Commit Graph

380 Commits

Author SHA1 Message Date
9c549a185f Auto-purge orphaned Let's Encrypt renewal configuration files 2022-10-25 06:28:24 +03:00
24409766eb Fix 502
ref: 57bb340343
2022-10-24 05:42:18 +00:00
9fd3e00b71 Upgrade nginx (1.23.1 -> 1.23.2) 2022-10-23 07:45:54 +03:00
20db57d288 Upgrade certbot (v1.30.0 -> v1.31.0) 2022-10-20 07:40:45 +03:00
1ea1597020 Fix some ansible-lint-reported warnings
This mostly fixes `key-order` warnings around
`block` statements.
2022-09-27 11:38:33 +03:00
89648cf58e Fix some ansible-lint-reported warnings 2022-09-18 12:21:09 +03:00
ef112181a1 Update some Synapse documentation URLs 2022-09-15 10:46:17 +03:00
5f3f460cda Restore support for appservice and user_dir workers 2022-09-15 10:06:56 +03:00
226c550ffa Add support for stream writer Synapse workers
As stream writer workers are also powered by the `generic_worker`
Synapse app, this necessitated that we provide means for distinguishing
between them and regular `generic_workers`.

I've also taken the time to optimize nginx configuration generation
(more Jinja2 macro usage, less duplication).

Worker names have also changed.
Workers are now named sequentially like this:
- `matrix-synapse-worker-0-generic`
- `matrix-synapse-worker-1-stream-writer-typing`
- `matrix-synapse-worker-2-pusher`

instead of `matrix-synapse-worker_generic_worker-18111` (indexed with a
port number).

People who modify `matrix_synapse_workers_enabled_list` directly will
need to adjust their configuration.
2022-09-15 08:10:04 +03:00
f12206676f Upgrade Synapse (v1.66.0 -> 1.67.0) and remove frontend_proxy workers
`frontend_proxy` workers have been superseded by `generic_worker` workers.
Related to https://github.com/matrix-org/synapse/pull/13645
2022-09-13 15:45:50 +03:00
11f2cda21a Upgrade Certbot (1.28 -> 1.30) 2022-09-09 21:06:17 +03:00
692a7af36a postmoogle feedback 2022-09-09 13:19:25 +03:00
7170545a54 Update nginx-proxy: 1.23.0 -> 1.23.1 2022-08-11 21:48:17 +02:00
1aff2ca247 Fix ansible-lint errors 2022-08-09 10:54:39 +03:00
04f224e634 Merge branch 'master' into conduit 2022-08-09 10:46:03 +03:00
20767b5149 Fixes to enable Conduit in setup-all 2022-08-04 14:35:41 -05:00
8ad1fa085e Use full path when importing SSL setup tasks
This is an attempt to make ansible-lint happy.
2022-07-18 16:48:25 +03:00
d073c7ecb3 More ansible-lint fixes 2022-07-18 13:01:19 +03:00
ddf18eadc7 More ansible-lint fixes 2022-07-18 13:01:17 +03:00
34cdaade08 Use fully-qualified module names for builtin Ansible modules
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1939
2022-07-18 12:58:41 +03:00
a6506cf6ff update nginx 1.21.6 -> 1.23.0 2022-07-17 17:29:50 +03:00
e149f33140 add/unify 'Project source code URL' link across all roles 2022-07-16 23:59:21 +03:00
25b343c8c8 matrix-ntfy: without nginx, bind to 127.0.0.1:2586 2022-07-08 12:02:06 +01:00
2a516a16fb matrix-ntfy: enable WebSocket proxying 2022-07-04 15:31:37 +01:00
ec9f8e2931 Add a role to install 'ntfy' push-notification server.
This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with
simple configuration, and plumbing to add the role to the playbook.

TODO: documentation, self-check, database persistence.
2022-07-04 15:31:29 +01:00
2e4fad6194 Use 127.0.0.1 instead of localhost for federation API when nginx disabled
`localhost` may resolve to `::1` on some IPv6-enabled systems, which will
not work, because we only potentially expose container ports on
`127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`),
not on `::1`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914
2022-07-02 15:02:35 +03:00
5b38ee5371 add missing retry to the apache docker image pull 2022-06-28 08:27:57 +00:00
1727ecd888 Make yamllint happy (take 2)
> Error:   19:3      error    wrong indentation: expected 4 but found 2  (indentation)
2022-06-23 18:00:32 +03:00
9aab7f9c37 Make yamllint happy
Fixup for ba51997f7b
2022-06-23 17:57:59 +03:00
ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
a3a6e14f7b Add matrix_nginx_proxy_proxy_synapse_metrics_addr_{with,sans}_container variables to defaults
We redefine these variables in `group_vars/matrix_servers`, but it's better
to have some defaults in the role as well.
2022-06-22 23:04:27 +03:00
f4cf7b9cc1 Remove unused variable (matrix_nginx_proxy_synapse_workers_enabled_list) definition 2022-06-22 22:17:51 +03:00
f943e82384 Upgrade Certbot (1.27 -> 1.28) 2022-06-22 14:44:12 +03:00
271a8d0a73 Upgrade certbot (v1.23.0 -> v1.27.0) 2022-05-21 10:20:56 +03:00
49da9c76ac Merge pull request from etkecc/matrix-bot-buscarron
add matrix-bot-buscarron
2022-04-25 09:44:35 +03:00
4a0b839768 Automatically do the right thing with regards to Synapse Metrics htpasswd
.. regardless of whether matrix-nginx-proxy runs in a container or not
2022-04-25 09:42:36 +03:00
290754371a add matrix-bot-buscarron 2022-04-23 16:19:24 +03:00
68424e68e5 feat: make synapse htpasswd file path configurable
When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated
2022-04-23 11:13:36 +01:00
acaebfbf67 optional media cache with range requests support () 2022-04-21 10:31:26 +03:00
0364c6c634 Suppress old container cleanup (kill/rm) failures
People often report and ask about these "failures".
More-so previously, when the `docker kill/rm` output was collected,
but it still happens now when people do `systemctl status
matrix-something` and notice that it says "FAILURE".

Suppressing to avoid further time being wasted on saying "this is
expected".
2022-04-11 09:05:33 +03:00
b982733a8a fix typo in document path for the proxy 2022-04-09 19:41:48 +07:00
0d6c0f5df2 Merge pull request from HarHarLinks/master
Fix index in external_prometheus.yml.example.j2
2022-03-18 08:46:15 +02:00
5ed23e81ef Fix index in external_prometheus.yml.example.j2
For an unknown reason prometheus ignored the given "numeric" index and replaced it by 1. This made it not work properly, plus multiple workers of same types were not differentiable. With a "string" index, it works as intended.
2022-03-17 18:37:37 +01:00
2da3768b20 Added retries to the docker pulls () 2022-03-17 17:37:11 +02:00
4ec24ec344 Add support for obtain ECDSA keys ()
* Add support for obtain ECDSA keys

* Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
2022-03-03 18:15:39 +02:00
e53cc026d0 Updated: certbot to v1.23.0 2022-02-22 12:50:21 +01:00
819574b8ba Merge branch 'spantaleev:master' into master 2022-02-05 21:37:53 +01:00
7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
86c36523df Replace ExecStopPost with ExecStop
Reverts b1b4ba501f, 90c9801c56, a3c84f78ca, ..

I haven't really traced it (yet), but on some servers, I'm observing
`ansible-playbook ... --tags=start` completing very slowly, waiting
to stop services. I can't reproduce this on all Matrix servers I manage.
I suspect that either the systemd version is to blame or that some
specific service is not responding well to some `docker kill/rm` command.

`ExecStop` seems to work great in all cases and it's what we've been
using for a very long time, so I'm reverting to that.
2022-02-05 12:13:36 +02:00
33851f1dfa Updated: nginx to 1.21.6-alpine 2022-02-05 10:58:09 +01:00