Commit Graph

10425 Commits

Author SHA1 Message Date
Slavi Pantaleev
6124effbe1 Register shared-secret-auth password provider first
For people using multiple password providers, it makes sense
to have the fastest one (which doesn't make network requests) be first.
2018-12-21 10:16:36 +02:00
Slavi Pantaleev
40626ff8df Upgrade Synapse (0.33.9/Python 2 -> 0.33.4/Python 3) 2018-12-21 10:15:58 +02:00
Slavi Pantaleev
9f163b2bf5 Do not disable SELinux on RedHat systems
It looks like SELinux can be left running without any (so far) negative
effects on our Matrix services.

There's no need to use `:z` or `:Z` options when mounting volumes either.
This means that files we create are labeled with a default context
(which may not be ideal if we only want them used from containers),
but it's compatible and doesn't cause issues.

Relabelling files is probably something we wish to stay away from,
especially for things like the media store, which contains lots of
files and is possibly on a fuse-mounted (S3/goofys) filesystem.
2018-12-20 15:30:43 +02:00
Slavi Pantaleev
b9e5ad6c66 Upgrade Docker images for various components 2018-12-20 15:10:53 +02:00
Slavi Pantaleev
97280c7cc1 Change Goofys Docker image (clodproto/goofys -> ewoutp/goofys)
The new image is built in a much better way (2-stage build)
and is 10x smaller.

In terms of Goofys version recency, it's about the same..
Both images (and others alike) seem to not use version tags,
but rather some `:latest` (master), with ewoutp/goofys being a bit
more recent than clodproto/goofys.

Not using version tags is good (in this case),
because the last Goofys release seems to be from about a year ago
and there had been a bunch of bugfixes afterwards.
2018-12-20 14:30:24 +02:00
Slavi Pantaleev
bfcceb1e82 Make it safer to override matrix_synapse_media_store_path
This is described in Github issue #58.

Until now, we had the variable, but if you redefined it, you'd run
into multiple problems:

- we actually always mounted some "storage" directory to the Synapse
container. So if your media store is not there, you're out of luck

- homeserver.yaml always hardcoded the path to the media store,
as a directory called "media-store" inside the storage directory.

Relocating to outside the storage directory was out of the question.

Moreover, even if you had simply renamed the media store directory
(e.g. "media-store" -> "media_store"), it would have also caused trouble.

With this patch, we mount the media store's parent to the Synapse container.
This way, we don't care where the media store is (inside storage or
not). We also don't assume (anymore) that the final part of the path
is called "media-store" -- anything can be used.

The "storage" directory and variable (`matrix_synapse_storage_path`)
still remain for compatibility purposes. People who were previously
overriding `matrix_synapse_storage_path` can continue doing so
and their media store will be at the same place.

The playbook no longer explicitly creates the `matrix_synapse_storage_path` directory
though. It's not necessary. If the media store is specified to be within it, it will
get created when the media store directory is created by the playbook.
2018-12-20 13:39:01 +02:00
Slavi Pantaleev
e693b12d28 Relocate fail check to a better place 2018-12-20 13:00:07 +02:00
Slavi Pantaleev
60c7af93fe Do not restart matrix-nginx-proxy during media store import
Previously, it was more necessary to have it
(because we had a dependency between matrix-synapse and matrix-nginx-proxy)..
But nowadays, it can be removed without negative side effects.

Restarting matrix-nginx-proxy is especially bad when the proxy is not installed at all.
2018-12-14 16:34:23 +09:00
Slavi Pantaleev
4fd8b66b6e Update documentation about email configuration (relayhost brackets)
Relay hostnames that have MX records are looked up by postfix
and the MX record's payload is used instead.

This special behavior may be undesirable, so we make sure to
point it out.
2018-12-13 16:32:10 +09:00
Slavi Pantaleev
2b2409bf1e Update documentation about email configuration
This makes it explicit that outgoing traffic (25/587) needs
to be let through, as well as documenting how to debug
other non-delivery issues.
2018-12-13 15:19:01 +09:00
Slavi Pantaleev
59afa841cb Add unintentionally removed quote 2018-12-13 14:44:27 +09:00
Slavi Pantaleev
bf8023057a Fix SQLite importing failure
Fixes a problem where importing would lead to this error:
    Cannot link to /matrix-postgres, as it does not belond to the default network.
2018-12-13 14:40:30 +09:00
Slavi Pantaleev
b11a4c07a8 Upgrade mxisd (1.2.0 -> 1.2.1) 2018-12-13 10:18:56 +09:00
Slavi Pantaleev
fcf43eeacc Fix "missing translation" warning on riot-web homepage
Small bugfix related to #55
2018-12-12 10:48:30 +09:00
Slavi Pantaleev
ed2ae4b4d2 Merge pull request #55 from anadahz/feature/custom-riot-home
Enable support for custom HTML in riot-web homepage
2018-12-12 10:12:11 +09:00
Slavi Pantaleev
e63855e504 Merge pull request #56 from aaronraimist/link-to-homeowners
Link to Synapse Homeowners room
2018-12-12 09:55:57 +09:00
Aaron Raimist
92ef6986a2 Link to Synapse Homeowners room 2018-12-11 10:15:09 -06:00
anadahz
57bfb970a9 Enable support for custom HTML in riot-web homepage
* Add default template file for homepage HTML
* Add default riot-web config options for homepage
2018-12-11 13:48:54 +00:00
Slavi Pantaleev
cb874da1f7 Merge pull request #52 from aaronraimist/utf8-encoding
Add utf8 encoding option to log config
2018-12-05 10:57:23 +09:00
Slavi Pantaleev
9fc589bf54 Merge pull request #53 from haslersn/enhancement/support-configuring-mxisd
Support configuring mxisd's identity stores (two of them)
2018-12-05 10:56:09 +09:00
haslersn
22523c0e42 Support configuring mxisd's identity stores (two of them)
mxisd supports several identity stores. Add support to configure two of them:

* synapseSql (storing identities directly in Synapse's database)
* LDAP

This removed the need to copy `mxisd.yaml.j2` to the inventory in case one wants
to use LDAP as identity store. Note that the previous solution (copying
`mxisd.yaml.j2` was poor because of two reasons:

* The copy remains outdated in case the original is updated in future versions
  of this repo.
* The role's configuration should be in one place (configured only through role
  variables) instead of in multiple.

Configuring more identity stores through role variables can be supported in the
future.
2018-12-04 17:19:49 +01:00
Aaron Raimist
9028e3714e Add utf8 encoding option to log config 2018-12-04 09:34:32 -06:00
Slavi Pantaleev
ea549403d4 Merge pull request #47 from izissise/latest-mautrix-telegram
Set default mautrix-telegram image to 0.4.0
2018-12-01 03:29:26 +01:00
Hugues Morisset
f8987cb775 Set default mautrix-telegram image to 0.4.0 2018-11-30 19:32:29 +01:00
Slavi Pantaleev
9dad4c7c2d Fix /.well-known/matrix/client for CORS
This is provoked by Github issue #46.

No client had made use of the well-known mechanism
so far, so the set up performed by this playbook was not tested
and turned out to be a little deficient.

Even though /.well-known/matrix/client is usually requested with a
simple request (no preflight), it's still considered cross-origin
and [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
applies. Thus, the file always needs to be served with the appropriate
`Access-Control-Allow-Origin` header.

Github issue #46 attempts to fix it at the "reverse-proxying" layer,
which may work, but would need to be done for every server.
It's better if it's done "upstream", so that all reverse-proxy
configurations can benefit.
2018-11-29 09:13:25 +02:00
Slavi Pantaleev
a27d9f5cad Merge pull request #45 from tvo6/new-cmds
New scripts
2018-11-28 11:24:31 +01:00
Thomas vO
cf6d8c9445 update changelog 2018-11-28 11:05:35 +01:00
Thomas vO
bb849bd34f Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into new-cmds 2018-11-28 11:03:47 +01:00
Thomas vO
caba16ea0d add script + doc to remove everything 2018-11-28 11:02:51 +01:00
Thomas vO
2bdc35de63 add script + doc to change a user to admin 2018-11-28 11:02:15 +01:00
Slavi Pantaleev
3fec9dfa0e Add LDAP auth password provider documentation and changelog description 2018-11-28 11:21:03 +02:00
Slavi Pantaleev
9f212adc1d Rename variable (matrix_synapse_ext_password_provider_ldap -> matrix_synapse_ext_password_provider_ldap_enabled)
This makes it more consistent with other usage throughout the playbook.
2018-11-28 11:19:19 +02:00
Slavi Pantaleev
cee31a8ab5 Merge pull request #44 from tvo6/ldap-auth
Add LDAP auth support
2018-11-28 09:53:23 +01:00
Thomas vO
bbf8928831 fix template and vars for ldap auth, add setup 2018-11-28 09:04:09 +01:00
Thomas vO
9cf9a1ec54 [auth-ldap] add template + vars for ldap auth 2018-11-27 16:40:22 +01:00
Slavi Pantaleev
18e1dda4c8 Revert "Update riot-web (0.17.6 -> 0.17.7)"
As Github issue #42 says, 0.17.7 is not available.
We shouldn't have tried to use it.

This reverts commit 529b5b222d.
2018-11-27 16:40:26 +02:00
Slavi Pantaleev
98b6492a08 Make it clearer that not all components are necessary 2018-11-26 10:35:08 +02:00
Slavi Pantaleev
5533db8a28 Add a note about trying to use local PostgreSQL instances 2018-11-26 07:27:53 +02:00
Slavi Pantaleev
733b806833 Annotate certain features as optional/advanced
We've had some people get confused into installing
Matrix Corporal and having pain with that.

With this documentation change, we try to make it clearer
that it's an advanced feature not to be touched unless
you know what you're doing.

On a similar note, we also make sure other things are properly
labeled as "(optional)" and/or "(advanced)".
2018-11-26 07:23:42 +02:00
Slavi Pantaleev
529b5b222d Update riot-web (0.17.6 -> 0.17.7) 2018-11-25 09:57:30 +02:00
Slavi Pantaleev
46bc2a4412 Add information about the IRC support channel 2018-11-23 13:23:01 +02:00
Slavi Pantaleev
2d3f5b21f7 Update changelog 2018-11-23 11:21:30 +02:00
Slavi Pantaleev
5b70ec67a4 Add support for controlling Synapse's autocreate_auto_join_rooms 2018-11-23 11:16:40 +02:00
Slavi Pantaleev
de91293d0d Update homeserver.yaml with new options and comments from upstream 2018-11-23 11:16:00 +02:00
Slavi Pantaleev
a454feb5df Render trusted_third_party_id_servers more prettily 2018-11-23 11:07:22 +02:00
Slavi Pantaleev
bc15db3316 Fix a few minor things for consistency
Trying to:

- stay closer to naming in Synapse (autojoin -> auto_join)

- not create new variable namespaces (`matrix_homeserver_`),
when existing ones (`matrix_synapse_`) are more suitable

- allow `null` (`~`) values for `matrix_riot_web_welcome_user_id`

- render things like `auto_join_rooms` in `homeserver.yaml` more prettily

- fix breakage in `config.json` where `matrix_riot_web_roomdir_servers`
was rendered as YAML and not as JSON

- simplify code (especially in riot-web's `config.json`), which used
`if` statements that could have been omitted

- avoid changing comments in `homeserver.yaml` which are not ours,
so that we can keep closer to the configuration file generated by upstream
2018-11-23 11:00:08 +02:00
anadahz
4febb117f4 Merge remote-tracking branch 'upstream/master' into fix/add/config 2018-11-23 00:58:32 +00:00
anadahz
792bed3f5a Fix add/config based on comments by @spantaleev 2018-11-23 00:42:54 +00:00
Slavi Pantaleev
9e07c83088 Merge pull request #40 from aaronraimist/remove-riot-im-is
Remove riot.im from list of trusted identity servers
2018-11-21 07:34:58 +01:00
Aaron Raimist
d13aa7316e Remove riot.im from list of trusted identity servers
This brings the list in line with the new default as of https://github.com/matrix-org/synapse/pull/4207
2018-11-20 20:15:26 -06:00