exporter:9187"; proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} - {# Generic configuration for use outside of our container setup #} - {# This may be implemented in the future. #} - return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} } diff --git a/roles/matrix-prometheus-postgres-exporter/vars/main.yml b/roles/matrix-prometheus-postgres-exporter/vars/main.yml new file mode 100644 index 000000000..aed3b2167 --- /dev/null +++ b/roles/matrix-prometheus-postgres-exporter/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# `matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_postgres_exporter_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_postgres_exporter_container_http_host_bind_port == '' else (matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else matrix_prometheus_postgres_exporter_container_http_host_bind_port) }}" From 953efe6a74a9a68d82a5b636b58a88d7395ec4a6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 Jul 2022 16:58:38 +0300 Subject: [PATCH 346/381] Upgrade prometheus-postgres-exporter (v0.10.1 -> v0.11.0) --- roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index b530df857..fbe16ca84 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.10.1 +matrix_prometheus_postgres_exporter_version: v0.11.0 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" From 6fb961eb12b012dddd79b60dd8985cd5191ed21f Mon Sep 17 00:00:00 2001 From: MdotAmaan <38326222+MdotAmaan@users.noreply.github.com> Date: Thu, 28 Jul 2022 22:14:45 +0400 Subject: [PATCH 347/381] Make changes according to feedback Co-authored-by: Slavi Pantaleev Update group_vars/matrix_servers Co-authored-by: Slavi Pantaleev Remove old data migration tasks Co-authored-by: Slavi Pantaleev Update roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml Co-authored-by: Slavi Pantaleev Redo bridge permissions --- ...iguring-playbook-bridge-mautrix-discord.md | 2 ++ group_vars/matrix_servers | 4 +-- .../defaults/main.yml | 6 +++++ .../tasks/setup_install.yml | 27 ------------------- .../tasks/validate_config.yml | 10 ------- .../templates/config.yaml.j2 | 18 +++++-------- .../systemd/matrix-mautrix-discord.service.j2 | 4 +-- 7 files changed, 19 insertions(+), 52 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 73c762a8c..46b73e0e3 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,5 +1,7 @@ # Setting up Mautrix Discord (optional) +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. + The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1d52c3ad2..18bd1fc72 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -646,9 +646,9 @@ matrix_mautrix_discord_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.as.token') | to_uuid }}" +matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}" -matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.hs.token') | to_uuid }}" +matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}" matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" diff --git a/roles/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/matrix-bridge-mautrix-discord/defaults/main.yml index a1ff83cd2..dbc23031d 100644 --- a/roles/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-discord/defaults/main.yml @@ -25,6 +25,12 @@ matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" matrix_mautrix_discord_command_prefix: "!discord" +matrix_mautrix_discord_bridge_permissions: | + {{ + {matrix_mautrix_discord_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_discord_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml index 935371ef7..7e2ed79ca 100644 --- a/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -87,33 +87,6 @@ pull: true when: "matrix_mautrix_discord_container_image_self_build | bool" -- name: Check if an old database file exists - ansible.builtin.stat: - path: "{{ matrix_mautrix_discord_base_path }}/mautrix-discord.db" - register: matrix_mautrix_discord_stat_database - -- name: Check if an old matrix state file exists - ansible.builtin.stat: - path: "{{ matrix_mautrix_discord_base_path }}/mx-state.json" - register: matrix_mautrix_discord_stat_mx_state - -- name: (Data relocation) Ensure matrix-mautrix-discord.service is stopped - ansible.builtin.service: - name: matrix-mautrix-discord - state: stopped - enabled: false - daemon_reload: true - failed_when: false - when: "matrix_mautrix_discord_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-discord database file to ./data directory - ansible.builtin.command: "mv {{ matrix_mautrix_discord_base_path }}/mautrix-discord.db {{ matrix_mautrix_discord_data_path }}/mautrix-discord.db" - when: "matrix_mautrix_discord_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-discord mx-state file to ./data directory - ansible.builtin.command: "mv {{ matrix_mautrix_discord_base_path }}/mx-state.json {{ matrix_mautrix_discord_data_path }}/mx-state.json" - when: "matrix_mautrix_discord_stat_mx_state.stat.exists" - - name: Ensure mautrix-discord config.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml index ddf785243..4ba7e1270 100644 --- a/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml @@ -8,13 +8,3 @@ with_items: - "matrix_mautrix_discord_appservice_token" - "matrix_mautrix_discord_homeserver_token" - - -- name: (Deprecation) Catch and report renamed settings - ansible.builtin.fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_mautrix_discord_log_level', 'new': 'matrix_mautrix_discord_logging_level'} diff --git a/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 index fb10b1ac5..fdd4f788d 100644 --- a/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -2,9 +2,9 @@ # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_discord_homeserver_address }} + address: {{ matrix_mautrix_discord_homeserver_address | to_json }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_discord_homeserver_domain }} + domain: {{ matrix_mautrix_discord_homeserver_domain | to_json }} # Is the homeserver actually mautrix-asmux? asmux: false # The URL to push real-time bridge status to. @@ -20,7 +20,7 @@ homeserver: # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_discord_appservice_address }} + address: {{ matrix_mautrix_discord_appservice_address | to_json }} # The hostname and port where this appservice should listen. hostname: 0.0.0.0 @@ -58,8 +58,8 @@ appservice: ephemeral_events: true # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "{{ matrix_mautrix_discord_appservice_token }}" - hs_token: "{{ matrix_mautrix_discord_homeserver_token }}" + as_token: {{ matrix_mautrix_discord_appservice_token | to_json }} + hs_token: {{ matrix_mautrix_discord_homeserver_token | to_json }} # Bridge config bridge: @@ -208,11 +208,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_discord_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_discord_bridge_permissions|to_json }} logging: directory: ./logs @@ -220,6 +216,6 @@ logging: file_date_format: "2006-01-02" file_mode: 384 timestamp_format: Jan _2, 2006 15:04:05 - print_level: {{ matrix_mautrix_discord_logging_level }} + print_level: {{ matrix_mautrix_discord_logging_level | to_json }} print_json: false file_json: false diff --git a/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 index 76046b441..788cd0124 100644 --- a/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 +++ b/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discor --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_discord_config_path }}:/config:z \ - -v {{ matrix_mautrix_discord_data_path }}:/data:z \ + --mount type=bind,src={{ matrix_mautrix_discord_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_mautrix_discord_data_path }},dst=/data \ --workdir=/data \ {% for arg in matrix_mautrix_discord_container_extra_arguments %} {{ arg }} \ From 9d10d5543b4695654946aa6eee27fe7982394b86 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Jul 2022 08:10:09 +0300 Subject: [PATCH 348/381] Announce mautrix-discord support --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-bridge-appservice-discord.md | 4 ++-- docs/configuring-playbook-bridge-mx-puppet-discord.md | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7acc9d3e3..c9f20ee3a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-29 + +## mautrix-discord support + +Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started. + +**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases). + + # 2022-07-27 ## matrix-appservice-kakaotalk support diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index e25686bfd..8463dc6f1 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,6 +1,6 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. @@ -61,7 +61,7 @@ To get started with Portal Bridging: 1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). 2. Room addresses follow this syntax: `#_discord__`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels//`. -3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. +3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. ## Getting Administrator access in a portal bridged room diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 2be7f2065..404122b6c 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,6 +1,6 @@ # Setting up MX Puppet Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. From 5d7c5d122d51d573a41b0e06f13c7458b9b2d06f Mon Sep 17 00:00:00 2001 From: IUCCA <33322841+IUCCA@users.noreply.github.com> Date: Fri, 29 Jul 2022 07:28:25 +0200 Subject: [PATCH 349/381] Added option to add env variables to mautrix signal daemon container (#1882) * Auto trust new signal identities from signald doku: when a remote key changes, set trust level to TRUSTED_UNVERIFIED instead of UNTRUSTED I find it much more convenient when new identities are automatically recognized as trusted, as the process to do that manually is cumbersome. Should this the default behavior, or should i add an option to configure this behavior? * Added option to trust new signal identities * Using env file * Renamed variable * Corrected typo * Use fully-qualified Ansible module name * removed option trust_new_keys Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 7 +++++++ .../matrix-bridge-mautrix-signal/tasks/setup_install.yml | 9 +++++++++ roles/matrix-bridge-mautrix-signal/templates/env.j2 | 1 + .../systemd/matrix-mautrix-signal-daemon.service.j2 | 1 + 4 files changed, 18 insertions(+) create mode 100644 roles/matrix-bridge-mautrix-signal/templates/env.j2 diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 161fa8924..bdef7fa53 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -143,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG' matrix_mautrix_signal_bridge_encryption_allow: false matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" + +# Additional environment variables to pass to the Signal Daemon container +# +# Example: +# matrix_mautrix_signal_daemon_environment_variables_extension: | +# SIGNALD_TRUST_NEW_KEYS=true +matrix_mautrix_signal_daemon_environment_variables_extension: '' diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 3a7ad508d..cfc704a82 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -92,6 +92,15 @@ - "{{ matrix_mautrix_signal_daemon_path }}/attachments" - "{{ matrix_mautrix_signal_daemon_path }}/data" + +- name: Ensure mautrix-signal-daemon environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_mautrix_signal_daemon_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + - name: Ensure mautrix-signal config.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/env.j2 b/roles/matrix-bridge-mautrix-signal/templates/env.j2 new file mode 100644 index 000000000..f5357ed2a --- /dev/null +++ b/roles/matrix-bridge-mautrix-signal/templates/env.j2 @@ -0,0 +1 @@ +{{ matrix_mautrix_signal_daemon_environment_variables_extension }} diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index d6be37e98..31e68ea9b 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -34,6 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si # We can't use `--read-only` for this bridge. ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ + --env-file={{ matrix_mautrix_signal_daemon_path }}/env \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ From 05cfd488081bc5722ce8b5817474c066557b38e1 Mon Sep 17 00:00:00 2001 From: vaivars Date: Fri, 29 Jul 2022 08:33:42 +0300 Subject: [PATCH 350/381] Add example configuration for Caddy v2 (#1985) * Add example configuration for Caddy v2 Add a basic example how to get synapse-admin running behind Caddy v2 proxy. * Improve working, fix typos * Fix typos Co-authored-by: Slavi Pantaleev --- docs/configuring-playbook-synapse-admin.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/configuring-playbook-synapse-admin.md b/docs/configuring-playbook-synapse-admin.md index 68d703052..ad1bda028 100644 --- a/docs/configuring-playbook-synapse-admin.md +++ b/docs/configuring-playbook-synapse-admin.md @@ -62,3 +62,15 @@ matrix_synapse_admin_container_extra_arguments: # The Synapse Admin container uses port 80 by default - '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"' ``` + +### Sample configuration for running behind Caddy v2 + +Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`). + +```caddy +# This is a basic configuration that will function the same as the default nginx proxy - exposing the synapse-admin panel to matrix.YOURSERVER.com/synapse-admin/ + handle_path /synapse-admin* { + reverse_proxy localhost:8766 { + } + } +``` From 544b36eb3c9f0fd973e1718a8d722c54344f427b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Jul 2022 18:30:52 +0300 Subject: [PATCH 351/381] Upgrade Hydrogen (v0.2.33 -> v0.3.0) This is untested. --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 6d7fb5cf5..719665e60 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.33 +matrix_client_hydrogen_version: v0.3.0 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From fdc9fb9d506633462dd1c10caa2d1fa08276a656 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Jul 2022 20:17:52 +0300 Subject: [PATCH 352/381] Improve mautrix-discord docs Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1974 - https://github.com/mautrix/discord/issues/17 - https://github.com/mautrix/discord/issues/18 - https://github.com/mautrix/discord/issues/19 --- ...ring-playbook-bridge-appservice-discord.md | 2 +- ...iguring-playbook-bridge-mautrix-discord.md | 53 ++++++++++++++++--- ...uring-playbook-bridge-mx-puppet-discord.md | 2 +- 3 files changed, 48 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 8463dc6f1..b2150d9d3 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,6 +1,6 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. The [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridge is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 46b73e0e3..c855ce781 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,28 +1,57 @@ # Setting up Mautrix Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you. -Use the following playbook configuration: + +## Prerequisites + +Fr using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**. + +You can delete the Discord app after the authentication process. + +If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you to proceed with this one if possible. + + +## Installing + +To enable the bridge, add this to your `vars.yml` file: ```yaml matrix_mautrix_discord_enabled: true -``` +``` -## Set up Double Puppeting +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable + + +### Set up Double Puppeting If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. -### Method 1: automatically, by enabling Shared Secret Auth +#### Method 1: automatically, by enabling Shared Secret Auth The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. -### Method 2: manually, by asking each user to provide a working access token +#### Method 2: manually, by asking each user to provide a working access token **Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). @@ -40,6 +69,16 @@ https://matrix.DOMAIN/_matrix/client/r0/login - make sure you don't log out the `Mautrix-Discord` device some time in the future, as that would break the Double Puppeting feature + ## Usage -You then need to start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +2. Send a `login` command +3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app. +4. After confirming (in the Discord app) that you'd like to allow this login, the bot shoul respond with "Succcessfully authenticated as ..." +5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to +6. Some Direct Messages from Discord should start syncing automatically +7. If you'd like to bridge guilds: +- send `guilds status` to see the list of guilds +- for each guild that you'd like bridged, send `guilds bridge GUILD_ID --entire` +8. You may wish to uninstall the Discord app from your phone now. It's not needed for the bridge to function. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 404122b6c..b5621fa1d 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,6 +1,6 @@ # Setting up MX Puppet Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. The [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridge is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. From dfef71b9a9e80a45b884f44e646fa6fac4b0be45 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Jul 2022 20:19:56 +0300 Subject: [PATCH 353/381] Fix typo --- docs/configuring-playbook-bridge-mautrix-discord.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index c855ce781..1bb39a4fc 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -9,7 +9,7 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h ## Prerequisites -Fr using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**. +For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**. You can delete the Discord app after the authentication process. From d98f09944df1f88c4a3b7f9282b3b47a168a8586 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 Jul 2022 20:22:50 +0300 Subject: [PATCH 354/381] Fix more typos --- docs/configuring-playbook-bridge-mautrix-discord.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 1bb39a4fc..6bdae5bd4 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -13,7 +13,7 @@ For using this bridge, you would **need to authenticate by scanning a QR code wi You can delete the Discord app after the authentication process. -If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you to proceed with this one if possible. +If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible. ## Installing @@ -75,7 +75,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login 1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). 2. Send a `login` command 3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app. -4. After confirming (in the Discord app) that you'd like to allow this login, the bot shoul respond with "Succcessfully authenticated as ..." +4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..." 5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to 6. Some Direct Messages from Discord should start syncing automatically 7. If you'd like to bridge guilds: From 5c36f14b468fff4df6a7a3a5f346d211b475af04 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 30 Jul 2022 13:24:59 +0300 Subject: [PATCH 355/381] Update Honoroit 0.9.10 -> 0.9.11 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index bbb6ecd3a..55d1a386a 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.10 +matrix_bot_honoroit_version: v0.9.11 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -91,6 +91,9 @@ matrix_bot_honoroit_noencryption: false # Max items in cache matrix_bot_honoroit_cachesize: '' +# List of ignored room IDs +matrix_bot_honoroit_ignoredrooms: [] + # Text prefix: open matrix_bot_honoroit_text_prefix_open: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index c5f2025be..242b906c2 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -9,6 +9,7 @@ HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} +HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }} From 737dc9d490ee08c35ccabd123a077f994cb73ed4 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 30 Jul 2022 18:10:49 +0000 Subject: [PATCH 356/381] Fix mautrix-telegram permissions --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 101889c19..5c3c88fb8 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -29,7 +29,7 @@ matrix_mautrix_telegram_command_prefix: "!tg" matrix_mautrix_telegram_bridge_permissions: | {{ - {matrix_mautrix_telegram_homeserver_domain: 'user'} + {matrix_mautrix_telegram_homeserver_domain: 'full'} | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} From cc58167f4c949b0f14384e4238f274280f907825 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 1 Aug 2022 21:45:59 +0300 Subject: [PATCH 357/381] Upgrade Dendrite (0.8.1 -> 0.9.0) Looks like we've skipped a bunch of 0.8.x versions (up to 0.8.9) and are jumping straight to 0.9.0. This is untested. Judging by Dendrite's changelog, it shouldn't cause any breakage though: https://github.com/matrix-org/dendrite/blob/v0.9.0/CHANGES.md --- roles/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index f3987af9b..c1e3acfbb 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.8.1" +matrix_dendrite_docker_image_tag: "v0.9.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 3cde6cace95632e3069145ae267836021bcb43ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Tue, 2 Aug 2022 09:10:37 +0700 Subject: [PATCH 358/381] [Go-Skype] Change Docker Hub repository --- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index cc456538c..44751cad6 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -9,7 +9,7 @@ matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kela matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" matrix_go_skype_bridge_version: latest -matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" +matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" From cf6e38a5862b981fde44b493e6d943b9d2ea9ea1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Aug 2022 07:48:19 +0300 Subject: [PATCH 359/381] Use pre-built image for go-skype-bridge on amd64 and arm64 Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1992 - https://github.com/kelaresg/go-skype-bridge/pull/17 --- group_vars/matrix_servers | 4 ++-- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 90482810e..f8edc5c9d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -298,7 +298,7 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_go_skype_bridge_enabled: false -matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_go_skype_bridge_systemd_required_services_list: | {{ @@ -681,7 +681,7 @@ matrix_mautrix_discord_systemd_required_services_list: | (['matrix-postgres.service'] if matrix_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) - }} + }} matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}" diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 44751cad6..0777fbc39 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_go_skype_bridge_enabled: true -matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build: false matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" From c807af2873dfd3d100d287ac7de2950209d5faa4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Aug 2022 08:03:22 +0300 Subject: [PATCH 360/381] Upgrade ddclient (v3.9.1-ls93 -> v3.9.1-ls94) --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index c077ee126..2d15db6c3 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls93 +matrix_dynamic_dns_version: v3.9.1-ls94 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From d81f50d1c06a47116d29bb71a0b56f547d942a5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Aug 2022 10:49:48 +0300 Subject: [PATCH 361/381] Update Grafana (9.0.5 -> 9.0.6) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index c0e64b4b2..fb166359a 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.5 +matrix_grafana_version: 9.0.6 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 52f8ee618ba57ab6d9c751d57d32620b297a64af Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Tue, 2 Aug 2022 11:25:29 +0200 Subject: [PATCH 362/381] specify discord bridge usage; fix links --- docs/configuring-playbook-bridge-appservice-discord.md | 4 +++- docs/configuring-playbook-bridge-mautrix-discord.md | 5 ++++- docs/configuring-playbook-bridge-mx-puppet-discord.md | 4 +++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index b2150d9d3..aa45cac9e 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,6 +1,8 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. The [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridge is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 6bdae5bd4..16fb5aaa4 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,6 +1,9 @@ # Setting up Mautrix Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. +For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. +The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index b5621fa1d..101f7ddc5 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,6 +1,8 @@ # Setting up MX Puppet Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. The [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridge is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. From 2e330e7fe06ad25efd74f0f27a796a9726db2edb Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Tue, 2 Aug 2022 12:18:41 +0200 Subject: [PATCH 363/381] fixing links, adding paragraph --- docs/configuring-playbook-bridge-appservice-discord.md | 4 ++-- docs/configuring-playbook-bridge-mautrix-discord.md | 4 ++-- docs/configuring-playbook-bridge-mx-puppet-discord.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index aa45cac9e..ff10adec3 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,7 +1,7 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 16fb5aaa4..0c3648961 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,7 +1,7 @@ # Setting up Mautrix Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. -For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. +For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 101f7ddc5..bc5c4f234 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,7 +1,7 @@ # Setting up MX Puppet Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](docs/configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure From 27effa02746d410bafe692c4afe43a3ee6905753 Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Tue, 2 Aug 2022 12:22:41 +0200 Subject: [PATCH 364/381] enumeration for better visibility --- docs/configuring-playbook-bridge-appservice-discord.md | 4 ++-- docs/configuring-playbook-bridge-mautrix-discord.md | 4 ++-- docs/configuring-playbook-bridge-mx-puppet-discord.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index ff10adec3..d37724c07 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,8 +1,8 @@ # Setting up Appservice Discord (optional) **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. -For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. +- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +- For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 0c3648961..b0640a14c 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,8 +1,8 @@ # Setting up Mautrix Discord (optional) **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. -For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. -For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. +- For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index bc5c4f234..9584549da 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,8 +1,8 @@ # Setting up MX Puppet Discord (optional) **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. -For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. +- For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. From 01dfbee51ef2ebfff8410756af0096b4bdbec3dd Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 2 Aug 2022 10:45:32 +0000 Subject: [PATCH 365/381] Update Synapse 1.63.1 -> 1.64.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e6138bbaf..99ce80c00 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.63.1 +matrix_synapse_version: v1.64.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 8c983ba1e27a2613013b3c80e5613fc9b6e891ba Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 2 Aug 2022 10:47:54 +0000 Subject: [PATCH 366/381] Update Hydrogen 0.3.0 -> 0.3.1 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 719665e60..4edfa20c4 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.3.0 +matrix_client_hydrogen_version: v0.3.1 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From 2fddf812839a2abcef790d001410d2ba75c039bc Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Wed, 3 Aug 2022 09:33:52 +0200 Subject: [PATCH 367/381] discord-bridges - fixing grammar mistakes, thanks @spontaleev --- docs/configuring-playbook-bridge-mautrix-discord.md | 2 +- docs/configuring-playbook-bridge-mx-puppet-discord.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index b0640a14c..517fd9b4f 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,7 +1,7 @@ # Setting up Mautrix Discord (optional) **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. -- For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. - For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 9584549da..c266f8433 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,7 +1,7 @@ # Setting up MX Puppet Discord (optional) **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -- For using as a Bot we are recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. - For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure From 8b588735e12c3cb81a648a2582d886b5d0fc1f24 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Aug 2022 11:00:40 +0300 Subject: [PATCH 368/381] Fix fully-qualified container image name for go-skype-bridge when not self-building Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1996 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1992 Regression since cf6e38a5862b981fde44 --- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 0777fbc39..a6f7aa9d3 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -10,7 +10,7 @@ matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix matrix_go_skype_bridge_version: latest matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" -matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" +matrix_go_skype_bridge_docker_image_name_prefix: "{{ 'localhost/' if matrix_go_skype_bridge_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge" From 311926cbdad26685a93e12ca249091ee944e926e Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 3 Aug 2022 08:38:15 +0000 Subject: [PATCH 369/381] Update Element 1.11.1 -> 1.11.2 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 7951e8917..5cefc3e3b 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.1 +matrix_client_element_version: v1.11.2 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 747e9dd57cbd8fdb67e798fce97c97304e3409ec Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Aug 2022 21:44:23 +0300 Subject: [PATCH 370/381] Upgrade Dendrite (0.9.0 -> 0.9.1) --- roles/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index c1e3acfbb..476f86a2b 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.9.0" +matrix_dendrite_docker_image_tag: "v0.9.1" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 4461fdfc39cb02c8a073aace4868ca08d5245439 Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Wed, 3 Aug 2022 23:30:00 +0200 Subject: [PATCH 371/381] Use prebuilt ARM images for Element * element-web arm64 builds available since 2022-08-03 v.1.11.2 [vectorim/element-web:v1.11.2](https://hub.docker.com/layers/element-web/vectorim/element-web/v1.11.2/images/sha256-776f82281936226d91cc1b3b587f4aa28fd46934b8045427ced7c72668eda223?context=explore) --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f8edc5c9d..52f89cec6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2094,7 +2094,7 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}" # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_client_element_enabled: true -matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose From cad5d56011b9e10cdac386a79e0b5dff5e14167c Mon Sep 17 00:00:00 2001 From: Charles Wright Date: Wed, 3 Aug 2022 21:26:46 -0500 Subject: [PATCH 372/381] Fix Dendrite extra arguments getting lost Move the `matrix_dendrite_process_extra_arguments` line up so it doesn't get lost, and add a trailing backslash --- .../templates/dendrite/systemd/matrix-dendrite.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 0457917a9..0613f443f 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -46,13 +46,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endfor %} {{ matrix_dendrite_docker_image }} \ -config /data/dendrite.yaml \ + {{ matrix_dendrite_process_extra_arguments|join(' ') }} \ {% if matrix_dendrite_http_bind_address %} -http-bind-address {{ matrix_dendrite_http_bind_address }} {% endif %} {% if matrix_dendrite_https_bind_address %} -https-bind-address {{ matrix_dendrite_https_bind_address }} {% endif %} - {{ matrix_dendrite_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' From f9026469cde3da1b1e860dc88f1b298bdf951b62 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Thu, 4 Aug 2022 08:53:46 +0000 Subject: [PATCH 373/381] Add back sqlite plugin database config option --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 938901eab..49bbcb878 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -27,6 +27,9 @@ plugin_directories: # Configuration for storing plugin databases plugin_databases: + # Some plugins still require sqlite, so configure a path here. + # postgres will be used if supported. + sqlite: /data/dbs postgres: default server: From 309a2393c3dc37b5d07c63af65a909567e003c75 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Thu, 4 Aug 2022 09:18:12 +0000 Subject: [PATCH 374/381] Add no update flag as our config is read only --- .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 2773c69db..c4cbcb388 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} {% endif %} {{ matrix_bot_maubot_docker_image }} \ - python3 -m maubot -c /config/config.yaml + python3 -m maubot -c /config/config.yaml --no-update ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From 998dafe9c4d5315369f2082142b4f035ba452b9a Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 4 Aug 2022 22:02:45 +0300 Subject: [PATCH 375/381] Update Honoroit 0.9.11 -> 0.9.12 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 55d1a386a..fe0b0981a 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.11 +matrix_bot_honoroit_version: v0.9.12 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -94,6 +94,9 @@ matrix_bot_honoroit_cachesize: '' # List of ignored room IDs matrix_bot_honoroit_ignoredrooms: [] +# Ignore messages outside of threads +matrix_bot_honoroit_ignorenothread: false + # Text prefix: open matrix_bot_honoroit_text_prefix_open: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 242b906c2..c8d10c6a0 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -9,6 +9,7 @@ HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} +HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }} HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} From 32430de812ec01e6a889552522b85791a8075afb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 5 Aug 2022 19:02:01 +0200 Subject: [PATCH 376/381] Fix bug that prevented user with external nginx from launch (#2003) * Fix bug that prevented user with external nginx from launch The backslash was missing and prevented users from starting the bot * Add necessary config for ext nginx to docs * Add automatic config for ext nginx, adjust docs * Remove unneeded and possibly puzzeling documentation --- docs/configuring-playbook-bot-maubot.md | 7 ------- group_vars/matrix_servers | 2 ++ .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index d74cfb2fc..d5990a11d 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -61,10 +61,3 @@ You can expand "Access token" to copy it. ![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) **IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. - - - - - - - diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 52f89cec6..a89e2e9b3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1125,6 +1125,8 @@ matrix_bot_maubot_registration_shared_secret: |- }[matrix_homeserver_implementation] }} +matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}" + # Postgres is the default, except if not using `matrix_postgres` (internal postgres) matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index c4cbcb388..a9e039869 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -28,7 +28,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_management_interface_http_bind_port %} - -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} + -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} \ {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /config/config.yaml --no-update From 2ca5320371070823838a1891a1b477c869773838 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 7 Aug 2022 17:02:43 +0000 Subject: [PATCH 377/381] Update Cinny 2.0.4 -> 2.1.1 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index efd880104..743dc0770 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.4 +matrix_client_cinny_version: v2.1.1 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From a54c06d1a7f22f3582afaad878bdc4821b21ef2f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 7 Aug 2022 17:04:20 +0000 Subject: [PATCH 378/381] Update Jitsi stable-7439-2 -> stable-7577 --- roles/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 5546d19c7..2bec0247e 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -71,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7439-2 +matrix_jitsi_version: stable-7577 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" From 5023660f3aa89166b3ecc0f675ea7689e19a45ac Mon Sep 17 00:00:00 2001 From: ganyuke <95439147+ganyuke@users.noreply.github.com> Date: Mon, 8 Aug 2022 03:20:13 +0000 Subject: [PATCH 379/381] Use arm64 images for Cinny Cinny now builds arm64 docker images since [v2.0.4](https://hub.docker.com/layers/cinny/ajbura/cinny/v2.0.4/images/sha256-a7202136f8568eb0397a3d644725a8fb7dca230e08bcfc42040238bda0382057?context=explore). --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a89e2e9b3..94a6e7668 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2164,7 +2164,7 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl matrix_client_cinny_enabled: false -matrix_client_cinny_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Cinny over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose From 7950d3425d847c55f63571f9cca6ac016b47addd Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Mon, 8 Aug 2022 14:25:40 +0200 Subject: [PATCH 380/381] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e30f9b540..56e3cc2db 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,8 @@ Using this playbook, you can get the following services configured on your serve - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server +- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation + - (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) - (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) From cf5af86d92c8e7146cddb6db54b63e36143b1b6b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 8 Aug 2022 15:21:23 +0000 Subject: [PATCH 381/381] Update Email2Matrix 1.0.3 -> 1.1.0 --- roles/matrix-email2matrix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 3084506f1..b24cc76c1 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -11,7 +11,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" -matrix_email2matrix_version: 1.0.3 +matrix_email2matrix_version: 1.1.0 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}"