Commit Graph

1861 Commits

Author SHA1 Message Date
4aeeb5cf31 Autogenerate Discord invite link
Generates the link required to add the Bridge to a Discord server.
2019-03-03 19:33:16 +01:00
835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
6f6dff3e2b Update some Docker images 2019-03-03 12:27:43 +02:00
45618679f5 Reload systemd services when they get updated
Fixes #69 (Github Issue)
2019-03-03 11:55:15 +02:00
041a1947b3 Update Synapse (0.99.1.1 -> 0.99.2) 2019-03-02 10:03:09 +02:00
f2a2cad107 allow exposing mautrix_telegram port 2019-03-01 16:05:01 -07:00
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
8cac29a5d5 Update matrix-synapse-rest-auth (0.1.1 -> 0.1.2) 2019-02-28 11:15:26 +02:00
25bdc10617 Follow redirects for some well-known files
The Server spec says that redirects should be followed for
`/.well-known/matrix/server`. So we follow them.

The Client-Server specs doesn't mention redirects, so we don't
follow redirects there.
2019-02-25 21:03:33 +02:00
433780384e Do not use docker_container module
Using `docker_container` with a `cap_drop` argument requires
Ansible >=2.7.

We want to support older versions too (2.4), so we either need to
stop invoking it with `cap_drop` (insecure), or just stop using
the module altogether.

Since it was suffering from other bugs too (not deleting containers
on failure), we've decided to remove `docker_container` usage completely.
2019-02-25 10:42:27 +02:00
639fc0bb5c Treat empty string dig lookup responses as "missing record" 2019-02-22 18:02:10 +02:00
4c512c8e64 Upgrade mxisd (1.3.0 -> 1.3.1) 2019-02-22 15:44:13 +02:00
550d398e6c Remove some unnecessary slashes 2019-02-20 21:21:20 +02:00
d552a742f8 Fix Riot caching troubles
Some resources shouldn't be cached right now,
as per https://github.com/vector-im/riot-web/pull/8702

(note all of the suggestions from that pull request were applied,
because some of them do not seem relevant - no such files)

Fixes #98 (Github Issue)
2019-02-16 17:59:41 +02:00
350b25690d Add Riot v1.0 (v1.0.1) support 2019-02-16 11:48:17 +02:00
0f55823c5f Update Synapse (0.99.1 -> 0.99.1.1)
It's not important for us, as it only contains
some ACME-related fix.
2019-02-14 19:43:13 +02:00
eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
df76ae707a Fix inaccurate comment 2019-02-13 14:07:16 +02:00
7a1b5a2024 Update mxisd (1.2.2 -> 1.3.0) 2019-02-10 23:20:05 +02:00
42c4de348c Revert "Bind metrics on :: too"
This reverts commit 536c85619f.

Looks like binding metrics on IPv6 (`::`) fails with an error:

socket.gaierror: [Errno -2] Name does not resolve
2019-02-09 13:21:18 +02:00
08635666df Do not attempt to start coturn TLS listeners
We don't provide certificates, so it fails anyway,
but we'd rather suppress the warnings about it too.
2019-02-07 13:20:30 +02:00
f5cd916de8 Update coturn (4.5.0.8 -> 4.5.1.0) 2019-02-07 13:15:59 +02:00
536c85619f Bind metrics on :: too
For consistency with all our other listeners,
we make this one bind on the `::` address too
(both IPv4 and IPv6).

Additional details are in #91 (Github Pull Request).
2019-02-06 14:24:10 +02:00
91a757c581 Add support for reloading Synapse 2019-02-06 09:25:13 +02:00
40f3793af7 Upgrade Synapse to v0.99 and simplify dummy TLS cert logic 2019-02-06 09:17:55 +02:00
5db692f877 Remove some useless homeserver.yaml configuration 2019-02-05 14:02:01 +02:00
738c592c27 Bump Synapse version (0.34.1.1 -> 0.99.0rc4) 2019-02-05 13:33:39 +02:00
119016e858 Cache /.well-known/matrix files for longer 2019-02-05 13:06:17 +02:00
764a040a90 Make /.well-known/matrix/server optional
People who wish to rely on SRV records can prevent
the `/.well-known/matrix/server` file from being generated
(and thus, served.. which causes trouble).
2019-02-05 12:09:46 +02:00
74710427e5 Allow for the federation port (tcp/8448)'s certificate to be changed
If someone decides to not use `/.well-known/matrix/server` and only
relies on SRV records, then they would need to serve tcp/8448 using
a certificate for the base domain (not for the matrix) domain.

Until now, they could do that by giving the certificate to Synapse
and setting it terminate TLS. That makes swapping certificates
more annoying (Synapse requires a restart to re-read certificates),
so it's better if we can support it via matrix-nginx-proxy.

Mounting certificates (or any other file) into the matrix-nginx-proxy container
can be done with `matrix_nginx_proxy_container_additional_volumes`,
introduced in 96afbbb5a.
2019-02-05 12:09:46 +02:00
f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
e06e5dd208 Fix syntax breakage
Regression since 96afbbb5af
2019-02-05 12:09:33 +02:00
96afbbb5af Allow additional volumes to be mounted into matrix-nginx-proxy
Certain use-cases may require that people mount additional files
into the matrix-nginx-proxy container. Similarly to how we do it
for Synapse, we are introducing a new variable that makes this
possible (`matrix_nginx_proxy_container_additional_volumes`).

This makes the htpasswd file for Synapse Metrics (introduced in #86,
Github Pull Request) to also perform mounting using this new mechanism.
Hopefully, for such an "extension", keeping htpasswd file-creation and
volume definition in the same place (the tasks file) is better.

All other major volumes' mounting mechanism remains the same (explicit
mounting).
2019-02-05 11:46:16 +02:00
9a251e4e46 Remove some more references to localhost
Continuation of 1f0cc92b33.

As an explanation for the problem:
when saying `localhost` on the host, it sometimes gets resolved to `::1`
and sometimes to `127.0.0.1`. On the unfortunate occassions that
it gets resolved to `::1`, the container won't be able to serve the
request, because Docker containers don't have IPv6 enabled by default.

To avoid this problem, we simply prevent any lookups from happening
and explicitly use `127.0.0.1`.
2019-02-05 11:11:28 +02:00
1f0cc92b33 Use IPv4 localhost everywhere (or almost everywhere) 2019-02-04 09:49:45 -06:00
58ca2e7dfd Turn off IPv6 when using your own Nginx server
Docker apparently doesn't like IPv6.
2019-02-04 09:03:43 -06:00
52d5e540c0 Fix ownership of generated self-signed certificates (root -> matrix) 2019-02-02 17:32:13 +02:00
87e3deebfd Enable exposure of Prometheus metrics. 2019-02-01 20:02:11 +01:00
29b40b428a Database files must be stored on permanent storage 2019-02-01 11:44:06 -05:00
897cfbdcba Fix /.well-known/matrix/client installation
Regression since 51312b82
2019-02-01 17:06:49 +02:00
8681a5dc69 Add 'none' SSL certificate retrieval method 2019-02-01 16:50:25 +02:00
cd332d9b4e Add TLS v1.3 support to matrix-nginx-proxy
This was mentioned in #27 (Github Pull Request),
but it's just now that the nginx Docker image actually supports
TLS v1.3 and we can enable it.
2019-02-01 11:49:22 +02:00
a9fae8e3b1 Revert "Use native OpenSSL module to generate passkey.pem"
This reverts commit 0dac5ea508.

Relying on pyOpenSSL is the Ansible way of doing things, but is
impractical and annoying for users.

`openssl` is easily available on most servers, even by default.
We'd better use that.
2019-01-31 20:45:14 +02:00
08321ea4bb Merge pull request #87 from Plailect/master
Add support for matrix-appservice-irc
2019-01-31 20:20:32 +02:00
0dac5ea508 Use native OpenSSL module to generate passkey.pem 2019-01-31 11:38:54 -05:00
5e1d96c727 Add matrix_appservice_irc_container_expose_client_server_api_port 2019-01-31 11:20:45 -05:00
0a2a8e118c Update example configuration and documentation 2019-01-31 11:05:27 -05:00
c2b1cf7f93 Fix SSL renewal script
Regression since 299a8c4c7c
2019-01-31 09:43:09 +02:00
3a4a671dd7 Add support for matrix-appservice-irc 2019-01-31 00:37:23 -05:00
0be7b25c64 Make (most) containers run with a read-only filesystem 2019-01-29 18:52:02 +02:00