Commit Graph

5252 Commits

Author SHA1 Message Date
265dc2949d Added example Caddyfiles for the containers 2019-04-16 19:36:03 +02:00
9c401efb2d Add a note about beta/pre-release distros 2019-04-16 13:10:31 +03:00
c1a9549d54 Mention matrix_coturn_turn_external_ip_address in examples/hosts 2019-04-16 13:10:31 +03:00
ed00b0a77c Merge pull request #135 from lpopov/master
Add additional room config options
2019-04-16 12:53:03 +03:00
eab8f31eed Add additional room config options:
- matrix_enable_room_list_search - Controls whether searching the public room list is enabled.
 - matrix_alias_creation_rules - Controls who's allowed to create aliases on this server.
 - matrix_room_list_publication_rules - Controls who can publish and which rooms can be published in the public room list.
2019-04-16 12:40:38 +03:00
9d0a42083c Merge pull request #134 from NullIsNot0/master
Make Dimension communicate to Synapse through Docker network
2019-04-14 20:01:43 +03:00
596f2ec1e2 Make Dimension communicat to Synapse through Docker network
Media is pulled from client side, so we specify external Matrix DNS name as mediaUrl
2019-04-14 16:09:29 +03:00
382e53bdee Make examples/hosts look cleaner
Putting a lot of comments inbetween `[matrix-servers]` and the example
host line may make someone decide to clean up the comment
and accidentally skip-over the `[matrix-servers]` part.
2019-04-11 09:54:42 +03:00
9a05b030cb Fix unknown tag error when generating Goofys service
`{% matrix_s3_media_store_custom_endpoint_enabled %}` should have
been `{% if matrix_s3_media_store_custom_endpoint_enabled %}` instead.

Related to #132 (Github Pull Request).
2019-04-10 08:45:52 +03:00
bec59c06bb Update images 2019-04-09 09:33:24 +03:00
901516d806 Update matrix-corporal (1.3.0 -> 1.4.0) 2019-04-06 12:34:15 +03:00
590a26a6ea Merge pull request #132 from console-cowboy/goofys-custom-endpoint
Goofys Custom Endpoint Support
2019-04-05 14:19:24 +03:00
6cc6638098 revert 3953705682
that's not how it works
2019-04-05 06:01:58 -04:00
3953705682 add custom endpoint environment variable 2019-04-05 05:56:36 -04:00
3ffb03f20e missing whitespace 2019-04-05 05:54:58 -04:00
c55e49d733 add custom endpoint to matrix-goofys.service.j2
This (should) check if custom endpoint is enabled.
2019-04-05 05:48:31 -04:00
b5fbec8d83 add goofys custom
Creates the configuration variable to toggle custom endpoint and the default custom endpoint.
2019-04-05 05:33:38 -04:00
841b525e7f Suggest ansible_ssh_pipelining=yes for hosts 2019-04-05 11:06:49 +03:00
af1c9ae59d Do not force firewalld on people
In most cases, there's not really a need to touch the system
firewall, as Docker manages iptables by itself
(see https://docs.docker.com/network/iptables/).

All ports exposed by Docker containers are automatically whitelisted
in iptables and wired to the correct container.

This made installing firewalld and whitelisting ports pointless,
as far as this playbook's services are concerned.

People that wish to install firewalld (for other reasons), can do so
manually from now on.

This is inspired by and fixes #97 (Github Issue).
2019-04-03 11:37:20 +03:00
0b034ac34b Update changelog 2019-04-03 11:28:51 +03:00
9202b2b8d9 Ensure systemd services are running when doing --tags=start
Fixes #129 (Github Issue).

Unfortunately, we rely on `service_facts`, which is only available
in Ansible >= 2.5.

There's little reason to stick to an old version such as Ansible 2.4:
- some time has passed since we've raised version requirements - it's
time to move into the future (a little bit)
- we've recently (in 82b4640072) improved the way one can run
Ansible in a Docker container

From now on, Ansible >= 2.5 is required.
2019-04-03 11:19:06 +03:00
82b4640072 Use a more suitable Docker image for running Ansible
Inspired by #128 (Github Issue), we've created a new Docker image
to replace https://hub.docker.com/r/qmxme/ansible

Adding dnspython or dig to `qmxme/ansible` doesn't seem like a good
idea (that might be accepted by them), given that it's specific to our
use case. That's why we'll be maintaining our own image from now on.
2019-04-03 10:28:23 +03:00
810f745a8a Merge pull request #131 from NullIsNot0/master
Update Riot Web from 1.0.5 to 1.0.6
2019-04-02 10:03:06 +03:00
64556569da Update Riot Web from 1.0.5 to 1.0.6 2019-04-02 07:20:25 +03:00
631b7cc6a6 Add support for adjusting Synapse rate-limiting configuration 2019-04-01 21:40:14 +03:00
77359ae867 Synchronize Synapse config with the sample from 0.99.3 2019-04-01 21:22:05 +03:00
95e4234dca Update nginx (1.15.9 -> 1.15.10) 2019-04-01 19:54:53 +03:00
14d87e593b Merge pull request #130 from aaronraimist/synapse-0.99.3
Update Synapse (0.99.2 -> 0.99.3)
2019-04-01 19:54:22 +03:00
c6f1f7aa23 Update Synapse (0.99.2 -> 0.99.3) 2019-04-01 11:26:46 -05:00
c4a5fc3862 Merge pull request #126 from bibz/master
Specify that cron is likely required on the server (fixes #125)
2019-03-23 12:58:14 +02:00
60b0ba379b Update riot-web (1.0.4 -> 1.0.5) 2019-03-22 20:36:23 +02:00
d9c6884b6a Update mautrix-telegram (0.4.0 -> 0.5.1) 2019-03-22 18:50:41 +02:00
cbd629e7ea Specify that cron is likely required on the server
When using Let's Encrypt SSL certificates, a cronjob is set up to
automatically renew them. Though it does require a `cron`-compatible
program on the server.

This fixes the error that is caused by the `/etc/cron.d` directory
not existing and the `ansible-cron` module trying to write out a
file there -- without checking if the directory exists first.
2019-03-22 17:44:24 +01:00
73af8f7bbb Make self-check not validate self-signed certificates
By default, `--tags=self-check` no longer validates certificates
when `matrix_ssl_retrieval_method` is set to `self-signed`.

Besides this default, people can also enable/disable validation using the
individual role variables manually.

Fixes #124 (Github Issue)
2019-03-22 09:41:08 +02:00
1939fc9113 Improve documentation a bit 2019-03-19 18:23:54 +02:00
59e37105e8 Add TLS support to Coturn 2019-03-19 10:24:39 +02:00
018aeed5e9 Add support for mounting additional volumes to matrix-coturn 2019-03-19 09:16:30 +02:00
a50ea0f0a9 Update riot-web (1.0.3 -> 1.0.4) 2019-03-19 08:00:48 +02:00
8660cd421e Add example Apache configuration for Dimension
Discussed in #121 (Github Issue).
2019-03-18 21:17:42 +02:00
d18fe3610f Fix syntax problems in example Apache configuration
Related to #121 (Github Issue)
2019-03-18 20:45:20 +02:00
24cf27c60c Isolate Coturn from services in the default Docker network
Most (all?) of our Matrix services are running in the `matrix` network,
so they were safe -- not accessible from Coturn to begin with.

Isolating Coturn into its own network is a security improvement
for people who were starting other services in the default
Docker network. Those services were potentially reachable over the
private Docker network from Coturn.

Discussed in #120 (Github Pull Request)
2019-03-18 17:41:14 +02:00
c6858d2a08 Define matrix_coturn_turn_external_ip_address in the playbook group vars
This is more explicit than hiding it in the role defaults.

People who reuse the roles in their own playbook (and not only) may
incorrectly define `ansible_host` to be a hostname or some local address.

Making it more explicit is more likely to prevent such mistakes.
2019-03-18 17:04:40 +02:00
0bc751261d Merge pull request #120 from Cadair/turn_config
Add config options to turnserver.conf
2019-03-18 17:00:50 +02:00
e367a2d0de Add nulls for quotas as well 2019-03-18 11:58:52 +00:00
9d236c5466 Add defaults for ips 2019-03-18 11:44:40 +00:00
c0dc56324a Add config options to turnserver.conf 2019-03-18 11:18:30 +00:00
221703f257 Merge pull request #118 from verb/systemctl
Use common path for systemctl in lets encrypt cron
2019-03-17 20:55:40 +02:00
d5d9a03234 Merge pull request #119 from aaronraimist/update-homeserver-yaml
Update homeserver.yaml with some new options we could enable
2019-03-17 20:54:54 +02:00
e65514223e Merge branch 'master' into update-homeserver-yaml 2019-03-17 20:53:52 +02:00
2f1662626e Use |to_json for matrix_synapse_push_include_content
Doing this for consistency.

Related to #117 (Github Pull Request).
2019-03-17 20:51:12 +02:00