Commit Graph

853 Commits

Author SHA1 Message Date
631b7cc6a6 Add support for adjusting Synapse rate-limiting configuration 2019-04-01 21:40:14 +03:00
cbd629e7ea Specify that cron is likely required on the server
When using Let's Encrypt SSL certificates, a cronjob is set up to
automatically renew them. Though it does require a `cron`-compatible
program on the server.

This fixes the error that is caused by the `/etc/cron.d` directory
not existing and the `ansible-cron` module trying to write out a
file there -- without checking if the directory exists first.
2019-03-22 17:44:24 +01:00
1939fc9113 Improve documentation a bit 2019-03-19 18:23:54 +02:00
59e37105e8 Add TLS support to Coturn 2019-03-19 10:24:39 +02:00
10d9293121 Indicate that TURN ports are a range 2019-03-13 08:23:10 +02:00
c545d3eb85 Add support for serving base domain via matrix-nginx-proxy 2019-03-12 23:01:16 +02:00
1974935bc6 Update docs a bit 2019-03-12 11:38:59 +02:00
54e79c10a1 Merge pull request #112 from NullIsNot0/master
Fix Dimension documentation
2019-03-10 21:53:33 +02:00
52486356e5 Add some more links to Dimension's homepage 2019-03-10 21:43:03 +02:00
c49ba1c4ab Fix Dimension documentation 2019-03-10 21:41:31 +02:00
a1f9869eb2 Improve documentation about getting the playbook 2019-03-10 17:02:20 +02:00
9f5215c95a Make some additions to Dimension documentation 2019-03-10 13:17:56 +02:00
1bff4893d9 Provide Dimension documentation 2019-03-10 10:12:31 +02:00
ae7e17e64a Add information about mxisd email template customization
Related to #108 (Github Pull Request).
2019-03-08 12:06:50 +02:00
401d7560e9 Make Discord bridging instructions more detailed
It didn't mention `matrix_appservice_discord_client_id` and
`matrix_appservice_discord_bot_token`, which makes it hard for
beginners.

Related to #105 (Github Pull Request).
2019-03-05 09:10:32 +02:00
b5ae0254fd used ` backticks instead of double quotes 2019-03-04 14:41:58 +01:00
faa16617da add documentation 2019-03-03 19:34:30 +01:00
835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
041a1947b3 Update Synapse (0.99.1.1 -> 0.99.2) 2019-03-02 10:03:09 +02:00
6b47ebeaa7 fixed a small path typo in playbook telemetry docs 2019-03-01 07:48:45 +01:00
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
28bd6dc75b Improve Telegram/Whatsapp instructions 2019-02-22 14:50:07 +02:00
747574ab56 Update Prerequisites a bit 2019-02-20 11:39:04 +02:00
b79db89221 Improve wording a bit 2019-02-15 10:03:33 +02:00
fcdc2a6c4f Fix incomplete sentence 2019-02-15 10:01:10 +02:00
eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
70b2f07fec Add PostgreSQL backup information 2019-02-09 14:36:47 +02:00
46accfdb3c Add guide about certificates for other domains
We had something like that on the Server Delegation how-to page,
but it's better if we have it on the SSL certificates page.

Relocated there and improved linking.

Fixes #94 (Github Issue)
2019-02-08 11:59:00 +02:00
f4fa03d4b9 Re-iterate where one can find the well-known files 2019-02-07 19:43:00 +02:00
ef903fe544 Add some quick links 2019-02-06 13:30:24 +02:00
e9cfcb8429 Fix another YAML indentation problem on documentation page 2019-02-06 13:04:19 +02:00
92aa5bfa2d Fix YAML indentation on documentation page 2019-02-06 13:03:26 +02:00
33726cdb08 Fix anchor 2019-02-06 13:02:17 +02:00
5148f8edf4 Update docs 2019-02-06 09:36:03 +02:00
91a757c581 Add support for reloading Synapse 2019-02-06 09:25:13 +02:00
772154f3b9 Update Server Delegation docs a bit 2019-02-05 13:38:20 +02:00
b540427974 Mention alternative ways to do Server Delegation 2019-02-05 13:02:15 +02:00
f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
29b40b428a Database files must be stored on permanent storage 2019-02-01 11:44:06 -05:00
5e8a7fd05b Update own-webserver guide and add sample Apache configuration
This supersedes #59 (Github Pull Request),
which was greatly beneficial in creating our sample Apache configuration.
2019-02-01 16:58:11 +02:00
8681a5dc69 Add 'none' SSL certificate retrieval method 2019-02-01 16:50:25 +02:00
e09b7435d1 Update documentation a bit 2019-02-01 12:26:43 +02:00
cd332d9b4e Add TLS v1.3 support to matrix-nginx-proxy
This was mentioned in #27 (Github Pull Request),
but it's just now that the nginx Docker image actually supports
TLS v1.3 and we can enable it.
2019-02-01 11:49:22 +02:00
a9fae8e3b1 Revert "Use native OpenSSL module to generate passkey.pem"
This reverts commit 0dac5ea508.

Relying on pyOpenSSL is the Ansible way of doing things, but is
impractical and annoying for users.

`openssl` is easily available on most servers, even by default.
We'd better use that.
2019-01-31 20:45:14 +02:00
0dac5ea508 Use native OpenSSL module to generate passkey.pem 2019-01-31 11:38:54 -05:00
0a2a8e118c Update example configuration and documentation 2019-01-31 11:05:27 -05:00
1c057bf06d Correct variable name in documentation 2019-01-31 10:58:45 -05:00
3a4a671dd7 Add support for matrix-appservice-irc 2019-01-31 00:37:23 -05:00
299a8c4c7c Make (most) containers start as non-root
This makes all containers (except mautrix-telegram and
mautrix-whatsapp), start as a non-root user.

We do this, because we don't trust some of the images.
In any case, we'd rather not trust ALL images and avoid giving
`root` access at all. We can't be sure they would drop privileges
or what they might do before they do it.

Because Postfix doesn't support running as non-root,
it had to be replaced by an Exim mail server.

The matrix-nginx-proxy nginx container image is patched up
(by replacing its main configuration) so that it can work as non-root.
It seems like there's no other good image that we can use and that is up-to-date
(https://hub.docker.com/r/nginxinc/nginx-unprivileged is outdated).

Likewise for riot-web (https://hub.docker.com/r/bubuntux/riot-web/),
we patch it up ourselves when starting (replacing the main nginx
configuration).
Ideally, it would be fixed upstream so we can simplify.
2019-01-27 20:25:13 +02:00
c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00