diff --git a/.gitignore b/.gitignore index 32ab139fa..36c65bdaa 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ !/inventory/host_vars/.gitkeep !/inventory/scripts /roles/*/files/scratchpad +.DS_Store +.python-version diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e1002b9c..247e4e149 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 2020-10-02 + +## Minimum Ansible version raised to v2.7.0 + +We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0. + +If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles). + +Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible. + + +# 2020-10-01 + +## Postgres 13 support + +The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default. + +If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). + # 2020-09-01 ## matrix-registration support diff --git a/README.md b/README.md index a80443548..72018115a 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation -- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation +- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation diff --git a/docs/ansible.md b/docs/ansible.md index 1ba430f49..1ac08b5f6 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv ## Supported Ansible versions -Ansible 2.5.2 or newer is required. +Ansible 2.7.0 or newer is required. ## Checking your Ansible version @@ -49,7 +49,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -devture/ansible:2.9.9-r0 +devture/ansible:2.9.13-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 2b6b30ed4..604e6aa61 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -38,6 +38,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis You are required to specify an access token (belonging to this new user) for Dimension to work. To get an access token for the Dimension user, you can follow one of two options: + *Through an interactive login*: 1. In a private browsing session (incognito window), open Element. diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index efc5eaafd..72402360b 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -56,11 +56,19 @@ The default authentication mode of Jitsi is `internal`, however LDAP is also sup ```yaml matrix_jitsi_enable_auth: true matrix_jitsi_auth_type: ldap -matrix_jitsi_ldap_url: ldap://ldap.DOMAIN # or ldaps:// if using tls -matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN" -matrix_jitsi_ldap_filter: "(&(uid=%u)(employeeType=active))" -matrix_jitsi_ldap_use_tls: false -matrix_jitsi_ldap_start_tls: true +matrix_jitsi_ldap_url: "ldap://ldap.DOMAIN" +matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN +#matrix_jitsi_ldap_binddn: "" +#matrix_jitsi_ldap_bindpw: "" +matrix_jitsi_ldap_filter: "uid=%u" +matrix_jitsi_ldap_auth_method: "bind" +matrix_jitsi_ldap_version: "3" +matrix_jitsi_ldap_use_tls: true +matrix_jitsi_ldap_tls_ciphers: "" +matrix_jitsi_ldap_tls_check_peer: true +matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt" +matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs" +matrix_jitsi_ldap_start_tls: false ``` For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation. diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 916f6838b..5b5c7cdc1 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -3,7 +3,7 @@ By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.` and possibly `element.`) Those certificates are used when configuring the nginx reverse proxy installed by this playbook. -They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook. +They can also be used for configuring [your own webserver](configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook. If you need to retrieve certificates for other domains (e.g. your base domain) or more control over certificate retrieval, read below. @@ -13,7 +13,7 @@ Things discussed in this document: - [Using your own SSL certificates](#using-your-own-ssl-certificates), if you don't want to or can't use Let's Encrypt certificates, but are still interested in using the integrated nginx reverse proxy server -- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](docs/configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you +- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you - [Obtaining SSL certificates for additional domains](#obtaining-ssl-certificates-for-additional-domains), if you'd like to host additional domains on the Matrix server and would like the playbook to help you obtain and renew certificates for those domains automatically diff --git a/docs/importing-sqlite.md b/docs/importing-sqlite.md index cb30d0984..9e3a910d1 100644 --- a/docs/importing-sqlite.md +++ b/docs/importing-sqlite.md @@ -20,4 +20,7 @@ Run this command (make sure to replace `` with a f ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=' --tags=import-sqlite-db -**Note**: `` must be a file path to a `homeserver.db` file on the server (not on your local machine!). +**Notes**: + +- `` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!). +- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise. diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index d385bc9cb..14d5cdb90 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -45,7 +45,7 @@ docker run \ --log-driver=none \ --network=matrix \ --env-file=/matrix/postgres/env-postgres-psql \ -postgres:12.4-alpine \ +postgres:13.0-alpine \ pg_dumpall -h matrix-postgres \ | gzip -c \ > /postgres.sql.gz diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile new file mode 100644 index 000000000..1438a50b9 --- /dev/null +++ b/examples/caddy2/Caddyfile @@ -0,0 +1,147 @@ +matrix.DOMAIN.tld { + @identity { + path /_matrix/identity/* + } + + @noidentity { + not path /_matrix/identity/* + } + + @search { + path /_matrix/client/r0/user_directory/search/* + } + + @nosearch { + not path /_matrix/client/r0/user_directory/search/* + } + + @static { + path /matrix/static-files/* + } + + @nostatic { + not path /matrix/static-files/* + } + + header { + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" + 167,9 79% + } + + # Cache + header @static { + # Cache + Cache-Control "public, max-age=31536000" + defer + } + + # identity + handle @identity { + reverse_proxy localhost:8090 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } + } + + # search + handle @search { + reverse_proxy localhost:8090 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } + } + + handle { + encode zstd gzip + + reverse_proxy localhost:8008 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } + } +} + +matrix.DOMAIN.tld:8448 { + handle { + encode zstd gzip + + reverse_proxy 127.0.0.1:8048 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } + } +} + +dimension.DOMAIN.tld { +header { + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" + } + + handle { + encode zstd gzip + + reverse_proxy localhost:8184 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } + } +} + +element.DOMAIN.tld { + header { + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" + } + + handle { + encode zstd gzip + + reverse_proxy localhost:8765 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } +} diff --git a/examples/host-vars.yml b/examples/host-vars.yml index 64d120977..409f344a3 100644 --- a/examples/host-vars.yml +++ b/examples/host-vars.yml @@ -4,6 +4,9 @@ # Note: this playbook does not touch the server referenced here. # Installation happens on another server ("matrix."). # +# If you've deployed using the wrong domain, you'll have to run the Uninstalling step, +# because you can't change the Domain after deployment. +# # Example value: example.com matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5c803a092..c9ab5ef74 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -18,8 +18,6 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" -matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}" - ###################################################################### # # /matrix-base @@ -1045,6 +1043,8 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" +matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}" + ###################################################################### # # /matrix-synapse-admin diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c70781b31..3fbbd76ea 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. -# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server -matrix_riot_jitsi_preferredDomain: '' +# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server +matrix_client_element_jitsi_preferredDomain: '' # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. -# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md -matrix_riot_e2ee_default: true +# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md +matrix_client_element_e2ee_default: true # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 2afb68e10..e504bfe92 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -1,19 +1,10 @@ --- -- set_fact: - matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - -- name: Fail if running on Ansible < 2.5 +# We generally support Ansible 2.7.0 and above. +- name: Fail if running on Ansible < 2.7 fail: - msg: "{{ matrix_ansible_outdated_fail_msg }}" - when: "ansible_version.major <= 2 and ansible_version.minor < 5" - -# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`. -# The bug has been fixed in Ansible 2.5.2. -- name: Fail if running on Ansible 2.5.x (lower than 2.5.2) - fail: - msg: "{{ matrix_ansible_outdated_fail_msg }}" - when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2" + msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" + when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)" - name: (Deprecation) Catch and report renamed settings fail: diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index 295643e91..ab5e81119 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -17,6 +17,9 @@ uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present group: "{{ matrix_user_groupname }}" + home: "{{ matrix_base_data_path }}" + create_home: no + system: yes register: matrix_user - name: Set Matrix Group UID Variable diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index a4c1c4391..6dc5ff23c 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -18,12 +18,18 @@ ] } {% endif %} - {% if matrix_riot_jitsi_preferredDomain %}, + {% if matrix_client_element_jitsi_preferredDomain %}, + "io.element.jitsi": { + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} - {% if not matrix_riot_e2ee_default %}, + {% if not matrix_client_element_e2ee_default %}, + "io.element.e2ee": { + "default": false + }, "im.vector.riot.e2ee": { "default": false } diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index a502690e9..8f4a2c2f5 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -3,7 +3,7 @@ matrix_bot_matrix_reminder_bot_enabled: true -matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-0.1.0" +matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-v0.2.0" matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}" matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot" diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 58dde6a04..eef7d070c 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -3,7 +3,7 @@ matrix_appservice_slack_enabled: true -matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair" +matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.5.0" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 4c4b74a58..b94c399ae 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix mx-puppet-instagram bridge +Description=Matrix Mx Puppet Instagram server {% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} Requires={{ service }} After={{ service }} diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 8592c2700..5219bcc33 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -2,7 +2,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_docker_image: "vectorim/riot-web:v1.7.5" +matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element" @@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" matrix_client_element_permalinkPrefix: "https://matrix.to" +matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" +matrix_client_element_showLabsSettings: true # Element public room directory server(s) matrix_client_element_roomdir_servers: ['matrix.org'] -matrix_client_element_welcome_user_id: "@riot-bot:matrix.org" +matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/matrix-client-element/templates/config.json.j2 b/roles/matrix-client-element/templates/config.json.j2 index bb8d6571f..e87907e43 100644 --- a/roles/matrix-client-element/templates/config.json.j2 +++ b/roles/matrix-client-element/templates/config.json.j2 @@ -20,8 +20,8 @@ "integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }}, "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }}, "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }}, - "bug_report_endpoint_url": "https://riot.im/bugreports/submit", - "enableLabs": true, + "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }}, + "showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }}, "roomDirectory": { "servers": {{ matrix_client_element_roomdir_servers|to_json }} }, diff --git a/roles/matrix-client-element/templates/welcome.html.j2 b/roles/matrix-client-element/templates/welcome.html.j2 index b29183937..b45a9766f 100644 --- a/roles/matrix-client-element/templates/welcome.html.j2 +++ b/roles/matrix-client-element/templates/welcome.html.j2 @@ -97,19 +97,10 @@ h1::after { color: #2e2f32 !important; } -.mx_ButtonHeadline { - margin-bottom: 14px; -} - .mx_ButtonLabel { margin-left: 20px; } -.mx_ButtonWrapperText { - font-size: 13px; - margin-bottom: 10px; -} - .mx_Header_title { font-size: 24px; font-weight: 600; @@ -128,7 +119,7 @@ h1::after { } .mx_ButtonCreateAccount { - background-color: #03B381; + background-color: #0DBD8B; color: white !important; } @@ -150,6 +141,32 @@ h1::after { background-image: url('welcome/images/icon-room-directory.svg'); } +/* +.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component +If it is set on the page, we should show the buttons. Otherwise, we have to assume +we don't have an account and should hide them. No account == no guest account either. + */ +.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions { + display: none; +} + +.mx_ButtonRow.mx_WelcomePage_guestFunctions { + margin-top: 20px; +} +.mx_ButtonRow.mx_WelcomePage_guestFunctions > div { + margin: 0 auto; +} + +@media only screen and (max-width: 480px) { + .mx_ButtonRow { + flex-direction: column; + } + + .mx_ButtonRow > * { + margin: 0 0 10px 0; + } +} +
@@ -175,17 +192,10 @@ h1::after { See https://github.com/vector-im/riot-web/issues/8622. TODO: Convert to config option if possible. --> -
+ diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index f077b4655..52681a30b 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 770f5bcb3..33e7212c4 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -27,7 +27,7 @@ matrix_dimension_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_dimension_container_extra_arguments: [] -matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot" +matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element" matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar" matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 6b824a234..da69307df 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine" matrix_postgres_docker_image_v10: "postgres:10.14-alpine" matrix_postgres_docker_image_v11: "postgres:11.9-alpine" matrix_postgres_docker_image_v12: "postgres:12.4-alpine" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}" +matrix_postgres_docker_image_v13: "postgres:13.0-alpine" +matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}' diff --git a/roles/matrix-postgres/tasks/import_sqlite_db.yml b/roles/matrix-postgres/tasks/import_sqlite_db.yml index fe0deba89..c877ead49 100644 --- a/roles/matrix-postgres/tasks/import_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_sqlite_db.yml @@ -81,6 +81,6 @@ --entrypoint=python -v {{ matrix_synapse_config_dir_path }}:/data -v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store - -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro + -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }} {{ matrix_synapse_docker_image }} /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index 805d0cbd5..9032c15e0 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -49,3 +49,8 @@ set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}" when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" + +- name: Determine corresponding Docker image to detected version (use 12.x, if detected) + set_fact: + matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}" + when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index aec38703a..17de06365 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git" matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1" +matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c6f24fb14..8ea12850c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 508da3794..13255845f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -399,11 +399,10 @@ retention: # min_lifetime: 1d # max_lifetime: 1y - # Retention policy limits. If set, a user won't be able to send a - # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime' - # that's not within this range. This is especially useful in closed federations, - # in which server admins can make sure every federating server applies the same - # rules. + # Retention policy limits. If set, and the state of a room contains a + # 'm.room.retention' event in its state which contains a 'min_lifetime' or a + # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy + # to these limits when running purge jobs. # #allowed_lifetime_min: 1d #allowed_lifetime_max: 1y @@ -423,18 +422,19 @@ retention: # 'longest_max_lifetime' of '3d' will handle every room with a retention policy # which 'max_lifetime' is lower than or equal to three days. # - # The rationale for this per-job configuration is that some rooms might have a - # retention policy with a low 'max_lifetime', where history needs to be purged - # of outdated messages on a more frequent basis than for the rest of the rooms - # (e.g. every 12h), but not want that purge to be performed by a job that's - # iterating over every room it knows, which could be heavy on the server. + # If any purge job is configured, it is strongly recommended to have at least + # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime' + # set, or one job without 'shortest_max_lifetime' and one job without + # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if + # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a + # room's policy to these values is done after the policies are retrieved from + # Synapse's database (which is done using the range specified in a purge job's + # configuration). # #purge_jobs: - # - shortest_max_lifetime: 1d - # longest_max_lifetime: 3d + # - longest_max_lifetime: 3d # interval: 12h # - shortest_max_lifetime: 3d - # longest_max_lifetime: 1y # interval: 1d # Inhibits the /requestToken endpoints from returning an error that might leak @@ -1957,9 +1957,7 @@ email: # Directory in which Synapse will try to find the template files below. # If not set, default templates from within the Synapse package will be used. # - # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. - # If you *do* uncomment it, you will need to make sure that all the templates - # below are in the directory. + # Do not uncomment this setting unless you want to customise the templates. # # Synapse will look for the following templates in this directory: #