Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

README.md

@@ -92,7 +92,7 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w
 
 This playbook sets up your server using the following Docker images:
 
-- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Matrix Synapse](https://github.com/matrix-org/synapse) server
+- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver
 
 - [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
 

docs/configuring-playbook-s3.md

@@ -1,9 +1,9 @@
 # Storing Matrix media files on Amazon S3 (optional)
 
-By default, this playbook configures your server to store Matrix Synapse's content repository (`media_store`) files on the local filesystem.
+By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem.
 If that's alright, you can skip this.
 
-If you'd like to store Matrix Synapse's content repository (`media_store`) files on Amazon S3,
+If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3,
 you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
 
 You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy:
@@ -36,4 +36,4 @@ matrix_s3_media_store_bucket_name: "your-bucket-name"
 matrix_s3_media_store_aws_access_key: "access-key-goes-here"
 matrix_s3_media_store_aws_secret_key: "secret-key-goes-here"
 matrix_s3_media_store_region: "eu-central-1"
-```
+```

docs/configuring-playbook-turn.md

@@ -0,0 +1,33 @@
+# TURN server
+
+The playbook installs a [Coturn](https://github.com/coturn/coturn) TURN server by default, so that clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks.
+
+By default, the Synapse chat server is configured, so that it points to the Coturn TURN server installed by the playbook.
+
+
+## Disabling Coturn
+
+If, for some reason, you'd like to prevent the playbook from installing Coturn, you can use the following configuration:
+
+```yaml
+matrix_coturn_enabled: false
+```
+
+In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail.
+
+
+## Using your own external Coturn server
+
+If you'd like to use another TURN server (be it Coturn or some other one), you can configure the playbook like this:
+
+```yaml
+# Disable integrated Coturn server
+matrix_coturn_enabled: false
+
+# Point Synapse to your other Coturn server
+matrix_synapse_turn_uris:
+- turns:HOSTNAME_OR_IP?transport=udp
+- turns:HOSTNAME_OR_IP?transport=tcp
+- turn:HOSTNAME_OR_IP?transport=udp
+- turn:HOSTNAME_OR_IP?transport=tcp
+```

docs/configuring-playbook.md

@@ -27,11 +27,12 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 ## Other configuration options
 
-- [Enabling Telemetry for your Matrix server](configuring-playbook-telemetry.md) (optional)
+### Additional useful services
 
-- [Controlling Matrix federation](configuring-playbook-federation.md) (optional)
+- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md))
 
-- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
+
+### Core service adjustments
 
 - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
 
@@ -47,6 +48,20 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced)
 
+- [Adjusting TURN server configuration](configuring-playbook-turn.md) (optional, advanced)
+
+
+### Server connectivity
+
+- [Enabling Telemetry for your Matrix server](configuring-playbook-telemetry.md) (optional)
+
+- [Controlling Matrix federation](configuring-playbook-federation.md) (optional)
+
+- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
+
+
+### Authentication and user-related
+
 - [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (optional, advanced)
 
 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced)
@@ -55,6 +70,9 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced)
 
+
+### Bridging other networks
+
 - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)
 
 - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
@@ -62,5 +80,3 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
 
 - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
-
-- [Setting up Dimension](configuring-playbook-dimension.md) (optional)

docs/importing-media-store.md

@@ -1,6 +1,6 @@
 # Importing `media_store` data files from an existing installation (optional)
 
-Run this if you'd like to import your `media_store` files from a previous installation of Matrix Synapse.
+Run this if you'd like to import your `media_store` files from a previous installation of Synapse.
 
 
 ## Prerequisites
@@ -19,4 +19,4 @@ Run this command (make sure to replace `<server-path-to-media_store>` with a pat
 
 	ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_media_store=<server-path-to-media_store>' --tags=import-media-store
 
-**Note**: `<server-path-to-media_store>` must be a file path to a `media_store` directory on the server (not on your local machine!).
+**Note**: `<server-path-to-media_store>` must be a file path to a `media_store` directory on the server (not on your local machine!).

docs/importing-postgres.md

@@ -1,6 +1,6 @@
 # Importing an existing Postgres database from another installation (optional)
 
-Run this if you'd like to import your database from a previous installation of Matrix Synapse.
+Run this if you'd like to import your database from a previous installation of Synapse.
 (don't forget to import your `media_store` files as well - see [the importing-media-store guide](importing-media-store.md)).
 
 

docs/importing-sqlite.md

@@ -1,12 +1,12 @@
 # Importing an existing SQLite database from another installation (optional)
 
-Run this if you'd like to import your database from a previous default installation of Matrix Synapse.
+Run this if you'd like to import your database from a previous default installation of Synapse.
 (don't forget to import your `media_store` files as well - see [the importing-media-store guide](importing-media-store.md)).
 
-While this playbook always sets up PostgreSQL, by default a Matrix Synapse installation would run
+While this playbook always sets up PostgreSQL, by default a Synapse installation would run
 using an SQLite database.
 
-If you have such a Matrix Synapse setup and wish to migrate it here (and over to PostgreSQL), this command is for you.
+If you have such a Synapse setup and wish to migrate it here (and over to PostgreSQL), this command is for you.
 
 
 ## Prerequisites
@@ -20,4 +20,4 @@ Run this command (make sure to replace `<server-path-to-homeserver.db>` with a f
 
 	ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=<server-path-to-homeserver.db>' --tags=import-sqlite-db
 
-**Note**: `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` file on the server (not on your local machine!).
+**Note**: `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` file on the server (not on your local machine!).

roles/matrix-mailer/defaults/main.yml

@@ -2,7 +2,7 @@ matrix_mailer_enabled: true
 
 matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
 
-matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
+matrix_mailer_docker_image: "devture/exim-relay:4.91-r3-0"
 
 # The user/group that the container runs with.
 # These match the `exim` user/group within the container image.

roles/matrix-nginx-proxy/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
 # those as more frequently out of date.
-matrix_nginx_proxy_docker_image: "nginx:1.15.10-alpine"
+matrix_nginx_proxy_docker_image: "nginx:1.15.12-alpine"
 
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
 matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"

roles/matrix-riot-web/defaults/main.yml

@@ -1,6 +1,6 @@
 matrix_riot_web_enabled: true
 
-matrix_riot_web_docker_image: "bubuntux/riot-web:v1.0.7"
+matrix_riot_web_docker_image: "bubuntux/riot-web:v1.0.8"
 
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
 

roles/matrix-synapse/defaults/main.yml

@@ -119,26 +119,26 @@ matrix_synapse_auto_join_rooms: []
 # automatically if they don't already exist.
 matrix_synapse_autocreate_auto_join_rooms: true
 
-# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup.
+# Controls password-peppering for Synapse. Not to be changed after initial setup.
 matrix_synapse_password_config_pepper: ""
 
-# Controls the number of events that Matrix Synapse caches in memory.
+# Controls the number of events that Synapse caches in memory.
 matrix_synapse_event_cache_size: "100K"
 
-# Controls cache sizes for Matrix Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
+# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
 # Raise this to increase cache sizes or lower it to potentially lower memory use.
 # To learn more, see:
 # - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
 # - https://github.com/matrix-org/synapse/issues/3939
 matrix_synapse_cache_factor: 0.5
 
-# Controls whether Matrix Synapse will federate at all.
+# Controls whether Synapse will federate at all.
 # Disable this to completely isolate your server from the rest of the Matrix network.
 # Also see: `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,
 # but want to stop the TLS listener (port 8448).
 matrix_synapse_federation_enabled: true
 
-# A list of domain names that are allowed to federate with the given Matrix Synapse server.
+# A list of domain names that are allowed to federate with the given Synapse server.
 # An empty list value (`[]`) will also effectively stop federation, but if that's the desired
 # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
 matrix_synapse_federation_domain_whitelist: ~

roles/matrix-synapse/tasks/import_media_store.yml

@@ -73,7 +73,7 @@
 # We don't chown for Goofys, because due to the way it's mounted,
 # all files become owned by whoever needs to own them.
 
-- name: Ensure Matrix Synapse is started (if it previously was)
+- name: Ensure Synapse is started (if it previously was)
   service:
     name: "{{ item }}"
     state: started

roles/matrix-synapse/tasks/register_user.yml

@@ -22,7 +22,7 @@
     daemon_reload: yes
   register: start_result
 
-- name: Wait a while, so that Matrix Synapse can manage to start
+- name: Wait a while, so that Synapse can manage to start
   pause:
     seconds: 7
   when: start_result.changed

roles/matrix-synapse/tasks/setup_synapse_main.yml

@@ -1,7 +1,7 @@
 ---
 
 # This will throw a Permission Denied error if already mounted using fuse
-- name: Check Matrix Synapse media store path
+- name: Check Synapse media store path
   stat:
     path: "{{ matrix_synapse_media_store_path }}"
   register: local_path_media_store_stat
@@ -9,7 +9,7 @@
 
 # This is separate and conditional, to ensure we don't execute it
 # if the path already exists or we failed to check, because it's mounted using fuse.
-- name: Ensure Matrix media store path exists
+- name: Ensure Synapse media store path exists
   file:
     path: "{{ matrix_synapse_media_store_path }}"
     state: directory
@@ -18,21 +18,23 @@
     group: "{{ matrix_user_username }}"
   when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
 
-- name: Ensure Matrix Docker image is pulled
+- name: Ensure Synapse Docker image is pulled
   docker_image:
     name: "{{ matrix_synapse_docker_image }}"
 
-- name: Check if a Matrix Synapse configuration exists
+- name: Check if a Synapse signing key exists
   stat:
-    path: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
+    path: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key"
-  register: matrix_synapse_config_stat
+  register: matrix_synapse_signing_key_stat
 
-# We do this mostly so that the keys would get generated.
+# We do this so that the signing key would get generated.
-# We'll replace the rest of the configuration with our own templates below.
+#
+# This will also generate a default homeserver.yaml configuration file and a log configuration file.
+# We don't care about those configuraiton files, as we replace them with our own anyway (see below).
 #
 # We don't use the `docker_container` module, because using it with `cap_drop` requires
 # a very recent version, which is not available for a lot of people yet.
-- name: Generate initial Matrix config
+- name: Generate initial Synapse config and signing key
   command: |
     docker run
     --rm
@@ -45,15 +47,15 @@
     -e SYNAPSE_REPORT_STATS=no
     {{ matrix_synapse_docker_image }}
     generate
-  when: "not matrix_synapse_config_stat.stat.exists"
+  when: "not matrix_synapse_signing_key_stat.stat.exists"
 
-- name: Ensure Matrix homeserver config installed
+- name: Ensure Synapse homeserver config installed
   template:
     src: "{{ matrix_synapse_template_synapse_homeserver }}"
     dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
     mode: 0644
 
-- name: Ensure Matrix log config installed
+- name: Ensure Synapse log config installed
   template:
     src: "{{ matrix_synapse_template_synapse_log }}"
     dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"

roles/matrix-synapse/tasks/setup_synapse_pre.yml

@@ -4,7 +4,7 @@
     matrix_synapse_media_store_parent_path: "{{ matrix_synapse_media_store_path|dirname }}"
     matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path|basename }}"
 
-- name: Ensure Matrix Synapse paths exist
+- name: Ensure Synapse paths exist
   file:
     path: "{{ item }}"
     state: directory
@@ -17,4 +17,4 @@
     - "{{ matrix_synapse_ext_path }}"
     # We handle matrix_synapse_media_store_path elsewhere (in setup_synapse_main.yml),
     # because if it's using Goofys and it's already mounted (from before),
-    # trying to chown/chmod it here will cause trouble.
+    # trying to chown/chmod it here will cause trouble.

roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2

@@ -1,5 +1,5 @@
 [Unit]
-Description=Matrix Synapse server
+Description=Synapse server
 {% for service in matrix_synapse_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}