Commit Graph

232 Commits

Author SHA1 Message Date
Slavi Pantaleev
48a4afb114 Make Traefik labels files look better
This moves the comments from being just in Jinja,
to actually ending up in the generated `labels` file,
which makes inspection of the final result easier.

Also, some new lines were added here and there to make labels
more legible.

The generated file may still include weird new-lines due to
various `if` statements yielding content or not, but that's not so ugly
anymore - now that we have proper start/end sections that are visible in
the final `labels` file.
2024-01-15 10:41:15 +02:00
Slavi Pantaleev
b91ad453be Adjust TLS variables for homeservers to follow devture_traefik_config_entrypoint_web_secure_enabled (via matrix_federation_traefik_entrypoint_tls) 2024-01-15 09:39:36 +02:00
Slavi Pantaleev
aff57d67c0 Adjust Synapse OIDC variable wiring and docs
Auto-enabling the OIDC APIs is convenient for people
using the new `matrix_synapse_oidc_*` variables.
2024-01-14 12:34:25 +02:00
Slavi Pantaleev
ee0eb59dc6 Add support for the internal Traefik entrypoint to Dendrite 2024-01-14 10:48:54 +02:00
Slavi Pantaleev
b2aeb8cde9 Rename label-related variables for homeservers
We'd be adding integration with an internal Traefik entrypoint
(`matrix_playbook_internal_matrix_client_api_traefik_entrypoint`),
so renaming helps disambiguate things.

There's no need for deperecation tasks, because the old names
have only been part of this `bye-bye-nginx-proxy` branch and not used by
anyone publicly.
2024-01-14 10:48:54 +02:00
Slavi Pantaleev
39bddefd39 Make addons communicate with the homeserver via a new internal Traefik entrypoint
This also adds labels for Synapse. Support for other homeservers and
components will be added later.
2024-01-14 10:48:54 +02:00
Slavi Pantaleev
74099383cd Adapt external_prometheus.yml.example.j2 to our new metrics exposure setup 2024-01-12 13:01:06 +02:00
Slavi Pantaleev
934b73c849 Remove leftover Synapse metrics code for integrating with matrix-nginx-proxy 2024-01-12 12:57:28 +02:00
Slavi Pantaleev
c0308307e2 Make homeserver services sleep after startup, instead of all dependencies sleeping separately
This is an attempt at optimizing service startup.

The effect is most pronounced when many services are restarted one by one.
The systemd service manager role sometimes does this - for example when `just install-service synapse` runs.
In such cases, a 5-second delay for each Synapse worker service
(or other bridge/bot service that waits on the homeserver) quickly adds up to a lot.

When services are all stopped fully and then started, the effect is not so pronounced, because
`matrix-synapse.service` starts first and pulls all worker services (defined as `Wants=` for it).
Later on, when the systemd service manager role "starts" these worker services, they're started already.
Even if they had a 5-second wait each, it would have happened in parallel.
2024-01-12 12:45:18 +02:00
Slavi Pantaleev
41a52945d6 Add support for exposing metrics for Synapse workers 2024-01-12 12:16:06 +02:00
Slavi Pantaleev
22f5f0ba75 Add support for exposing metrics for Synapse (without workers) 2024-01-12 12:15:57 +02:00
Slavi Pantaleev
3556dd77ef Use variables instead of hardcoding service port numbers in labels for matrix-synapse 2024-01-12 09:31:31 +02:00
Slavi Pantaleev
e5130372b9 Switch matrix_synapse_container_additional_volumes from using -v to --mount
Depending on the `options` that people provide, this may break
compatibility.
2024-01-11 12:12:44 +02:00
Slavi Pantaleev
f257cd9fbe Fix a few incorrect service names in labels for matrix-synapse/matrix-synapse-reverse-proxy-companion 2024-01-11 11:58:20 +02:00
Slavi Pantaleev
3e0e92bdf7 Do not use matrix_synapse_reverse_proxy_companion_ variables in the matrix-synapse role 2024-01-11 08:49:57 +02:00
Slavi Pantaleev
9488e3857a Put all homeservers in the matrix-homeserver container network 2024-01-05 16:49:48 +02:00
Slavi Pantaleev
015acb6d08 Add native Traefik support to matrix-synapse 2024-01-04 19:00:23 +02:00
Slavi Pantaleev
abde681b56 Clean up some matrix_nginx_proxy_proxy_matrix_metrics_* references 2024-01-04 12:49:00 +02:00
Slavi Pantaleev
54fb153acf Expose /_synapse/* APIs via matrix-synapse-reverse-proxy-companion
This also updates validation tasks and documentation, pointing to
variables in the matrix-synapse role which don't currently exist yet
(e.g. `matrix_synapse_container_labels_client_synapse_admin_api_enabled`).

These variables will be added soon, as Traefik labels are added to the
`matrix-synapse` role. At that point, the `matrix-synapse-reverse-proxy-companion` role
will be updated to also use them.
2024-01-04 11:37:17 +02:00
Michael Hollister
a66a2d2692 Added Synapse connection pool config variables 2023-12-16 19:16:05 -06:00
slikie
dee3de0bcb
bump synapse version 2023-12-13 02:25:06 +08:00
Slavi Pantaleev
2511b34a7c Stop containers gracefully, instead of outright killing them 2023-12-06 11:52:23 +02:00
Slavi Pantaleev
910166effd Upgrade Synapse (v1.96.1 -> v1.97.0) 2023-11-28 19:15:07 +02:00
Aine
743d580daa
Update synapse-s3-storage-provider
looks like newer version is required for synapse 1.96.1
2023-11-17 19:35:28 +02:00
Slavi Pantaleev
3dc77c4f9a
Upgrade Synapse (v1.96.0 -> v1.96.1) 2023-11-17 16:11:55 +02:00
renovate[bot]
35c20d7531
Update matrixdotorg/synapse Docker tag to v1.96.0 2023-11-16 20:12:41 +00:00
Aine
090737773f
Update synapse 1.95.0 -> 1.95.1 2023-10-31 17:25:34 +02:00
Slavi Pantaleev
9032170e8c Upgrade Synapse (v1.94.0 -> v1.95.0) 2023-10-24 19:09:34 +03:00
Slavi Pantaleev
01c31dd849 Enable allow_public_rooms_over_federation by default for Synapse 2023-10-23 12:11:04 +03:00
Aine
b2dd4bd1a4
Fix matrix_synapse_oidc_providers parsing 2023-10-17 12:09:30 +03:00
Slavi Pantaleev
ec3b204541
Merge branch 'master' into renovate-config 2023-10-16 18:15:53 +03:00
slikie
37195d49dc
Update main.yml 2023-10-10 19:26:37 +08:00
Samuel Meenzen
c846ed199b
Annotate version numbers with renovate metadata 2023-10-06 14:14:03 +02:00
Slavi Pantaleev
c0e56ac1c4
Make OIDC providers if check safer 2023-10-02 19:32:09 +03:00
Aine
9167a7734e
add matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers vars 2023-10-02 18:40:15 +03:00
Slavi Pantaleev
217ddad2de Add support for configuring forgotten_room_retention_period
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2918

Related to https://github.com/matrix-org/synapse/pull/15488
2023-09-28 12:54:52 +03:00
Slavi Pantaleev
e53b4424f1 Upgrade Synapse (v1.92.3 -> v1.93.0) 2023-09-26 20:16:29 +03:00
Slavi Pantaleev
7586cecedf Upgrade Synapse (v1.92.2 -> v1.92.3) 2023-09-18 18:00:15 +03:00
Slavi Pantaleev
e033520ce2 Make Synapse worker systemd service files depend on matrix-synapse.service
Many of these do depend on the Synapse master process (`matrix-synapse.service`),
so it makes sense to do it.

Furthermore, we're doing it so that one can stop the `matrix-synapse.service`
service and have systemd cascade this into stopping all the workers as well.

This is useful for easily stopping all of Synapse, so that Postgres
upgrades (`--tags=upgrade-postgres`) can happen cleanly.
Postgres upgrades currently stop `devture_postgres_systemd_services_to_stop_for_maintenance_list` which
includes Synapse, but stopping just the master process and leaving workers running is not safe enough and sometimes leads to errors like:

> ERROR:  insert or update on table "event_forward_extremities" violates foreign key constraint "event_forward_extremities_event_id"

With this dependency in place, stopping `matrix-synapse.service` will stop all Synapse processes.
2023-09-16 11:37:24 +03:00
Aine
f0e2e97aa4
Update synapse 1.92.1 -> 1.92.2 (security fix) 2023-09-15 16:10:33 +03:00
Slavi Pantaleev
ef90142720 Handle /notifications endpoint via workers
Related to https://github.com/matrix-org/synapse/pull/16265
2023-09-12 18:32:32 +03:00
Slavi Pantaleev
963e97214b Upgrade Synapse (v1.91.2 -> v1.92.1) 2023-09-12 18:32:32 +03:00
Aine
6f9dee867c
Update synapse 1.91.1 -> 1.91.2 2023-09-06 20:41:29 +03:00
saces
2000e61d31 force pull booth on :stable and :latest 2023-09-05 23:26:30 +02:00
saces
2c25648051 change image tag to version
Signed-off-by: saces <saces@c-base.org>
2023-09-05 22:35:01 +02:00
saces
c260309625 update defaults for new tools container
Signed-off-by: saces <saces@c-base.org>
2023-09-05 20:29:28 +02:00
Aine
ea7a55b7dd
Update synapse 1.91.0 -> 1.91.1 2023-09-04 18:07:17 +03:00
Aine
12f316405b
make synapse even more quiet 2023-08-31 19:32:57 +03:00
slikie
4acaeac7aa
Update synapse 1.90.0 -> 1.91.0 2023-08-30 22:31:15 +08:00
Slavi Pantaleev
b0fb3814a5 Make Synapse quieter by default
Hopefully fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2849

Related to:
- https://github.com/matrix-org/synapse/issues/16101
- https://github.com/matrix-org/synapse/issues/16208
2023-08-30 12:53:20 +03:00
Slavi Pantaleev
abdb4375db Add matrix_synapse_additional_loggers_auto and matrix_synapse_additional_loggers_custom 2023-08-30 12:53:20 +03:00
Slavi Pantaleev
cc7244c14d Fix Synapse sub-component (worker, S3, ..) uninstallation
matrix-synapse/tasks/setup_uninstall.yml would previously not run unless
Synapse was completely disabled.
2023-08-29 14:53:28 +03:00
Slavi Pantaleev
d207edb304 Deprecate matrix_synapse_spam_checker in favor of matrix_synapse_modules 2023-08-26 20:09:37 +03:00
Slavi Pantaleev
e03ec11fcf Switch mjolnir-antispam from using spam_checker to modules
`spam_checker` has been deprecated for quite a while.
While it still probably works and while newer versions of
mjolnir-antispam still use it, we should switch to the new API.
2023-08-26 20:07:40 +03:00
Slavi Pantaleev
4e08ad98b6 Upgrade mjolnir-antispam (1.4.0 -> v1.6.4) 2023-08-26 20:05:03 +03:00
slikie
68562173e7
bump synapse to v1.90.0 2023-08-15 22:37:35 +08:00
adam-kress
df406dbfd8
Update synapse 1.88.0 -> 1.89.0 2023-08-01 08:12:35 -04:00
Slavi Pantaleev
92ea048080 Add some missing install-all/install-synapse tags to Synapse role 2023-07-28 08:40:49 +03:00
Alexis Yushin
ba1d665bd9 make smtp tls configurable / optional 2023-07-27 11:26:15 +02:00
Slavi Pantaleev
64396419ba Upgrade synapse-s3-storage-provider (1.2.0 -> 1.2.1) 2023-07-18 20:40:44 +03:00
Slavi Pantaleev
2fad66a371 Upgrade Synapse (v1.87.0 -> v1.88.0) 2023-07-18 20:04:51 +03:00
Slavi Pantaleev
6d50a008bf
Merge pull request #2783 from Michael-Hollister/feature/add-matrix-media-repo
Added matrix-media-repo role
2023-07-17 08:13:16 +03:00
Michael Hollister
facaeb5abe
Document purpose of media_repo variable
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-07-13 11:03:36 -05:00
Michael Hollister
78bd1dbd1b Added matrix-media-repo role 2023-07-12 01:09:27 -05:00
Slavi Pantaleev
c09c1265e8 Stop using deprecated worker settings (worker_replication_host, worker_replication_http_port)
Related to:
- e4f545c452
- 2481b7dfa4

We've prepared for this by adding the `main` process to the `instance_map` a long time ago,
in 49cb8b7b11.
2023-07-11 17:20:21 +03:00
Slavi Pantaleev
d02f6b8b93 Force-build customized container image for Synapse when its Dockerfile changes 2023-07-06 20:18:18 +03:00
Slavi Pantaleev
8668b0d772 Do not handle ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ from workers anymore
Related to 0f02f0b4da
2023-07-04 22:14:37 +03:00
Slavi Pantaleev
13fb286dbe Upgrade Synapse (v1.86.0 -> v1.87.0) 2023-07-04 22:13:05 +03:00
Aine
2da4d81ff6
Update synapse 1.85.2 -> 1.86.0 2023-06-20 21:14:23 +03:00
Zac
f026c7cee1
Apply suggestions from code review
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-06-13 14:48:44 -05:00
cbackas
f6d260dc00 this is better 2023-06-13 11:58:19 -05:00
cbackas
0e701bbece add var to make the creds optional 2023-06-13 11:08:14 -05:00
Zac
ceda4c41cc
remove the offending lines 2023-06-13 10:22:37 -05:00
Aine
55fcbca681
Update synapse 1.85.1 -> 1.85.2 2023-06-08 18:59:31 +03:00
Slavi Pantaleev
ba868ba6c6 Upgrade Synapse (v1.85.0 -> v1.85.1) 2023-06-07 16:50:54 +03:00
Slavi Pantaleev
672b45648f Upgrade matrix-synapse-shared-secret-auth (2.0.2 -> 2.0.3) 2023-06-07 14:20:52 +03:00
Slavi Pantaleev
f320110e90 Enable com.devture.shared_secret_auth login type for matrix-synapse-shared-secret-auth by default
Now that Element v1.11.32 is out and https://github.com/vector-im/element-web/issues/19605 is fixed
(by https://github.com/matrix-org/matrix-react-sdk/pull/10975), we don't
need to force-disable this login type.
2023-06-07 14:12:38 +03:00
Slavi Pantaleev
69cece9fa3 Upgrade Synapse (v1.84.1 -> v1.85.0) 2023-06-06 13:51:25 +03:00
Luke D Iremadze
5c0279f0c9
Update roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-06-02 23:39:55 -06:00
Luke D Iremadze
2f4428bf5b
Update roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-06-02 23:39:17 -06:00
Luke D Iremadze
130c278a3c
Update roles/custom/matrix-synapse/defaults/main.yml
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-06-02 23:38:57 -06:00
Luke D Iremadze
1f0da9f744 Create hooks for user search ability 2023-06-02 12:50:46 -06:00
Aine
c36fd8cfc2
Update synapse 1.84.0 -> 1.84.1 2023-05-26 19:29:26 +00:00
Slavi Pantaleev
c55371e305 Add changelog entry for the forget_rooms_on_leave default change for Synapse
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2698
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2700
2023-05-25 09:14:09 +03:00
Aine
9350eeb9fb
update synapse 1.83.0 -> 1.84.0; set forget_rooms_on_leave = true 2023-05-23 17:33:23 +03:00
Slavi Pantaleev
b71375fac7 Disable healthcheck for Synapse workers which serve no web traffic
This was mostly affecting the stream writer (events) worker, which was
being reported as unhealthy. It wasn't causing any issues, but it just
looked odd and was confusing people.

As an alternative to hitting the regular `/health` healthcheck route (on
the "client" API which this stream writer does not expose),
we may have went for hitting some "replication" API endpoint instead.

This is more complicated and likely unnecessary.
2023-05-19 18:29:02 +03:00
Slavi Pantaleev
8fbe99ac2a Do not add main/master Synapse process to instance_map if workers are not in use
This is meant to keep the configuration tidy for non-worker setups.

Related to 49cb8b7b11
2023-05-15 07:37:25 +03:00
Slavi Pantaleev
49cb8b7b11 Add Synapse main/master process to instance map
Related to https://github.com/matrix-org/synapse/pull/15491

This doesn't hurt to be done early on, while still on Synapse v1.83.0.

We'll be able to remove the `worker_replication_*` settings later,
when Synapse v1.84.0 gets released and starts making use of the new
`main` instance in the instance map instead of looking at the
`worker_replication_*` settings.
2023-05-15 07:33:26 +03:00
Slavi Pantaleev
c1462c6277 Upgrade Synapse (v1.82.0 -> v1.83.0) 2023-05-09 21:00:09 +03:00
Slavi Pantaleev
8ef23a655d Restore --tags=import-synapse-sqlite-db support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2669

Removed in 04b9483f0d (2022-11-28) when switching from matrix-postgres to
the devture-postgres external Ansible role.
More details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role

The `import_synapse_sqlite_db.yml` file and documentation has been adapted somewhat compared to before, so that:

- it doesn't try to start Postgres automatically. You need to handle
  this part manually
- it doesn't rely on the integrated Postgres and may potentially work
  with external Postgres instances just the same
- it doesn't wipe out the whole database anymore. By default, we assume
  it's empty anyway and there's no need for such things. If it's not,
  then it's also probably dangerous to be so destructive.

This is all completely untested, but will hopefully work.
2023-05-02 13:34:42 +03:00
Slavi Pantaleev
1e1ab70965 Make use of matrix_synapse_container_network in the matrix-synapse role
It's the same as `matrix_docker_network` for now, so this practically
doesn't change anything.
2023-05-02 13:22:31 +03:00
Slavi Pantaleev
2d051679c0 Ensure instance_map.port is numeric
Fixup related to https://github.com/matrix-org/synapse/pull/15431
2023-04-25 15:26:30 +03:00
Slavi Pantaleev
c8215c98e7 Load /capabilities endpoint on workers
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2656
- e4a25d022c
2023-04-25 15:16:03 +03:00
Slavi Pantaleev
905f0214cd Load /directory/room/{roomAlias} endpoint on workers
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2656
- 4af0aec54d
2023-04-25 15:15:13 +03:00
Aine
1762fc18f3
Update synapse 1.81.0 -> 1.82.0 2023-04-25 12:04:23 +00:00
spatterlight
beb40134b7
Add support for backup LDAP servers (#2650)
* Update homeserver.yaml.j2

* Update configuring-playbook-ldap-auth.md

* Update homeserver.yaml.j2
2023-04-19 08:52:03 +03:00
Kanlas
9c75a1e20d
Fix recaptcha vars ansible-vault compatibility 2023-04-16 18:52:12 +03:00
Slavi Pantaleev
024d9ed3f3 Upgrade Synapse (v1.80.0 -> v1.81.0) 2023-04-11 17:18:58 +03:00
Aeris One
44aa0dce7b
Add ability to disable password auth (#2612)
* Add ability to disable password auth

* Allow disabling password authentication
2023-03-29 21:11:22 +03:00
Slavi Pantaleev
1fff42d930 Switch Synapse to being pulled from ghcr.io, not docker.io
Related to:

- https://github.com/matrix-org/synapse/pull/15281
- https://github.com/matrix-org/synapse/pull/15282
2023-03-28 16:26:20 +03:00