Commit Graph

107 Commits

Author SHA1 Message Date
5b213e6ad0 Replace constructs appending elements with variables to matrix_synapse_container_extra_arguments. Fixes issue https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/304 2019-11-09 23:16:12 +01:00
73c90e9513 Try to make Synapse config/key generation respect uid/gid
Attempt at fixing #268 (Github Issue)
2019-09-23 18:08:36 +03:00
68ed2ebefa Add support for Synapse Simple Antispam
Fixes #255 (Github Issue).
2019-09-09 08:13:10 +03:00
10a9deba4a Make Synapse configuration extensible 2019-08-22 09:49:22 +03:00
b440d5b73c Remove some fact definitions during runtime 2019-08-22 08:00:02 +03:00
631a14bf0c Rename run control variables for consistency 2019-07-08 09:38:36 +03:00
7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
70487061f4 Prefer --mount instead of -v for mounting volumes
This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.
2019-05-29 09:59:50 +03:00
ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
a8b633561d Upgrade Synapse (v0.99.4 -> v0.99.5.1) 2019-05-23 09:23:04 +09:00
9c23d877fe Fix docker_image option for ansible < 2.8 2019-05-22 05:43:33 -05:00
db15791819 Add source option to docker_image to fix deprecation warning 2019-05-21 10:29:12 -05:00
3982f114af Fix CONDITIONAL_BARE_VARS deprecation warning in ansible 2.8 2019-05-21 10:25:59 -05:00
affb99003c Improve Synapse variable naming consistency 2019-05-21 12:09:38 +09:00
fc7ba153b1 Make matrix-synapse role respect matrix_synapse_enabled flag 2019-05-21 10:46:49 +09:00
8d654aecdd Improve file naming consistency 2019-05-21 09:57:48 +09:00
e3b4622ac8 Split Synapse extension tasks into install/uninstall files 2019-05-18 06:36:54 +09:00
663d1add92 Move matrix-appservice-discord into a separate role 2019-05-18 01:14:12 +09:00
3339e37ce9 Move matrix-appservice-irc into a separate role 2019-05-16 09:07:40 +09:00
43fd3cc274 Move mautrix-facebook into a separate role 2019-05-15 09:34:31 +09:00
bb816df557 Move mautrix telegram and whatsapp into separate roles
The goal is to move each bridge into its own separate role.
This commit starts off the work on this with 2 bridges:
- mautrix-telegram
- mautrix-whatsapp

Each bridge's role (including these 2) is meant to:

- depend only on the matrix-base role

- integrate nicely with the matrix-synapse role (if available)

- integrate nicely with the matrix-nginx-proxy role (if available and if
required). mautrix-telegram bridge benefits from integrating with
it.

- not break if matrix-synapse or matrix-nginx-proxy are not used at all

This has been provoked by #174 (Github Issue).
2019-05-14 23:47:22 +09:00
a82d5ed281 Add tulir mautrix-facebook (https://github.com/tulir/mautrix-facebook) 2019-05-08 17:11:07 +02:00
a206b65ed7 Use the '-p' non-interactive option to generate password hash instead of 'expect' 2019-05-03 11:02:17 +03:00
134faa3139 Add the ability to update user passwords with ansible (when using the matrix-postgres container). 2019-04-30 16:30:26 +03:00
892abdc700 Do not refer to Synapse as "Matrix Synapse" 2019-04-23 10:20:56 +03:00
39566aa7fe Generate a Synapse signing key file, if missing
The code used to check for a `homeserver.yaml` file and generate
a configuration (+ key) only if such a configuration file didn't exist.

Certain rare cases (setting up with one server name and then
changing to another) lead to `homeserver.yaml` being there,
but a `matrix.DOMAIN.signing.key` file missing (because the domain
changed).
A new signing key file would never get generated, because `homeserver.yaml`'s
existence used to be (incorrectly) satisfactory for us.

From now on, we don't mix things up like that.
We don't care about `homeserver.yaml` anymore, but rather
about the actual signing key.

The rest of the configuration (`homeserver.yaml` and
`matrix.DOMAIN.log.config`) is rebuilt by us in any case, so whether
it exists or not is irrelevant and doesn't need checking.
2019-04-23 10:06:42 +03:00
af1c9ae59d Do not force firewalld on people
In most cases, there's not really a need to touch the system
firewall, as Docker manages iptables by itself
(see https://docs.docker.com/network/iptables/).

All ports exposed by Docker containers are automatically whitelisted
in iptables and wired to the correct container.

This made installing firewalld and whitelisting ports pointless,
as far as this playbook's services are concerned.

People that wish to install firewalld (for other reasons), can do so
manually from now on.

This is inspired by and fixes #97 (Github Issue).
2019-04-03 11:37:20 +03:00
73af8f7bbb Make self-check not validate self-signed certificates
By default, `--tags=self-check` no longer validates certificates
when `matrix_ssl_retrieval_method` is set to `self-signed`.

Besides this default, people can also enable/disable validation using the
individual role variables manually.

Fixes #124 (Github Issue)
2019-03-22 09:41:08 +02:00
ceba99eed3 Make federation self-check conditional on matrix_synapse_federation_enabled 2019-03-13 22:33:52 -07:00
2d56ff0afa Skip some uninstall tasks if not necessary to run 2019-03-13 07:40:51 +02:00
f6de3fd668 Start appservice-irc as non-root 2019-03-12 13:17:51 -04:00
390ec8a599 Skip some tasks when not necessary to run them 2019-03-08 12:14:58 +02:00
85c5adfd69 Minor consistency improvements 2019-03-05 09:20:36 +02:00
a310a01818 Use non-root and no-capability containers during Discord setup
Related to #105 (Github Pull Request).
2019-03-05 09:10:51 +02:00
f037f63a07 Merge pull request #105 from Lionstiger/matrix-discord-bridge
Add Support for matrix-appservice-discord
2019-03-05 06:39:46 +00:00
278484656b ensure systemd reloaded after bridge installation 2019-03-04 15:12:37 +01:00
4aeeb5cf31 Autogenerate Discord invite link
Generates the link required to add the Bridge to a Discord server.
2019-03-03 19:33:16 +01:00
835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
45618679f5 Reload systemd services when they get updated
Fixes #69 (Github Issue)
2019-03-03 11:55:15 +02:00
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
433780384e Do not use docker_container module
Using `docker_container` with a `cap_drop` argument requires
Ansible >=2.7.

We want to support older versions too (2.4), so we either need to
stop invoking it with `cap_drop` (insecure), or just stop using
the module altogether.

Since it was suffering from other bugs too (not deleting containers
on failure), we've decided to remove `docker_container` usage completely.
2019-02-25 10:42:27 +02:00
350b25690d Add Riot v1.0 (v1.0.1) support 2019-02-16 11:48:17 +02:00
eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
40f3793af7 Upgrade Synapse to v0.99 and simplify dummy TLS cert logic 2019-02-06 09:17:55 +02:00
f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
1f0cc92b33 Use IPv4 localhost everywhere (or almost everywhere) 2019-02-04 09:49:45 -06:00
a9fae8e3b1 Revert "Use native OpenSSL module to generate passkey.pem"
This reverts commit 0dac5ea508.

Relying on pyOpenSSL is the Ansible way of doing things, but is
impractical and annoying for users.

`openssl` is easily available on most servers, even by default.
We'd better use that.
2019-01-31 20:45:14 +02:00
0dac5ea508 Use native OpenSSL module to generate passkey.pem 2019-01-31 11:38:54 -05:00
3a4a671dd7 Add support for matrix-appservice-irc 2019-01-31 00:37:23 -05:00
bf10331456 Make mautrix-whatsapp run as non-root and w/o capabilities 2019-01-28 15:55:58 +02:00