Commit Graph

149 Commits

Author SHA1 Message Date
Slavi Pantaleev
2848322461 Remove some remaining _database_password usage in favor of _postgres_pasword
The only one that remains is `matrix_synapse_database_password`, but
that's something old and should be dealt with separately in the future
(unless it remains as it is).
2020-12-14 12:19:35 +02:00
Slavi Pantaleev
6a2dd8088c Fix typo (matrix_telegram_facebook_postgres_hostname -> matrix_mautrix_telegram_postgres_hostname)
Related to 9bf8ce878e.
2020-12-14 12:13:10 +02:00
Slavi Pantaleev
05dd091133 Rename _database_hostname to _postgres_hostname
Should have been done during 2a99e84b5b, but I've missed it.

Because of this, 9bf8ce878e was also incomplete and would have caused
an error.
2020-12-14 12:11:41 +02:00
Slavi Pantaleev
2a99e84b5b Rename Postgres-related variables (matrix*database_* -> matrix*postgres_*)
`matrix_SERVICE_database_engine` remains as it is - the only one with a
`_database_` infix. Postgres-related ones move to `_postgres_`.
2020-12-14 11:19:18 +02:00
Slavi Pantaleev
c0edacbefd Fix matrix_postgres_additional_databases syntax problems 2020-12-14 11:17:12 +02:00
Slavi Pantaleev
d91aa5a060 Do not introduce sub-variables exposing implementation details 2020-12-14 10:52:07 +02:00
b217a2ed69
postgres: set default in playbook to postgres but fallback to sqlite 2020-12-14 07:54:24 +01:00
Slavi Pantaleev
dd994995bc Simplify password for additional Postgres databases
Using the result of `password_hash` works for creating them,
but authentication seems to be failing with some tools like pgloader.

It's possible that we're not escaping things properly somewhere.
Ideally, it'd be nice to solve that. But the easier (and still
relatively safe/good) solution is to just turn that password hash
into a UUID that's safe for passing around without worrying about
escaping.
2020-12-14 01:22:23 +02:00
Slavi Pantaleev
a374d309c8 Make appservice-discord support both SQLite and Postgres
People can toggle between them now. The playbook also defaults
to using SQLite if an external Postgres server is used.

Ideally, we'd be able to create databases/users in external Postgres
servers as well, but our initialization logic (and `docker run` command,
etc.) hardcode too many things right now.
2020-12-14 00:52:25 +02:00
Slavi Pantaleev
46a4034d3e Use "password" for additional Postgres databases, not "pass"
Being more explicit sounds better.
2020-12-14 00:43:03 +02:00
Slavi Pantaleev
d251764c16 Fix syntax issues in matrix_postgres_additional_databases
Quotes are necessary around dictionary field names.

There was a missing `}` as well.
2020-12-13 22:37:04 +02:00
Slavi Pantaleev
0641106370 Allow username of additional Postgres databases to be different
We'll most likely use one that matches the database name, but
it's better to have it configurable.
2020-12-13 22:37:04 +02:00
d9f4914e0d
WIP: postgres: create databases for all services
If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
2020-12-10 18:26:22 +01:00
Slavi Pantaleev
c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Slavi Pantaleev
a5ae7e9ef0 Add self-building support to matrix-corporal 2020-12-04 01:48:08 +02:00
Slavi Pantaleev
04da1bddf7 Update matrix-mautrix-facebook config a bit
This also disables presence if it's disabled for Synapse.
2020-12-01 11:55:18 +02:00
Slavi Pantaleev
b354155d7c Make JVB websockets reverse-proxying work 2020-11-27 17:57:15 +02:00
Slavi Pantaleev
d235335507 Do not mount /matrix/ssl into matrix-coturn when matrix_ssl_retrieval_method is 'none'
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734

Similar to 12867e9f18, but for `matrix-coturn` (not
`matrix-nginx-proxy`).
2020-11-26 10:08:54 +02:00
anonym
d4ef751052
Update matrix_servers 2020-11-26 01:30:08 +01:00
anonym
732f57cbd9
Note about the max length of the postgres password 2020-11-26 01:24:43 +01:00
Slavi Pantaleev
b5435db338 Fix syntax error in group_vars/matrix_servers 2020-11-11 00:22:09 +02:00
Slavi Pantaleev
4d12a6f8e9
Merge pull request #681 from scottcrossen/slc/ddclient
Dynamic DNS
2020-11-10 23:54:21 +02:00
Slavi Pantaleev
de0987e806 Remove unnecessary variable definition
Related to #681 (Github Pull Request)
2020-11-10 23:51:38 +02:00
Slavi Pantaleev
1427286cec Integrate matrix-dynamic-dns with matrix-nginx-proxy without causing a dependency
We'd like the roles to be self-contained (as much as possible).

Thus, the `matrix-nginx-proxy` shouldn't reference any variables from
other roles. Instead, we rely on injection via
`group_vars/matrix_servers`.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev
73d5faa1f9 Fix variable name typo 2020-11-10 23:30:38 +02:00
Scott Crossen
59bb6b2971 responded to reviewer comments 2020-11-09 13:32:58 -08:00
Scott Crossen
e894befd87 Updates to reviewer comments 2020-11-07 17:53:13 -08:00
Slavi Pantaleev
56ebeb1ae2 Revert "Restore self-building on ARM for Synapse for now"
This reverts commit 7d211b71e2.

The multi-arch images are now available, as discussed in #699 (Github Issue).
2020-10-29 07:35:53 +02:00
Slavi Pantaleev
9a46647010 Make https://matrix.DOMAIN/ redirect to https://element.DOMAIN/
Fixes #696 (Github Issue)
2020-10-28 10:39:12 +02:00
Slavi Pantaleev
5a7d265997 Fix Synapse Admin not working due to unexposed Synapse Admin APIs
Regression since 63a49bb2dc.

Related to #685 (Github Issue).

We now automatically expose the APIs when Synapse Admin is enabled.
2020-10-27 20:33:37 +02:00
Slavi Pantaleev
7d211b71e2 Restore self-building on ARM for Synapse for now
While v1.22.0 supposedly has multi-arch Docker images
(thanks to https://github.com/matrix-org/synapse/pull/7921),
I can't them on Docker Hub yet, so I'm backing out of this change
for now and letting people fall back to self-building there.
2020-10-27 14:32:32 +02:00
Slavi Pantaleev
70f0b97a0a Upgrade Synapse (v1.21.2 -> v1.22.0) 2020-10-27 14:24:02 +02:00
Slavi Pantaleev
263727095d
Merge pull request #657 from cnvandijk/feature-client-well-known
Client well known compatibility
2020-09-28 09:19:25 +03:00
Slavi Pantaleev
172bf24df7 Enable self-building of matrix-synapse-admin on non-amd64
Related to #658 (Github Issue).
2020-09-28 09:06:39 +03:00
Chris van Dijk
f6b0f0a477 Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element 2020-09-26 16:24:09 +00:00
Slavi Pantaleev
da38a7869f Add matrix-registration support 2020-09-01 13:46:05 +03:00
Slavi Pantaleev
b117dc0cb7 Fix self-check certificate validation when not self-signed 2020-09-01 11:44:44 +03:00
Slavi Pantaleev
9952ec6c16 Upgrade Synapse (v1.18.0 -> v1.19.0) 2020-08-17 17:02:40 +03:00
Slavi Pantaleev
296bd6e211
Fix variable name typo 2020-07-22 12:04:49 +03:00
Slavi Pantaleev
b2ae669566 Add synapse-admin support
Fixes #562 (Github Issue)
2020-07-22 08:10:26 +03:00
Slavi Pantaleev
78b1ef9a5f Add support for matrix-reminder-bot 2020-07-20 14:13:08 +03:00
Slavi Pantaleev
c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Hugues Morisset
57f498217a Add mx-puppet-steam 2020-07-01 21:01:00 +02:00
Hugues Morisset
42e7f5e9bc Add mx-puppet-discord 2020-07-01 13:31:31 +02:00
Slavi Pantaleev
9686a0fc5b Expose mx-puppet-twitter port when matrix-nginx-proxy disabled 2020-06-30 17:39:19 +03:00
Slavi Pantaleev
744667b270 Merge branch 'master' into mx-puppet-twitter 2020-06-30 17:37:19 +03:00
Slavi Pantaleev
31f9e7bbea
Merge pull request #551 from jdreichmann/feat-mx-puppet-instagram
Add mx-puppet-instagram
2020-06-30 17:33:37 +03:00
Tulir Asokan
13186a1ddc Add mx-puppet-twitter
Signed-off-by: Tulir Asokan <tulir@maunium.net>
2020-06-29 15:28:43 +03:00
Slavi Pantaleev
635f385971 Use pre-built arm64 image for ma1sd
ma1sd 2.4.0 announced experimental support for arm64.
We're making use of those arm64 images instead of self-building.
2020-06-29 14:53:23 +03:00
teutat3s
0162fe31d1
Re-enable ma1sd user directory search 2020-06-28 21:47:39 +02:00