From 1a9cafa3a33387f2c32eb736e6a4665dd87a177e Mon Sep 17 00:00:00 2001 From: Fanch Date: Sat, 10 Oct 2020 04:11:26 +0200 Subject: [PATCH 01/17] add run-docker-prune command --- roles/matrix-common-after/tasks/main.yml | 4 ++++ roles/matrix-common-after/tasks/run_docker_prune.yml | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 roles/matrix-common-after/tasks/run_docker_prune.yml diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index 197ab6a9d..d77d56a18 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -11,3 +11,7 @@ - import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" tags: - always + +- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" + tags: + - run-docker-prune diff --git a/roles/matrix-common-after/tasks/run_docker_prune.yml b/roles/matrix-common-after/tasks/run_docker_prune.yml new file mode 100644 index 000000000..a7e35a03b --- /dev/null +++ b/roles/matrix-common-after/tasks/run_docker_prune.yml @@ -0,0 +1,4 @@ +--- + +- name: Run Docker System Prune + command: "{{ matrix_host_command_docker }} system prune -a -f" From 4d5068e283e9bab4dfedfd51e1357a6775126960 Mon Sep 17 00:00:00 2001 From: Fanch Date: Sat, 10 Oct 2020 14:27:07 +0200 Subject: [PATCH 02/17] add some doc about the run-docker-prune tag --- docs/maintenance-and-troubleshooting.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/maintenance-and-troubleshooting.md b/docs/maintenance-and-troubleshooting.md index bccf3e2ee..ae90fba23 100644 --- a/docs/maintenance-and-troubleshooting.md +++ b/docs/maintenance-and-troubleshooting.md @@ -33,6 +33,12 @@ matrix_synapse_root_log_level: "INFO" Re-run the playbook after making these configuration changes. +## Remove unused Docker data + +You can free some disk space from Docker, see [docker system prune](https://docs.docker.com/engine/reference/commandline/system_prune/) for more information. +```bash +ansible-playbook -i inventory/hosts setup.yml --tags=run-docker-prune +``` ## Postgres From 78529cbd47544f8dd3a452eda4f749256315f359 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 12 Oct 2020 23:59:34 -0500 Subject: [PATCH 03/17] Upgrade Synapse (v1.20.1 -> v1.21.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 121 ++++++++++++++++-- 2 files changed, 113 insertions(+), 10 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index bd8d2be98..1bc04bc6b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.21.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e687a500e..f58f34f8b 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -9,10 +9,23 @@ ## Server ## -# The domain name of the server, with optional explicit port. -# This is used by remote servers to connect to this server, -# e.g. matrix.org, localhost:8080, etc. -# This is also the last part of your UserID. +# The public-facing domain of the server +# +# The server_name name will appear at the end of usernames and room addresses +# created on this server. For example if the server_name was example.com, +# usernames on this server would be in the format @user:example.com +# +# In most cases you should avoid using a matrix specific subdomain such as +# matrix.example.com or synapse.example.com as the server_name for the same +# reasons you wouldn't use user@email.example.com as your email address. +# See https://github.com/matrix-org/synapse/blob/master/docs/delegate.md +# for information on how to host Synapse on a subdomain while preserving +# a clean server_name. +# +# The server_name cannot be changed later so it is important to +# configure this correctly before you start Synapse. It should be all +# lowercase and may contain an explicit port. +# Examples: matrix.org, localhost:8080 # server_name: "{{ matrix_domain }}" @@ -107,7 +120,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # #enable_search: false - # List of ports that Synapse should listen on, their purpose and their # configuration. # @@ -389,6 +401,12 @@ retention: # 'longest_max_lifetime' of '3d' will handle every room with a retention policy # which 'max_lifetime' is lower than or equal to three days. # + # The rationale for this per-job configuration is that some rooms might have a + # retention policy with a low 'max_lifetime', where history needs to be purged + # of outdated messages on a more frequent basis than for the rest of the rooms + # (e.g. every 12h), but not want that purge to be performed by a job that's + # iterating over every room it knows, which could be heavy on the server. + # # If any purge job is configured, it is strongly recommended to have at least # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime' # set, or one job without 'shortest_max_lifetime' and one job without @@ -414,6 +432,24 @@ retention: # #request_token_inhibit_3pid_errors: true +# A list of domains that the domain portion of 'next_link' parameters +# must match. +# +# This parameter is optionally provided by clients while requesting +# validation of an email or phone number, and maps to a link that +# users will be automatically redirected to after validation +# succeeds. Clients can make use this parameter to aid the validation +# process. +# +# The whitelist is applied whether the homeserver or an +# identity server is handling validation. +# +# The default value is no whitelist functionality; all domains are +# allowed. Setting this value to an empty list will instead disallow +# all domains. +# +#next_link_domain_whitelist: ["matrix.org"] + ## TLS ## @@ -580,6 +616,7 @@ acme: #tls_fingerprints: [{"sha256": ""}] +## Federation ## # Restrict federation to the following whitelist of domains. # N.B. we recommend also firewalling your federation listener to limit @@ -617,6 +654,17 @@ federation_ip_range_blacklist: - 'fe80::/64' - 'fc00::/7' +# Report prometheus metrics on the age of PDUs being sent to and received from +# the following domains. This can be used to give an idea of "delay" on inbound +# and outbound federation, though be aware that any delay can be due to problems +# at either end or with the intermediate network. +# +# By default, no domains are monitored in this way. +# +#federation_metrics_domains: +# - matrix.org +# - example.com + ## Caching ## @@ -662,6 +710,7 @@ caches: per_cache_factors: #get_users_who_share_room_with_user: 2.0 + ## Database ## database: @@ -1074,6 +1123,17 @@ account_validity: # #invalid_token_html_path: "invalid_token.html" +# Time that a user's session remains valid for, after they log in. +# +# Note that this is not currently compatible with guest logins. +# +# Note also that this is calculated at login time: changes are not applied +# retrospectively to users who have already logged in. +# +# By default, this is infinite. +# +#session_lifetime: 24h + # The user must provide all of the below types of 3PID when registering. # #registrations_require_3pid: @@ -1427,11 +1487,14 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }} # At least one of `sp_config` or `config_path` must be set in this section to # enable SAML login. # -# (You will probably also want to set the following options to `false` to +# You will probably also want to set the following options to `false` to # disable the regular login/registration flows: # * enable_registration # * password_config.enabled # +# You will also want to investigate the settings under the "sso" configuration +# section below. +# # Once SAML support is enabled, a metadata file will be exposed at # https://:/_matrix/saml2/metadata.xml, which you may be able to # use to configure your SAML IdP with. Alternatively, you can manually configure @@ -1653,6 +1716,19 @@ oidc_config: # #skip_verification: true + # Whether to fetch the user profile from the userinfo endpoint. Valid + # values are: "auto" or "userinfo_endpoint". + # + # Defaults to "auto", which fetches the userinfo endpoint if "openid" is included + # in `scopes`. Uncomment the following to always fetch the userinfo endpoint. + # + #user_profile_method: "userinfo_endpoint" + + # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead + # of failing. This could be used if switching from password logins to OIDC. Defaults to false. + # + #allow_existing_users: true + # An external module can be provided here as a custom solution to mapping # attributes returned from a OIDC provider onto a matrix user. # @@ -1830,6 +1906,24 @@ sso: # #algorithm: "provided-by-your-issuer" + # The issuer to validate the "iss" claim against. + # + # Optional, if provided the "iss" claim will be required and + # validated for all JSON web tokens. + # + #issuer: "provided-by-your-issuer" + + # A list of audiences to validate the "aud" claim against. + # + # Optional, if provided the "aud" claim will be required and + # validated for all JSON web tokens. + # + # Note that if the "aud" claim is included in a JSON web token then + # validation will fail without configuring audiences. + # + #audiences: + # - "provided-by-your-issuer" + password_config: # Uncomment to disable password login @@ -1936,9 +2030,13 @@ email: # * The contents of password reset emails sent by the homeserver: # 'password_reset.html' and 'password_reset.txt' # - # * HTML pages for success and failure that a user will see when they follow - # the link in the password reset email: 'password_reset_success.html' and - # 'password_reset_failure.html' + # * An HTML page that a user will see when they follow the link in the password + # reset email. The user will be asked to confirm the action before their + # password is reset: 'password_reset_confirmation.html' + # + # * HTML pages for success and failure that a user will see when they confirm + # the password reset flow using the page above: 'password_reset_success.html' + # and 'password_reset_failure.html' # # * The contents of address verification emails sent during registration: # 'registration.html' and 'registration.txt' @@ -2417,6 +2515,11 @@ opentracing: # events: worker1 # typing: worker1 +# The worker that is used to run background tasks (e.g. cleaning up expired +# data). If not provided this defaults to the main process. +# +#run_background_tasks_on: worker1 + # Configuration for Redis when using workers. This *must* be enabled when # using workers (unless using old style direct TCP configuration). From d250727e8baf7e5e71fa6a6b1c6ce0b119ab7924 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 13 Oct 2020 09:44:32 +0300 Subject: [PATCH 04/17] Upgrade certbot (1.7.0 -> 1.9.0) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8ba0c532a..3b9dd60b4 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -227,7 +227,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.7.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.9.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From 5abd51136864106ea151519fc31c1e153d8fc69c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 13 Oct 2020 13:08:25 +0300 Subject: [PATCH 05/17] Upgrade Synapse (v1.21.0 -> v1.21.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 1bc04bc6b..43808e49a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.21.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.21.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From fa5d85426b052884d7edbc5e50f102fffe48deed Mon Sep 17 00:00:00 2001 From: Scott Crossen Date: Tue, 13 Oct 2020 16:35:41 -0700 Subject: [PATCH 06/17] Renamed systemd descriptions for all bridges --- .../templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 | 2 +- .../templates/systemd/matrix-appservice-discord.service.j2 | 2 +- .../templates/systemd/matrix-appservice-irc.service.j2 | 2 +- .../templates/systemd/matrix-appservice-slack.service.j2 | 2 +- .../templates/systemd/matrix-appservice-webhooks.service.j2 | 2 +- .../templates/systemd/matrix-mautrix-facebook.service.j2 | 2 +- .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 2 +- .../templates/systemd/matrix-mautrix-telegram.service.j2 | 2 +- .../templates/systemd/matrix-mautrix-whatsapp.service.j2 | 2 +- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 2 +- .../templates/systemd/matrix-mx-puppet-instagram.service.j2 | 2 +- .../templates/systemd/matrix-mx-puppet-skype.service.j2 | 2 +- .../templates/systemd/matrix-mx-puppet-slack.service.j2 | 2 +- .../templates/systemd/matrix-mx-puppet-steam.service.j2 | 2 +- .../templates/systemd/matrix-mx-puppet-twitter.service.j2 | 2 +- .../templates/systemd/matrix-sms-bridge-database.service.j2 | 2 +- .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index 4220e6cc7..0decac025 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=matrix-reminder-bot +Description=Matrix reminder bot {% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index d512cd882..f2187ca3a 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Appservice Discord server +Description=Matrix Appservice Discord bridge {% for service in matrix_appservice_discord_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index aa6141d62..95638612b 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Appservice IRC server +Description=Matrix Appservice IRC bridge {% for service in matrix_appservice_irc_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index de773ff98..1c68294fb 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Appservice Slack server +Description=Matrix Appservice Slack bridge {% for service in matrix_appservice_slack_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index b05f8a277..08f5813f1 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Appservice webhooks server +Description=Matrix Appservice webhooks bridge {% for service in matrix_appservice_webhooks_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 444423c18..b593a2e35 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mautrix Facebook server +Description=Matrix Mautrix Facebook bridge {% for service in matrix_mautrix_facebook_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index dc6ffda06..584339820 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mautrix Hangouts server +Description=Matrix Mautrix Hangouts bridge {% for service in matrix_mautrix_hangouts_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index b0b4f6433..c0fb89381 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mautrix Telegram server +Description=Matrix Mautrix Telegram bridge {% for service in matrix_mautrix_telegram_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 7dd251408..ac2b961e5 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mautrix Whatsapp server +Description=Matrix Mautrix Whatsapp bridge {% for service in matrix_mautrix_whatsapp_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index e26128eff..78737a17b 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mx Puppet Discord server +Description=Matrix Mx Puppet Discord bridge {% for service in matrix_mx_puppet_discord_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index b94c399ae..81e3e0817 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mx Puppet Instagram server +Description=Matrix Mx Puppet Instagram bridge {% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index a6860b691..8a46cb25b 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mx Puppet Skype server +Description=Matrix Mx Puppet Skype bridge {% for service in matrix_mx_puppet_skype_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 3ce0e18b5..23c2504f5 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mx Puppet Slack server +Description=Matrix Mx Puppet Slack bridge {% for service in matrix_mx_puppet_slack_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index 53518d42e..986c5d2cd 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mx Puppet Steam server +Description=Matrix Mx Puppet Steam bridge {% for service in matrix_mx_puppet_steam_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 9245f02b2..6afb6fb48 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix Mx Puppet Twitter server +Description=Matrix Mx Puppet Twitter bridge {% for service in matrix_mx_puppet_twitter_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2 index e2cad164e..c9bb0343b 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2 +++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=matrix-sms-bridge-database server +Description=Matrix sms bridge database {% for service in matrix_sms_bridge_database_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 7bf917008..7cab37420 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=matrix-sms-bridge server +Description=Matrix sms bridge {% for service in matrix_sms_bridge_systemd_required_services_list %} Requires={{ service }} After={{ service }} From b65bfc38ce499e3b3ad21e146dcb86e1c4e60c34 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Wed, 14 Oct 2020 06:23:33 -0500 Subject: [PATCH 07/17] Update nginx (1.19.2 -> 1.19.3) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 3b9dd60b4..643d723e3 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.19.2-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.19.3-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" From 640166e4c307e59d79720aac9efe2ee8572cdcf7 Mon Sep 17 00:00:00 2001 From: jgbresson Date: Thu, 15 Oct 2020 00:09:54 -0400 Subject: [PATCH 08/17] Upgrade Element (1.7.8 -> 1.7.9) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 5219bcc33..a864244a8 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -2,7 +2,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8" +matrix_client_element_docker_image: "vectorim/riot-web:v1.7.9" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element" From 3fd198e89a6be52325d09aa775cfacd8b3df03ed Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Oct 2020 11:34:50 +0300 Subject: [PATCH 09/17] Add notes about running Ansible on Ubuntu 20.04 Discussed in #669 (Github Issue). --- docs/ansible.md | 2 ++ docs/prerequisites.md | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/ansible.md b/docs/ansible.md index 1ac08b5f6..776147bdd 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -11,6 +11,8 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv Ansible 2.7.0 or newer is required. +Ubuntu (at least 20.04) ships with a buggy version (see this [bug](https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1880359)), which can't be used in combination with a host running new systemd (more detaisl in [#517](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/517), [#669]([669](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/669))). If this problem affects you, you can: avoid running Ubuntu 20.04 on your host; run Ansible from another machine targeting your host; or try to upgrade to a newer Ansible version (see below). + ## Checking your Ansible version diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 5f551eb43..4356081b5 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -1,6 +1,12 @@ # Prerequisites -- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. +- An **x86** server running one of these operating systems: + - **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)) + - **Debian** (9/Stretch+) + - **Ubuntu** (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions)) + - **Archlinux** + +This playbook doesn't support running on ARM (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. - `root` access to your server (or a user capable of elevating to `root` via `sudo`). From f7ecc7a2a5e849420685eaa6b9d0ce010e3533f7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Oct 2020 17:42:52 +0300 Subject: [PATCH 10/17] Upgrade Synapse (v1.21.1 -> v1.21.2) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 43808e49a..fd8eaa528 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.21.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.21.2" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 48f929dc918d277b7ea44b1e8afe385326e46cb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Fri, 16 Oct 2020 00:32:00 +0200 Subject: [PATCH 11/17] add variables for secure_backup_required and secure_backup_setup_methods --- roles/matrix-base/defaults/main.yml | 10 ++++++++ .../static-files/well-known/matrix-client.j2 | 25 +++++++++++++++---- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 3fbbd76ea..5bd100145 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,6 +67,16 @@ matrix_client_element_jitsi_preferredDomain: '' # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md matrix_client_element_e2ee_default: true +# Controls whether Element should require a secure backup set up before Element can be used. +# Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup. +# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md +matrix_client_element_e2ee_backup_required: false + +# Controls which backup methods from ["key", "passphrase"] should be used, both is the default. +# Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use +# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md +matrix_client_element_e2ee_backup_methods: [] + # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index 6dc5ff23c..b1879d923 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -26,12 +26,27 @@ "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} - {% if not matrix_client_element_e2ee_default %}, - "io.element.e2ee": { - "default": false + , + "io.element.e2ee": { + {% if not matrix_client_element_e2ee_default %} + "default": false + {% else %} + "default": true + {% endif %} + {% if matrix_client_element_e2ee_backup_required %}, + "secure_backup_required": true + {% else %} + "secure_backup_required": false + {% endif %} + {% if matrix_client_element_e2ee_backup_methods %}, + "secure_backup_setup_methods": {{ matrix_client_element_e2ee_backup_methods|to_json }} + {% endif %} }, "im.vector.riot.e2ee": { - "default": false + {% if not matrix_client_element_e2ee_default %} + "default": false + {% else %} + "default": true + {% endif %} } - {% endif %} } From 65992043347f8ed0451aa1ae29ddd3d37c6730be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Fri, 16 Oct 2020 08:20:22 +0200 Subject: [PATCH 12/17] fix commata not being set when secure_backup_required false --- .../templates/static-files/well-known/matrix-client.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index b1879d923..14cbe71f3 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -29,11 +29,11 @@ , "io.element.e2ee": { {% if not matrix_client_element_e2ee_default %} - "default": false + "default": false, {% else %} - "default": true + "default": true, {% endif %} - {% if matrix_client_element_e2ee_backup_required %}, + {% if matrix_client_element_e2ee_backup_required %} "secure_backup_required": true {% else %} "secure_backup_required": false From 4cfa11275544c447d9c848811535a32dc14a5a02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Fri, 16 Oct 2020 08:44:04 +0200 Subject: [PATCH 13/17] update default backup_methods as proposed by the system anyway --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 5bd100145..cffb7b4a3 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -75,7 +75,7 @@ matrix_client_element_e2ee_backup_required: false # Controls which backup methods from ["key", "passphrase"] should be used, both is the default. # Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_backup_methods: [] +matrix_client_element_e2ee_backup_methods: [ "key", "passphrase" ] # The Docker network that all services would be put into matrix_docker_network: "matrix" From 8f7e21892d7facae416b3b4cd36857835fa6428b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Fri, 16 Oct 2020 08:47:37 +0200 Subject: [PATCH 14/17] fix indentation, updated to proposed changes from Slavi: no more ifdef --- .../static-files/well-known/matrix-client.j2 | 24 ++++--------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index 14cbe71f3..ecd5eaf9e 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -27,26 +27,12 @@ } {% endif %} , - "io.element.e2ee": { - {% if not matrix_client_element_e2ee_default %} - "default": false, - {% else %} - "default": true, - {% endif %} - {% if matrix_client_element_e2ee_backup_required %} - "secure_backup_required": true - {% else %} - "secure_backup_required": false - {% endif %} - {% if matrix_client_element_e2ee_backup_methods %}, - "secure_backup_setup_methods": {{ matrix_client_element_e2ee_backup_methods|to_json }} - {% endif %} + "io.element.e2ee": { + "default": {{ matrix_client_element_e2ee_default|to_json }}, + "secure_backup_required": {{ matrix_client_element_e2ee_backup_required|to_json }}, + "secure_backup_setup_methods": {{ matrix_client_element_e2ee_backup_methods|to_json }} }, "im.vector.riot.e2ee": { - {% if not matrix_client_element_e2ee_default %} - "default": false - {% else %} - "default": true - {% endif %} + "default": {{ matrix_client_element_e2ee_default|to_json }} } } From 5158fa4df98ec2baf7a9c88b2e2c2d8924f093cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Fri, 16 Oct 2020 08:50:16 +0200 Subject: [PATCH 15/17] e2ee_backup_methods: rather leave the default empty, so that the system default may apply --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index cffb7b4a3..5bd100145 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -75,7 +75,7 @@ matrix_client_element_e2ee_backup_required: false # Controls which backup methods from ["key", "passphrase"] should be used, both is the default. # Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_backup_methods: [ "key", "passphrase" ] +matrix_client_element_e2ee_backup_methods: [] # The Docker network that all services would be put into matrix_docker_network: "matrix" From 1cf5b1d80f626c7a1e54bd48fb1e31a1dd81618f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Fri, 16 Oct 2020 09:24:50 +0200 Subject: [PATCH 16/17] e2ee_backup: rename variables to be consistent with naming scheme --- roles/matrix-base/defaults/main.yml | 4 ++-- .../templates/static-files/well-known/matrix-client.j2 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 5bd100145..164509b75 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -70,12 +70,12 @@ matrix_client_element_e2ee_default: true # Controls whether Element should require a secure backup set up before Element can be used. # Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup. # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_backup_required: false +matrix_client_element_e2ee_secure_backup_required: false # Controls which backup methods from ["key", "passphrase"] should be used, both is the default. # Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md -matrix_client_element_e2ee_backup_methods: [] +matrix_client_element_e2ee_secure_backup_setup_methods: [] # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index ecd5eaf9e..a4356d1d8 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -29,8 +29,8 @@ , "io.element.e2ee": { "default": {{ matrix_client_element_e2ee_default|to_json }}, - "secure_backup_required": {{ matrix_client_element_e2ee_backup_required|to_json }}, - "secure_backup_setup_methods": {{ matrix_client_element_e2ee_backup_methods|to_json }} + "secure_backup_required": {{ matrix_client_element_e2ee_secure_backup_required|to_json }}, + "secure_backup_setup_methods": {{ matrix_client_element_e2ee_secure_backup_setup_methods|to_json }} }, "im.vector.riot.e2ee": { "default": {{ matrix_client_element_e2ee_default|to_json }} From 24c6d7e81f9c22764dfd7c2d3c2c20239b692553 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 20 Oct 2020 19:06:16 +0300 Subject: [PATCH 17/17] Upgrade Element (1.7.9 -> 1.7.10) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index a864244a8..d2b9258f0 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -2,7 +2,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_docker_image: "vectorim/riot-web:v1.7.9" +matrix_client_element_docker_image: "vectorim/riot-web:v1.7.10" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"