Commit Graph

52 Commits

Author SHA1 Message Date
027056e027 Fix weird path creation
Fixes #403 (Github Issue).
2020-03-18 18:24:30 +02:00
063e988db2 Make gradle installation fail in a friendlier way on CentOS 2020-03-15 11:26:24 +02:00
2b85fde103 Rename some variables for consistency 2020-03-15 10:15:27 +02:00
8fe97abe7d Wire matrix_container_images_self_build to self_build variables via group_vars/matrix_servers
This keeps the roles cleaner and more independent of matrix-base,
which may be important for people building their own playbook
out of the individual roles and not using the matrix-base role.
2020-03-15 10:10:41 +02:00
2d537484d5 introduce variable 2020-03-14 19:16:29 +01:00
3c8535c3bc check ansible version for self-building in every role 2020-03-08 19:17:10 +01:00
a5d94eec0b refactor variable names 2020-03-08 00:28:14 +01:00
310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
f28c7b71d2 build mxisd for rapsberry pi 2020-02-21 18:08:24 +01:00
86eff45e8b uri.follow_redirects is now a string field 2020-01-22 15:36:54 -06:00
e81837a586 Undo some formatting changes 2019-10-22 10:57:16 +03:00
1df3d53243 Verbose logging should be off per default 2019-10-21 20:47:23 +02:00
9728bdffee Undo auto formatting 2019-10-21 20:41:45 +02:00
852fceb33f Add documentation 2019-10-21 20:11:00 +02:00
c3fb7ebf4c Add variable for mxisd verbose logging 2019-10-21 20:06:57 +02:00
a1afafeb35 Upgrade mxisd (1.4.5 -> 1.4.6) 2019-08-15 09:36:04 +03:00
d262028d82 Upgrade mxisd (1.4.4 -> 1.4.5) 2019-06-11 20:19:15 -05:00
7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
328d981b05 Fix undefined variables in mxisd and Dimension configuration 2019-06-07 11:46:35 +03:00
35892286a1 Upgrade mxisd (1.4.3 -> 1.4.4) 2019-05-30 17:22:39 +03:00
ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
9c23d877fe Fix docker_image option for ansible < 2.8 2019-05-22 05:43:33 -05:00
db15791819 Add source option to docker_image to fix deprecation warning 2019-05-21 10:29:12 -05:00
3982f114af Fix CONDITIONAL_BARE_VARS deprecation warning in ansible 2.8 2019-05-21 10:25:59 -05:00
ae7c8d1524 Use SyslogIdentifier to improve logging
Reasoning is the same as for matrix-org/synapse#5023.

For us, the journal used to contain `docker` for all services, which
is not very helpful when looking at them all together (`journalctl -f`).
2019-05-16 09:43:46 +09:00
25d3b315de Fix case of the mxisd ldap.connection.baseDNs option in comment 2019-05-14 22:38:21 +02:00
953ae021ba Upgrade mxisd (1.4.2 -> 1.4.3) 2019-05-14 08:22:10 +09:00
5f2f17cb1e Merge pull request #160 from danbob/fix-matrix-mxisd-config
Fix template indentation
2019-05-08 08:01:00 +03:00
c451025134 Fix indentation in templates
Use Jinja2 lstrip_blocks option in templates to ensure consistent
indentation in generated files.
2019-05-07 21:23:35 +02:00
3abed49764 Fix jinja config for indented code blocks 2019-05-07 06:02:38 -05:00
07e7d518d5 Revert "Fix template indentation"
This reverts commit 172d59ba05.
2019-05-07 05:57:20 -05:00
172d59ba05 Fix template indentation 2019-05-03 10:37:14 -05:00
75b1528d13 Add the possibility to pass extra flags to the docker container 2019-04-30 16:35:18 +02:00
00ec22688a Upgrade mxisd (1.4.1 -> 1.4.2)
Looks like we may not have to do this,
since 1.4.2 fixes edge cases for people who used the broken
1.4.0 release.

We jumped straight to 1.4.1, so maybe we're okay.
Still, upgrading anyway, just in case.
2019-04-28 10:15:46 +03:00
ed442af96f Update mxisd (1.3.1 -> 1.4.1) 2019-04-27 16:28:40 -05:00
73af8f7bbb Make self-check not validate self-signed certificates
By default, `--tags=self-check` no longer validates certificates
when `matrix_ssl_retrieval_method` is set to `self-signed`.

Besides this default, people can also enable/disable validation using the
individual role variables manually.

Fixes #124 (Github Issue)
2019-03-22 09:41:08 +02:00
93992f7756 Fix indenting of generators value 2019-03-08 10:50:51 +01:00
f297ff506b Explain how to set the template variables 2019-03-07 13:34:07 +01:00
0cd8b99b00 Add support for custom MXISD templates 2019-03-07 13:28:00 +01:00
45618679f5 Reload systemd services when they get updated
Fixes #69 (Github Issue)
2019-03-03 11:55:15 +02:00
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
4c512c8e64 Upgrade mxisd (1.3.0 -> 1.3.1) 2019-02-22 15:44:13 +02:00
7a1b5a2024 Update mxisd (1.2.2 -> 1.3.0) 2019-02-10 23:20:05 +02:00
0be7b25c64 Make (most) containers run with a read-only filesystem 2019-01-29 18:52:02 +02:00
b77b967171 Merge branch 'master' into non-root-containers 2019-01-29 18:00:11 +02:00
9830a0871d Fix self-check for mxisd not being enabled 2019-01-28 11:47:31 +02:00
316d653d3e Drop capabilities in containers
We run containers as a non-root user (no effective capabilities).

Still, if a setuid binary is available in a container image, it could
potentially be used to give the user the default capabilities that the
container was started with. For Docker, the default set currently is:
- "CAP_CHOWN"
- "CAP_DAC_OVERRIDE"
- "CAP_FSETID"
- "CAP_FOWNER"
- "CAP_MKNOD"
- "CAP_NET_RAW"
- "CAP_SETGID"
- "CAP_SETUID"
- "CAP_SETFCAP"
- "CAP_SETPCAP"
- "CAP_NET_BIND_SERVICE"
- "CAP_SYS_CHROOT"
- "CAP_KILL"
- "CAP_AUDIT_WRITE"

We'd rather prevent such a potential escalation by dropping ALL
capabilities.

The problem is nicely explained here: https://github.com/projectatomic/atomic-site/issues/203
2019-01-28 11:22:54 +02:00
ba75ab496d Send Host/X-Forwarded-For to mxisd
It worked without it too, but doing this is more consistent with the
mxisd recommendations.
2019-01-17 16:22:49 +02:00
cb11548eec Use mxisd for user directory searches
Implements #77 (Github issue).
2019-01-17 15:55:23 +02:00
df0d465482 Fix typos in some variables (matrix_mxid -> matrix_mxisd) 2019-01-17 14:47:37 +02:00