diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 6e7102bf7..463b7cd47 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,4 @@ +--- # These are supported funding model platforms # https://liberapay.com/s.pantaleev/ diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 000000000..b9c3cd49d --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,7 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml new file mode 100644 index 000000000..6445dc039 --- /dev/null +++ b/.github/workflows/matrix.yml @@ -0,0 +1,16 @@ +--- +name: Matrix CI + +on: # yamllint disable-line rule:truthy + push: + pull_request: + +jobs: + yamllint: + name: 🧹 yamllint + runs-on: ubuntu-latest + steps: + - name: ⤵️ Check out configuration from GitHub + uses: actions/checkout@v2.4.0 + - name: 🚀 Run yamllint + uses: frenck/action-yamllint@v1.1.2 diff --git a/.yamllint b/.yamllint new file mode 100644 index 000000000..08b89afd9 --- /dev/null +++ b/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +ignore: | + roles/matrix-synapse/vars/workers.yml + +rules: + line-length: disable diff --git a/CHANGELOG.md b/CHANGELOG.md index e9f234680..c1ac92e57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,27 @@ +# 2022-02-12 + +## matrix_encryption_disabler support + +We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401). + +To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`. + + +# 2022-02-01 + +## matrix-hookshot bridging support + +Thanks to [HarHarLinks](https://github.com/HarHarLinks), the playbook can now install the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to multiple project management services, such as GitHub, GitLab and JIRA. +See our [Setting up matrix-hookshot](docs/configuring-playbook-bridge-hookshot.md) documentation to get started. + + +# 2022-01-31 + +## ARM support for matrix-corporal + +[matrix-corporal](https://github.com/devture/matrix-corporal) (as of version `2.2.3`) is now published to Docker Hub (see [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal)) as a multi-arch container image with support for all these platforms: `linux/amd64`, `linux/arm64/v8` and `linux/arm/v7`. The playbook no longer resorts to self-building matrix-corporal on these ARM architectures. + + # 2022-01-07 ## Dendrite support diff --git a/README.md b/README.md index af02a3b0a..6ae3ca0b6 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation - (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation diff --git a/collections/requirements.yml b/collections/requirements.yml index 9d365441f..483ed156a 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,4 +1,4 @@ --- collections: - name: community.general - - name: community.docker + - name: community.docker diff --git a/docs/configuring-playbook-bot-matrix-reminder-bot.md b/docs/configuring-playbook-bot-matrix-reminder-bot.md index c3c8e8bba..aaf5670c1 100644 --- a/docs/configuring-playbook-bot-matrix-reminder-bot.md +++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md @@ -54,6 +54,6 @@ You can also add the bot to any existing Matrix room (`/invite @bot.matrix-remin Basic usage is like this: `!remindme in 2 minutes; This is a test` -Send `!help commands` to the room to see the bot's help menu for additional commands. +Send `!help reminders` to the room to see the bot's help menu for additional commands. You can also refer to the upstream [Usage documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage). diff --git a/docs/configuring-playbook-bridge-appservice-webhooks.md b/docs/configuring-playbook-bridge-appservice-webhooks.md index 3654bfa40..f4fbfbc0f 100644 --- a/docs/configuring-playbook-bridge-appservice-webhooks.md +++ b/docs/configuring-playbook-bridge-appservice-webhooks.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. +Note: This bridge is no longer maintained. While not a 1:1 replacement, the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) as a replacement, which can also be installed using [this playbook](configuring-playbook-bridge-hookshot.md). + This bridge provides support for Slack-compatible webhooks. Setup Instructions: diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md new file mode 100644 index 000000000..9a7f3f538 --- /dev/null +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -0,0 +1,47 @@ +# Setting up Hookshot (optional) + +The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. + +Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. + +See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. + +Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. + +## Setup Instructions + +Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. + +1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. +2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. +5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. + +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. + +### Manage GitHub Private Key with matrix-aux role + +The GitHub bridge requires you to install a private key file. This can be done in multiple ways: +- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)). +- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. +- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. + +To use `matrix-aux`, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add to `matrix-aux` configuration like this: +```yaml +matrix_aux_file_definitions: + - dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" + content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}" + mode: '0400' + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" +``` +For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml). + +### Provisioning API + +The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. + +### Metrics + +If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index e7d8dba20..0630270f8 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -1,20 +1,33 @@ # Setting up MX Puppet Slack (optional) -**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. +**Note**: bridging to [Slack](https://slack.com) can also happen via the +[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) +bridge supported by the playbook. The playbook can install and configure [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. See the project page to learn what it does and why it might be useful to you. -To enable the [Slack](https://slack.com/) bridge just use the following -playbook configuration: +## Setup +To enable the [Slack](https://slack.com/) bridge: -```yaml -matrix_mx_puppet_slack_enabled: true -``` - +1. Follow the + [OAuth credentials](https://github.com/Sorunome/mx-puppet-slack#option-2-oauth) + instructions to create a new Slack app, setting the redirect URL to + `https://matrix.YOUR_DOMAIN/slack/oauth`. +2. Update your `vars.yml` with the following: + ```yaml + matrix_mx_puppet_slack_enabled: true + # Client ID must be quoted so YAML does not parse it as a float. + matrix_mx_puppet_slack_oauth_client_id: "" + matrix_mx_puppet_slack_oauth_client_secret: "" + ``` +3. Run playbooks with `setup-all` and `start` tags: + ``` + ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start + ``` ## Usage diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 2e6410ec0..4650b5e2c 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -47,3 +47,20 @@ matrix_synapse_federation_port_enabled: false # This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false ``` + +## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports + +Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection. + +The following changes in the configuration file (`inventory/host_vars/matrix./vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other: + +``` +matrix_synapse_http_listener_resource_names: ["client","federation"] +# Any port can be used but in this case we use 443 +matrix_federation_public_port: 443 +matrix_synapse_federation_port_enabled: false +# Note that the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true. +matrix_synapse_tls_federation_listener_enabled: false +``` + +**Use this at you own risk as all the possible side-effects of doing this are not fully known. However, it has been tested and works fine and passes all the tests on without issues.** diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 2e288cc89..07e49c5a2 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -67,8 +67,13 @@ By default, it obtains certificates for: - `matrix.` (`matrix_server_fqn_matrix`) - possibly for `element.`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false` - possibly for `riot.`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true` +- possibly for `hydrogen.`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md). +- possibly for `cinny.`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md). - possibly for `dimension.`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md). +- possibly for `goneb.`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md). - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). +- possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). +- possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 31168d23f..9b1538834 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -117,6 +117,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional) +- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) + - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) diff --git a/docs/faq.md b/docs/faq.md index 5181c6ea8..d9c7a5866 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -226,7 +226,7 @@ Using a separate domain name is easier to manage (although it's a little hard to We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method. -If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain). +If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain) ### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do? diff --git a/examples/haproxy/docker-compose.yml b/examples/haproxy/docker-compose.yml index 9177161d2..b5c9aab79 100644 --- a/examples/haproxy/docker-compose.yml +++ b/examples/haproxy/docker-compose.yml @@ -1,7 +1,8 @@ +--- version: '3' services: nginx: - image: local/nginx + image: local/nginx ports: - 40888:80 volumes: diff --git a/examples/vars.yml b/examples/vars.yml index f57769624..3ca8f4601 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -1,3 +1,4 @@ +--- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index af84d5d92..596fba130 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -662,6 +662,45 @@ matrix_heisenbridge_systemd_wanted_services_list: | # ###################################################################### +###################################################################### +# +# matrix-bridge-hookshot +# +###################################################################### + +# We don't enable bridges by default. +matrix_hookshot_enabled: false + +matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" + +matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" + +matrix_hookshot_systemd_wanted_services_list: | + {{ + (['matrix-' + matrix_homeserver_implementation + '.service']) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_hookshot_container_http_host_bind_ports_defaultmapping: + - "127.0.0.1:{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}" + - "127.0.0.1:{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}" + - "127.0.0.1:{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" + - "127.0.0.1:{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" + +matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_enabled else matrix_hookshot_container_http_host_bind_ports_defaultmapping }}" + +matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" + +matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" +matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" + +###################################################################### +# +# /matrix-bridge-hookshot +# +###################################################################### + ###################################################################### # # matrix-bridge-mx-puppet-skype @@ -1059,7 +1098,7 @@ matrix_bot_mjolnir_systemd_required_services_list: | matrix_corporal_enabled: false -matrix_corporal_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -1089,8 +1128,6 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati # ###################################################################### - - ###################################################################### # # matrix-coturn @@ -1125,8 +1162,6 @@ matrix_coturn_container_additional_volumes: | # ###################################################################### - - ###################################################################### # # matrix-dimension @@ -1204,8 +1239,6 @@ matrix_dynamic_dns_enabled: false # ###################################################################### - - ###################################################################### # # matrix-email2matrix @@ -1214,7 +1247,7 @@ matrix_dynamic_dns_enabled: false matrix_email2matrix_enabled: false -matrix_email2matrix_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" ###################################################################### # @@ -1222,8 +1255,6 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture != 'amd6 # ###################################################################### - - ###################################################################### # # matrix-jitsi @@ -1268,8 +1299,6 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # ###################################################################### - - ###################################################################### # # matrix-mailer @@ -1281,7 +1310,7 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # Other services (like ma1sd), also use the mailer. matrix_mailer_enabled: true -matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" ###################################################################### # @@ -1289,8 +1318,6 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # ###################################################################### - - ###################################################################### # # matrix-ma1sd @@ -1354,8 +1381,6 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr # ###################################################################### - - ###################################################################### # # matrix-nginx-proxy @@ -1482,6 +1507,10 @@ matrix_nginx_proxy_systemd_wanted_services_list: | (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) + + + (['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else []) + + + (['matrix-hookshot.service'] if matrix_hookshot_enabled else []) }} matrix_ssl_domains_to_obtain_certificates_for: | @@ -1527,8 +1556,6 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr # ###################################################################### - - ###################################################################### # # matrix-postgres @@ -1777,8 +1804,6 @@ matrix_postgres_import_databases_to_ignore: | # ###################################################################### - - ###################################################################### # # matrix-sygnal @@ -1799,8 +1824,6 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### - - ###################################################################### # # matrix-redis @@ -1815,8 +1838,6 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}" # ###################################################################### - - ###################################################################### # # matrix-client-element @@ -1864,8 +1885,6 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr # ###################################################################### - - ###################################################################### # # matrix-client-hydrogen @@ -1889,8 +1908,6 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl # ###################################################################### - - ###################################################################### # # matrix-client-cinny @@ -1916,8 +1933,6 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_re # ###################################################################### - - ###################################################################### # # matrix-synapse @@ -2028,8 +2043,6 @@ matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_re # ###################################################################### - - ###################################################################### # # matrix-synapse-admin @@ -2051,8 +2064,6 @@ matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd # ###################################################################### - - ###################################################################### # # matrix-prometheus-node-exporter @@ -2067,8 +2078,6 @@ matrix_prometheus_node_exporter_enabled: false # ###################################################################### - - ###################################################################### # # matrix-prometheus @@ -2093,6 +2102,8 @@ matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:91 matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" +matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled }}" +matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### # @@ -2100,7 +2111,6 @@ matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exp # ###################################################################### - ###################################################################### # # matrix-prometheus-postgres-exporter @@ -2156,8 +2166,6 @@ matrix_grafana_systemd_wanted_services_list: | # ###################################################################### - - ###################################################################### # # matrix-registration diff --git a/roles/matrix-aux/tasks/main.yml b/roles/matrix-aux/tasks/main.yml index ee93f63ae..2585715be 100644 --- a/roles/matrix-aux/tasks/main.yml +++ b/roles/matrix-aux/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/setup.yml" when: run_stop|bool tags: diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml index 1b61797eb..cb8473251 100755 --- a/roles/matrix-awx/defaults/main.yml +++ b/roles/matrix-awx/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_awx_enabled: true # Defaults for 'Customise Website + Access Export' template diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index d33f0f704..553eb1b94 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -1,3 +1,4 @@ +--- - name: Record Backup Server variables locally on AWX delegate_to: 127.0.0.1 @@ -38,18 +39,18 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true tags: use-survey - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Copy new 'matrix_vars.yml' to target machine copy: @@ -58,8 +59,8 @@ mode: '0660' tags: use-survey -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" +- name: Run initial backup of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" with_items: - borgmatic -c /root/.config/borgmatic/config_1.yaml - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 diff --git a/roles/matrix-awx/tasks/bridge_discord_appservice.yml b/roles/matrix-awx/tasks/bridge_discord_appservice.yml index 7cb24028e..3c124db3a 100644 --- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml +++ b/roles/matrix-awx/tasks/bridge_discord_appservice.yml @@ -1,3 +1,4 @@ +--- - name: Record Bridge Discord AppService variables locally on AWX delegate_to: 127.0.0.1 @@ -33,7 +34,7 @@ - name: Copy new 'Bridge Discord Appservice' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json' - dest: '/matrix/awx/bridge_discord_appservice.json' + dest: '/matrix/awx/bridge_discord_appservice.json' mode: '0660' - name: Recreate 'Bridge Discord Appservice' job template @@ -54,4 +55,4 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml index a34b3792c..ca41880a7 100644 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ b/roles/matrix-awx/tasks/cache_matrix_variables.yml @@ -1,3 +1,4 @@ +--- - name: Collect current datetime set_fact: diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml index 9f22a37ea..7d984b3d8 100644 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ b/roles/matrix-awx/tasks/create_session_token.yml @@ -1,3 +1,4 @@ +--- - name: Create a AWX session token for executing modules awx.awx.tower_token: @@ -7,4 +8,4 @@ tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_master_token }}" register: awx_session_token - no_log: True + no_log: true diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml index fefec426d..7d203ed0a 100755 --- a/roles/matrix-awx/tasks/create_user.yml +++ b/roles/matrix-awx/tasks/create_user.yml @@ -1,3 +1,4 @@ +--- # # Create user and define if they are admin # diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index c9b96026c..80d6d7956 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -48,7 +48,7 @@ - name: Reload vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template delegate_to: 127.0.0.1 @@ -60,7 +60,7 @@ - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' + dest: '/matrix/awx/configure_website_access_export.json' mode: '0660' when: awx_customise_base_domain_website is defined @@ -74,7 +74,7 @@ - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' + dest: '/matrix/awx/access_export.json' mode: '0660' when: awx_customise_base_domain_website is undefined @@ -92,12 +92,12 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: awx_customise_base_domain_website is defined - name: Recreate 'Access Export' job template @@ -114,12 +114,12 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: awx_customise_base_domain_website is undefined - name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account @@ -153,7 +153,7 @@ user: name: sftp groups: sftp - append: yes + append: true when: awx_customise_base_domain_website is defined - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) @@ -208,7 +208,7 @@ group: sftp mode: '0644' when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - + - name: Remove any existing Subsystem lines lineinfile: path: /etc/ssh/sshd_config diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml index d779028e7..a2b97e79e 100644 --- a/roles/matrix-awx/tasks/export_server.yml +++ b/roles/matrix-awx/tasks/export_server.yml @@ -1,7 +1,7 @@ --- -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" +- name: Run export of /matrix/ and snapshot the database simultaneously + command: "{{ item }}" with_items: - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 @@ -23,7 +23,7 @@ command: rm /chroot/export/matrix* count: 1 units: days - unique: yes + unique: true - name: Delete the AWX session token for executing modules awx.awx.tower_token: diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index 69b2aac80..6e8bb8995 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -3,14 +3,14 @@ - name: Include vars in organisation.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: True + no_log: true - name: Include vars in hosting_vars.yml include_vars: file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: True + no_log: true - name: Include AWX master token from awx_tokens.yml include_vars: file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: True + no_log: true diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml index 34754efb3..7a76f34b8 100755 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ b/roles/matrix-awx/tasks/load_matrix_variables.yml @@ -3,9 +3,9 @@ - name: Include new vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true -- name: If include_vars succeeds overwrite the old matrix_vars.yml +- name: If include_vars succeeds overwrite the old matrix_vars.yml delegate_to: 127.0.0.1 shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 6ac39a495..b5e951c6c 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -1,6 +1,6 @@ - +--- # Load initial hosting and organisation variables from AWX volume -- include_tasks: +- include_tasks: file: "load_hosting_and_org_variables.yml" apply: tags: always @@ -9,7 +9,7 @@ - always # Renames or updates the vars.yml if needed -- include_tasks: +- include_tasks: file: "update_variables.yml" apply: tags: always @@ -18,7 +18,7 @@ - always # Create AWX session token -- include_tasks: +- include_tasks: file: "create_session_token.yml" apply: tags: always @@ -27,7 +27,7 @@ - always # Perform a backup of the server -- include_tasks: +- include_tasks: file: "backup_server.yml" apply: tags: backup-server @@ -36,7 +36,7 @@ - backup-server # Perform a export of the server -- include_tasks: +- include_tasks: file: "export_server.yml" apply: tags: export-server @@ -45,7 +45,7 @@ - export-server # Create a user account if called -- include_tasks: +- include_tasks: file: "create_user.yml" apply: tags: create-user @@ -54,7 +54,7 @@ - create-user # Purge local/remote media if called -- include_tasks: +- include_tasks: file: "purge_media_main.yml" apply: tags: purge-media @@ -63,7 +63,7 @@ - purge-media # Purge Synapse database if called -- include_tasks: +- include_tasks: file: "purge_database_main.yml" apply: tags: purge-database @@ -72,7 +72,7 @@ - purge-database # Rotate SSH key if called -- include_tasks: +- include_tasks: file: "rotate_ssh.yml" apply: tags: rotate-ssh @@ -81,16 +81,16 @@ - rotate-ssh # Import configs, media repo from /chroot/backup import -- include_tasks: +- include_tasks: file: "import_awx.yml" apply: tags: import-awx when: run_setup|bool and matrix_awx_enabled|bool tags: - import-awx - + # Perform extra self-check functions -- include_tasks: +- include_tasks: file: "self_check.yml" apply: tags: self-check @@ -99,7 +99,7 @@ - self-check # Create cached matrix_vars.yml file -- include_tasks: +- include_tasks: file: "cache_matrix_variables.yml" apply: tags: always @@ -108,7 +108,7 @@ - always # Configure SFTP so user can upload a static website or access the servers export -- include_tasks: +- include_tasks: file: "customise_website_access_export.yml" apply: tags: setup-nginx-proxy @@ -117,7 +117,7 @@ - setup-nginx-proxy # Additional playbook to set the variable file during Element configuration -- include_tasks: +- include_tasks: file: "set_variables_element.yml" apply: tags: setup-client-element @@ -126,7 +126,7 @@ - setup-client-element # Additional playbook to set the variable file during Mailer configuration -- include_tasks: +- include_tasks: file: "set_variables_mailer.yml" apply: tags: setup-mailer @@ -135,7 +135,7 @@ - setup-mailer # Additional playbook to set the variable file during Element configuration -- include_tasks: +- include_tasks: file: "set_variables_element_subdomain.yml" apply: tags: setup-client-element-subdomain @@ -144,7 +144,7 @@ - setup-client-element-subdomain # Additional playbook to set the variable file during Synapse configuration -- include_tasks: +- include_tasks: file: "set_variables_synapse.yml" apply: tags: setup-synapse @@ -153,7 +153,7 @@ - setup-synapse # Additional playbook to set the variable file during Jitsi configuration -- include_tasks: +- include_tasks: file: "set_variables_jitsi.yml" apply: tags: setup-jitsi @@ -162,7 +162,7 @@ - setup-jitsi # Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: +- include_tasks: file: "set_variables_ma1sd.yml" apply: tags: setup-ma1sd @@ -171,7 +171,7 @@ - setup-ma1sd # Additional playbook to set the variable file during Corporal configuration -- include_tasks: +- include_tasks: file: "set_variables_corporal.yml" apply: tags: setup-corporal @@ -180,7 +180,7 @@ - setup-corporal # Additional playbook to set the variable file during Dimension configuration -- include_tasks: +- include_tasks: file: "set_variables_dimension.yml" apply: tags: setup-dimension @@ -189,7 +189,7 @@ - setup-dimension # Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: +- include_tasks: file: "set_variables_synapse_admin.yml" apply: tags: setup-synapse-admin @@ -198,7 +198,7 @@ - setup-synapse-admin # Additional playbook to set the variable file during Discord Appservice Bridge configuration -- include_tasks: +- include_tasks: file: "bridge_discord_appservice.yml" apply: tags: bridge-discord-appservice @@ -207,7 +207,7 @@ - bridge-discord-appservice # Delete AWX session token -- include_tasks: +- include_tasks: file: "delete_session_token.yml" apply: tags: always @@ -216,7 +216,7 @@ - always # Load newly formed matrix variables from AWX volume -- include_tasks: +- include_tasks: file: "load_matrix_variables.yml" apply: tags: always diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index f29061fb3..9882f1951 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -9,20 +9,20 @@ - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Ensure curl and jq intalled on target machine apt: pkg: - - curl - - jq + - curl + - jq state: present - name: Collect before shrink size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_before_stat when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True + no_log: true - name: Collect the internal IP of the matrix-synapse container shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" @@ -34,7 +34,7 @@ curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_janitors_token - no_log: True + no_log: true - name: Copy build_room_list.py script to target machine copy: @@ -55,7 +55,7 @@ fetch: src: /tmp/room_list_complete.json dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: yes + flat: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Remove complete room list from target machine @@ -80,7 +80,7 @@ - name: Setting host fact awx_room_list_no_local_users set_fact: awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: True + no_log: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Purge all rooms with no local users @@ -113,7 +113,7 @@ set_fact: awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: True + no_log: true - name: Purge all rooms with more then N users include_tasks: purge_database_users.yml @@ -138,7 +138,7 @@ set_fact: awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: True + no_log: true - name: Purge all rooms with more then N events include_tasks: purge_database_events.yml @@ -161,17 +161,17 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Execute rust-synapse-compress-state job template delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes + wait: true tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -190,14 +190,14 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Ensure matrix-synapse is stopped service: name: matrix-synapse state: stopped - daemon_reload: yes + daemon_reload: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Re-index Synapse database @@ -208,7 +208,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Adjust 'Deploy/Update a Server' job template @@ -227,17 +227,17 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Execute run-postgres-vacuum job template delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes + wait: true tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -256,7 +256,7 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Cleanup room_list files @@ -264,13 +264,13 @@ shell: | rm /tmp/{{ subscription_id }}_room_list* when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: yes + ignore_errors: true - name: Collect after shrink size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_after_stat when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True + no_log: true - name: Print total number of rooms processed debug: diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index c836d16cf..bd7e7d1c4 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -1,3 +1,4 @@ +--- - name: Ensure dateutils is installed in AWX delegate_to: 127.0.0.1 @@ -8,13 +9,13 @@ - name: Include vars in matrix_vars.yml include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True + no_log: true - name: Ensure curl and jq intalled on target machine apt: pkg: - - curl - - jq + - curl + - jq state: present - name: Collect the internal IP of the matrix-synapse container @@ -25,7 +26,7 @@ shell: | curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' register: awx_janitors_token - no_log: True + no_log: true - name: Generate list of dates to purge to delegate_to: 127.0.0.1 @@ -37,16 +38,16 @@ register: awx_local_media_size_before when: awx_purge_media_type == "Local Media" async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate initial size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_before when: awx_purge_media_type == "Remote Media" - async: 600 - ignore_errors: yes - no_log: True + async: 600 + ignore_errors: true + no_log: true - name: Purge local media with loop include_tasks: purge_media_local.yml @@ -62,15 +63,15 @@ shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_after when: awx_purge_media_type == "Local Media" - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate final size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_after when: awx_purge_media_type == "Remote Media" - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Print size of local media repository before purge debug: diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml index 9596f5047..bd59cbc13 100644 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ b/roles/matrix-awx/tasks/rotate_ssh.yml @@ -4,7 +4,7 @@ authorized_key: user: root state: present - exclusive: yes + exclusive: true key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - name: Delete the AWX session token for executing modules diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index a7b0cb3ab..68e833a47 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -25,53 +25,53 @@ shell: | curl -s localhost:9000 | grep "^synapse_admin_mau_current " register: awx_mau_stat - no_log: True + no_log: true - name: Calculate CPU usage statistics shell: iostat -c register: awx_cpu_usage_stat - no_log: True + no_log: true - name: Calculate RAM usage statistics shell: free -mh register: awx_ram_usage_stat - no_log: True + no_log: true - name: Calculate free disk space shell: df -h register: awx_disk_space_stat - no_log: True + no_log: true - name: Calculate size of Synapse database shell: du -sh /matrix/postgres/data register: awx_db_size_stat - no_log: True + no_log: true - name: Calculate size of local media repository shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_stat async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_stat async: 600 - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Calculate docker container statistics shell: docker stats --all --no-stream register: awx_docker_stats - ignore_errors: yes - no_log: True + ignore_errors: true + no_log: true - name: Print size of remote media repository debug: msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" when: awx_remote_media_size_stat is defined - + - name: Print size of local media repository debug: msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index e911144dd..007ae59ff 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -235,9 +235,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index eee4e6f22..d692e0813 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -3,18 +3,18 @@ - name: Include vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' - no_log: True + no_log: true - name: Install jq and curl on remote machine apt: - name: + name: - jq - curl state: present - name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX @@ -27,7 +27,7 @@ with_dict: 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"' - + - name: Set final users list if users are defined set_fact: awx_dimension_users_final: "{{ awx_dimension_users }}" @@ -80,7 +80,7 @@ - name: Copy new 'Configure Dimension' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' + dest: '/matrix/awx/configure_dimension.json' mode: '0660' - name: Recreate 'Configure Dimension' job template @@ -97,9 +97,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index 491c91b3b..4b2ce8590 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -172,9 +172,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml index 9e47be163..1c78b9e0e 100644 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml @@ -9,7 +9,7 @@ insertafter: '# Element Settings Start' with_dict: 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - + - name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: @@ -40,4 +40,4 @@ verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 2e8f1f8ed..b12391bf3 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -20,7 +20,7 @@ - name: Copy new 'Configure Jitsi' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' + dest: '/matrix/awx/configure_jitsi.json' mode: '0660' - name: Recreate 'Configure Jitsi' job template @@ -37,9 +37,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index db5037d1d..fba7225a3 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -66,7 +66,7 @@ with_dict: 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: True + no_log: true - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template delegate_to: 127.0.0.1 @@ -77,7 +77,7 @@ - name: Copy new 'Configure ma1sd' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' + dest: '/matrix/awx/configure_ma1sd.json' mode: '0660' - name: Recreate 'Configure ma1sd (Advanced)' job template @@ -94,10 +94,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml index 2ae2d513b..6581223d2 100644 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -36,9 +36,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index f0fe23693..f749f03f6 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -1,3 +1,4 @@ +--- - name: Limit max upload size to 200MB part 1 set_fact: @@ -197,7 +198,7 @@ - name: Copy new 'Configure Synapse' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' + dest: '/matrix/awx/configure_synapse.json' mode: '0660' - name: Recreate 'Configure Synapse' job template @@ -214,9 +215,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index 635befb5a..1e63fb71a 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -19,7 +19,7 @@ - name: Copy new 'Configure Synapse Admin' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' + dest: '/matrix/awx/configure_synapse_admin.json' mode: '0660' - name: Recreate 'Configure Synapse Admin' job template @@ -36,9 +36,9 @@ credential: "{{ member_id }} - AWX SSH Key" survey_enabled: true survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: yes + become_enabled: true state: present verbosity: 1 tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: true diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml index 9818a9c21..e072667f7 100644 --- a/roles/matrix-awx/tasks/update_variables.yml +++ b/roles/matrix-awx/tasks/update_variables.yml @@ -12,7 +12,7 @@ command: | openssl rand -hex 16 register: generic_secret - no_log: True + no_log: true when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) - name: Add new matrix_homeserver_generic_secret_key variable @@ -22,5 +22,5 @@ line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}" insertbefore: '# Basic Settings End' mode: '0600' - state: present + state: present when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index be403de76..e83b6c955 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -1,3 +1,4 @@ +--- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # @@ -98,8 +99,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce.repo b/roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce.repo rename to roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo b/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo new file mode 100644 index 000000000..6f94e4fb0 --- /dev/null +++ b/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo @@ -0,0 +1,62 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-debuginfo] +name=Docker CE Stable - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-source] +name=Docker CE Stable - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test] +name=Docker CE Test - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-debuginfo] +name=Docker CE Test - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-source] +name=Docker CE Test - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly] +name=Docker CE Nightly - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-debuginfo] +name=Docker CE Nightly - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-source] +name=Docker CE Nightly - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/matrix-base/tasks/clean_up_old_files.yml index 01d4a83df..03eb8bcce 100644 --- a/roles/matrix-base/tasks/clean_up_old_files.yml +++ b/roles/matrix-base/tasks/clean_up_old_files.yml @@ -6,4 +6,4 @@ state: absent with_items: - "{{ matrix_base_data_path }}/environment-variables" - - "{{ matrix_base_data_path }}/scratchpad" \ No newline at end of file + - "{{ matrix_base_data_path }}/scratchpad" diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index f9db37b3e..1cdc0432e 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/sanity_check.yml" tags: - always diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index 0869e5017..bbfa077c8 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,10 +1,13 @@ --- -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8 -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30 + +- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30 - block: # ansible_lsb is only available if lsb-release is installed. @@ -13,7 +16,7 @@ name: - lsb-release state: present - update_cache: yes + update_cache: true register: lsb_release_installation_result - name: Reread ansible_lsb facts if lsb-release got installed @@ -34,10 +37,10 @@ service: name: docker state: started - enabled: yes + enabled: true - name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" service: name: "{{ matrix_ntpd_service }}" state: started - enabled: yes + enabled: true diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/matrix-base/tasks/server_base/setup_archlinux.yml index 6c5cdff82..a4912a5db 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/matrix-base/tasks/server_base/setup_archlinux.yml @@ -6,7 +6,7 @@ - python-docker - python-dnspython state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed pacman: diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index 1cd7ac41d..5b169df77 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -7,7 +7,7 @@ - ca-certificates - gnupg state: present - update_cache: yes + update_cache: true - name: Ensure Docker's APT key is trusted apt_key: @@ -22,7 +22,7 @@ apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed @@ -30,7 +30,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed apt: diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/matrix-base/tasks/server_base/setup_fedora.yml new file mode 100644 index 000000000..7369b6ad1 --- /dev/null +++ b/roles/matrix-base/tasks/server_base/setup_fedora.yml @@ -0,0 +1,39 @@ +--- + +- name: Ensure Docker repository is enabled + template: + src: "{{ role_path }}/files/yum.repos.d/{{ item }}" + dest: "/etc/yum.repos.d/docker-ce.repo" + owner: "root" + group: "root" + mode: 0644 + with_items: + - docker-ce-fedora.repo + when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + +- name: Ensure Docker's RPM key is trusted + rpm_key: + state: present + key: https://download.docker.com/linux/fedora/gpg + when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' + +- name: Ensure yum packages are installed + yum: + name: + - "{{ matrix_ntpd_package }}" + state: latest + update_cache: true + +- name: Ensure Docker is installed + yum: + name: + - "{{ matrix_docker_package_name }}" + - python3-pip + state: latest + when: matrix_docker_installation_enabled|bool + +- name: Ensure Docker-Py is installed + pip: + name: docker-py + state: latest + when: matrix_docker_installation_enabled|bool diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index 4aed3c767..6a09f2fe1 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -7,7 +7,7 @@ - ca-certificates - gnupg state: present - update_cache: yes + update_cache: true - name: Ensure Docker's APT key is trusted apt_key: @@ -22,7 +22,7 @@ apt_repository: repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure APT packages are installed @@ -30,7 +30,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed apt: diff --git a/roles/matrix-base/tasks/server_base/setup_centos.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml similarity index 82% rename from roles/matrix-base/tasks/server_base/setup_centos.yml rename to roles/matrix-base/tasks/server_base/setup_redhat.yml index cbf7fbc6c..b4be1d081 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat.yml @@ -2,13 +2,11 @@ - name: Ensure Docker repository is enabled template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" + src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" + dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 - with_items: - - docker-ce.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted @@ -22,7 +20,7 @@ name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed yum: diff --git a/roles/matrix-base/tasks/server_base/setup_centos8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml similarity index 84% rename from roles/matrix-base/tasks/server_base/setup_centos8.yml rename to roles/matrix-base/tasks/server_base/setup_redhat8.yml index e6127f470..d9dd6e23f 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos8.yml +++ b/roles/matrix-base/tasks/server_base/setup_redhat8.yml @@ -2,13 +2,11 @@ - name: Ensure Docker repository is enabled template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" + src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" + dest: "/etc/yum.repos.d/docker-ce.repo" owner: "root" group: "root" mode: 0644 - with_items: - - docker-ce.repo when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' - name: Ensure Docker's RPM key is trusted @@ -22,14 +20,14 @@ name: - epel-release state: latest - update_cache: yes + update_cache: true - name: Ensure yum packages are installed yum: name: - "{{ matrix_ntpd_package }}" state: latest - update_cache: yes + update_cache: true - name: Ensure Docker is installed yum: diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index ab5e81119..41604f874 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -18,8 +18,8 @@ state: present group: "{{ matrix_user_groupname }}" home: "{{ matrix_base_data_path }}" - create_home: no - system: yes + create_home: false + system: true register: matrix_user - name: Set Matrix Group UID Variable diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index 11ee48b92..3f475950b 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -1,3 +1,4 @@ +--- # We need others to be able to read these directories too, # so that matrix-nginx-proxy's nginx user can access the files. # diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index 948c60825..7a3fde41d 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -1,11 +1,11 @@ - -# This is for both CentOS 7 and 8 -- name: Ensure fuse installed (CentOS) +--- +# This is for both RedHat 7 and 8 +- name: Ensure fuse installed (RedHat) yum: name: - fuse state: latest - when: ansible_distribution == 'CentOS' + when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian - name: Ensure fuse installed (Debian/Raspbian) diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml new file mode 100644 index 000000000..53fc9b03e --- /dev/null +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -0,0 +1,23 @@ +--- +# This is for both RedHat 7 and 8 +- name: Ensure openssl installed (RedHat) + yum: + name: + - openssl + state: latest + when: ansible_os_family == 'RedHat' + +# This is for both Debian and Raspbian +- name: Ensure openssl installed (Debian/Raspbian) + apt: + name: + - openssl + state: latest + when: ansible_os_family == 'Debian' + +- name: Ensure openssl installed (Archlinux) + pacman: + name: + - openssl + state: latest + when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-base/vars/main.yml b/roles/matrix-base/vars/main.yml index 8b99708b7..28ac226a7 100644 --- a/roles/matrix-base/vars/main.yml +++ b/roles/matrix-base/vars/main.yml @@ -1,3 +1,4 @@ +--- # This will contain a list of enabled services that the playbook is managing. # Each component is expected to append its service name to this list. matrix_systemd_services_list: [] diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index c5a1f6365..fa57b1095 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. # See: https://github.com/matrix-org/go-neb @@ -203,8 +204,8 @@ matrix_bot_go_neb_services: [] # # Each room will get the notification with the alert rendered with the given template # rooms: # "!someroomid:domain.tld": -# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" -# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" +# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" +# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}{% endraw %}" # msg_type: "m.text" # Must be either `m.text` or `m.notice` # Default configuration template which covers the generic use case. @@ -228,4 +229,3 @@ matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_e # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml index 169f5978a..b046d4944 100644 --- a/roles/matrix-bot-go-neb/tasks/init.yml +++ b/roles/matrix-bot-go-neb/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" when: matrix_bot_go_neb_enabled|bool diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/matrix-bot-go-neb/tasks/main.yml index 1a4fe70a5..3c2ed9c58 100644 --- a/roles/matrix-bot-go-neb/tasks/main.yml +++ b/roles/matrix-bot-go-neb/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index e26be0802..a390eb5e5 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -11,9 +11,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_go_neb_config_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true } + - {path: "{{ matrix_bot_go_neb_config_path }}", when: true} + - {path: "{{ matrix_bot_go_neb_data_path }}", when: true} + - {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true} when: "item.when|bool" - name: Ensure go-neb image is pulled @@ -40,7 +40,7 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_go_neb_systemd_service_result.changed|bool" - name: Ensure matrix-bot-go-neb.service restarted, if necessary diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml index 3610eb44b..a009badfd 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-go-neb state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_go_neb_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - name: Ensure Matrix go-neb paths don't exist diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 056447eb8..eabf11372 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 426aa372a..2c50a1f73 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -1,3 +1,4 @@ +--- # honoroit is a helpdesk bot # See: https://gitlab.com/etke.cc/honoroit @@ -7,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.2 +matrix_bot_honoroit_version: v0.9.4 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -83,6 +84,12 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Text prefix: open +matrix_bot_honoroit_text_prefix_open: '' + +# Text prefix: done +matrix_bot_honoroit_text_prefix_done: '' + # Text: greetings matrix_bot_honoroit_text_greetings: '' diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/matrix-bot-honoroit/tasks/init.yml index 1b652e56d..5ace015b1 100644 --- a/roles/matrix-bot-honoroit/tasks/init.yml +++ b/roles/matrix-bot-honoroit/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" when: matrix_bot_honoroit_enabled|bool diff --git a/roles/matrix-bot-honoroit/tasks/main.yml b/roles/matrix-bot-honoroit/tasks/main.yml index bc5c14904..7d66177c6 100644 --- a/roles/matrix-bot-honoroit/tasks/main.yml +++ b/roles/matrix-bot-honoroit/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 0d2d325bf..81f2eabce 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -33,10 +33,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_honoroit_config_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_data_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true } - - { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_config_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_data_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true} + - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure honoroit environment variables file created @@ -70,7 +70,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_bot_honoroit_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_honoroit_container_image_self_build|bool" - name: Ensure matrix-bot-honoroit.service installed @@ -82,7 +82,7 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_honoroit_systemd_service_result.changed|bool" - name: Ensure matrix-bot-honoroit.service restarted, if necessary diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml index afad2cc1c..45bccabd8 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-honoroit state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_honoroit_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-honoroit.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_honoroit_service_stat.stat.exists|bool" - name: Ensure Matrix honoroit paths don't exist diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 4b1dd43f7..fdd9b13d0 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -7,6 +7,8 @@ HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }} HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} +HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} +HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }} HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }} diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index c4eb1a946..a2ba1a984 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 419e3cca2..76b153e75 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-reminder-bot is a bot for one-off and recurring reminders # See: https://github.com/anoadragon453/matrix-reminder-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml index 7fd125245..414969557 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" when: matrix_bot_matrix_reminder_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml index fc2afddb2..d9a1df7e4 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index bd33326f7..e237bc211 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -34,10 +34,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true} + - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure matrix-reminder-bot image is pulled @@ -65,7 +65,7 @@ build: dockerfile: docker/Dockerfile path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" - name: Ensure matrix-reminder-bot config installed @@ -85,7 +85,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index d7e41201b..eb7543c59 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-matrix-reminder-bot state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - name: Ensure Matrix matrix-reminder-bot paths don't exist diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index 14b5fa45d..b1fe3c325 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 72c685027..9f45432c7 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -1,9 +1,10 @@ +--- # A moderation tool for Matrix # See: https://github.com/matrix-org/mjolnir matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.2.1" +matrix_bot_mjolnir_version: "v1.3.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" @@ -56,4 +57,3 @@ matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration # Holds the final configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml index b8ab58f18..e09964ecd 100644 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/matrix-bot-mjolnir/tasks/main.yml index eada8de57..a2a209147 100644 --- a/roles/matrix-bot-mjolnir/tasks/main.yml +++ b/roles/matrix-bot-mjolnir/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index e770b6d50..3f4d5d8f1 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -11,10 +11,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" } + - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true} + - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"} when: "item.when|bool" - name: Ensure mjolnir Docker image is pulled @@ -42,7 +42,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_bot_mjolnir_container_image_self_build|bool" - name: Ensure matrix-bot-mjolnir config installed @@ -62,7 +62,7 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" - name: Ensure matrix-bot-mjolnir.service restarted, if necessary diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 7fff5e13f..935859778 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-bot-mjolnir state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - name: Ensure matrix-bot-mjolnir paths don't exist diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index b22983129..0b018f25b 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 92a51a31c..daa83dea0 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-discord is a Matrix <-> Discord bridge # See: https://github.com/Half-Shot/matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index ef64e78ad..e16a69796 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml index bad5e3203..5df7bfe2b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 546e5043a..924531ad8 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -54,8 +54,8 @@ service: name: matrix-appservice-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_appservice_discord_stat_db.stat.exists" @@ -105,7 +105,7 @@ - name: Ensure systemd reloaded after matrix-appservice-discord.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_discord_systemd_service_result.changed" - name: Ensure matrix-appservice-discord.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 5dd8075d1..ab56c26b6 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" - name: Ensure matrix-appservice-discord.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-discord.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 8f61bd9f2..84dee8015 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 25b0a2418..fa8613089 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Matrix Appservice IRC is a Matrix <-> IRC bridge # See: https://github.com/matrix-org/matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index b90d93a5e..5e1814121 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml index da92ecf0c..339615eab 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 6b39ac62a..d7fcaa07b 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." @@ -16,7 +18,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 20714a41e..23c175c4f 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + - name: Ensure Appservice IRC paths exist file: path: "{{ item.path }}" @@ -8,10 +10,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_irc_base_path }}", when: true } - - { path: "{{ matrix_appservice_irc_config_path }}", when: true } - - { path: "{{ matrix_appservice_irc_data_path }}", when: true } - - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" } + - {path: "{{ matrix_appservice_irc_base_path }}", when: true} + - {path: "{{ matrix_appservice_irc_config_path }}", when: true} + - {path: "{{ matrix_appservice_irc_data_path }}", when: true} + - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"} when: item.when|bool - name: Check if an old passkey file already exists @@ -24,7 +26,7 @@ service: name: matrix-appservice-irc state: stopped - daemon_reload: yes + daemon_reload: true failed_when: false - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory @@ -80,7 +82,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_appservice_irc_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed" - name: Ensure Matrix Appservice IRC config installed @@ -184,7 +186,7 @@ - name: Ensure systemd reloaded after matrix-appservice-irc.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_irc_systemd_service_result.changed" - name: Ensure matrix-appservice-irc.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 515078177..a4d95df55 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-irc state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" - name: Ensure matrix-appservice-irc.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-irc.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 2c26c7823..8650bd8db 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index b1c98d2a3..e303f8340 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-slack is a Matrix <-> Slack bridge # See: https://github.com/matrix-org/matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 7f251ec5f..2ff7c9420 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -39,40 +40,40 @@ when: "matrix_synapse_role_executed|default(False)" - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; - {% endif %} - } + - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_appservice_slack_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; + {% endif %} + } - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_slack_matrix_nginx_proxy_configuration] - }} + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_appservice_slack_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_appservice_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/matrix-bridge-appservice-slack/tasks/main.yml index acd03fffe..06c3abb61 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/main.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index fedad9775..0bea65bc4 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." @@ -16,7 +18,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 8c5a1eeda..af2003fc9 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -8,10 +8,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_slack_base_path }}", when: true } - - { path: "{{ matrix_appservice_slack_config_path }}", when: true } - - { path: "{{ matrix_appservice_slack_data_path }}", when: true } - - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" } + - {path: "{{ matrix_appservice_slack_base_path }}", when: true} + - {path: "{{ matrix_appservice_slack_config_path }}", when: true} + - {path: "{{ matrix_appservice_slack_data_path }}", when: true} + - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"} when: item.when|bool - set_fact: @@ -56,7 +56,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_appservice_slack_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed" - name: Ensure Matrix Appservice Slack config installed @@ -84,7 +84,7 @@ - name: Ensure systemd reloaded after matrix-appservice-slack.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_slack_systemd_service_result.changed" - name: Ensure matrix-appservice-slack.service restarted, if necessary diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 2dfe1c7b3..dffe78b34 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" - name: Ensure matrix-appservice-slack.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-slack.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 9bf737117..21ba27ef5 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index f987c0876..7a6db2d02 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-appservice-webhooks is a Matrix <-> webhook bridge # See: https://github.com/redoonetworks/matrix-appservice-webhooks diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 7f49e8b64..35d62ded2 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed @@ -32,42 +33,42 @@ when: "matrix_synapse_role_executed|default(False)" - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_appservice_webhooks_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; - } - {% endif %} + - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy + set_fact: + matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; + proxy_pass http://$backend/$1; + } + {% else %} + {# Generic configuration for use outside of our container setup #} + location {{ matrix_appservice_webhooks_public_endpoint }}/ { + proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; + } + {% endif %} - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] - }} + - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_appservice_webhooks_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml index 216905f39..26a7e24c7 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 1b276efc8..1f40d7314 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -8,10 +8,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_appservice_webhooks_base_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_config_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_data_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} + - {path: "{{ matrix_appservice_webhooks_base_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_config_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_data_path }}", when: true} + - {path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Appservice webhooks image is pulled @@ -40,7 +40,7 @@ build: dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_appservice_webhooks_container_image_self_build|bool" - name: Ensure Matrix Appservice webhooks config is installed @@ -84,5 +84,5 @@ - name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_webhooks_systemd_service_result.changed" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 81440b887..38235652b 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-appservice-webhooks state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" - name: Ensure matrix-appservice-webhooks.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index a227387a4..f27111b3c 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 34c9c3cb0..e622522de 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -1,3 +1,4 @@ +--- # beeper-linkedin is a Matrix <-> LinkedIn bridge # See: https://gitlab.com/beeper/linkedin diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml index 755ac2f53..977db9252 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml index 79c54f1ac..920265fb5 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c873d0c2c..3cec1c1fe 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -15,10 +15,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_beeper_linkedin_base_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_config_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_data_path }}", when: true } - - { path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}" } + - {path: "{{ matrix_beeper_linkedin_base_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_data_path }}", when: true} + - {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"} when: "item.when|bool" @@ -31,38 +31,38 @@ when: "not matrix_beeper_linkedin_container_image_self_build|bool" - block: - - name: Ensure Beeper LinkedIn repository is present on self-build - git: - repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" - dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" - version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" - force: "yes" - register: matrix_beeper_linkedin_git_pull_results + - name: Ensure Beeper LinkedIn repository is present on self-build + git: + repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" + dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}" + version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" + force: "yes" + register: matrix_beeper_linkedin_git_pull_results - # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. - # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 - - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image - command: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ - -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" + # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. + # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 + - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image + command: | + {{ matrix_host_command_docker }} run \ + --rm \ + --entrypoint=/bin/sh \ + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ + -w /work \ + docker.io/python:3.9.6-buster \ + -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" - - name: Ensure Beeper LinkedIn Docker image is built - docker_image: - name: "{{ matrix_beeper_linkedin_docker_image }}" - source: build - force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_beeper_linkedin_docker_src_files_path }}" - pull: yes - args: - TARGETARCH: "{{ matrix_architecture }}" + - name: Ensure Beeper LinkedIn Docker image is built + docker_image: + name: "{{ matrix_beeper_linkedin_docker_image }}" + source: build + force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_beeper_linkedin_docker_src_files_path }}" + pull: true + args: + TARGETARCH: "{{ matrix_architecture }}" when: "matrix_beeper_linkedin_container_image_self_build|bool" - name: Ensure beeper-linkedin config.yaml installed @@ -90,5 +90,5 @@ - name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 175613f0d..befa2f610 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-beeper-linkedin state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" - name: Ensure matrix-beeper-linkedin.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml index fe33defaf..d808de081 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -8,4 +8,3 @@ with_items: - "matrix_beeper_linkedin_appservice_token" - "matrix_beeper_linkedin_homeserver_token" - diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 84e4a9c21..4498b4f02 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 6772c364e..80b3c95af 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -1,9 +1,10 @@ +--- # heisenbridge is a bouncer-style Matrix IRC bridge # See: https://github.com/hifi/heisenbridge matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.0 +matrix_heisenbridge_version: 1.10.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" @@ -34,13 +35,13 @@ matrix_heisenbridge_registration_yaml: id: heisenbridge url: http://matrix-heisenbridge:9898 as_token: "{{ matrix_heisenbridge_appservice_token }}" - hs_token: "{{ matrix_heisenbridge_homeserver_token }}" + hs_token: "{{ matrix_heisenbridge_homeserver_token }}" rate_limited: false sender_localpart: heisenbridge namespaces: users: - - regex: '@hbirc_.*' - exclusive: true + - regex: '@hbirc_.*' + exclusive: true aliases: [] rooms: [] diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml index 18e89b681..a66d7199d 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml @@ -1,3 +1,4 @@ +--- # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/matrix-bridge-heisenbridge/tasks/main.yml index 1358709d8..a266643d1 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/main.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 03cf9ec3e..29b5842b6 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -4,8 +4,8 @@ docker_image: name: "{{ matrix_heisenbridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" - name: Ensure heisenbridge paths exist file: @@ -34,5 +34,5 @@ - name: Ensure systemd reloaded after matrix-heisenbridge.service installation service: - daemon_reload: yes + daemon_reload: true when: matrix_heisenbridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index cf100a895..54d5bd67b 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-heisenbridge state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" - name: Ensure matrix-heisenbridge.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-heisenbridge.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index 6a0750bfa..e27b88f1d 100644 --- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge +ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 SyslogIdentifier=matrix-heisenbridge diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml new file mode 100644 index 000000000..2db8ba774 --- /dev/null +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -0,0 +1,203 @@ +--- + +# A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. +# https://github.com/Half-Shot/matrix-hookshot + +matrix_hookshot_enabled: true + +matrix_hookshot_version: 1.1.0 +matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" +matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" + +matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" + +matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_hookshot_container_url: 'matrix-hookshot' + +matrix_hookshot_public_endpoint: /hookshot + +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_appservice_port: 9993 +matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" + +# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc +matrix_hookshot_metrics_enabled: true +# There is no need to edit ports. +# Read the documentation to learn about using hookshot metrics with external Prometheus +# If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_metrics_port: 9001 +matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics" + +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_webhook_port: 9000 +matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhooks" + + +# You need to create a GitHub app to enable this and fill in the empty variables below +# https://half-shot.github.io/matrix-hookshot/setup/github.html +matrix_hookshot_github_enabled: false +matrix_hookshot_github_appid: '' +# Set this variable to the contents of the generated and downloaded GitHub private key: +# matrix_hookshot_github_private_key: | +# -----BEGIN RSA PRIVATE KEY----- +# 0123456789ABCDEF... +# -----END RSA PRIVATE KEY----- +# Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. +matrix_hookshot_github_private_key: '' +matrix_hookshot_github_private_key_file: 'private-key.pem' +matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page +matrix_hookshot_github_oauth_enabled: false +# You need to configure oauth settings only when you have enabled oauth (optional) +matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page +matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page +# Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" +matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" +matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration +matrix_hookshot_github_ignore_hooks: "{}" +matrix_hookshot_github_command_prefix: '!gh' +matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" +matrix_hookshot_github_including_labels: '' +matrix_hookshot_github_excluding_labels: '' + + +matrix_hookshot_gitlab_enabled: true +# Optionally add your instances, e.g. +# matrix_hookshot_gitlab_instances: +# gitlab.com: +# url: https://gitlab.com +# mygitlab: +# url: https://gitlab.example.org +matrix_hookshot_gitlab_instances: + gitlab.com: + url: https://gitlab.com + +# This will be the "Secret token" you have to enter into all GitLab instances for authentication +matrix_hookshot_gitlab_secret: '' + + +matrix_hookshot_jira_enabled: false +# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth +matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_oauth_enabled: false +matrix_hookshot_jira_oauth_id: '' +matrix_hookshot_jira_oauth_secret: '' +# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" +matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" +matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" + + +# No need to change these +matrix_hookshot_generic_enabled: true +# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" +matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_allow_js_transformation_functions: false +# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap +matrix_hookshot_generic_user_id_prefix: '_webhooks_' + + +matrix_hookshot_figma_enabled: false +# Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" +matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" +matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" +# To bridge figma webhooks, you need to configure one of multiple instances like this: +# matrix_hookshot_figma_instances: +# your-instance: +# teamId: your-team-id +# accessToken: your-personal-access-token +# passcode: your-webhook-passcode + + +# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. +matrix_hookshot_provisioning_port: 9002 +matrix_hookshot_provisioning_secret: '' +# Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it +matrix_hookshot_provisioning_enabled: false +matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" + +# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions +# When empty, the default permissions are applied. +# Example: +# matrix_hookshot_permissions: +# - actor: * +# services: +# - service: * +# level: commands +# - actor: example.com +# services: +# - service: "*" +# level: admin +matrix_hookshot_permissions: [] + +matrix_hookshot_bot_displayname: Hookshot Bot +matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d' + +# A list of extra arguments to pass to the container +matrix_hookshot_container_extra_arguments: [] + +# List of systemd services that service depends on. +matrix_hookshot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that service wants +matrix_hookshot_systemd_wanted_services_list: [] + +# List of ports to bind to the host to expose them directly. +# Ports will automatically be bound to localhost if matrix_nginx_proxy_enabled is false. +# Setting this variable will override that behaviour in either case. +# Supply docker port bind arguments in a list like this: +# +# matrix_hookshot_container_http_host_bind_ports: +# - "127.0.0.1:9999:{{ matrix_hookshot_metrics_port }}" +# +# Above example will bind the metrics port in the container to port 9999 on localhost. +matrix_hookshot_container_http_host_bind_ports: [] + +# These tokens will be set automatically +matrix_hookshot_appservice_token: '' +matrix_hookshot_homeserver_token: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrixhookshot_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_hookshot_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}" + +matrix_hookshot_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_hookshot_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_hookshot_configuration_yaml`. + +matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_extension_yaml|from_yaml if matrix_hookshot_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_configuration_yaml`. +matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml|from_yaml|combine(matrix_hookshot_configuration_extension, recursive=True) }}" + +# Default registration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrixhookshot_registration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_hookshot_registration_yaml: "{{ lookup('template', 'templates/registration.yml.j2') }}" + +matrix_hookshot_registration_extension_yaml: | + # Your custom YAML registration goes here. + # This registration extends the default starting registration (`matrix_hookshot_registration_yaml`). + # + # You can override individual variables from the default registration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_hookshot_registration_yaml`. + +matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extension_yaml|from_yaml if matrix_hookshot_registration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final registration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_registration_yaml`. +matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml|from_yaml|combine(matrix_hookshot_registration_extension, recursive=True) }}" diff --git a/roles/matrix-bridge-hookshot/files/.gitkeep b/roles/matrix-bridge-hookshot/files/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml new file mode 100644 index 000000000..a2229c368 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -0,0 +1,130 @@ +--- +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-hookshot role needs to execute before the matrix-synapse role. + when: "matrix_hookshot_enabled and matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}" + when: matrix_hookshot_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/hookshot-registration.yml"] }} + when: matrix_hookshot_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_configuration: | + location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% if matrix_hookshot_provisioning_enabled %} + location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + + - name: Register hookshot proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_configuration] + }} + + - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_hookshot_matrix_nginx_proxy_metrics_configuration: | + {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %} + location {{ matrix_hookshot_metrics_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + proxy_set_header Host $host; + {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %} + auth_basic "protected"; + auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + {% endif %} + } + {% endif %} + + - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([]) + + + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration] + }} + tags: + - always + when: matrix_hookshot_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` + URL endpoint to the matrix-hookshot container. + You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. + when: "matrix_hookshot_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/matrix-bridge-hookshot/tasks/main.yml new file mode 100644 index 000000000..409b6175a --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_hookshot_enabled|bool" + tags: + - setup-all + - setup-hookshot diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml new file mode 100644 index 000000000..66a452f09 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -0,0 +1,84 @@ +--- + +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + +- name: Ensure hookshot image is pulled + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + +- name: Ensure hookshot paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_hookshot_base_path }}" + +- name: Check if hookshot passkey exists + stat: + path: "{{ matrix_hookshot_base_path }}/passkey.pem" + register: hookshot_passkey_file + +- name: Generate hookshot passkey if it doesn't exist + shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096" + become: true + become_user: "{{ matrix_user_username }}" + when: "not hookshot_passkey_file.stat.exists" + +- name: Ensure hookshot config.yml installed if provided + copy: + content: "{{ matrix_hookshot_configuration|to_nice_yaml }}" + dest: "{{ matrix_hookshot_base_path }}/config.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Validate hookshot config.yml + command: | + {{ matrix_host_command_docker }} run + --rm + --name={{ matrix_hookshot_container_url }}-validate + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + -v {{ matrix_hookshot_base_path }}/config.yml:/config.yml + {{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml + register: hookshot_config_validation_result + +- name: Fail if hookshot config.yml invalid + fail: + msg: "Your hookshot configuration did not pass validation:\n{{ hookshot_config_validation_result.stdout }}\n{{ hookshot_config_validation_result.stderr }}" + when: "hookshot_config_validation_result.rc > 0" + +- name: Ensure hookshot registration.yml installed if provided + copy: + content: "{{ matrix_hookshot_registration|to_nice_yaml }}" + dest: "{{ matrix_hookshot_base_path }}/registration.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure hookshot github private key file installed if github is enabled + copy: + content: "{{ matrix_hookshot_github_private_key }}" + dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" + mode: 0400 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length > 0 + +- name: Ensure matrix-hookshot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-hookshot.service" + mode: 0644 + register: matrix_hookshot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-hookshot.service installation + service: + daemon_reload: true + when: matrix_hookshot_systemd_service_result.changed diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml new file mode 100644 index 000000000..d8efbb029 --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-hookshot service + stat: + path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + register: matrix_hookshot_service_stat + +- name: Ensure matrix-hookshot is stopped + service: + name: matrix-hookshot + state: stopped + enabled: false + daemon_reload: true + when: "matrix_hookshot_service_stat.stat.exists" + +- name: Ensure matrix-hookshot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + state: absent + when: "matrix_hookshot_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-hookshot.service removal + service: + daemon_reload: true + when: "matrix_hookshot_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/matrix-bridge-hookshot/tasks/validate_config.yml new file mode 100644 index 000000000..5da8809ee --- /dev/null +++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml @@ -0,0 +1,59 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_hookshot_appservice_token" + - "matrix_hookshot_homeserver_token" + +- name: Fail if required GitHub settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable GitHub. + when: "matrix_hookshot_github_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_github_appid" + - "matrix_hookshot_github_secret" + +- name: Fail if required GitHub OAuth settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth. + when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_github_oauth_id" + - "matrix_hookshot_github_oauth_secret" + +- name: Fail if required Jira settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable Jira. + when: "matrix_hookshot_jira_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_jira_secret" + +- name: Fail if required Jira OAuth settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth. + when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_jira_oauth_id" + - "matrix_hookshot_jira_oauth_secret" + +- name: Fail if required Figma settings not defined + fail: + msg: >- + You need to define at least one Figma instance to enable Figma. + when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined" + +- name: Fail if required provisioning settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) to enable provisioning. + when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" + with_items: + - "matrix_hookshot_provisioning_secret" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 new file mode 100644 index 000000000..fc04c7559 --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -0,0 +1,127 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Basic homeserver configuration + # + domain: {{ matrix_domain }} + url: {{ matrix_hookshot_homeserver_address }} + mediaUrl: {{ matrix_hookshot_homeserver_address }} + port: {{ matrix_hookshot_appservice_port }} + bindAddress: 0.0.0.0 +{% if matrix_hookshot_github_enabled %} +github: + # (Optional) Configure this to enable GitHub support + # + auth: + # Authentication for the GitHub App. + # + id: {{ matrix_hookshot_github_appid }} + privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }} + webhook: + # Webhook settings for the GitHub app. + # + secret: {{ matrix_hookshot_github_secret|to_json }} +{% if matrix_hookshot_github_oauth_enabled %} + oauth: + # (Optional) Settings for allowing users to sign in via OAuth. + # + client_id: {{ matrix_hookshot_github_oauth_id }} + client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }} + redirect_uri: {{ matrix_hookshot_github_oauth_uri }} +{% endif %} + defaultOptions: + # (Optional) Default options for GitHub connections. + # + ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} + commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" + showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + prDiff: {{ matrix_hookshot_github_pr_diff }} + includingLabels:{{ matrix_hookshot_github_including_labels }} + excludingLabels: {{ matrix_hookshot_github_excluding_labels }} +{% endif %} +{% if matrix_hookshot_gitlab_enabled %} +gitlab: + # (Optional) Configure this to enable GitLab support + # + instances: + {{ matrix_hookshot_gitlab_instances }} + webhook: + secret: {{ matrix_hookshot_gitlab_secret|to_json }} +{% endif %} +{% if matrix_hookshot_jira_enabled %} +jira: + # (Optional) Configure this to enable Jira support + # + webhook: + secret: {{ matrix_hookshot_jira_secret|to_json }} +{% if matrix_hookshot_jira_oauth_enabled %} + oauth: + client_id: {{ matrix_hookshot_jira_oauth_id|to_json }} + client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }} + redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} +{% endif %} +{% endif %} +{% if matrix_hookshot_generic_enabled %} +generic: + # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments + # + enabled: {{ matrix_hookshot_generic_enabled }} + urlPrefix: {{ matrix_hookshot_generic_urlprefix }} + allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} + userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} +{% endif %} +{% if matrix_hookshot_figma_enabled %} +figma: + # (Optional) Configure this to enable Figma support + # + publicUrl: {{ matrix_hookshot_figma_publicUrl }} + instances: {{ matrix_hookshot_figma_instances }} +{% endif %} +{% if matrix_hookshot_provisioning_enabled %} +provisioning: + # (Optional) Provisioning API for integration managers + # + secret: {{ matrix_hookshot_provisioning_secret|to_json }} +{% endif %} +passFile: + # A passkey used to encrypt tokens stored inside the bridge. + # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate + # + /data/passkey.pem +bot: + # (Optional) Define profile information for the bot user + # + displayname: {{ matrix_hookshot_bot_displayname }} + avatar: {{ matrix_hookshot_bot_avatar }} +metrics: + # (Optional) Prometheus metrics support + # + enabled: {{ matrix_hookshot_metrics_enabled }} +logging: + # (Optional) Logging settings. You can have a severity debug,info,warn,error + # + level: info +{% if matrix_hookshot_permissions %} +permissions: {{ matrix_hookshot_permissions }} +{% endif %} +listeners: + # (Optional) HTTP Listener configuration. + # Bind resource endpoints to ports and addresses. + # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice + # +{# always enabled since all services need it #} + - port: {{ matrix_hookshot_webhook_port }} + bindAddress: 0.0.0.0 + resources: + - webhooks +{% if matrix_hookshot_metrics_enabled %} + - port: {{ matrix_hookshot_metrics_port }} + bindAddress: 0.0.0.0 + resources: + - metrics +{% endif %} +{% if matrix_hookshot_provisioning_enabled %} + - port: {{ matrix_hookshot_provisioning_port }} + bindAddress: 0.0.0.0 + resources: + - provisioning +{% endif %} diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 new file mode 100644 index 000000000..ced3bd77e --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -0,0 +1,16 @@ +#jinja2: lstrip_blocks: "True" +id: matrix-hookshot # This can be anything, but must be unique within your homeserver +as_token: {{ matrix_hookshot_appservice_token|to_json }} # This again can be a random string +hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this +namespaces: + rooms: [] + users: + - regex: "@_github_.*:{{ matrix_domain }}" + exclusive: true + aliases: + - regex: "#github_.+:{{ matrix_domain }}" + exclusive: true + +sender_localpart: hookshot +url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}" # This should match the bridge.port in your config file +rate_limited: false diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 new file mode 100644 index 000000000..16ff05920 --- /dev/null +++ b/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -0,0 +1,40 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. +{% for service in matrix_hookshot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_hookshot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} + +ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_hookshot_base_path }}:/data:z \ + {% for port in matrix_hookshot_container_http_host_bind_ports %} + -p {{ port }} \ + {% endfor %} + {% for arg in matrix_hookshot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_hookshot_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +Restart=always +RestartSec=30 +SyslogIdentifier={{ matrix_hookshot_container_url }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5d83e9cc2..f781ba915 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-facebook is a Matrix <-> Facebook bridge # See: https://github.com/mautrix/facebook @@ -6,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.2 +matrix_mautrix_facebook_version: v0.3.3 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index cf67f2276..d97a3230e 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml index 54fb6f9df..b6e65fe28 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index d5230bca9..3fa429702 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_facebook_base_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_config_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_data_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_facebook_base_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_config_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_data_path }}", when: true} + - {path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Facebook repository is present on self-build @@ -74,7 +74,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_facebook_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_facebook_container_image_self_build|bool" - name: Check if an old database file already exists @@ -86,8 +86,8 @@ service: name: matrix-mautrix-facebook state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_facebook_stat_database.stat.exists" @@ -120,7 +120,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Ensure matrix-mautrix-facebook.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index abbce3501..1c8fbd3b6 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-facebook state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" - name: Ensure matrix-mautrix-facebook.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 07ee8fb70..f3af4b9ff 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 02bef16aa..1b89bea6d 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-googlechat is a Matrix <-> googlechat bridge # See: https://github.com/mautrix/googlechat diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index 5c8d82bfe..e64cb44ca 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,39 +24,39 @@ when: matrix_mautrix_googlechat_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-googlechat:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] - }} + - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_googlechat_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-googlechat:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_googlechat_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml index defcd58ac..16054e7b5 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 293e8817f..9faf344fe 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_googlechat_base_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_config_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_data_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_googlechat_base_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_config_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_data_path }}", when: true} + - {path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_googlechat_container_image_self_build|bool" - name: Check if an old database file already exists @@ -85,8 +85,8 @@ service: name: matrix-mautrix-googlechat state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_googlechat_stat_database.stat.exists" @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_googlechat_systemd_service_result.changed" - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index bdcaa6e71..a315c0c84 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-googlechat state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" - name: Ensure matrix-mautrix-googlechat.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml index 7aa428708..083e8d342 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml @@ -11,4 +11,4 @@ - "matrix_mautrix_googlechat_homeserver_token" - debug: msg: - - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' + - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index 5a6ab7995..c56473bed 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 013e1d14a..911c81c6d 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-hangouts is a Matrix <-> Hangouts bridge # See: https://github.com/mautrix/hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 59756ec90..65d4776e2 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,39 +24,39 @@ when: matrix_mautrix_hangouts_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-hangouts:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] - }} + - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_hangouts_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml index 0df0d0e37..b43ff478b 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index fb5236fd5..368ee5f87 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -50,10 +50,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_hangouts_base_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_config_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_data_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_hangouts_base_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_config_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_data_path }}", when: true} + - {path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Mautrix Hangots repository is present on self build @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_hangouts_container_image_self_build|bool" - name: Check if an old database file already exists @@ -85,8 +85,8 @@ service: name: matrix-mautrix-hangouts state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_hangouts_stat_database.stat.exists" @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_hangouts_systemd_service_result.changed" - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 34348cfd4..8ce859c8e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-hangouts state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" - name: Ensure matrix-mautrix-hangouts.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 8922bef46..0242ef16c 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -11,4 +11,4 @@ - "matrix_mautrix_hangouts_homeserver_token" - debug: msg: - - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' + - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 66f34d94c..60f0e055f 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a3783328e..9fc42cea8 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-instagram is a Matrix <-> Instagram bridge # See: https://github.com/mautrix/instagram diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index c44855d81..d33acd09d 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml index 7326e22d7..b6ffcd06a 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 38a7f62ef..dc95af3a3 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -23,13 +23,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_instagram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_data_path }}", when: true } - - { - path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", - when: "{{ matrix_mautrix_instagram_container_image_self_build }}", - } + - {path: "{{ matrix_mautrix_instagram_base_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_config_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_data_path }}", when: true} + - {path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", when: "{{ matrix_mautrix_instagram_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix instagram repository is present on self-build @@ -49,7 +46,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_instagram_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_instagram_container_image_self_build|bool" - name: Ensure mautrix-instagram config.yaml installed @@ -77,5 +74,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_instagram_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index 02e20b619..2cc0e0e93 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -8,8 +8,8 @@ service: name: matrix-mautrix-instagram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" - name: Ensure matrix-mautrix-instagram.service doesn't exist @@ -20,5 +20,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 0157accc9..33a5bab3b 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ceaa9b87e..0f91d6cc9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-signal is a Matrix <-> Signal bridge # See: https://github.com/mautrix/signal @@ -7,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.2 -matrix_mautrix_signal_daemon_version: 0.16.1 +matrix_mautrix_signal_version: v0.2.3 +matrix_mautrix_signal_daemon_version: 0.17.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 6133e8654..21d52066f 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/matrix-bridge-mautrix-signal/tasks/main.yml index edca20e61..643b94c9c 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 1a9b29154..6fd0f8136 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -34,7 +34,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_signal_container_image_self_build|bool" @@ -64,7 +64,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" - name: Ensure Mautrix Signal paths exist @@ -114,5 +114,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-signal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index b36ef81d9..8ca2be3fe 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -10,8 +10,8 @@ service: name: matrix-mautrix-signal-daemon state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist @@ -30,8 +30,8 @@ service: name: matrix-mautrix-signal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists" - name: Ensure matrix-mautrix-signal.service doesn't exist @@ -43,5 +43,5 @@ # All services - name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 314bba6d5..6f128da39 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index 0d3eb9b80..a65895edf 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index bcdcfdd8f..d1397b219 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-telegram is a Matrix <-> Telegram bridge # See: https://github.com/mautrix/telegram @@ -7,13 +8,13 @@ matrix_telegram_lottieconverter_container_image_self_build: false matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.1 +matrix_mautrix_telegram_version: v0.11.2 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 662ea1c39..267658ef9 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mautrix_telegram_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-telegram:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9006; - {% endif %} - } + - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_telegram_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-telegram:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9006; + {% endif %} + } - - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] - }} + - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mautrix_telegram_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml index 8a218ed8d..018b30da4 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 1e34e2cd6..ceda10a58 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -42,10 +42,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_telegram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_data_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_telegram_base_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_config_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_data_path }}", when: true} + - {path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Telegram image is pulled @@ -73,7 +73,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build|bool" - name: Ensure matrix-mautrix-telegram repository is present when self-building @@ -107,8 +107,8 @@ service: name: matrix-mautrix-telegram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_telegram_stat_database.stat.exists" @@ -141,7 +141,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_telegram_systemd_service_result.changed" - name: Ensure matrix-mautrix-telegram.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index bc84edbba..a713898b9 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-telegram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" - name: Ensure matrix-mautrix-telegram.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 3f5cbd005..d24e960ea 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 6a72706b5..f8fd29c80 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-twitter is a Matrix <-> Twitter bridge # See: https://github.com/mautrix/twitter diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml index 4f8df9e0c..5b526bbde 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}" when: matrix_mautrix_twitter_enabled|bool diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml index 60eea0995..6c0abe4f5 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index c27eeccd3..86134d2b7 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -27,17 +27,17 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_twitter_base_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_config_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_data_path }}", when: true } - - { path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_twitter_base_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_config_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_data_path }}", when: true} + - {path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Twitter repository is present on self-build git: repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" -# version: "{{ matrix_coturn_docker_image.split(':')[1] }}" + # version: "{{ matrix_coturn_docker_image.split(':')[1] }}" force: "yes" register: matrix_mautrix_twitter_git_pull_results when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build" @@ -50,7 +50,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_twitter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool" - name: Ensure mautrix-twitter config.yaml installed @@ -78,7 +78,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_systemd_service_result.changed" - name: Ensure matrix-mautrix-twitter.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 28819726e..024603e71 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ service: name: matrix-mautrix-twitter state: stopped - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" - name: Ensure matrix-mautrix-twitter.service doesn't exist @@ -20,5 +20,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 55509b851..73bdbc866 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index aaa1f04a2..54097ad80 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mautrix-whatsapp is a Matrix <-> Whatsapp bridge # See: https://github.com/mautrix/whatsapp @@ -7,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.3 +matrix_mautrix_whatsapp_version: v0.2.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" @@ -77,7 +78,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: # Servers to always allow double puppeting from matrix_mautrix_whatsapp_bridge_double_puppet_server_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" + "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index f320bc743..57166386b 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml index 188eae4a1..0a963eb24 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index ddd49dd0d..d33524f37 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -44,10 +44,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}" } + - {path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true} + - {path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}"} when: item.when|bool - name: Ensure Mautrix Whatsapp image is pulled @@ -76,7 +76,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mautrix_whatsapp_container_image_self_build|bool" - name: Check if an old database file exists @@ -93,8 +93,8 @@ service: name: matrix-mautrix-whatsapp state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mautrix_whatsapp_stat_database.stat.exists" @@ -131,7 +131,7 @@ - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 7dd4b4028..3884f9e7e 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mautrix-whatsapp state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - name: Ensure matrix-mautrix-whatsapp.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index 483141908..c983c4cce 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -8,4 +8,3 @@ with_items: - "matrix_mautrix_whatsapp_appservice_token" - "matrix_mautrix_whatsapp_homeserver_token" - diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 77daa825b..4a492492b 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index cd9c1477f..80734c256 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Discord is a Matrix <-> Discord bridge # See: https://github.com/matrix-discord/mx-puppet-discord @@ -27,7 +28,7 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' -matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}" +matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}" # "@user:server.com" to allow specific user # "@.*:yourserver.com" to allow users on a specific homeserver diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 6fa430373..69458093d 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml index 3ca32335c..e11a2db04 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index f9985ed83..3ef57cb74 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_discord_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}"} when: matrix_mx_puppet_discord_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -32,8 +32,8 @@ service: name: matrix-mx-puppet-discord state: stopped - daemon_reload: yes - failed_when: False + daemon_reload: true + failed_when: false - name: (Data relocation) Move mx-puppet-discord database file to ./data directory command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" @@ -90,7 +90,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" - name: Ensure mx-puppet-discord config.yaml installed @@ -118,7 +118,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_discord_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-discord.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index a0298ad9f..b3ab8e39e 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-discord state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-discord.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 58b01e200..6ffb87cd3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 8b3826059..0daf6dfc7 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge # See: https://gitlab.com/robintown/mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index b4469ea18..db28f324c 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml index 994e7e454..070f920b5 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 3ed4867c5..84802c4fe 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}"} when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-groupme state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_groupme_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure mx-puppet-groupme config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_groupme_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index f9ecce58b..24daf7be8 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-groupme state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-groupme.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_groupme_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index 7e008aeb8..dabafd180 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 272103604..3a73e0fed 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -1,3 +1,4 @@ +--- # mx-puppet-instagram bridges instagram DMs # See: https://github.com/Sorunome/mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml index a12885e78..d16e6be0f 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -21,4 +22,3 @@ + {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} when: matrix_mx_puppet_instagram_enabled|bool - diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml index d0fe90e4b..6abb281fc 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index cdbaa18e8..63f1878b7 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -51,10 +51,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}"} when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool - name: Ensure mx-puppet-instagram repository is present on self build @@ -74,7 +74,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" - name: Ensure mx-puppet-instagram config.yaml installed @@ -102,7 +102,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_instagram_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index 9ad4e13d9..e4435a3e8 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-instagram state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-instagram.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index b2921a4fe..965bb41c2 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 8dcb2faff..905e50863 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Skype is a Matrix <-> Skype bridge # See: https://github.com/Sorunome/mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index 5618821b5..d28f6ca1a 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml index 01ddd7d87..0793e994b 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a39e7acf2..285735336 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_skype_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_skype_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}"} when: matrix_mx_puppet_skype_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-skype state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_skype_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - name: Ensure mx-puppet-skype config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_skype_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-skype.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml index a1af7e337..838c3be5f 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-skype state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_skype_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-skype.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index 4c604bb7b..9a7986e4d 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 30d42475b..bf5c6dfae 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,8 +1,12 @@ +--- # Mx Puppet Slack is a Matrix <-> Slack bridge # See: https://github.com/Sorunome/mx-puppet-slack matrix_mx_puppet_slack_enabled: true +matrix_mx_puppet_slack_oauth_client_id: '' +matrix_mx_puppet_slack_oauth_client_secret: '' + matrix_mx_puppet_slack_container_image_self_build: false matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 74ec03502..897f3f8fe 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mx_puppet_slack_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; - {% endif %} - } + - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_slack_redirect_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; + {% endif %} + } - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] - }} + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mx_puppet_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml index 6aa0fd0fd..0e886d452 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 8ef8ac4e9..eca29e9b2 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_slack_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}"} when: matrix_mx_puppet_slack_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_slack_stat_database.stat.exists" @@ -87,7 +87,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" - name: (Data relocation) Move mx-puppet-slack database file to ./data directory @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_slack_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-slack.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index f6e7d33ed..3a119267e 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-slack state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-slack.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 index b1917b868..c7497a84c 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -18,6 +18,10 @@ bridge: # Slack OAuth settings. Create a slack app at https://api.slack.com/apps oauth: enabled: true + # Slack app credentials. + # N.B. This must be quoted so YAML does not parse it as a float. + clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}' + clientSecret: {{ matrix_mx_puppet_slack_oauth_client_secret|to_json }} # Path where to listen for OAuth redirect callbacks. redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index f130c095e..973771b3e 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 2af4a32af..91675fce6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Mx Puppet Steam is a Matrix <-> Steam bridge # See: https://github.com/matrix-steam/mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index c3218e894..efca41103 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml index cd6bb1477..733cfa909 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index a92d63fb4..a1786ba99 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_steam_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}"} when: matrix_mx_puppet_steam_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-steam state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_steam_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure mx-puppet-steam config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_steam_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-steam.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index 608bde73b..2e152ef67 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-steam state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-steam.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index c736b7ca5..0772872b1 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 0e37d51f5..37be2be28 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -1,3 +1,5 @@ +--- + # Mx Puppet Twitter is a Matrix <-> Twitter bridge # See: https://github.com/Sorunome/mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 2054d23c5..9d868bfea 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -23,40 +24,40 @@ when: matrix_mx_puppet_twitter_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; - {% endif %} - } + - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } - - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] - }} + - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} tags: - - always + - always when: matrix_mx_puppet_twitter_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml index af355df36..7d65257c9 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index a6250a16f..8ca4f3f1e 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -16,10 +16,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } + - {path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true} + - {path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}"} when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool - name: Check if an old database file already exists @@ -31,8 +31,8 @@ service: name: matrix-mx-puppet-twitter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_mx_puppet_twitter_stat_database.stat.exists" @@ -91,7 +91,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure mx-puppet-twitter config.yaml installed @@ -119,7 +119,7 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_twitter_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 1382ee58c..56dcd9ce0 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-mx-puppet-twitter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - name: Ensure matrix-mx-puppet-twitter.service doesn't exist @@ -21,5 +21,5 @@ - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index efa3e4e33..7e1b1c327 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index d3a686cef..82ffce6eb 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-sms-bridge is a Matrix <-> SMS bridge # See: https://github.com/benkuly/matrix-sms-bridge diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml index 5979d1329..b8af8e604 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/matrix-bridge-sms/tasks/init.yml @@ -1,3 +1,5 @@ +--- + # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # We don't want to fail in such cases. - name: Fail if matrix-synapse role already executed diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/matrix-bridge-sms/tasks/main.yml index c1c499dee..b06e1a548 100644 --- a/roles/matrix-bridge-sms/tasks/main.yml +++ b/roles/matrix-bridge-sms/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 61de923fb..1f2960431 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-sms-bridge.service installation service: - daemon_reload: yes - when: matrix_sms_bridge_systemd_service_result.changed \ No newline at end of file + daemon_reload: true + when: matrix_sms_bridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml index ad8442bc3..d74476ebe 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-sms-bridge state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_sms_bridge_service_stat.stat.exists" - name: Ensure matrix-sms-bridge.service doesn't exist diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml index f89b18faa..96e41755b 100644 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ b/roles/matrix-bridge-sms/tasks/validate_config.yml @@ -13,4 +13,4 @@ - "matrix_sms_bridge_default_timezone" - "matrix_sms_bridge_provider_android_baseurl" - "matrix_sms_bridge_provider_android_username" - - "matrix_sms_bridge_provider_android_password" \ No newline at end of file + - "matrix_sms_bridge_provider_android_password" diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 404b5aabc..46c3463fd 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -35,8 +35,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endfor %} {{ matrix_sms_bridge_docker_image }} -ExecStopPost=-/usr/bin/docker kill matrix-sms-bridge -ExecStopPost=-/usr/bin/docker rm matrix-sms-bridge +ExecStop=-/usr/bin/docker kill matrix-sms-bridge +ExecStop=-/usr/bin/docker rm matrix-sms-bridge Restart=always RestartSec=30 SyslogIdentifier=matrix-sms-bridge diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 21ce09d42..1cb9b26f9 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -1,9 +1,11 @@ +--- + matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.6.1 +matrix_client_cinny_version: v1.7.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/matrix-client-cinny/tasks/init.yml index e6889e4d6..04fbd8a20 100644 --- a/roles/matrix-client-cinny/tasks/init.yml +++ b/roles/matrix-client-cinny/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-client-cinny/tasks/main.yml b/roles/matrix-client-cinny/tasks/main.yml index 8a39c0217..5c37d38e5 100644 --- a/roles/matrix-client-cinny/tasks/main.yml +++ b/roles/matrix-client-cinny/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-cinny/tasks/self_check.yml b/roles/matrix-client-cinny/tasks/self_check.yml index df1241a8a..d00408da9 100644 --- a/roles/matrix-client-cinny/tasks/self_check.yml +++ b/roles/matrix-client-cinny/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_cinny_self_check_validate_certificates }}" register: matrix_client_cinny_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Cinny not working diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5d92f1d39..5571d8d0d 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -7,16 +7,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_cinny_data_path }}", when: true } - - { path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}" } + - {path: "{{ matrix_client_cinny_data_path }}", when: true} + - {path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Cinny Docker image is pulled docker_image: - name: "{{ matrix_client_cinny_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" + name: "{{ matrix_client_cinny_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" - name: Ensure Cinny repository is present on self-build @@ -55,7 +55,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_cinny_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_cinny_container_image_self_build|bool" - name: Ensure matrix-client-cinny.service installed @@ -67,5 +67,5 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_cinny_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/matrix-client-cinny/tasks/setup_uninstall.yml index 2a3bffb5d..507c5d70e 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/matrix-client-cinny/tasks/setup_uninstall.yml @@ -8,8 +8,8 @@ service: name: matrix-client-cinny state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_cinny_service_stat.stat.exists|bool" @@ -21,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-client-cinny.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_cinny_service_stat.stat.exists|bool" - name: Ensure Cinny paths doesn't exist diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index aa5a04320..f4ebd6a04 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 15f401ddb..51ddf1c2f 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false @@ -7,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.9.9 +matrix_client_element_version: v1.10.4 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/matrix-client-element/tasks/init.yml index 44fa15440..cb1df0b52 100644 --- a/roles/matrix-client-element/tasks/init.yml +++ b/roles/matrix-client-element/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}" when: matrix_client_element_enabled|bool diff --git a/roles/matrix-client-element/tasks/main.yml b/roles/matrix-client-element/tasks/main.yml index f020382ad..28e23e8a5 100644 --- a/roles/matrix-client-element/tasks/main.yml +++ b/roles/matrix-client-element/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/matrix-client-element/tasks/migrate_riot_web.yml index 304e9fbf9..ee0fd4460 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/matrix-client-element/tasks/migrate_riot_web.yml @@ -10,8 +10,8 @@ service: name: matrix-riot-web state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" @@ -23,7 +23,7 @@ - name: Ensure systemd reloaded after matrix-riot-web.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" - name: Check existence of /matrix/riot-web diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/matrix-client-element/tasks/prepare_themes.yml index 1453e37d1..bfb9837bc 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/matrix-client-element/tasks/prepare_themes.yml @@ -25,7 +25,7 @@ - name: Load Element theme set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" + matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" with_items: "{{ matrix_client_element_theme_file_contents.results }}" run_once: true diff --git a/roles/matrix-client-element/tasks/self_check.yml b/roles/matrix-client-element/tasks/self_check.yml index 34b6b88b4..d05644c80 100644 --- a/roles/matrix-client-element/tasks/self_check.yml +++ b/roles/matrix-client-element/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}" register: matrix_client_element_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Element not working diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index b14a0dd55..3b877e8eb 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -8,8 +8,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_element_data_path }}", when: true } - - { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" } + - {path: "{{ matrix_client_element_data_path }}", when: true} + - {path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Element Docker image is pulled @@ -37,7 +37,7 @@ path: "{{ matrix_client_element_docker_src_files_path }}/webpack.config.js" regexp: '(\s+)splitChunks: \{' line: '\1splitChunks: { maxSize: 100000,' - backrefs: yes + backrefs: true owner: root group: root mode: '0644' @@ -52,7 +52,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_element_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_element_container_image_self_build|bool" - name: Ensure Element configuration installed @@ -93,5 +93,5 @@ - name: Ensure systemd reloaded after matrix-client-element.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/matrix-client-element/tasks/setup_uninstall.yml index 82805b785..55bc20d6a 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/matrix-client-element/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-client-element state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_element_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-client-element.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_element_service_stat.stat.exists|bool" - name: Ensure Element paths doesn't exist diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index d4ad2b9e6..fe2a3a865 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 61db1ba2a..4b91eb2bc 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_client_hydrogen_enabled: true # Self building is used by default because the `config.json` file is only read at build time. @@ -5,7 +7,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.23 +matrix_client_hydrogen_version: v0.2.26 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml index 8116a0034..c6801e517 100644 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ b/roles/matrix-client-hydrogen/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 8d5c493f5..13d157ccf 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index c7407dcd5..28af9c789 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -9,7 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_client_hydrogen_self_check_validate_certificates }}" register: matrix_client_hydrogen_self_check_result - check_mode: no + check_mode: false ignore_errors: true - name: Fail if Hydrogen not working diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index 2f949927d..d83727682 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -8,16 +8,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_client_hydrogen_data_path }}", when: true } - - { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" } + - {path: "{{ matrix_client_hydrogen_data_path }}", when: true} + - {path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Hydrogen Docker image is pulled docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" + name: "{{ matrix_client_hydrogen_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure Hydrogen repository is present on self-build @@ -59,7 +59,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_client_hydrogen_container_image_self_build|bool" - name: Ensure matrix-client-hydrogen.service installed @@ -71,5 +71,5 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_hydrogen_systemd_service_result.changed|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml index 64d201660..7aff2916f 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-client-hydrogen state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_client_hydrogen_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-client-hydrogen.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_client_hydrogen_service_stat.stat.exists|bool" - name: Ensure Hydrogen paths doesn't exist diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 7a72e876b..c85aeb978 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-common-after/defaults/main.yml b/roles/matrix-common-after/defaults/main.yml index 8112191a2..51c48c7d0 100644 --- a/roles/matrix-common-after/defaults/main.yml +++ b/roles/matrix-common-after/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Specifies how long to wait between starting systemd services and checking if they're started. # # A too low value may lead to a failure, as services may not have enough time to start and potentially fail. diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 9c472ca3a..ad0a0ee8a 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -6,7 +6,7 @@ register: cmd when: not awx_janitor_user_created|bool no_log: false - + - name: Update AWX janitor user created variable delegate_to: 127.0.0.1 lineinfile: @@ -24,7 +24,7 @@ register: cmd when: not awx_dimension_user_created|bool no_log: false - + - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 lineinfile: @@ -42,7 +42,7 @@ register: cmd when: not awx_mjolnir_user_created|bool no_log: false - + - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 lineinfile: diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml index 9788bf840..44ae1a308 100644 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ b/roles/matrix-common-after/tasks/dump_runtime_results.yml @@ -1,3 +1,4 @@ +--- # Ansible outputs the message in the `item=` field. # It's unnecessary to output it again in the actual message, so we don't. - debug: diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index b4503ae1d..75dee15d5 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/start.yml" when: run_start|bool @@ -12,7 +13,7 @@ - import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" tags: - always - + - import_tasks: "{{ role_path }}/tasks/awx_post.yml" when: run_setup|bool and matrix_awx_enabled|bool tags: @@ -21,5 +22,3 @@ - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune - - diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index 64ab4d990..02fa672e3 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -6,7 +6,7 @@ - name: Ensure systemd is reloaded service: - daemon_reload: yes + daemon_reload: true - name: Ensure Matrix services are stopped service: @@ -35,39 +35,39 @@ become: false - block: - - name: Populate service facts - service_facts: + - name: Populate service facts + service_facts: - - name: Fail if service isn't detected to be running - fail: - msg: >- - {{ item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. - If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. - You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. - See `roles/matrix-common-after/defaults/main.yml` for more details about that. - with_items: "{{ matrix_systemd_services_list }}" - when: - - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" + - name: Fail if service isn't detected to be running + fail: + msg: >- + {{ item }} was not detected to be running. + It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). + Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. + If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. + You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. + See `roles/matrix-common-after/defaults/main.yml` for more details about that. + with_items: "{{ matrix_systemd_services_list }}" + when: + - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" when: " ansible_distribution != 'Archlinux'" - block: - # Currently there is a bug in ansible that renders is incompatible with systemd. - # service_facts is not collecting the data successfully. - # Therefore iterating here manually - - name: Fetch systemd information - systemd: - name: "{{ item }}" - register: systemdstatus - with_items: "{{ matrix_systemd_services_list }}" + # Currently there is a bug in ansible that renders is incompatible with systemd. + # service_facts is not collecting the data successfully. + # Therefore iterating here manually + - name: Fetch systemd information + systemd: + name: "{{ item }}" + register: systemdstatus + with_items: "{{ matrix_systemd_services_list }}" - - name: Fail if service isn't detected to be running - fail: - msg: >- - {{ item.item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. - with_items: "{{ systemdstatus.results }}" - when: "item.status['ActiveState'] != 'active'" + - name: Fail if service isn't detected to be running + fail: + msg: >- + {{ item.item }} was not detected to be running. + It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). + Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. + with_items: "{{ systemdstatus.results }}" + when: "item.status['ActiveState'] != 'active'" when: "ansible_distribution == 'Archlinux'" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index aede4d505..66896e0e5 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-corporal is a reconciliator and gateway for a managed Matrix server. # See: https://github.com/devture/matrix-corporal @@ -22,10 +23,10 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.2 +matrix_corporal_version: 2.2.3 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility +matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index e5062c275..b2f50e939 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml index 90c8105c3..7ff359d0c 100644 --- a/roles/matrix-corporal/tasks/main.yml +++ b/roles/matrix-corporal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index f7c15109e..b702c00f1 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -8,7 +8,7 @@ url: "{{ corporal_client_api_url_endpoint_public }}" follow_redirects: none return_content: true - check_mode: no + check_mode: false register: result_corporal_client_api ignore_errors: true diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 8e007c4f8..b8edc596f 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -35,7 +35,7 @@ build: dockerfile: etc/docker/Dockerfile path: "{{ matrix_corporal_container_src_files_path }}" - pull: yes + pull: true when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" - name: Ensure Matrix Corporal Docker image is pulled @@ -65,7 +65,7 @@ - name: Ensure systemd reloaded after matrix-corporal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" @@ -83,8 +83,8 @@ service: name: matrix-corporal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" @@ -96,7 +96,7 @@ - name: Ensure systemd reloaded after matrix-corporal.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal files don't exist diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 9c42f2b19..262e2e77c 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 4d7ccf6be..f12746574 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index a7d8a3434..93e4fa3a2 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/matrix-coturn/tasks/main.yml index 9794bcb39..76352df12 100644 --- a/roles/matrix-coturn/tasks/main.yml +++ b/roles/matrix-coturn/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index c31406b1b..f5726e32e 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -14,7 +14,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} + - {path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Coturn image is pulled @@ -43,7 +43,7 @@ build: dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_coturn_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_coturn_container_image_self_build|bool" - name: Ensure Coturn configuration path exists @@ -101,5 +101,5 @@ - name: Ensure systemd reloaded if systemd units changed service: - daemon_reload: yes + daemon_reload: true when: "matrix_coturn_systemd_service_change_results.changed" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/matrix-coturn/tasks/setup_uninstall.yml index b642c6d09..097ba8733 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/matrix-coturn/tasks/setup_uninstall.yml @@ -10,16 +10,16 @@ service: name: matrix-coturn state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_coturn_service_stat.stat.exists|bool" - name: Ensure matrix-coturn-reload.timer is stopped service: name: matrix-coturn state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true failed_when: false when: "matrix_coturn_service_stat.stat.exists|bool" @@ -35,7 +35,7 @@ - name: Ensure systemd reloaded after unit removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool" - name: Ensure Matrix coturn paths don't exist diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 778f81857..a39030af1 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -43,8 +43,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 237895403..ec3937c76 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Dendrite is a second-generation Matrix homeserver currently in Beta # See: https://github.com/matrix-org/dendrite @@ -127,7 +128,7 @@ matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] matrix_dendrite_turn_shared_secret: "" -matrix_dendrite_turn_allow_guests: False +matrix_dendrite_turn_allow_guests: false # Controls whether the self-check feature should validate TLS certificates. matrix_dendrite_disable_tls_validation: false diff --git a/roles/matrix-dendrite/tasks/dendrite/setup.yml b/roles/matrix-dendrite/tasks/dendrite/setup.yml index 8b6691937..f988d918f 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup.yml @@ -1,4 +1,5 @@ --- + - import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index 3e3b21998..7b3c12d56 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -4,7 +4,7 @@ stat: path: "{{ matrix_dendrite_media_store_path }}" register: local_path_media_store_stat - ignore_errors: yes + ignore_errors: true # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. @@ -67,7 +67,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dendrite_systemd_service_result.changed|bool" - name: Ensure matrix-dendrite-create-account script created diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index 7e953365f..89d5481c4 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-dendrite service stat: path: "{{ matrix_systemd_path }}/matrix-dendrite.service" @@ -7,7 +9,7 @@ service: name: matrix-dendrite state: stopped - daemon_reload: yes + daemon_reload: true register: stopping_result when: "matrix_dendrite_service_stat.stat.exists" @@ -19,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-dendrite.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure Dendrite Docker image doesn't exist diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/matrix-dendrite/tasks/init.yml index 2e2e551a8..524ef6eec 100644 --- a/roles/matrix-dendrite/tasks/init.yml +++ b/roles/matrix-dendrite/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}" when: matrix_dendrite_enabled|bool diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/matrix-dendrite/tasks/main.yml index 815135d74..5483adec1 100644 --- a/roles/matrix-dendrite/tasks/main.yml +++ b/roles/matrix-dendrite/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/matrix-dendrite/tasks/register_user.yml index 099d57e98..b8e3ae5eb 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/matrix-dendrite/tasks/register_user.yml @@ -13,7 +13,7 @@ service: name: matrix-dendrite state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Wait a while, so that Dendrite can manage to start diff --git a/roles/matrix-dendrite/tasks/self_check_client_api.yml b/roles/matrix-dendrite/tasks/self_check_client_api.yml index 7c2f6b5ec..2470d8186 100644 --- a/roles/matrix-dendrite/tasks/self_check_client_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_client_api.yml @@ -6,7 +6,7 @@ validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" register: result_matrix_dendrite_client_api ignore_errors: true - check_mode: no + check_mode: false - name: Fail if Matrix Client API not working fail: diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/matrix-dendrite/tasks/self_check_federation_api.yml index a7c60a677..0afca2cb9 100644 --- a/roles/matrix-dendrite/tasks/self_check_federation_api.yml +++ b/roles/matrix-dendrite/tasks/self_check_federation_api.yml @@ -6,7 +6,7 @@ validate_certs: "{{ matrix_dendrite_self_check_validate_certificates }}" register: result_matrix_dendrite_federation_api ignore_errors: true - check_mode: no + check_mode: false - name: Fail if Matrix Federation API not working fail: diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index 04c3a7fef..cbe0cf843 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -7,8 +7,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } - - { path: "{{ matrix_dendrite_ext_path }}", when: true } + - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} + - {path: "{{ matrix_dendrite_ext_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 7592fca8a..e14734dd7 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -53,8 +53,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 1ca5f5b8f..c4da906de 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_dimension_enabled: false # You are required to specify an access token for Dimension to work. diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml index 85ca04eac..6336cb4d3 100644 --- a/roles/matrix-dimension/tasks/init.yml +++ b/roles/matrix-dimension/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" when: matrix_dimension_enabled|bool diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml index aad552866..c2f013993 100644 --- a/roles/matrix-dimension/tasks/main.yml +++ b/roles/matrix-dimension/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index c75fc0b96..92c21c9e6 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -111,7 +111,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_dimension_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_dimension_container_image_self_build|bool" - name: Ensure matrix-dimension.service installed @@ -123,7 +123,7 @@ - name: Ensure systemd reloaded after matrix-dimension.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dimension_systemd_service_result.changed|bool" - name: Ensure matrix-dimension.service restarted, if necessary diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml index 21f34df05..cdfbe07af 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/matrix-dimension/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-dimension state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_dimension_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-dimension.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dimension_service_stat.stat.exists|bool" - name: Ensure Dimension base directory doesn't exist diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml index ead8352b5..8413c42f5 100644 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -1,3 +1,4 @@ +--- - name: Fail if required Dimension settings not defined fail: msg: >- diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index 0451231b0..e27a55587 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dimension/vars/main.yml b/roles/matrix-dimension/vars/main.yml index 107bb4fa8..131024cc2 100644 --- a/roles/matrix-dimension/vars/main.yml +++ b/roles/matrix-dimension/vars/main.yml @@ -2,4 +2,4 @@ # Doing `|from_yaml` when the extension contains nothing yields an empty string (""). # We need to ensure it's a dictionary or `|combine` (when building `matrix_dimension_configuration`) will fail later. -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" \ No newline at end of file +matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 2be1a5ba5..5d733eb3d 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -1,10 +1,11 @@ +--- # Whether dynamic dns is enabled matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls76 +matrix_dynamic_dns_version: v3.9.1-ls79 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml index e7d33ff28..6ea6a60bb 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/matrix-dynamic-dns/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index ac69ec896..e2e4f0438 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -16,9 +16,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dynamic_dns_base_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_config_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}" } + - {path: "{{ matrix_dynamic_dns_base_path }}", when: true} + - {path: "{{ matrix_dynamic_dns_config_path }}", when: true} + - {path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}"} when: matrix_dynamic_dns_enabled|bool and item.when|bool - name: Ensure Dynamic DNS repository is present on self build @@ -38,7 +38,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_dynamic_dns_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" - name: Ensure Dynamic DNS ddclient.conf installed @@ -58,5 +58,5 @@ - name: Ensure systemd reloaded after matrix-dynamic-dns.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_dynamic_dns_systemd_service_result.changed" diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/matrix-dynamic-dns/tasks/main.yml index f9aaab8f5..8b8b306c3 100644 --- a/roles/matrix-dynamic-dns/tasks/main.yml +++ b/roles/matrix-dynamic-dns/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml index 9d511051a..80842c9c4 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-dynamic-dns state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" - name: Ensure matrix-dynamic-dns.service doesn't exist @@ -21,7 +21,7 @@ - name: Ensure systemd reloaded after matrix-dynamic-dns.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_dynamic_dns_service_stat.stat.exists" # Intentionally not removing the Docker image when uninstalling. diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index 31e106f05..dfdd2f72c 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-dynamic-dns diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 3dfabc1af..fe5d33995 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_email2matrix_enabled: true matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" @@ -8,7 +10,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" -matrix_email2matrix_version: 1.0.1 +matrix_email2matrix_version: 1.0.3 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml index 0c8ffc0cd..5f582212a 100644 --- a/roles/matrix-email2matrix/tasks/init.yml +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml index 77be72790..35bda4fa8 100644 --- a/roles/matrix-email2matrix/tasks/main.yml +++ b/roles/matrix-email2matrix/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 7805c2c1f..44f2ef7d3 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_email2matrix_base_path }}", when: true } - - { path: "{{ matrix_email2matrix_config_dir_path }}", when: true } - - { path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} + - {path: "{{ matrix_email2matrix_base_path }}", when: true} + - {path: "{{ matrix_email2matrix_config_dir_path }}", when: true} + - {path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} when: "item.when|bool" - name: Ensure Email2Matrix configuration file created @@ -47,7 +47,7 @@ build: dockerfile: etc/docker/Dockerfile path: "{{ matrix_email2matrix_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_email2matrix_container_image_self_build|bool" - name: Ensure matrix-email2matrix.service installed @@ -59,5 +59,5 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_email2matrix_systemd_service_result.changed|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml index 270b92505..27d35f2d6 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/matrix-email2matrix/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-email2matrix state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_email2matrix_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-email2matrix.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_email2matrix_service_stat.stat.exists|bool" - name: Ensure Email2Matrix data path doesn't exist diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index b620a13f9..c92267682 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index bcabc3ddc..0daf24a35 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index c94e08174..b155064cf 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -1,52 +1,54 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" when: matrix_etherpad_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-etherpad role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - set_fact: - matrix_etherpad_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; + - name: Generate Etherpad proxying configuration for matrix-nginx-proxy + set_fact: + matrix_etherpad_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; - location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-etherpad:9001/; - {# These are proxy directives needed specifically by Etherpad #} - proxy_buffering off; - proxy_http_version 1.1; # recommended with keepalive connections - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {# Generic configuration for use outside of our container setup #} - # A good guide for setting up your Etherpad behind nginx: - # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html - proxy_pass http://127.0.0.1:9001/; - {% endif %} - } + location {{ matrix_etherpad_public_endpoint }}/ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-etherpad:9001/; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; # recommended with keepalive connections + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } - - name: Register Etherpad proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) - + - [matrix_etherpad_matrix_nginx_proxy_configuration] - }} + - name: Register Etherpad proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) + + + [matrix_etherpad_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_etherpad_enabled|bool diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/matrix-etherpad/tasks/main.yml index 27548aaf9..bf59d838c 100644 --- a/roles/matrix-etherpad/tasks/main.yml +++ b/roles/matrix-etherpad/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index a93c28de5..27832e14a 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -32,5 +32,5 @@ - name: Ensure systemd reloaded after matrix-etherpad.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_etherpad_systemd_service_result.changed|bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml index a63d3fb1e..ae1f2604e 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-etherpad state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_etherpad_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-etherpad.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_etherpad_service_stat.stat.exists|bool" - name: Ensure Etherpad base directory doesn't exist diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml index c76dc3b5d..f9438e7bf 100644 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ b/roles/matrix-etherpad/tasks/validate_config.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if Etherpad is enabled without the Dimension integrations manager fail: msg: >- diff --git a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 index e55c57c73..d96c42608 100644 --- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 +++ b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ --sessionkey /data/sessionkey.json --apikey /data/apijey.json -ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-etherpad +ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad +ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad Restart=always RestartSec=30 SyslogIdentifier=matrix-etherpad diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index f802d2e56..0ee7a86a9 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -1,9 +1,10 @@ +--- # matrix-grafana is open source visualization and analytics software # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md matrix_grafana_enabled: false -matrix_grafana_version: 8.3.3 +matrix_grafana_version: 8.4.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" @@ -11,8 +12,8 @@ matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith # they might still want to look at the old existing data. # So it would be silly to delete the dashboard in such case. matrix_grafana_dashboard_download_urls: -- "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" -- "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" + - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" + - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana" matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config" @@ -21,6 +22,10 @@ matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data" # Allow viewing Grafana without logging in matrix_grafana_anonymous_access: false +# When `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame. +# Read more here: https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding +matrix_grafana_allow_embedding: false + # specify organization name that should be used for unauthenticated users # if you change this in the Grafana admin panel, this needs to be updated # to match to keep anonymous logins working @@ -32,7 +37,7 @@ matrix_grafana_default_admin_user: admin matrix_grafana_default_admin_password: admin # Set to true to add the Content-Security-Policy header to your requests. -# CSP allows to control resources that the user agent can load and helps +# CSP allows to control resources that the user agent can load and helps # prevent XSS attacks. # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) matrix_grafana_content_security_policy: true diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/matrix-grafana/tasks/init.yml index 8a22e3018..4c2cbf068 100644 --- a/roles/matrix-grafana/tasks/init.yml +++ b/roles/matrix-grafana/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" when: matrix_grafana_enabled|bool - - diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/matrix-grafana/tasks/main.yml index fb16c394b..c93fd5002 100644 --- a/roles/matrix-grafana/tasks/main.yml +++ b/roles/matrix-grafana/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index c5cee64cc..5f9d21c18 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -77,7 +77,7 @@ - name: Ensure systemd reloaded after matrix-grafana.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed" # @@ -93,8 +93,8 @@ service: name: matrix-grafana state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" @@ -106,6 +106,5 @@ - name: Ensure systemd reloaded after matrix-grafana.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2 index 8f4c88f08..1e06683ee 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/matrix-grafana/templates/grafana.ini.j2 @@ -16,6 +16,8 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}" content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}""" {% endif %} +allow_embedding = {{ matrix_grafana_allow_embedding }} + [auth.anonymous] # enable anonymous access enabled = {{ matrix_grafana_anonymous_access }} diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index 64d40a5c1..a4f81e357 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index a36a09fc1..32f4be0d1 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_jitsi_enabled: true matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" @@ -69,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false matrix_jitsi_version: stable-6726-2 -matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility +matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index 1f7a2d1cf..efab8745b 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml index e4f3508f3..fe9da205b 100644 --- a/roles/matrix-jitsi/tasks/main.yml +++ b/roles/matrix-jitsi/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml index 408027ee0..4b390c18c 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + # # Tasks related to setting up jitsi # @@ -12,7 +14,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_base_path }}", when: true } + - {path: "{{ matrix_jitsi_base_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when # diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 4e2be6960..2bb781c18 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } + - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true} + - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-jicofo Docker image is pulled @@ -51,7 +51,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" # @@ -68,8 +68,8 @@ service: name: matrix-jitsi-jicofo state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - name: Ensure Matrix jitsi-jicofo paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 558a6cf1f..3b3b8dbfc 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } + - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true} + - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-jvb Docker image is pulled @@ -51,7 +51,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" # @@ -68,8 +68,8 @@ service: name: matrix-jitsi-jvb state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - name: Ensure Matrix jitsi-jvb paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index c1c7c7fca..437e1e9ca 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -12,9 +12,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true } + - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-prosody Docker image is pulled @@ -42,7 +42,7 @@ - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - name: Ensure authentication is properly configured @@ -67,8 +67,8 @@ service: name: matrix-jitsi-prosody state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" @@ -80,7 +80,7 @@ - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - name: Ensure Matrix jitsi-prosody paths doesn't exist diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index bcb1b49e5..0a4d43b0f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -12,10 +12,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_jitsi_web_base_path }}", when: true } - - { path: "{{ matrix_jitsi_web_config_path }}", when: true } - - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } - - { path: "{{ matrix_jitsi_web_crontabs_path }}", when: true } + - {path: "{{ matrix_jitsi_web_base_path }}", when: true} + - {path: "{{ matrix_jitsi_web_config_path }}", when: true} + - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true} + - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true} when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-web Docker image is pulled @@ -53,7 +53,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-web.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" # @@ -70,8 +70,8 @@ service: name: matrix-jitsi-web state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" @@ -83,7 +83,7 @@ - name: Ensure systemd reloaded after matrix-jitsi-web.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - name: Ensure Matrix jitsi-web paths doesn't exist @@ -94,4 +94,3 @@ # Intentionally not removing the Docker image when uninstalling. # We can't be sure it had been pulled by us in the first place. - diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 66fb7e5d1..50973acb5 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -21,18 +21,14 @@ - matrix_jitsi_auth_type == "internal" - matrix_jitsi_prosody_auth_internal_accounts|length > 0 - # # Tasks related to configuring other Jitsi authentication mechanisms # - - # # Tasks related to cleaning after Jitsi authentication configuration # - # # Stop Necessary Services # @@ -40,4 +36,4 @@ systemd: state: stopped name: matrix-jitsi-prosody - when: matrix_jitsi_prosody_start_result.changed|bool \ No newline at end of file + when: matrix_jitsi_prosody_start_result.changed|bool diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml index 4defe986c..5131396de 100644 --- a/roles/matrix-jitsi/tasks/validate_config.yml +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -24,7 +24,6 @@ fail: msg: >- At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication. - If you're setting up Jitsi for the first time, you may have missed a step. Refer to our setup instructions (docs/configuring-playbook-jitsi.md). when: diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index b4944c84f..6ecafaa03 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 5be322103..2785795d7 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 452ff954f..5a4a81e5d 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index ff577670e..35bfca676 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index f0e96effc..f1d570494 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -1,3 +1,4 @@ +--- # ma1sd is a Federated Matrix Identity Server # See: https://github.com/ma1uta/ma1sd diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml index 04cc3a213..a7c914dbb 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/matrix-ma1sd/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/matrix-ma1sd/tasks/main.yml index 0b8a114e1..2902c05d9 100644 --- a/roles/matrix-ma1sd/tasks/main.yml +++ b/roles/matrix-ma1sd/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index c36c3de9d..720afa768 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -23,8 +23,8 @@ service: name: matrix-mxisd state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" - name: Check existence of matrix-ma1sd service @@ -37,26 +37,26 @@ service: name: matrix-ma1sd state: stopped - daemon_reload: yes + daemon_reload: true when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists" # We use shell commands for the migration, because the Ansible copy module cannot # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. - block: - - name: Copy mxisd data files to ma1sd folder - command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" + - name: Copy mxisd data files to ma1sd folder + command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - - name: Check existence of mxisd.db file - stat: - path: "{{ matrix_ma1sd_data_path }}/mxisd.db" - register: matrix_ma1sd_mxisd_db_stat + - name: Check existence of mxisd.db file + stat: + path: "{{ matrix_ma1sd_data_path }}/mxisd.db" + register: matrix_ma1sd_mxisd_db_stat - - name: Rename database (mxisd.db -> ma1sd.db) - command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" - when: "matrix_ma1sd_mxisd_db_stat.stat.exists" + - name: Rename database (mxisd.db -> ma1sd.db) + command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" + when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - - name: Rename mxisd folder - command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" + - name: Rename mxisd folder + command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist @@ -67,7 +67,5 @@ - name: Ensure systemd reloaded after removing outdated matrix-mxisd.service service: - daemon_reload: yes + daemon_reload: true when: "matrix_mxisd_service_stat.stat.exists" - - diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml index b8a7faaa3..4a4c71367 100644 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml @@ -8,7 +8,7 @@ url: "{{ ma1sd_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" - check_mode: no + check_mode: false register: result_ma1sd ignore_errors: true diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 3f319eeff..6fc6902a9 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_ma1sd_config_path }}", when: true } - - { path: "{{ matrix_ma1sd_data_path }}", when: true } - - { path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} + - {path: "{{ matrix_ma1sd_config_path }}", when: true} + - {path: "{{ matrix_ma1sd_data_path }}", when: true} + - {path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} when: "item.when|bool" - import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" @@ -54,52 +54,52 @@ when: "not matrix_ma1sd_container_image_self_build|bool" - block: - - name: Ensure gradle is installed for self-building (Debian) - apt: - name: - - gradle - state: present - update_cache: yes - when: (ansible_os_family == 'Debian') + - name: Ensure gradle is installed for self-building (Debian) + apt: + name: + - gradle + state: present + update_cache: true + when: (ansible_os_family == 'Debian') - - name: Ensure gradle is installed for self-building (CentOS) - fail: - msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" - when: ansible_distribution == 'CentOS' + - name: Ensure gradle is installed for self-building (RedHat) + fail: + msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" + when: ansible_os_family == 'RedHat' - - name: Ensure gradle is installed for self-building (Archlinux) - pacman: - name: - - gradle - state: latest - update_cache: yes - when: ansible_distribution == 'Archlinux' + - name: Ensure gradle is installed for self-building (Archlinux) + pacman: + name: + - gradle + state: latest + update_cache: true + when: ansible_distribution == 'Archlinux' - - name: Ensure ma1sd repository is present on self-build - git: - repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" - dest: "{{ matrix_ma1sd_docker_src_files_path }}" - version: "{{ matrix_ma1sd_container_image_self_build_branch }}" - force: "yes" - register: matrix_ma1sd_git_pull_results + - name: Ensure ma1sd repository is present on self-build + git: + repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" + dest: "{{ matrix_ma1sd_docker_src_files_path }}" + version: "{{ matrix_ma1sd_container_image_self_build_branch }}" + force: "yes" + register: matrix_ma1sd_git_pull_results - - name: Ensure ma1sd Docker image is built - shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" - args: - chdir: "{{ matrix_ma1sd_docker_src_files_path }}" + - name: Ensure ma1sd Docker image is built + shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" + args: + chdir: "{{ matrix_ma1sd_docker_src_files_path }}" - - name: Ensure ma1sd Docker image is tagged correctly - docker_image: - # The build script always tags the image with 2 tags: - # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) - # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) - # - generic one: `ma1uta/ma1sd:latest-dev` - # - # It's hard to predict the first one, so we'll use the latter. - name: "ma1uta/ma1sd:latest-dev" - repository: "{{ matrix_ma1sd_docker_image }}" - force_tag: yes - source: local + - name: Ensure ma1sd Docker image is tagged correctly + docker_image: + # The build script always tags the image with 2 tags: + # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) + # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) + # - generic one: `ma1uta/ma1sd:latest-dev` + # + # It's hard to predict the first one, so we'll use the latter. + name: "ma1uta/ma1sd:latest-dev" + repository: "{{ matrix_ma1sd_docker_image }}" + force_tag: true + source: local when: "matrix_ma1sd_container_image_self_build|bool" - name: Ensure ma1sd config installed @@ -157,7 +157,7 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_ma1sd_systemd_service_result.changed|bool" - name: Ensure matrix-ma1sd.service restarted, if necessary diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml index 153f6e08c..30a1bfda6 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-ma1sd state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_ma1sd_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-ma1sd.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_ma1sd_service_stat.stat.exists|bool" - name: Ensure Matrix ma1sd paths don't exist diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index c3d5850fd..8e5cc6dd1 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index f006568f5..682126d28 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" @@ -7,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0 +matrix_mailer_version: 4.95-r0-2 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index d07380f0e..c928d5574 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/matrix-mailer/tasks/main.yml index f636614e0..c69dad201 100644 --- a/roles/matrix-mailer/tasks/main.yml +++ b/roles/matrix-mailer/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index def178835..1ac4f3394 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -12,8 +12,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_mailer_base_path }}", when: true } - - { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" } + - {path: "{{ matrix_mailer_base_path }}", when: true} + - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"} when: "matrix_mailer_enabled|bool and item.when" - name: Ensure mailer environment variables file created @@ -41,7 +41,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" - pull: yes + pull: true when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" - name: Ensure exim-relay image is pulled @@ -62,7 +62,7 @@ - name: Ensure systemd reloaded after matrix-mailer.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed" # @@ -79,8 +79,8 @@ service: name: matrix-mailer state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" @@ -92,7 +92,7 @@ - name: Ensure systemd reloaded after matrix-mailer.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure Matrix mailer environment variables path doesn't exist diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index ee316469c..bf5a2e42a 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6932c8c06..32702ec93 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,6 @@ +--- matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.5-alpine +matrix_nginx_proxy_version: 1.21.6-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but @@ -476,7 +477,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.22.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml index 0161da23f..ddc8cb47b 100644 --- a/roles/matrix-nginx-proxy/tasks/init.yml +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}" when: matrix_nginx_proxy_enabled|bool diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml index ad1119511..74f8e8d1d 100644 --- a/roles/matrix-nginx-proxy/tasks/main.yml +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always @@ -35,4 +36,4 @@ set_fact: matrix_nginx_proxy_role_executed: true tags: - - always + - always diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 6f831a290..588cd1e78 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -14,7 +14,7 @@ validate_certs: "{{ well_known_file_check.validate_certs }}" headers: Origin: example.com - check_mode: no + check_mode: false register: result_well_known_matrix ignore_errors: true @@ -44,7 +44,7 @@ validate_certs: "{{ well_known_file_check.validate_certs }}" headers: Origin: example.com - check_mode: no + check_mode: false register: result_well_known_identity ignore_errors: true diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index e5021468a..373bc55b0 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -195,7 +195,7 @@ - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed" @@ -213,8 +213,8 @@ service: name: matrix-nginx-proxy state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" @@ -226,7 +226,7 @@ - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted diff --git a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml index 3e43a8c60..1c85552c3 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml @@ -1,3 +1,4 @@ +--- - set_fact: matrix_well_known_file_path: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" @@ -21,4 +22,4 @@ dest: "{{ matrix_static_files_base_path }}/.well-known/matrix" mode: 0644 owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" \ No newline at end of file + group: "{{ matrix_user_groupname }}" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e820b0edb..e4dd53c21 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -1,3 +1,4 @@ +--- - debug: msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}" @@ -13,16 +14,16 @@ domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" - block: - - name: Ensure required service for obtaining is started - service: - name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" - state: started - register: matrix_ssl_pre_obtaining_required_service_start_result + - name: Ensure required service for obtaining is started + service: + name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" + state: started + register: matrix_ssl_pre_obtaining_required_service_start_result - - name: Wait some time, so that the required service for obtaining can start - wait_for: - timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" - when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" + - name: Wait some time, so that the required service for obtaining can start + wait_for: + timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" + when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool" when: "domain_name_needs_cert|bool and matrix_ssl_pre_obtaining_required_service_name != ''" # This will fail if there is something running on port 80 (like matrix-nginx-proxy). diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index ea39f5e9d..7bcd3d748 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -5,4 +5,4 @@ with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" loop_control: loop_var: domain_name - when: "matrix_ssl_retrieval_method == 'manually-managed'" \ No newline at end of file + when: "matrix_ssl_retrieval_method == 'manually-managed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml index be0444b13..2b5bb1f31 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml @@ -20,4 +20,4 @@ - fail: msg: "Failed finding a certificate key file (for domain `{{ domain_name }}`) at `{{ matrix_ssl_certificate_verification_cert_key_path }}`" - when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" \ No newline at end of file + when: "not matrix_ssl_certificate_verification_cert_key_path_stat_result.stat.exists" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 8fa316da0..47ec40aaf 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -1,28 +1,7 @@ --- -- name: Ensure OpenSSL installed (RedHat) - yum: - name: - - openssl - state: present - update_cache: no - when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'RedHat'" - -- name: Ensure APT usage dependencies are installed (Debian) - apt: - name: - - openssl - state: present - update_cache: no - when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'Debian'" - -- name: Ensure OpenSSL installed (Archlinux) - pacman: - name: - - openssl - state: latest - update_cache: no - when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_distribution == 'Archlinux'" +- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" + when: "matrix_ssl_retrieval_method == 'self-signed'" - name: Generate self-signed certificates include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 03bc32afb..1143efd4c 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index efce36562..59ae50766 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_postgres_backup_enabled: false matrix_postgres_backup_connection_hostname: "matrix-postgres" diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml index c6a9bd7ec..f74cea06e 100644 --- a/roles/matrix-postgres-backup/tasks/init.yml +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" when: matrix_postgres_backup_enabled|bool diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 68eae4430..72329db3f 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -52,7 +52,7 @@ - name: Ensure systemd reloaded after matrix-postgres-backup.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" # @@ -69,8 +69,8 @@ service: name: matrix-postgres-backup state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Ensure matrix-postgres-backup.service doesn't exist @@ -81,7 +81,7 @@ - name: Ensure systemd reloaded after matrix-postgres-backup.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" - name: Check existence of matrix-postgres-backup backup path diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 index 52e12edb4..97c9ae7f9 100644 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -21,8 +21,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backu --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ {{ matrix_postgres_backup_docker_image_to_use }} -ExecStopPost=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres-backup diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 424132862..76529a82d 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_postgres_enabled: true matrix_postgres_connection_hostname: "matrix-postgres" @@ -18,11 +20,11 @@ matrix_postgres_architecture: amd64 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.19{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.14{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.9{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.5{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.1{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml index a42c6f552..2a673ee3f 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -57,7 +57,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index b8e932199..948c4b3aa 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -48,7 +48,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml index ea15c5a86..2dafba591 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -37,7 +37,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true - name: Ensure postgres data is wiped out file: @@ -56,7 +56,7 @@ service: name: matrix-postgres state: restarted - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml index a0f2ae60f..e5ebd9c56 100644 --- a/roles/matrix-postgres/tasks/init.yml +++ b/roles/matrix-postgres/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}" when: matrix_postgres_enabled|bool diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/matrix-postgres/tasks/main.yml index b9c2ae7c9..79890417f 100644 --- a/roles/matrix-postgres/tasks/main.yml +++ b/roles/matrix-postgres/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index e62feee39..f927783fa 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -29,7 +29,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" - name: Find files and directories in old Postgres data path @@ -68,5 +68,5 @@ - name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service service: - daemon_reload: yes + daemon_reload: true when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 19a27562f..0b7a60f81 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -27,7 +27,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -71,7 +71,7 @@ service: name: matrix-synapse state: stopped - daemon_reload: yes + daemon_reload: true - name: Run Postgres vacuum command command: "{{ matrix_postgres_vacuum_command }}" @@ -86,5 +86,5 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_synapse_was_running|bool" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 96a20d254..dc170460d 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -65,7 +65,7 @@ state: directory owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - recurse: yes + recurse: true when: matrix_postgres_enabled|bool - name: Ensure Postgres environment variables file created @@ -115,7 +115,7 @@ - name: Ensure systemd reloaded after matrix-postgres.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed" - include_tasks: @@ -158,7 +158,7 @@ service: name: matrix-postgres state: stopped - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure matrix-postgres.service doesn't exist @@ -169,7 +169,7 @@ - name: Ensure systemd reloaded after matrix-postgres.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Check existence of matrix-postgres local data path diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 564265d85..bf98d938a 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -64,7 +64,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -107,9 +107,9 @@ - name: Ensure matrix-postgres autoruns and is restarted service: name: matrix-postgres - enabled: yes + enabled: true state: restarted - daemon_reload: yes + daemon_reload: true - name: Wait a bit, so that Postgres can start wait_for: @@ -166,7 +166,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true - debug: msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/matrix-postgres/tasks/util/create_additional_databases.yml index 0ad460ddd..de87f98c4 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_databases.yml +++ b/roles/matrix-postgres/tasks/util/create_additional_databases.yml @@ -4,7 +4,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml index cf595ade2..73acb4330 100644 --- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml @@ -66,7 +66,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" - pull: yes + pull: true when: "matrix_postgres_pgloader_container_image_self_build|bool" - name: Ensure pgloader Docker image is pulled @@ -91,7 +91,7 @@ service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: matrix_postgres_service_start_result - name: Wait a bit, so that Postgres can start diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 5ef3646df..d62a689a9 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 2ec0d23c6..5e50a1d77 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics # See: https://prometheus.io/docs/guides/node-exporter/ diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index 2894b7176..db44a7ab9 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/matrix-prometheus-node-exporter/tasks/main.yml index 172b57215..71bbb8d74 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index fa8eb7675..419f3592b 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_systemd_service_result.changed" # @@ -38,8 +38,8 @@ service: name: matrix-prometheus-node-exporter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index 0139b9169..210a0d97a 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 0857d3e74..c96a6ea84 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -1,9 +1,10 @@ +--- # matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics # See: https://github.com/prometheus-community/postgres_exporter matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.10.0 +matrix_prometheus_postgres_exporter_version: v0.10.1 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" @@ -11,8 +12,8 @@ matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_promethe # A list of extra arguments to pass to the container matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true", - "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", - "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\"" ] + "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", + "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\""] # List of systemd services that matrix-prometheus-postgres-exporter.service depends on matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service'] @@ -46,4 +47,4 @@ matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_e matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' matrix_prometheus_postgres_exporter_dashboard_urls: -- "https://grafana.com/api/dashboards/9628/revisions/7/download" \ No newline at end of file + - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 2bd6904ec..ddea23ab1 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml index e3c364fa9..e94970995 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index 37743b66f..a6c49816c 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" # @@ -38,8 +38,8 @@ service: name: matrix-prometheus-postgres-exporter state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" @@ -51,5 +51,5 @@ - name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index 4c9a4eda4..993ebac49 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index d76ce7442..843a90e8a 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -1,9 +1,10 @@ +--- # matrix-prometheus is an open-source systems monitoring and alerting toolkit # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md matrix_prometheus_enabled: false -matrix_prometheus_version: v2.31.1 +matrix_prometheus_version: v2.33.3 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/matrix-prometheus/tasks/init.yml index 12fae831a..6587ddd91 100644 --- a/roles/matrix-prometheus/tasks/init.yml +++ b/roles/matrix-prometheus/tasks/init.yml @@ -1,5 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" when: matrix_prometheus_enabled|bool - - diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/matrix-prometheus/tasks/main.yml index 20f18cc3b..c74918fa8 100644 --- a/roles/matrix-prometheus/tasks/main.yml +++ b/roles/matrix-prometheus/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index 15a692797..80f3e5d75 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -46,5 +46,5 @@ - name: Ensure systemd reloaded after matrix-prometheus.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_systemd_service_result.changed|bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index d99c1a8e4..c9f07f52e 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-prometheus state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_prometheus_service_stat.stat.exists|bool" @@ -22,5 +22,5 @@ - name: Ensure systemd reloaded after matrix-prometheus.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_prometheus_service_stat.stat.exists|bool" diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/matrix-prometheus/templates/prometheus.yml.j2 index 869b2da8d..f3262f485 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/matrix-prometheus/templates/prometheus.yml.j2 @@ -57,3 +57,9 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }} {% endif %} + + {% if matrix_prometheus_scraper_hookshot_enabled %} + - job_name: hookshot + static_configs: + - targets: {{ matrix_prometheus_scraper_hookshot_targets|to_json }} + {% endif %} diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 2070ece3b..ad75d664a 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 355679d05..88d3d7397 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -1,3 +1,5 @@ +--- + matrix_redis_enabled: true matrix_redis_connection_password: "" diff --git a/roles/matrix-redis/tasks/init.yml b/roles/matrix-redis/tasks/init.yml index 490688512..99c52026d 100644 --- a/roles/matrix-redis/tasks/init.yml +++ b/roles/matrix-redis/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" when: matrix_redis_enabled|bool diff --git a/roles/matrix-redis/tasks/main.yml b/roles/matrix-redis/tasks/main.yml index 595b09f55..430b6a646 100644 --- a/roles/matrix-redis/tasks/main.yml +++ b/roles/matrix-redis/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index f1f32238f..a37174a38 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -33,7 +33,7 @@ state: directory owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - recurse: yes + recurse: true when: matrix_redis_enabled|bool - name: Ensure redis environment variables file created @@ -55,7 +55,7 @@ - name: Ensure systemd reloaded after matrix-redis.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_redis_enabled|bool and matrix_redis_systemd_service_result.changed" # @@ -72,8 +72,8 @@ service: name: matrix-redis state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Ensure matrix-redis.service doesn't exist @@ -84,7 +84,7 @@ - name: Ensure systemd reloaded after matrix-redis.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" - name: Check existence of matrix-redis local data path diff --git a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 b/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 index 9f9d29026..5f6699f83 100644 --- a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 +++ b/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 @@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-redis \ {{ matrix_redis_docker_image_to_use }} \ redis-server /usr/local/etc/redis/redis.conf -ExecStopPost=-/usr/bin/docker stop matrix-redis -ExecStopPost=-/usr/bin/docker rm matrix-redis +ExecStop=-/usr/bin/docker stop matrix-redis +ExecStop=-/usr/bin/docker rm matrix-redis Restart=always RestartSec=30 SyslogIdentifier=matrix-redis diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml index 4705fb5eb..d924551a1 100644 --- a/roles/matrix-registration/defaults/main.yml +++ b/roles/matrix-registration/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-registration is a simple python application to have a token based matrix registration # See: https://zeratax.github.io/matrix-registration/ diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/matrix-registration/tasks/generate_token.yml index ae5bdf4c2..4e337b016 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/matrix-registration/tasks/generate_token.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if playbook called incorrectly fail: msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars" @@ -23,7 +25,7 @@ "one_time": {{ 'true' if one_time == 'yes' else 'false' }}, "ex_date": {{ ex_date|to_json }} } - check_mode: no + check_mode: false register: matrix_registration_api_result - set_fact: @@ -37,7 +39,7 @@ Full token details are: {{ matrix_registration_api_result.json }} - check_mode: no + check_mode: false - name: Inject result message into matrix_playbook_runtime_results set_fact: @@ -47,4 +49,4 @@ + [matrix_registration_api_result_message] }} - check_mode: no + check_mode: false diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index 47220103b..cae182587 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -10,49 +11,49 @@ when: matrix_registration_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-registration role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - set_fact: - matrix_registration_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; - rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; + - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy + set_fact: + matrix_registration_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; + rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; - location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-registration:5000"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8767/$1; - {% endif %} + location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-registration:5000"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8767/$1; + {% endif %} - {# - Workaround matrix-registration serving the background image at /static - (see https://github.com/ZerataX/matrix-registration/issues/47) - #} - sub_filter_once off; - sub_filter_types text/css; - sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; - } + {# + Workaround matrix-registration serving the background image at /static + (see https://github.com/ZerataX/matrix-registration/issues/47) + #} + sub_filter_once off; + sub_filter_types text/css; + sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; + } - - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_registration_matrix_nginx_proxy_configuration] - }} + - name: Register matrix-registration proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_registration_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_registration_enabled|bool diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/matrix-registration/tasks/list_tokens.yml index dea3eb31f..9ef40d274 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/matrix-registration/tasks/list_tokens.yml @@ -1,3 +1,5 @@ +--- + - name: Call matrix-registration list all tokens API uri: url: "{{ matrix_registration_api_token_endpoint }}" @@ -8,7 +10,7 @@ Authorization: "SharedSecret {{ matrix_registration_admin_secret }}" method: GET body_format: json - check_mode: no + check_mode: false register: matrix_registration_api_result - set_fact: @@ -16,7 +18,7 @@ matrix-registration result: {{ matrix_registration_api_result.json | to_nice_json }} - check_mode: no + check_mode: false - name: Inject result message into matrix_playbook_runtime_results set_fact: @@ -26,4 +28,4 @@ + [matrix_registration_api_result_message] }} - check_mode: no + check_mode: false diff --git a/roles/matrix-registration/tasks/main.yml b/roles/matrix-registration/tasks/main.yml index 3324e083b..ca5743846 100644 --- a/roles/matrix-registration/tasks/main.yml +++ b/roles/matrix-registration/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 0d7da9cee..31e9c35d6 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -39,10 +39,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_registration_base_path }}", when: true } - - { path: "{{ matrix_registration_config_path }}", when: true } - - { path: "{{ matrix_registration_data_path }}", when: true } - - { path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} + - {path: "{{ matrix_registration_base_path }}", when: true} + - {path: "{{ matrix_registration_config_path }}", when: true} + - {path: "{{ matrix_registration_data_path }}", when: true} + - {path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} when: "item.when|bool" - name: Ensure matrix-registration image is pulled @@ -71,7 +71,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_registration_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_registration_container_image_self_build|bool" - name: Ensure matrix-registration config installed @@ -91,7 +91,7 @@ - name: Ensure systemd reloaded after matrix-registration.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_registration_systemd_service_result.changed|bool" - name: Ensure matrix-registration.service restarted, if necessary diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml index 8afd10849..4b7c195fe 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/matrix-registration/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-registration state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_registration_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-registration.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_registration_service_stat.stat.exists|bool" - name: Ensure matrix-registration Docker image doesn't exist diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 index 8de331bff..e73e3e5fc 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 595f8022f..15bce68c1 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Sygnal is a reference Push Gateway for Matrix. # To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app. # Learn more here: https://github.com/matrix-org/sygnal diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/matrix-sygnal/tasks/init.yml index 559a3681d..efa17a4d6 100644 --- a/roles/matrix-sygnal/tasks/init.yml +++ b/roles/matrix-sygnal/tasks/init.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" when: matrix_sygnal_enabled|bool diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/matrix-sygnal/tasks/main.yml index c00862a4b..385798225 100644 --- a/roles/matrix-sygnal/tasks/main.yml +++ b/roles/matrix-sygnal/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index b85b6bfff..cd54a51de 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -36,5 +36,5 @@ - name: Ensure systemd reloaded after matrix-sygnal.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_sygnal_systemd_service_result.changed|bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml index f2b6133f7..5a81a1b29 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/matrix-sygnal/tasks/setup_uninstall.yml @@ -9,8 +9,8 @@ service: name: matrix-sygnal state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_sygnal_service_stat.stat.exists|bool" @@ -22,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-sygnal.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_sygnal_service_stat.stat.exists|bool" - name: Ensure Sygnal base directory doesn't exist diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index 1cf8357ee..2121edf45 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -1,3 +1,5 @@ +--- + - name: Fail if no Sygnal apps defined fail: msg: >- diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 84c6f6eaf..019ab40c0 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index db1024fac..0aa19e86b 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -1,3 +1,4 @@ +--- # matrix-synapse-admin is a web UI for mananging the Synapse Matrix server # See: https://github.com/Awesome-Technologies/synapse-admin @@ -8,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_version: 0.8.4 +matrix_synapse_admin_version: 0.8.5 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index 3ce5a6935..ccaa03f60 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -1,3 +1,4 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 @@ -10,40 +11,40 @@ when: matrix_synapse_admin_enabled|bool - block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed|default(False)|bool + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. + when: matrix_nginx_proxy_role_executed|default(False)|bool - - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - set_fact: - matrix_synapse_admin_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; + - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy + set_fact: + matrix_synapse_admin_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; - location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-admin:80"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8766/$1; - {% endif %} - } + location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-admin:80"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8766/$1; + {% endif %} + } - - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_synapse_admin_matrix_nginx_proxy_configuration] - }} + - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_synapse_admin_matrix_nginx_proxy_configuration] + }} tags: - always when: matrix_synapse_admin_enabled|bool diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/matrix-synapse-admin/tasks/main.yml index b5cb16893..0095f753a 100644 --- a/roles/matrix-synapse-admin/tasks/main.yml +++ b/roles/matrix-synapse-admin/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 9eac7f903..ab1e6d466 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -30,7 +30,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_synapse_admin_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool" - name: Ensure matrix-synapse-admin.service installed @@ -43,7 +43,7 @@ - name: Ensure systemd reloaded after matrix-synapse-admin.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed" # @@ -59,8 +59,8 @@ service: name: matrix-synapse-admin state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" @@ -72,7 +72,7 @@ - name: Ensure systemd reloaded after matrix-synapse-admin.service removal service: - daemon_reload: yes + daemon_reload: true when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin Docker image doesn't exist diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 28fe08aa3..4823d89c3 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 2288ce839..3e3ee1213 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Synapse is a Matrix homeserver # See: https://github.com/matrix-org/synapse @@ -8,16 +9,8 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -# The if statement below may look silly at times (leading to the same version being returned), -# but ARM-compatible container images are only released 1-7 hours after a release, -# so we may often be on different versions for different architectures when new Synapse releases come out. -# -# amd64 gets released first. -# arm32 relies on self-building, so the same version can be built immediately. -# arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.50.1 -matrix_synapse_version_arm64: v1.50.1 -matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" +matrix_synapse_version: v1.53.0 +matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" @@ -471,7 +464,7 @@ matrix_synapse_database_database: "synapse" matrix_synapse_turn_uris: [] matrix_synapse_turn_shared_secret: "" -matrix_synapse_turn_allow_guests: False +matrix_synapse_turn_allow_guests: false matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" @@ -496,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals # Enable this to activate the Shared Secret Auth password provider module. # See: https://github.com/devture/matrix-synapse-shared-secret-auth matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false -matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" +matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true +# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605 +matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false +matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}" +matrix_synapse_ext_password_provider_shared_secret_config_yaml: | + shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} + m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|to_json }} + com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }} # Enable this to activate LDAP password provider matrix_synapse_ext_password_provider_ldap_enabled: false @@ -517,7 +518,7 @@ matrix_synapse_ext_password_provider_ldap_default_domain: "" # See: https://github.com/t2bot/synapse-simple-antispam matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam" -matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "923ca5c85b08f157181721abbae50dd89c31e4b5" +matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "5ab711971e3a4541a7a40310ff85e17f8262cc05" matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: [] # Enable this to activate the Mjolnir Antispam spam-checker module. @@ -541,6 +542,30 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] +# Enable this to activate the E2EE disabling Synapse module. +# See: https://github.com/digitalentity/matrix_encryption_disabler +matrix_synapse_ext_encryption_disabler_enabled: false +matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py" +# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list. +# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room. +matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"] +# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list. +# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver. +# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them. +matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"] +# Specifies whether the power levels event (setting) provided during room creation should be patched. +# This makes it impossible for anybody (locally or over federation) from enabling room encryption +# for the lifetime of rooms created while this setting is enabled (irreversible). +# Enabling this may have incompatiblity consequences with servers / clients. +# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler +matrix_synapse_ext_encryption_disabler_patch_power_levels: false +matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}" +matrix_synapse_ext_encryption_config_yaml: | + deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }} + deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }} + patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels|to_json }} + + matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" @@ -580,7 +605,12 @@ matrix_synapse_default_room_version: "9" # If not, you can also control its value manually. matrix_synapse_spam_checker: [] -matrix_synapse_encryption_enabled_by_default_for_room_type: off +# Controls the Synapse `modules` list. +# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2` +# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. +matrix_synapse_modules: [] + +matrix_synapse_encryption_enabled_by_default_for_room_type: "off" matrix_synapse_trusted_key_servers: - server_name: "matrix.org" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml new file mode 100644 index 000000000..8fda082da --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" + when: matrix_synapse_ext_encryption_disabler_enabled|bool + +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" + when: "not matrix_synapse_ext_encryption_disabler_enabled|bool" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml new file mode 100644 index 000000000..dfc15a207 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -0,0 +1,33 @@ +--- + +- name: Download matrix_encryption_disabler + get_url: + url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}" + dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" + force: true + mode: 0440 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- set_fact: + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "matrix_e2ee_filter.EncryptedRoomFilter", + "config": matrix_synapse_ext_encryption_config + } + ] + }} + + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] + + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml new file mode 100644 index 000000000..a532464d8 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix_encryption_disabler doesn't exist + file: + path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py" + state: absent diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index e760626dc..374c9e55d 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_synapse_password_providers_enabled: true diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index a416e42ba..ec298ccd2 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -5,7 +5,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) @@ -13,7 +13,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'Debian'" - name: Ensure git installed (Archlinux) @@ -21,7 +21,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_distribution == 'Archlinux'" - name: Clone mjolnir-antispam git repository diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 31637fa97..25c8809d3 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -1,5 +1,7 @@ --- +- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml" + - import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index af92041df..f408e2f9f 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -5,6 +5,11 @@ msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" +- name: Fail if no Shared Secret Auth login types enabled + fail: + msg: "Shared Secret Auth is enabled, but none of the login types are" + when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)" + - name: Download matrix-synapse-shared-secret-auth get_url: url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" @@ -15,7 +20,17 @@ group: "{{ matrix_user_groupname }}" - set_fact: - matrix_synapse_password_providers_enabled: true + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "shared_secret_authenticator.SharedSecretAuthProvider", + "config": matrix_synapse_ext_password_provider_shared_secret_config + } + ] + }} matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 2599e7f1b..740d9474c 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -10,7 +10,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'RedHat'" - name: Ensure git installed (Debian) @@ -18,7 +18,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_os_family == 'Debian'" - name: Ensure git installed (Archlinux) @@ -26,7 +26,7 @@ name: - git state: present - update_cache: no + update_cache: false when: "ansible_distribution == 'Archlinux'" - name: Clone synapse-simple-antispam git repository @@ -38,8 +38,8 @@ become_user: "{{ matrix_user_username }}" - set_fact: - matrix_synapse_spam_checker: > - {{ matrix_synapse_spam_checker }} + matrix_synapse_modules: > + {{ matrix_synapse_modules }} + [{ "module": "synapse_simple_antispam.AntiSpamInvites", diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 147efabfd..9e3870e5c 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" - name: Ensure Goofys Docker image is pulled @@ -12,7 +14,7 @@ stat: path: "{{ matrix_s3_media_store_path }}" register: local_path_matrix_s3_media_store_path_stat - ignore_errors: yes + ignore_errors: true - name: Ensure Matrix Goofys external storage mountpoint exists file: @@ -39,5 +41,5 @@ - name: Ensure systemd reloaded after matrix-goofys.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 317a5371e..c00206eff 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-goofys service stat: path: "{{ matrix_systemd_path }}/matrix-goofys.service" @@ -7,8 +9,8 @@ service: name: matrix-goofys state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_goofys_service_stat.stat.exists" @@ -20,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-goofys.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_goofys_service_stat.stat.exists" - name: Ensure goofys environment variables file doesn't exist diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index 42455b44c..8e9626806 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -44,8 +44,8 @@ service: name: matrix-synapse state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result # This can only work with local files, not if the media store is on Amazon S3, @@ -54,11 +54,11 @@ synchronize: src: "{{ server_path_media_store }}/" dest: "{{ matrix_synapse_media_store_path }}" - delete: yes + delete: true # It's wasteful to preserve owner/group now. We chown below anyway. - owner: no - group: no - times: yes + owner: false + group: false + times: true delegate_to: "{{ inventory_hostname }}" # This is for the generic case and fails in other cases (remote file systems), @@ -68,7 +68,7 @@ path: "{{ matrix_synapse_media_store_path }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - recurse: yes + recurse: true when: "not matrix_s3_media_store_enabled|bool" # We don't chown for Goofys, because due to the way it's mounted, @@ -78,7 +78,7 @@ service: name: "{{ item }}" state: started - daemon_reload: yes + daemon_reload: true when: "stopping_result.changed" with_items: - matrix-synapse diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index bc23fc861..880650492 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -1,8 +1,9 @@ +--- # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 17eef9ccd..552358434 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always @@ -52,4 +54,4 @@ set_fact: matrix_synapse_role_executed: true tags: - - always + - always diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 9c2a3ea04..2a1c57082 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -19,7 +19,7 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Wait a while, so that Synapse can manage to start diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 46cad8083..36ef0a3a7 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -1,3 +1,5 @@ +--- + - debug: msg: "Compressing room `{{ room_details.room_id }}` having {{ room_details.count }} state group rows" diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 106c59d5b..ad8497ccd 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -1,3 +1,4 @@ +--- # Pre-checks - name: Fail if Postgres not enabled @@ -80,12 +81,12 @@ # Row 3 contains a space when there's no result. - block: - - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" + - debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" - - name: Fail if room find result is not what we expect - fail: - msg: >- - Expecting 4 lines in the "find rooms" result. + - name: Fail if room find result is not what we expect + fail: + msg: >- + Expecting 4 lines in the "find rooms" result. when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" - block: diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 30244d500..407a79ff6 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,7 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true - check_mode: no + check_mode: false when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 57c9e56b1..322493721 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,7 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true - check_mode: no + check_mode: false when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working @@ -17,7 +17,7 @@ - name: Fail if Matrix Federation API unexpectedly enabled fail: - msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." + msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index f8bc05a1c..47e404f41 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -8,9 +8,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_synapse_config_dir_path }}", when: true } - - { path: "{{ matrix_synapse_ext_path }}", when: true } - - { path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}" } + - {path: "{{ matrix_synapse_config_dir_path }}", when: true} + - {path: "{{ matrix_synapse_ext_path }}", when: true} + - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 09ec798d2..bd7da90d2 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -5,7 +5,7 @@ stat: path: "{{ matrix_synapse_media_store_path }}" register: local_path_media_store_stat - ignore_errors: yes + ignore_errors: true # This is separate and conditional, to ensure we don't execute it # if the path already exists or we failed to check, because it's mounted using fuse. @@ -18,25 +18,33 @@ group: "{{ matrix_user_groupname }}" when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" -- name: Ensure Synapse repository is present on self-build - git: - repo: "{{ matrix_synapse_container_image_self_build_repo }}" - dest: "{{ matrix_synapse_docker_src_files_path }}" - version: "{{ matrix_synapse_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_synapse_git_pull_results - when: "matrix_synapse_container_image_self_build|bool" +- block: + - name: Ensure Synapse repository is present on self-build + git: + repo: "{{ matrix_synapse_container_image_self_build_repo }}" + dest: "{{ matrix_synapse_docker_src_files_path }}" + version: "{{ matrix_synapse_docker_image.split(':')[1] }}" + force: "yes" + register: matrix_synapse_git_pull_results -- name: Ensure Synapse Docker image is built - docker_image: - name: "{{ matrix_synapse_docker_image }}" - source: build - force_source: "{{ matrix_synapse_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_git_pull_results.changed }}" - build: - dockerfile: docker/Dockerfile - path: "{{ matrix_synapse_docker_src_files_path }}" - pull: yes + - name: Check if Synapse Docker image exists + command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + register: matrix_synapse_docker_image_check_result + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Synapse Docker image is built + shell: + chdir: "{{ matrix_synapse_docker_src_files_path }}" + cmd: | + {{ matrix_host_command_docker }} build \ + -t "{{ matrix_synapse_docker_image }}" \ + -f docker/Dockerfile \ + . + environment: + DOCKER_BUILDKIT: 1 + when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''" when: "matrix_synapse_container_image_self_build|bool" - name: Ensure Synapse Docker image is pulled @@ -55,10 +63,10 @@ # We do this so that the signing key would get generated. # # This will also generate a default homeserver.yaml configuration file and a log configuration file. -# We don't care about those configuraiton files, as we replace them with our own anyway (see below). +# We don't care about those configuration files, as we replace them with our own anyway (see below). # # We don't use the `docker_container` module, because using it with `cap_drop` requires -# a very recent version, which is not available for a lot of people yet. +# a very recent docker-py version, which is not available for a lot of people yet. - name: Generate initial Synapse config and signing key command: | docker run @@ -97,7 +105,7 @@ - name: Ensure systemd reloaded after matrix-synapse.service installation service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_systemd_service_result.changed" - name: Ensure matrix-synapse-register-user script created diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 070856e48..911d12851 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -1,3 +1,5 @@ +--- + - name: Check existence of matrix-synapse service stat: path: "{{ matrix_systemd_path }}/matrix-synapse.service" @@ -7,8 +9,8 @@ service: name: matrix-synapse state: stopped - enabled: no - daemon_reload: yes + enabled: false + daemon_reload: true register: stopping_result when: "matrix_synapse_service_stat.stat.exists" @@ -20,7 +22,7 @@ - name: Ensure systemd reloaded after matrix-synapse.service removal service: - daemon_reload: yes + daemon_reload: true when: "matrix_synapse_service_stat.stat.exists" - name: Ensure Synapse Docker image doesn't exist diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index c6fc32c30..f59313bde 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -1,3 +1,4 @@ +--- # Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. # # set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index d0440d22d..f03576112 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -8,7 +8,7 @@ name: "{{ item.key }}" state: stopped with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" - when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 + when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 - name: Find worker configs to be cleaned find: diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml index 62b426257..2669e1491 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml @@ -1,3 +1,4 @@ +--- # The tasks below run before `validate_config.yml`. # To avoid failing with a cryptic error message, we'll do validation here. # diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index 93ed65751..2247cd894 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,3 +1,5 @@ +--- + - set_fact: matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 78136785a..fd348d9db 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -19,14 +19,14 @@ service: name: matrix-synapse state: started - daemon_reload: yes + daemon_reload: true register: start_result - name: Ensure matrix-postgres is started service: name: matrix-postgres state: started - daemon_reload: yes + daemon_reload: true register: postgres_start_result diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 6dcb50ce5..89107c0a6 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -48,6 +48,7 @@ - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} + - {'old': 'matrix_synapse_version_arm64', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index f74cbad9c..df4a4f23a 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -27,10 +27,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' TimeoutStartSec=5min -ExecStopPost=-{{ matrix_host_command_docker }} stop %n -ExecStopPost=-{{ matrix_host_command_docker }} kill %n -ExecStopPost=-{{ matrix_host_command_docker }} rm %n -ExecStopPost=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} +ExecStop=-{{ matrix_host_command_docker }} stop %n +ExecStop=-{{ matrix_host_command_docker }} kill %n +ExecStop=-{{ matrix_host_command_docker }} rm %n +ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} Restart=always RestartSec=5 SyslogIdentifier=matrix-goofys diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 902aaa71f..0308b4065 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -15,12 +15,13 @@ # See https://matrix-org.github.io/synapse/latest/modules/index.html for more # documentation on how to configure or create custom modules for Synapse. # -modules: - # - module: my_super_module.MySuperClass - # config: - # do_thing: true - # - module: my_other_super_module.SomeClass - # config: {} +#modules: + #- module: my_super_module.MySuperClass + # config: + # do_thing: true + #- module: my_other_super_module.SomeClass + # config: {} +modules: {{ matrix_synapse_modules|to_json }} ## Server ## @@ -49,13 +50,7 @@ server_name: "{{ matrix_domain }}" # pid_file: /homeserver.pid -# The absolute URL to the web client which /_matrix/client will redirect -# to if 'webclient' is configured under the 'listeners' configuration. -# -# This option can be also set to the filesystem path to the web client -# which will be served at /_matrix/client/ if 'webclient' is configured -# under the 'listeners' configuration, however this is a security risk: -# https://github.com/matrix-org/synapse#security-note +# The absolute URL to the web client which / will redirect to. # #web_client_location: https://riot.example.com/ @@ -139,7 +134,7 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe # The default room version for newly created rooms. # # Known room versions are listed here: -# https://matrix.org/docs/spec/#complete-list-of-room-versions +# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions # # For example, for room version 1, default_room_version should be set # to "1". @@ -284,8 +279,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) # -# webclient: A web client. Requires web_client_location to be set. -# listeners: {% if matrix_synapse_metrics_enabled %} - type: metrics @@ -495,6 +488,20 @@ limit_remote_rooms: # #allow_per_room_profiles: false +# The largest allowed file size for a user avatar. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#max_avatar_size: 10M + +# The MIME types allowed for user avatars. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"] + # How long to keep redacted events in unredacted form in the database. After # this period redacted events get replaced with their redacted form in the DB. # @@ -769,11 +776,16 @@ caches: per_cache_factors: #get_users_who_share_room_with_user: 2.0 - # Controls how long an entry can be in a cache without having been - # accessed before being evicted. Defaults to None, which means - # entries are never evicted based on time. + # Controls whether cache entries are evicted after a specified time + # period. Defaults to true. Uncomment to disable this feature. # - #expiry_time: 30m + #expire_caches: false + + # If expire_caches is enabled, this flag controls how long an entry can + # be in a cache without having been accessed before being evicted. + # Defaults to 30m. Uncomment to set a different time to live for cache entries. + # + #cache_entry_ttl: 30m # Controls how long the results of a /sync request are cached for after # a successful response is returned. A higher duration can help clients with @@ -883,6 +895,9 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config" # - one for ratelimiting how often a user or IP can attempt to validate a 3PID. # - two for ratelimiting how often invites can be sent in a room or to a # specific user. +# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID +# such as an email address or a phone number) based on the account that's +# sending the invite. # # The defaults are as shown below. # @@ -937,6 +952,10 @@ rc_joins: {{ matrix_synapse_rc_joins|to_json }} # per_user: # per_second: 0.003 # burst_count: 5 +# +#rc_third_party_invite: +# per_second: 0.2 +# burst_count: 10 # Ratelimiting settings for incoming federation # @@ -1465,6 +1484,16 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json # #auto_join_rooms_for_guests: false +# Whether to inhibit errors raised when registering a new account if the user ID +# already exists. If turned on, that requests to /register/available will always +# show a user ID as available, and Synapse won't raise an error when starting +# a registration with a user ID that already exists. However, Synapse will still +# raise an error if the registration completes and the username conflicts. +# +# Defaults to false. +# +#inhibit_user_in_use_error: true + ## Metrics ### @@ -1534,6 +1563,21 @@ room_prejoin_state: #additional_event_types: # - org.example.custom.event.type +# We record the IP address of clients used to access the API for various +# reasons, including displaying it to the user in the "Where you're signed in" +# dialog. +# +# By default, when puppeting another user via the admin API, the client IP +# address is recorded against the user who created the access token (ie, the +# admin user), and *not* the puppeted user. +# +# Uncomment the following to also record the IP address against the puppeted +# user. (This also means that the puppeted user will count as an "active" user +# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc +# above.) +# +#track_puppeted_user_ips: true + # A list of application service config files to use # @@ -1899,10 +1943,13 @@ saml2_config: # Defaults to false. Avoid this in production. # # user_profile_method: Whether to fetch the user profile from the userinfo -# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'. +# endpoint, or to rely on the data returned in the id_token from the +# token_endpoint. # -# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is -# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the +# Valid values are: 'auto' or 'userinfo_endpoint'. +# +# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is +# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the # userinfo endpoint. # # allow_existing_users: set to 'true' to allow a user logging in via OIDC to @@ -2551,11 +2598,6 @@ email: # #filter: "(objectClass=posixAccount)" {% if matrix_synapse_password_providers_enabled %} password_providers: -{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %} - - module: "shared_secret_authenticator.SharedSecretAuthenticator" - config: - sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} -{% endif %} {% if matrix_synapse_ext_password_provider_rest_auth_enabled %} - module: "rest_auth_provider.RestAuthProvider" config: diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 66a323f96..43dc42d1f 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -46,8 +46,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} -ExecStopPost=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStopPost=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} ExecReload={{ matrix_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' Restart=always diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index bfc8dd612..188db5ef9 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -63,8 +63,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 1a279ad6b..48530312c 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -64,7 +64,7 @@ matrix_synapse_workers_generic_worker_endpoints: # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ - - ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$ + - ^/_matrix/client/v1/register/m.login.registration_token/validity$ # Event sending requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact diff --git a/setup.yml b/setup.yml index aa1ea68b4..68740b4af 100755 --- a/setup.yml +++ b/setup.yml @@ -36,6 +36,7 @@ - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-bridge-heisenbridge + - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-honoroit - matrix-bot-go-neb