Commit Graph

865 Commits

Author SHA1 Message Date
Slavi Pantaleev
3fb016cd6b Put bots and bridges in the same network and remove a few variables
Downsides: decreasing security slightly due to less networking isolation

Benefits:

- decreased complexity
- having a generically-named `matrix-addons` network we may use for other things now (client apps, etc.)
- not exhausting the container networks pool with 2 (or more) networks and using just 1
2024-01-05 06:13:12 +02:00
Slavi Pantaleev
170f321a01 Minor sliding-sync improvements 2024-01-05 06:04:44 +02:00
Slavi Pantaleev
015acb6d08 Add native Traefik support to matrix-synapse 2024-01-04 19:00:23 +02:00
Slavi Pantaleev
abde681b56 Clean up some matrix_nginx_proxy_proxy_matrix_metrics_* references 2024-01-04 12:49:00 +02:00
Slavi Pantaleev
54fb153acf Expose /_synapse/* APIs via matrix-synapse-reverse-proxy-companion
This also updates validation tasks and documentation, pointing to
variables in the matrix-synapse role which don't currently exist yet
(e.g. `matrix_synapse_container_labels_client_synapse_admin_api_enabled`).

These variables will be added soon, as Traefik labels are added to the
`matrix-synapse` role. At that point, the `matrix-synapse-reverse-proxy-companion` role
will be updated to also use them.
2024-01-04 11:37:17 +02:00
Slavi Pantaleev
0ea3fa0e85 Add matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname to simplify wiring 2024-01-04 10:53:43 +02:00
Slavi Pantaleev
4752e7f9a0 Get rid of matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain 2024-01-04 10:27:32 +02:00
Slavi Pantaleev
e678adfeda Add root path (/) handling to matrix-synapse-reverse-proxy-companion (redirect or /_matrix/static/ serving) 2024-01-04 10:24:33 +02:00
Slavi Pantaleev
bbd9493b8f Handle /_matrix Client-Server and Federation APIs directly at matrix-synapse-reverse-proxy-companion 2024-01-03 17:05:59 +02:00
Slavi Pantaleev
e81a395a98 Drop some matrix_nginx_proxy_proxy_riot_compat_* variables
matrix-nginx-proxy is going away and this is one of the features it
offered.

This feature will have no equivalent in our new Traefik-only
setup, although it's possible to implement it manually by using
`matrix_client_element_container_labels_additional_labels`
2024-01-03 14:43:45 +02:00
Slavi Pantaleev
cc75be9c65 Add support for serving the base domain via matrix-static-files 2024-01-03 14:39:17 +02:00
Slavi Pantaleev
da48a605bb More progress on matrix-static-files role and cleaning up of matrix-base and matrix-nginx-proxy 2024-01-03 13:46:25 +02:00
Slavi Pantaleev
065b70203d [WIP] Initial work on matrix-static-files role 2024-01-03 13:05:59 +02:00
Slavi Pantaleev
128a7b82d5 Switch mautrix-instagram from matrix-nginx-proxy to matrix-homeserver-proxy
This is completely untested.
2024-01-03 09:25:05 +02:00
Slavi Pantaleev
feaf1ee7e7 Switch mautrix-whatsapp from matrix-nginx-proxy to matrix-homeserver-proxy 2024-01-02 17:41:36 +02:00
Slavi Pantaleev
20c7cabfe4 Switch mautrix-discord from matrix-nginx-proxy to matrix-homeserver-proxy 2024-01-02 17:22:23 +02:00
Slavi Pantaleev
77b0ef4799 Add Traefik support to Hookshot 2024-01-02 17:10:26 +02:00
Slavi Pantaleev
4a6287c528 Initial work on matrix-homeserver-proxy role and eliminating matrix-nginx-proxy
This is still very far from usable.

Various bridges and bots are still talking to
`matrix-nginx-proxy` instead of the new `matrix-homeserver-proxy` role.
These services need to be reworked. While reworking them,
various cleanups are being done as well as adding Traefik-labels to
those that need them.
2024-01-02 16:07:40 +02:00
Pierre 'McFly' Marty
811c6b1af5
Merge branch 'spantaleev:master' into 3031-feat-add-signalgo-bridge 2023-12-26 09:39:46 +01:00
Aine
87a74335f9
add automatic registration of chatgpt bot's user (if password is provided) 2023-12-23 13:30:39 +02:00
Slavi Pantaleev
11ee949e9e Add native Traefik support to matrix-corporal (HTTP API) 2023-12-23 10:36:20 +02:00
Pierre 'McFly' Marty
055406b255
Merge branch 'spantaleev:master' into 3031-feat-add-signalgo-bridge 2023-12-22 16:48:06 +01:00
Slavi Pantaleev
e7a911a7fa Add note about matrix_nginx_proxy_proxy_media_repo_enabled 2023-12-22 09:18:44 +02:00
Slavi Pantaleev
ce013a325c Remove duplicate matrix_media_repo_identifier definition from group_vars/matrix_servers
`matrix_media_repo_identifier` is already defined in the role defaults,
which is a better role to have it anyway.
2023-12-22 08:43:30 +02:00
Michael Hollister
0908c6b662 Added Traefik support to MMR 2023-12-20 13:38:46 -06:00
Pierre 'McFly' Marty
c93b642f90
doc: check typo 2023-12-18 16:51:35 +01:00
Pierre 'McFly' Marty
2f6525ccb3
refactor: remove signalgo and update signal to 'after merge' 2023-12-18 16:38:52 +01:00
Pierre 'McFly' Marty
0e4c878ee3
Merge branch 'spantaleev:master' into 3031-feat-add-signalgo-bridge 2023-12-16 12:34:56 +01:00
Slavi Pantaleev
dbf1a685bf Do not connect Hookshot to Redis unless encryption is enabled
It seems like connectivity is problematic, even though the networks
appear to be configured correctly:

> [ioredis] Unhandled error event: Error: connect ECONNREFUSED 172.22.0.2:6739
> at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1595:16)

For now, I disable pointing the queue host to Redis to avoid it.
It should be investigated.

People who enable Hookshot's new experimental encryption may encounter
this also.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042
2023-12-16 09:54:09 +02:00
Slavi Pantaleev
94c1503a60 Add support for experimental encryption in Hookshot
Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042

commit 49932b8f3c17c4c4db7a884658c42f9a8b0550ca
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:21:31 2023 +0200

    Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml

    Also, this task always does work and side-effects, so it should always report changes
    (`changed_when: true`).

commit 6bdf7a9dcb73385313a1f34d52e27ad0cf95fb3e
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:12:41 2023 +0200

    Add Hookshot validation task to ensure queue settings are set when encryption is enabled

commit 8c531b7971b5dfd15ca541b5072b3eb8237cdcf9
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:10:17 2023 +0200

    Add missing variables rewiring in group_vars/matrix_servers for Hookshot

commit 7d26dabc2fe692f5e1236c0e250f85996f3fd0c2
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:08:19 2023 +0200

    Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port

commit 74f91138c92f1d1b69eb973803b882849e31a259
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:06:17 2023 +0200

    Fix syntax for connecting to additional networks for Hookshot

commit ca7b41f3f2d0c2900b2805294476f70e82461304
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:05:28 2023 +0200

    Fix indentation and remove unnecessary if-statements

commit ac4a918d58fc76e7332446a65609b56c5e4da00c
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:04:44 2023 +0200

    Add missing --network for Hookshot

    This seems to have been removed by accident.

commit 6a81fa208fca28951fc131cbf33b95ec78748a40
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:02:47 2023 +0200

    Make automatic Redis enabling safer, when Hookshot encryption enabled

    If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled.

commit 75a8e0f2a6cbf1562cb99c68ad1f20e4d47735ed
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:01:10 2023 +0200

    Fix typo

commit 98ad182eaccc7ab457ead4e03cc0d4f2a525a47d
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:37:40 2023 +0100

    Add defaults for Hookshot's encryption

commit 29fa9fab151f513908d3e45882003da107a63c93
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:35:11 2023 +0100

    Improve wording of Hookshot's encryption section

commit 4f835e0560012754d7ce0b56619a97c68a297992
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:28:52 2023 +0100

    use safer mount options for the container's files

commit 8c93327e25c5e6af2442c676d5f264d4051c80e2
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:26:01 2023 +0100

    fix filename

commit 03a7bb6e7798dd95f7894311e4dd34dfa09f70fa
Merge: e55d7694 06047763
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:23:44 2023 +0100

    Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption

commit 06047763bbd427dde117c6635ac7301198571158
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:15:54 2023 +0100

    Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

    change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host

    Co-authored-by: Slavi Pantaleev <slavi@devture.com>

commit e55d769465bd299081464e68d34851729d42d5ff
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:13:50 2023 +0100

    clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency

commit 66706e4535704deba63e5aa2102f324f9b14dae3
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:08:20 2023 +0100

    Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

    fix for a typo

    Co-authored-by: Slavi Pantaleev <slavi@devture.com>

commit f6aaeb9a16f84409d31188e696885afed89fbdcc
Merge: e5d34002 869dd33f
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 00:22:34 2023 +0100

    Merge branch 'master' into HarHarLinks/hookshot-encryption

commit e5d34002fd6c39c3e18df04e20d0c8b25475db78
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 00:09:27 2023 +0100

    Add Jinja loop to allow adding multiple networks

commit 69f947782d6e072c3edc4ee4c7d5ccf69eccf3fd
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Thu Dec 14 23:52:41 2023 +0100

    split if statements for the message queue and experimental encryption support into seperate statements

commit 4c13be1c89ffb1b06475c7da546f7956e67b36a1
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Thu Dec 14 23:31:19 2023 +0100

    change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551)

commit 9905309aa9448f91297f8c7618bf62682eee2af7
Author: HarHarLinks <kim.brose@rwth-aachen.de>
Date:   Wed Nov 1 16:14:04 2023 +0100

    amend docs

commit 94abf2d5bde63919c6b5597f3142eea5fed73815
Author: HarHarLinks <kim.brose@rwth-aachen.de>
Date:   Wed Nov 1 16:05:22 2023 +0100

    draft encryption support for hookshot
2023-12-16 09:23:35 +02:00
Slavi Pantaleev
f4806aadcb Make "just install-service nginx-proxy" properly restart it 2023-12-16 08:39:23 +02:00
Pierre 'McFly' Marty
c028d75f9e
fix: sqlite backend is sqlite3-fk-wal 2023-12-15 23:08:25 +01:00
Pierre 'McFly' Marty
173286470c
fix: signalgo starts properly 2023-12-14 22:30:25 +01:00
Pierre 'McFly' Marty
a42aacb41c
fix: remove unsued signalgo-daemon.service 2023-12-14 21:44:14 +01:00
Pierre 'McFly' Marty
0f7b89523f
feat: enroll signalgo to nginx proxy 2023-12-14 18:23:55 +01:00
Slavi Pantaleev
7cf713f591 Switch from devture_traefik_container_additional_networks to devture_traefik_container_additional_networks_auto
Related to e3375d56f3
2023-12-05 09:17:20 +02:00
Aine
5bc8903422
fix included postgres role name in matrix_servers 2023-11-19 16:00:34 +02:00
Slavi Pantaleev
c0595d6e44 Add explicit names for roles (affects their install paths) 2023-11-19 14:08:03 +02:00
Chikage
7d668a488e add self-build for matrix_user_verification
Currently v3.0.0 tested with no issues.
So remove matrix_user_verification_service_docker_image from groups_vars.

/.npm must be writable or an error will be reported.
2023-11-08 04:35:24 +09:00
Slavi Pantaleev
670ae6f602 Upgrade Jitsi (v8960-2 -> v8960-3) and pass jitsi_user_username explicitly
It would work even without explicitly passing `jitsi_user_username` as
auto-detection logic will run. Passing it explicitly spares the Jitsi
role some work.

Related to:

- https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/pull/2
- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2974#issuecomment-1784256903
2023-10-31 08:33:36 +02:00
Aine
ffc2aef0b2
fix jitsi auth (w/ auth; w/o auth), closes #2589 2023-10-26 22:34:08 +03:00
Slavi Pantaleev
29b62f77a5 Upgrade Postgres (v16.0-5 -> v16.0-6) - adds auto-tuning 2023-10-18 08:24:52 +03:00
Slavi Pantaleev
dc9ff4e01b Add support for external-IP-address-autodetection to Coturn 2023-10-10 11:10:21 +03:00
Slavi Pantaleev
5bc6ca2af5 Switch from devture_postgres_systemd_services_to_stop_for_maintenance_list to devture_postgres_systemd_services_to_stop_for_maintenance_list_auto
Only available since v16.0-2 of the Postgres role.
2023-09-16 11:41:07 +03:00
Slavi Pantaleev
bff851c858 Properly stop all services when doing Postgres maintenance, not just the homeserver 2023-09-16 11:39:39 +03:00
Slavi Pantaleev
35294046b4
Do not enable SchildiChat by default
Related to #2851 

Fixes #2861
2023-09-01 12:02:57 +03:00
Aine
86655db995
add SchildiChat client 2023-08-30 19:23:52 +03:00
Slavi Pantaleev
a036987ba4 Do not define devture_traefik_provider_configuration_extension_yaml in group_vars/matrix_servers
`devture_traefik_provider_configuration_extension_yaml` should not be
set automatically by the playbook. It's a variable to be used by users.

Moreover, setting for for everyone (not just people who have additional JVBs)
means that for most people the following error will be produced:

> 'dict object' has no attribute 'jitsi_jvb_servers'

.. as detailed in https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2844

Fixes a regression introduced in: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842
2023-08-25 15:44:51 +03:00
Antonis Christofides
242e0ee829 Proxy additional JVBs through traefik (fixes #2721)
Traefik wasn't proxying /colibri-ws/jvb-X/ to additional jvbs. This
fixes it.

This contribution is provided by GRNET S.A. (grnet.gr).
2023-08-24 18:07:50 +03:00
Johan Swetzén
4299d4ebd5
wsproxy for Android SMS (#2261)
* Inital work, copeid from mautrix-amp PR

* Some fixes leftover code copeid over from whatsapp

* Got it to run and register

* Fixed service issue with docker image

* I now realize I need 2 roles wsproxy and imessage

* Got someting working, still rough

* Closer to working but still not working

* reverting ports

* Update main.yml

* Add matrix-nginx-proxy config for mautrix-wsproxy

* Changed

* Add back file

* fix for error hopefully

* Changed the the way nginx was recieved

* basically did not add anything ugh

* Added some arguments

* just trying stuff now

* Ugh i messed up port number

* Changed docs

* Change dns config

* changed generic secret key

* Testing new nginx proxy

* test

* Fix linting errors

* Add mautrix syncproxy to wsproxy for Android SMS

* WIP

* Move wsproxy to custom

* Squashed commit of the following:

commit 943189a9aa
Merge: 4a229d68 f5a09f30
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sun Nov 13 08:54:32 2022 +0200

    Merge pull request #2259 from throny/patch-3

    warn users about upgrading to pg15 when using borg

commit 4a229d6870
Merge: 9b326e08 c68def08
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sun Nov 13 08:53:13 2022 +0200

    Merge pull request #2260 from etkecc/patch-117

    Update ntfy 1.28.0 -> 1.29.0

commit f5a09f30b7
Author: throny <m.throne12@gmail.com>
Date:   Sat Nov 12 23:48:57 2022 +0100

    Update maintenance-postgres.md

commit b12cdbd99d
Author: throny <m.throne12@gmail.com>
Date:   Sat Nov 12 23:40:46 2022 +0100

    Update maintenance-postgres.md

commit c68def0809
Author: Aine <97398200+etkecc@users.noreply.github.com>
Date:   Sat Nov 12 22:01:31 2022 +0000

    Update ntfy 1.28.0 -> 1.29.0

commit adbc09f152
Author: throny <m.throne12@gmail.com>
Date:   Sat Nov 12 11:20:43 2022 +0100

    warn users about upgrading to pg15 when using borg

* Fix linting errors

* Cleanup after merge

* Correct outdated variable names

* Enable both Android and iMessage with wsproxy

* Restructure wsproxy service defs and nginx config

* Fix linter errors

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Fix comments for documentation, volumes and ports

* Correct mount syntax

* Complete network and traefik support for wsproxy

* Remove wsproxy data_path

* Fix wsproxy service definitions

* Actually include syncproxy service

* Remove wsproxy PathPrefix, it needs a subdomain

There's no setting in the iMessage bridge that allows a path.
Also don't bind port by default, wsproxy has no TLS.
Syncproxy should never expose a port, it's only internal.

---------

Co-authored-by: hanthor <jreilly112@gmail.com>
Co-authored-by: Miguel Alatzar <miguel@natrx.io>
Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 15:05:32 +03:00
Catalan Lover
a9518e721a
Add Arm64 as valid prebuilt container architecture for Draupnir 2023-08-21 15:10:57 +02:00
Samuel Meenzen
e01a6f2972 fix: recursive loop detected in template string error 2023-08-11 08:46:03 +00:00
Samuel Meenzen
837cca4ee1 Move sliding sync url logic out of matrix-client.j2 2023-08-11 08:13:49 +00:00
Slavi Pantaleev
ae12ab5c24 Rename variable (matrix_client_element_jitsi_preferredDomain -> matrix_client_element_jitsi_preferredDomain) 2023-08-10 15:57:29 +03:00
Slavi Pantaleev
f3445c124c Fix Traefik support for matrix-user-verification-service
Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1655758296
2023-07-28 17:26:27 +03:00
Julian-Samuel Gebühr
14f7eed932
Update matrix-registration-bot, improve authentication config (#2723)
* Adjust to new mrb docker versioning

* Stabilze authentication

* fix lint

* Move & document mrb password usage

* Add clean cache role

* Document clean cache

* Fix lint

* Update CHANGELOG.md

* Automate access tokens

* Improve changelog

* Make use of mrb's function to fetch API tokens

* Adjust changelog

* Use ansible.builtin.file to clear directory

* Fix typo

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-07-24 13:57:06 +03:00
ThellraAK
2153c310f7
Update matrix_servers 2023-07-21 05:49:52 -08:00
ThellraAK
eea143e6eb
Shortened gmessages salt
The salts need to be shorter than 16 chars
2023-07-21 05:47:51 -08:00
Shreyas Ajjarapu
5ea6aa3e50
Added Google Messager Bridge (#2794)
* intial commit

* changed

* Reorderd

* merge old changes

* added changes to matrix_servers

* Remove duplicate discord

* Update main.yml

* added google message to configuring-playbook.md

* Changed docs to add new changes

* Changed bug?

* Removed problem j2 values

* Rename a service files

* change how password hash string

* Changed port number

* Change how the local part works

* Revert "Merge pull request #8 from shreyasajj/wsproxy"

This reverts commit bb1b8fc67ca39f63ca77e70077be99cb2b32c4de, reversing
changes made to cce6ba5f9d74f89172488afc8b1ef124031de8c1.

---------

Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com>
2023-07-21 14:33:52 +03:00
Slavi Pantaleev
60c34d701a Use prebuilt container images for matrix-sliding-sync on ARM64
As mentioned in https://github.com/matrix-org/sliding-sync/issues/31#issuecomment-1640321110
images are available for arm64 already.
2023-07-18 18:16:11 +03:00
Slavi Pantaleev
95bfa4e87e
Put matrix-media-repo.service in the matrix-media-repo group
Making the group match the Ansible task tags allows people to do `just install-service matrix-media-repo` and have that trigger both `--tags=matrix-media-repo` and also restart just that single group (`matrix-media-repo`).
2023-07-17 08:11:23 +03:00
Slavi Pantaleev
bc0b73dd70
Improve if condition for including Postgres in matrix_media_repo_systemd_required_services_list 2023-07-17 08:07:49 +03:00
Michael Hollister
73edde3992 Replaced additional hardcoded service names with identifer variable 2023-07-13 23:12:24 -05:00
Michael Hollister
28fa644c30 Removed redeclration of matrix_media_repo_identifier 2023-07-13 21:19:07 -05:00
Michael Hollister
d565c1607b
Replaced hard coded string with identifier variable
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-07-13 11:06:59 -05:00
Michael Hollister
78bd1dbd1b Added matrix-media-repo role 2023-07-12 01:09:27 -05:00
Slavi Pantaleev
704a9abd9b Fix file path in comment
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2746
2023-06-18 08:54:55 +03:00
Antonis Christofides
cfc845b45e Ensure docker is installed on additional JVBs (fixes #2706)
This contribution is provided by GRNET S.A. (grnet.gr).
2023-06-17 15:04:35 +03:00
Antonis Christofides
2191136369 Enable jitsi_jvb service on additional JVB (fixes #2708)
This contribution is provided by GRNET S.A. (grnet.gr).
2023-06-17 15:04:35 +03:00
Antonis Christofides
6ce94ba33f Fix additional JVB broken after move to external Jitsi role (fixes #2733)
This contribution is provided by GRNET S.A. (grnet.gr).
2023-06-17 15:04:35 +03:00
Slavi Pantaleev
b5d5e49235 Move Honoroit metrics from /honoroit/metrics to /metrics/honoroit
This restores consistency with other services.

Related to 8f903fa621
2023-05-19 19:33:22 +03:00
Slavi Pantaleev
018e620ee8 Default matrix_bot_honoroit_path_prefix to /honoroit to avoid conflicts with Matrix Client-Server API 2023-05-18 10:10:47 +03:00
Slavi Pantaleev
9d77950cd8 Adjust bot group names, so that they match the install/setup tags
Previously `just install-service buscarron` would not fully work,
because:

- the systemd services were indeed tagged with `buscarron`

- however, the actual installation tasks are not
  `install-buscarron`/`setup-buscarron`, but rather
  `install-bot-buscarron`/`setup-bot-buscarron`

Services are now tagged with the `bot-` prefix to match the tags.
2023-05-18 09:43:19 +03:00
Slavi Pantaleev
4546410f6a Restore matrix-nginx-proxy connectivity to the Jitsi container network
Regression since 1d00d15482
2023-04-10 15:15:32 +03:00
Kabir Kwatra
fdab05fa0a
fix(traefik): only include federation endpoint if port is new 2023-04-04 02:31:49 +00:00
Slavi Pantaleev
812b395aa9 Remove various systemd services from matrix-nginx-proxy Wanted list when not proxied via nginx
If Traefik is used, these are not Wanted services.
2023-04-03 08:59:43 +03:00
Slavi Pantaleev
1d00d15482 Switch to exported Jitsi role 2023-04-03 08:53:46 +03:00
Slavi Pantaleev
76197df3bc Add some additional groups to client systemd services
This allows for doing `just install-service client-element` to get only
Element rebuilt and restarted.
2023-03-28 16:57:50 +03:00
Aine
15ce377235
honoroit - add matrix_bot_honoroit_hostname into group vars 2023-03-23 19:09:34 +02:00
Aine
0b18f03195
honoroit - add proper networking configuration and traefik labels 2023-03-23 19:06:16 +02:00
Slavi Pantaleev
14b8efcad2 Replace matrix-prometheus with an external Prometheus role 2023-03-21 07:38:12 +02:00
Slavi Pantaleev
1b6a85e485 Do not consider prometheus-exporters as part of the prometheus group
This makes us rebuild/restart exporters when running `just install-service prometheus`,
which we don't like.
2023-03-20 15:09:04 +02:00
Slavi Pantaleev
220d80ac3a Move matrix-aux outside of this playbook 2023-03-20 11:06:27 +02:00
Aine
88dc5e0de0
migrate prometheus-node-exporter's var 2023-03-18 10:26:29 +02:00
Array in a Matrix
dd1712d457
fix typo
i was sleepy lol
2023-03-18 03:43:12 -04:00
array-in-a-matrix
f1c0321a8c add relay api database for dendrite 2023-03-18 03:22:30 -04:00
Slavi Pantaleev
4c1db32ef9 Rename some Dendrite variables to improve consistency 2023-03-14 08:52:15 +02:00
Slavi Pantaleev
7422337c26 Add missing matrix-synapse-auto-compressor.timer in systemd service list 2023-03-12 10:18:33 +02:00
Slavi Pantaleev
26d5719df4 Make matrix-synapse-auto-compressor live in its own container network
It will, additionally, be connected to the devture-postgres network, if
devture-postgres is enabled.
2023-03-12 10:18:33 +02:00
Slavi Pantaleev
ca69fce648 Add missing group vars for matrix-synapse-auto-compressor 2023-03-12 10:18:33 +02:00
Slavi Pantaleev
b28d779c6c Add matrix-synapse-auto-compressor section in group_vars/matrix_servers 2023-03-12 09:48:46 +02:00
Slavi Pantaleev
023fe3ea08 Add sliding-sync support
This allows people to try out the new Element X clients, which need to
run against the sliding-sync proxy (https://github.com/matrix-org/sliding-sync).

Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2515

The code is based on the existing PR (#2515), but heavily reworked. Major changes:

- lots of internal refactoring and variable renaming

- fixed self-building to support non-amd64 architectures

- changed to talk to the homeserver locally, over the container network (not
  publicly)

- no more matrix-nginx-proxy support due to complexity (see below)

- no more `matrix_server_fqn_sliding_sync_proxy` in favor of
  `matrix_sliding_sync_hostname` and `matrix_sliding_sync_path_prefix`

- runs on `matrix.DOMAIN/sliding-sync` by default, so it can tried
  easily without having to create new DNS records
2023-03-07 11:57:56 +02:00
Slavi Pantaleev
30f1034767 Remove matrix_playbook_traefik_role_enabled variable and devture-traefik references
The variable was necessary when multiple playbooks could have
potentially tried to manage a shared `devture-traefik.serivce` systemd service
and shared `/devture-traefik` directory.

Since adcc6d9723, we use our own `/matrix/traefik`
(`matrix-traefik.service`) installation and no conflicts can arise.
It's safe to always enable the role, just like we do with all the other roles.
2023-03-06 09:51:14 +02:00
Slavi Pantaleev
adcc6d9723 Relocate Traefik (to matrix-traefik.service && /matrix/traefik base path)
The migration is automatic. Existing users should experience a bit of
downtime until the playbook runs to completion, but don't need to do
anything manually.

This change is provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2535

While my statements there ("Traefik is a shared component among
sibling/related playbooks and should retain its global
non-matrix-prefixed name and path") do make sense, there's another point
of view as well.

With the addition of docker-socket-proxy support in bf2b540807,
we potentially introduced another non-`matrix-`-prefixed systemd service
and global path (`/devture-container-socket-proxy`). It would have
started to become messy.

Traefik always being called `devture-traefik.service` and using the `/devture-traefik` path
has the following downsides:

- different playbooks may write to the same place, unintentionally,
  before you disable the Traefik role in some of them.
  If each playbook manages its own installation, no such conflicts
  arise and you'll learn about the conflict when one of them starts its
  Traefik service and fails because the ports are already in use

- the data is scattered - backing up `/matrix` is no longer enough when
  some stuff lives in `/devture-traefik` or `/devture-container-socket-proxy` as well;
  similarly, deleting `/matrix` is no longer enough to clean up

For this reason, the Traefik instance managed by this playbook
will now be called `matrix-traefik` and live under `/matrix/traefik`.

This also makes it obvious to users running multiple playbooks, which
Traefik instance (powered by which playbook) is the active one.
Previously, you'd look at `devture-traefik.service` and wonder which
role was managing it.
2023-03-06 09:34:31 +02:00
Slavi Pantaleev
bf2b540807 Harden Traefik security by accessing the Docker API through docker-socket-proxy
With these changes, we:

- install https://github.com/Tecnativa/docker-socket-proxy via the
  https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role

- make Traefik access the Docker API via TCP by connecting to this
  socket proxy

- .. which allows us to run the Traefik container with less privileges
  (non-`root`, dropped capabilities)
2023-03-06 09:11:02 +02:00
Slavi Pantaleev
10b5350370 Add Traefik support to Go-NEB bot
Completely untested.
2023-03-03 10:40:45 +02:00
Slavi Pantaleev
f8966cd8da Default etherpad_hostname to matrix_server_fqn_etherpad for backward compatibility 2023-03-03 09:47:13 +02:00
Slavi Pantaleev
124fbeda04 Switch to using an external Etherpad role
This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.
2023-03-02 22:50:13 +02:00
Slavi Pantaleev
b0845984b3 Only enable Traefik certs dumper if the ACME certificate resolver for Traefik is enabled
If someone disables ACME, then they're using their own certificates
somehow. There's nothing to dump from an `acme.json` file.
2023-03-01 09:45:16 +02:00
Slavi Pantaleev
f7149103e4 Remove matrix_playbook_traefik_certs_dumper_role_enabled in favor of just devture_traefik_certs_dumper_enabled
We don't need these 2 roughly-the-same settings related to the
traefik-certs-dumper role.

For Traefik, it makes sense, because it's a component used by the
various related playbooks and they could step onto each other's toes
if the role is enabled, but Traefik is disabled (in that case, uninstall
tasks will run).

As for Traefik certs dumper, the other related playbooks don't have it,
so there's no conflict. Even if they used it, each one would use its own
instance (different `devture_traefik_certs_dumper_identifier`), so there
wouldn't be a conflict and uninstall tasks can run without any danger.
2023-03-01 09:31:48 +02:00
Slavi Pantaleev
b388a01ab7 Wire all certResolver variables to devture_traefik_certResolver_primary
This allows people wishing to change or unset the resolver,
to have a single variable which they can toggle.

Unsetting the resolver is useful for using your own certificates
(not coming from a certificate resolver).
2023-02-27 17:09:19 +02:00
Slavi Pantaleev
9e7415afa2 Ensure Buscarron is part of the Postgres network 2023-02-27 17:07:44 +02:00
Slavi Pantaleev
058a54fd05 Add native Traefik support to Dimension 2023-02-26 23:06:36 +02:00
Slavi Pantaleev
b84f25309b Add matrix_homeserver_container_network 2023-02-26 22:09:37 +02:00
Slavi Pantaleev
d20ff688db Add native Traefik support to Sygnal 2023-02-26 11:03:42 +02:00
Slavi Pantaleev
348dd8e76b Remove double space 2023-02-25 19:37:35 +02:00
Slavi Pantaleev
725b2beed7 Add native Traefik support to Buscarron 2023-02-25 15:50:48 +02:00
Slavi Pantaleev
bc5dda2b3a Reorder some Buscarron default variables and fix some typos
Fixes a regression introduced in 0220c851e8
2023-02-25 15:11:23 +02:00
Slavi Pantaleev
0220c851e8 Add multiple container networks support to Buscarron 2023-02-25 15:03:03 +02:00
Slavi Pantaleev
233e253264 Add native Traefik support to rageshake 2023-02-25 13:46:42 +02:00
Slavi Pantaleev
306679103b Require self-building of rageshake for arm64
There are no arm64 images published.. yet
2023-02-25 12:32:19 +02:00
Slavi Pantaleev
55f43dcc6d Fixup matrix-rageshake section in group vars 2023-02-25 12:09:23 +02:00
Benjamin Kampmann
40f037b36d Add rageshake server 2023-02-24 16:55:49 +01:00
Slavi Pantaleev
5e7f30a129 Fix appservice-discord/appservice-slack/appservice-webhooks port troubles with external reverse-proxy
Continuation of 6cda711
2023-02-19 11:20:58 +02:00
Slavi Pantaleev
632026513e Add matrix_synapse_uid, matrix_synapse_gid and matrix_synapse_username 2023-02-17 17:16:50 +02:00
Slavi Pantaleev
990a6369e1 Switch to using an external Redis role 2023-02-17 16:23:59 +02:00
Slavi Pantaleev
964aa0e84d Switch to using an external Ntfy role
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.

The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.

The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
2023-02-17 09:54:33 +02:00
Slavi Pantaleev
e80b98c3ad Do not mount SSL certificates into Coturn if TLS is disabled for it 2023-02-16 09:22:29 +02:00
Slavi Pantaleev
bb7895678c Fix typo 2023-02-15 11:48:27 +02:00
Slavi Pantaleev
7c5826f1c3 Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role
Wiring happens via `group_vars/matrix_servers` now.
2023-02-15 10:52:25 +02:00
Slavi Pantaleev
1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev
94124263a7 Add matrix_prometheus_container_network/matrix_prometheus_container_additional_networks 2023-02-15 08:56:11 +02:00
Slavi Pantaleev
c85d48c45c Remove Traefik labels for Hydrogen & Cinny from matrix-nginx-proxy
Related to 6a52be7987 and 28e7ef9c71f02
2023-02-14 22:46:34 +02:00
Slavi Pantaleev
f28e7ef9c7 Add (native) Traefik support to matrix-client-cinny
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2023-02-14 11:29:53 +02:00
Slavi Pantaleev
6a52be7987 Add (native) Traefik support to matrix-client-hydrogen
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Serving at a path other than `/` doesn't work well yet.
2023-02-14 09:58:35 +02:00
Slavi Pantaleev
e51e4eec09 Add (native) Traefik support to matrix-client-element
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2023-02-13 19:03:20 +02:00
Slavi Pantaleev
b2d8718233 Fix synapse-admin reverse-proxying regression for "playbook-managed-nginx"
Regression since 3d9aa8387e
2023-02-13 16:08:59 +02:00
Slavi Pantaleev
6cda711c0b Fix incorrect host_bind_port syntax (extra :) affecting certain deployments
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2474

Seems like this affected all "own webserver" deployments, which required
port exposure.

`playbook-managed-traefik` and `playbook-managed-nginx` were not affected.
2023-02-13 15:38:24 +02:00
Slavi Pantaleev
3d9aa8387e Add (native) Traefik support to synapse-admin
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.
2023-02-13 15:08:42 +02:00
Aine
33b4f7031b
restore borg prefixes 2023-02-13 10:44:42 +00:00
Slavi Pantaleev
266195ab45 Upgrade backup_borg (v1.2.3-1.7.5-1 -> v1.2.3-1.7.6-0)
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472
2023-02-13 12:26:49 +02:00
Slavi Pantaleev
23f7720247 Add missing backup_borg_base_path override 2023-02-13 11:44:19 +02:00
Slavi Pantaleev
38904c08b0 Wire backup_borg_username
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
2023-02-13 11:01:54 +02:00
Slavi Pantaleev
78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
Slavi Pantaleev
972043cfaf Fix trying to start devture-traefik when not necessarily enabled
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2465
2023-02-12 17:14:25 +02:00
Slavi Pantaleev
f1a1ce8a91
Merge pull request #2464 from spantaleev/traefik
Reverse-proxy configuration changes and initial Traefik support
2023-02-12 16:05:56 +02:00
Slavi Pantaleev
b3f6436a0d Do not enable the Traefik role when reverse-proxy = other-traefik-container 2023-02-12 15:50:18 +02:00
Catalan Lover
be471250dd
Move services that crash without hs connectivity to after proxy. 2023-02-11 17:58:19 +01:00
Slavi Pantaleev
94be74e633 Improve traefik-certs-dumper defaults for other-traefik-container setups
We'd like to auto-enable traefik-certs-dumper for these setups.

`devture_traefik_certs_dumper_ssl_dir_path` will be empty though,
so the role's validation will point people in the right direction.
2023-02-11 08:54:07 +02:00
Slavi Pantaleev
f37a7a21f1 Delay Postmoogle startup to help Traefik-based setups 2023-02-11 08:53:32 +02:00
Slavi Pantaleev
8309a21303 Rename reverse proxy types and fix Hookshot http/https urlPrefix issue 2023-02-11 08:44:11 +02:00
Slavi Pantaleev
97f65e8dff Minor fixes to allow for Traefik without SSL 2023-02-10 19:36:06 +02:00
Slavi Pantaleev
28d2eb593c Add matrix_playbook_reverse_proxy_type variable which influences all other services 2023-02-10 16:04:34 +02:00
Slavi Pantaleev
06ccd71edc Merge branch 'master' into traefik 2023-02-10 14:37:59 +02:00
Slavi Pantaleev
01ccec2dbe Merge branch 'master' into pr-jitsi-matrix-authentication 2023-02-10 14:12:47 +02:00
Slavi Pantaleev
7cdf59d79b
Merge pull request #2451 from FSG-Cat/draupnir
Add Draupnir support to the project.
2023-02-10 11:43:30 +02:00
Slavi Pantaleev
a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Catalan Lover
7b42ff4b75
Finalise moving draupnir to a fully testable state. 2023-02-08 18:55:08 +01:00
Slavi Pantaleev
88a26758e1 Merge branch 'master' into traefik 2023-02-08 18:48:10 +02:00
Slavi Pantaleev
c71567477a Stop using deprecated matrix_bot_postmoogle_domain variable in group vars 2023-02-08 18:48:01 +02:00
Slavi Pantaleev
1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Slavi Pantaleev
9a71a5696b Allow Postmoogle to work with SSL certificates extracted from Traefik 2023-02-08 16:45:03 +02:00
Slavi Pantaleev
ddf6b2d4ee Handle matrix_playbook_reverse_proxy_type being "none" when deciding on Coturn certificate parameters 2023-02-08 16:24:43 +02:00
Slavi Pantaleev
d44d4b637f Allow Coturn to work with SSL certificates extracted from Traefik 2023-02-08 16:06:46 +02:00
Slavi Pantaleev
c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
2023-02-08 16:05:38 +02:00
Paul N
96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2.
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2023-02-06 15:26:08 +01:00
Paul N
d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll
6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N
1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N
50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N
07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll
0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll
f53731756d Change comment
Applying the assumption, that synapse is always managed by this playbook.
2023-02-06 12:15:54 +01:00
Slavi Pantaleev
8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
jakicoll
94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
Slavi Pantaleev
f983604695 Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev
be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev
d7c0239e40 Enable metrics endpoint for mautrix bridges by default when Prometheus is enabled
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427

This just enables the endpoint, which is somewhat helpful, but not
really enough to scrape them. Ideally, we'd be injecting these targets
into the Prometheus scrape config too.
For now, registering targets with Prometheus is very manual
(`matrix_prometheus_scraper_postgres_enabled`, `matrix_prometheus_scraper_hookshot_enabled`, ..).
This should be redone - e.g. a new `matrix_prometheus_scrape_config_jobs_auto` variable,
which is dynamically built in `group_vars/matrix_servers`.
2023-01-30 08:53:28 +02:00
Slavi Pantaleev
9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00
Slavi Pantaleev
4e40ac5ad8
Merge pull request #2227 from xangelix/add-matrix-mautrix-slack-role
Add matrix-bridge-mautrix-slack role
2023-01-11 10:35:45 +02:00
Slavi Pantaleev
ddfab60427 Enable self-building for chatgpt for arm32 2023-01-10 17:20:50 +02:00
Slavi Pantaleev
8d3ce50d1b Disable chatgpt from group_vars/matrix_servers by default 2023-01-10 17:20:33 +02:00
bertybuttface
0ec1868b95 Add matrix-bot-chatgpt.
Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
2023-01-10 13:57:38 +00:00
Thomas Baer
c86720eeae
convert to list from generator
selectattr() returns a generator object, an iterator. This leads to an exception later, lists can't concated to iterators, only to other lists. So '| list' converts the iterator to a list and the script runs happily.
2023-01-05 14:10:06 +01:00
jakicoll
42e4e50f5b Matrix Authentication Support for Jitsi
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.

1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
2023-01-04 14:27:16 +01:00
Cody Wyatt Neiman
2e0dfb2dc1
Update slack bridge implementation 2023-01-02 20:07:04 -05:00
Cody Wyatt Neiman
784e5492d5
Add matrix-bridge-mautrix-slack role 2023-01-02 19:13:17 -05:00
Samuel Meenzen
0179b0f165
Remove conduit workaround
Conduit update 0.5.0 fixed the issue, so this is no longer needed.
2022-12-21 18:28:34 +01:00
Matthew Cengia
3453fff901
Use upstream Docker image for amd64 rather than self-build 2022-12-11 21:25:43 +11:00
Slavi Pantaleev
da82c3bd4f
Merge pull request #2327 from ikkemaniac/fix-nginxlog-prometheus
fix: nginxlog prometheus config port
2022-12-08 13:15:34 +02:00
ikkemaniac
e6fc6b7a86 fix: nginxlog prometheus config port 2022-12-08 01:10:05 +01:00
ikkemaniac
8ef6341fd7 fix: systemd entry 2022-12-08 00:02:54 +01:00
ikkemaniac
8ebf18a885
add prometheus-nginxlog-exporter role (#2315)
* add prometheus-nginxlog-exporter role

* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname

* avoid referencing variables from other roles, handover info using group_vars/matrix_servers

* fix: stop service when uninstalling

fix: typo

move available arch's into a var

fix: text

* fix: prometheus enabled condition

Co-authored-by: ikkemaniac <ikkemaniac@localhost>
2022-12-07 16:58:36 +02:00
Slavi Pantaleev
0a018ac22b Add internal Postgres instance (if enabled) to postgres-backup dependencies 2022-11-30 11:22:00 +02:00
Slavi Pantaleev
d5ea17d66f Make postgres-backup priority start later 2022-11-30 11:18:39 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev
de979bc6a2 Upgrade com.devture.ansible.role.postgres 2022-11-30 09:42:06 +02:00
Slavi Pantaleev
4b2d30a474 Fix matrix_dendrite_client_api_turn_shared_secret not being defined
Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2290
2022-11-28 18:33:18 +02:00
Slavi Pantaleev
81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev
7b43ef34b7 Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00
Slavi Pantaleev
3d5d843418 Replace some devture_postgres_identifier instances with devture_postgres_connection_hostname 2022-11-27 08:31:54 +02:00
Slavi Pantaleev
eedf5ad94d Remove some hardcoded matrix-postgres references 2022-11-27 08:23:43 +02:00
Slavi Pantaleev
04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00
Slavi Pantaleev
018a609e47 Simplify matrix_postgres_backup_databases definition
Related to 71de7cd8cd
2022-11-26 18:57:45 +02:00
Slavi Pantaleev
71de7cd8cd Simplify matrix_backup_borg_postgresql_databases definition
There was no need to add `synapse` to the list manually
and then add all other additional databases.

When the `synapse` database was the main database, this made sense.
Since a long time ago already, ALL databases are "additional" databases,
so the `synapse` database is part of that list.

We could additional add the main (`matrix`) database to this list,
but there's probably no point in backing that one up.
2022-11-26 18:53:54 +02:00
Array in a Matrix
504d4a4134
Add dendrite captcha config to doc and hCaptcha (#2290)
* added dendrite captcha options

* added hcaptcha doc

* proper url

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update main.yml

* renamed captcha vars to new naming scheme

* change vars to new format

* Rename back some incorrect renamed variables

These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9

* Fix up naming inconsistencies

Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.

* Add validation/deprecation for renamed Dendrite variables

Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-11-26 09:27:43 +02:00
Slavi Pantaleev
34c01da9d2 Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.

After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.

These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.

The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).

Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):

> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
Slavi Pantaleev
4d881477a3 Add matrix_homeserver_enabled variable
We need this to control whether `('matrix-' + matrix_homeserver_implementation + '.service')`
would get injected into `devture_systemd_service_manager_services_list_auto`
2022-11-23 16:56:39 +02:00
Slavi Pantaleev
1bd3a27acd Do not try to enable non-enableable matrix_ssl_renewal_systemd_units_list 2022-11-23 13:00:15 +02:00
Slavi Pantaleev
f696928b7d Fix variable typos 2022-11-23 12:18:35 +02:00
Slavi Pantaleev
ccfaefa4d2 Add service groups 2022-11-23 11:45:47 +02:00
Slavi Pantaleev
93d4f8d425 Replace matrix-common-after systemd service management with com.devture.ansible.role.systemd_service_manager 2022-11-23 11:45:46 +02:00
Slavi Pantaleev
360e643f84 Add service priorities - try to stop/start them in an optimal order 2022-11-23 11:45:46 +02:00
Slavi Pantaleev
0ea7cb5d18 Remove various init.yml files - initialize systemd services, etc., statically (not at runtime) 2022-11-23 11:45:46 +02:00
Aine
b8b5acdb16
fix user creator role 2022-11-22 15:46:00 +02:00
Slavi Pantaleev
d8f2141eb0 Install Docker via geerlingguy.docker Galaxy role 2022-11-22 09:01:26 +02:00
Slavi Pantaleev
e9e84341a9 Reverse-proxy to Synapse via matrix-synapse-reverse-proxy-companion
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
2022-11-20 16:43:33 +02:00
Slavi Pantaleev
424de93f82 Remove useless matrix_nginx_proxy_synapse_presence_disabled variable definition 2022-11-20 11:13:23 +02:00
Aine
eec7970689
update postmoogle 0.9.8 -> 0.9.9 2022-11-19 00:55:03 +02:00
Aine
06eb186729
add matrix_etherpad_mode 2022-11-05 09:17:47 +02:00
Aine
9b97957022
Merge branch 'master' into make-etherpad-great-again 2022-11-04 17:36:15 +02:00
Aine
a86cb2336a
etherpad - do not request ssl cert for subdomain if dimension is installed 2022-11-04 17:16:29 +02:00
Slavi Pantaleev
04c6c11561 Install ntpd/systemd-timesync via com.devture.ansible.role.timesync 2022-11-04 16:34:23 +02:00
Slavi Pantaleev
c3a7237de7 Initial work on using externally defined roles 2022-11-04 14:58:28 +02:00
Aine
83c40fce15
standalone etherpad 2022-11-04 11:36:10 +02:00
Samuel Meenzen
752d2ba8d0
Update matrix_servers 2022-11-02 20:39:14 +01:00
Samuel Meenzen
c330b85de3
Merge branch 'spantaleev:master' into mautrix-discord-restricted-rooms-config 2022-11-02 20:36:04 +01:00
Slavi Pantaleev
eaa9b7cfc4 Add automatic user account creation support to Buscarron
Continuation of c3dc64b1d5
2022-11-01 17:03:53 +02:00
Slavi Pantaleev
c3dc64b1d5 Add matrix-user-creator role - automatic user account creation support
We no longer ask users to create Matrix user accounts for these bots:

- Postmoogle
- Honoroit
- Reminder Bot

Other bots and services (matrix-registration-bot, maubot, mjolnir,
Dimension, etc.) require an Access Token to run (not a password),
so this new role doesn't help for them.

It does help for the above bots though, and for defining your own
"initial user accounts" in the `matrix_user_creator_users_additional`
variable.
2022-11-01 16:22:58 +02:00
Slavi Pantaleev
cada3ef48b Use pre-built image for Hookshot on arm64 2022-10-31 12:47:10 +02:00
Slavi Pantaleev
7fb45a507d Make --tags=run-postgres-vacuum and --tags=upgrade-postgres not assume Synapse
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2211
2022-10-28 17:40:12 +03:00
Slavi Pantaleev
3694bf1d18
Merge pull request #2198 from etkecc/buscarron-130
update buscarron 1.2.1 -> 1.3.0
2022-10-25 22:05:22 +03:00
Slavi Pantaleev
06d4ca0f4e
Merge pull request #2197 from etkecc/postmoogle-098
update postmoogle 0.9.7 -> 0.9.8
2022-10-25 22:03:59 +03:00
Aine
12fe1f417c
update buscarron 1.2.1 -> 1.3.0 2022-10-25 18:39:39 +03:00
Aine
a22d5b1726
update postmoogle 0.9.7 -> 0.9.8 2022-10-25 18:26:57 +03:00
Aine
145a57a7b8
update honoroit 0.9.15 -> 0.9.16 2022-10-25 18:25:07 +03:00
Slavi Pantaleev
0b44ec19b4 Do not override matrix_postgres_import_roles_to_ignore/matrix_postgres_import_databases_to_ignore in group_vars
These values that we were setting also make sense in the context of the
`matrix-postgres` role even when not used within the playbook.
2022-10-21 10:01:22 +03:00
Jim Myhrberg
a47ce70cd2
fix(goofys): fix synapse systemd unit file to correctly require goofys
On Debian 10 (buster) at least, while the Synapse systemd service unit
was referring to Goofys as "matrix-goofys" without a ".service" suffix,
systemd was ignoring the goofys dependency, starting Synapse before
Goofys. All other dependant units which work are using the ".service"
suffix.

This generally leads to the mount path goofys using having been
populated by Synapse before Goofys starts, causing it to fail due to the
mount target not being empty.

The fix seems to be to ensure that the Synapse service unit refers to
Goofys as "matrix-goofys.service".

This change causes the following two lines in
"/etc/systemd/system/matrix-synapse.service":

    Requires=matrix-goofys
    After=matrix-goofys

To be changed to:

    Requires=matrix-goofys.service
    After=matrix-goofys.service
2022-10-11 00:43:22 +01:00
Samuel Meenzen
1d024975d6 Automatically set restricted_rooms to false on conduit 2022-10-10 07:10:15 +00:00
Slavi Pantaleev
aff7ca2426 Upgrade appservice-slack (1.11.0 -> 2.0.1)
This also disables self-building on arm64, since it's no longer
necessary: https://github.com/matrix-org/matrix-appservice-slack/pull/656
2022-10-06 16:39:07 +03:00
Slavi Pantaleev
b67ba669e8
Merge pull request #2038 from TheOneWithTheBraid/braid/matrix-ldap-registration-proxy
Draft: feat: include matrix_ldap_registration_proxy
2022-10-02 09:23:25 +03:00
Julian-Samuel Gebühr
41e1da2ff4
Make registration proxy independent of other roles, document (#7)
* Make registration proxy independent of other roles, document

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix yml issues

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Remove undefined variable (as service HAS to be exposed

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add registration endpint

Defines the registration endpoint that should be intercepted/forwarded to the proxy

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add image name

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
2022-09-29 18:00:14 +02:00
Slavi Pantaleev
f623cf3550 Only download Grafana dashboard URLs for enabled services
If someone is using Dendrite and enabling Grafana, we'll no longer
download Synapse dashboards.

If someone is not using node-exporter, we'll no longer download node
exporter dashboards.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2133
2022-09-26 08:46:10 +03:00
Slavi Pantaleev
6c928d87ca Configure Grafana's default_home_dashboard_path properly
Using `matrix_synapse_*` variables within the `matrix-grafana` role
is not a good practice.

We now have a `matrix_grafana_default_home_dashboard_path` variable
with a good universal default value and we override it via
`group_vars/matrix_servers` based on enabled components, etc.

This is a better fix for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2133
2022-09-26 08:23:54 +03:00
Slavi Pantaleev
3d2547329e Add missing else clause to inline if
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2103

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2104
2022-09-15 13:14:31 +03:00
Slavi Pantaleev
5f3f460cda Restore support for appservice and user_dir workers 2022-09-15 10:06:56 +03:00
Slavi Pantaleev
226c550ffa Add support for stream writer Synapse workers
As stream writer workers are also powered by the `generic_worker`
Synapse app, this necessitated that we provide means for distinguishing
between them and regular `generic_workers`.

I've also taken the time to optimize nginx configuration generation
(more Jinja2 macro usage, less duplication).

Worker names have also changed.
Workers are now named sequentially like this:
- `matrix-synapse-worker-0-generic`
- `matrix-synapse-worker-1-stream-writer-typing`
- `matrix-synapse-worker-2-pusher`

instead of `matrix-synapse-worker_generic_worker-18111` (indexed with a
port number).

People who modify `matrix_synapse_workers_enabled_list` directly will
need to adjust their configuration.
2022-09-15 08:10:04 +03:00
Julian-Samuel Gebühr
b6fee92f0e Avoid cross-referencing of variables in role, move to group vars 2022-09-13 16:39:15 +00:00
Julian-Samuel Gebühr
42230b6765 Make role enabled in role but turn it off in group vars 2022-09-13 16:39:15 +00:00
Slavi Pantaleev
f12206676f Upgrade Synapse (v1.66.0 -> 1.67.0) and remove frontend_proxy workers
`frontend_proxy` workers have been superseded by `generic_worker` workers.
Related to https://github.com/matrix-org/synapse/pull/13645
2022-09-13 15:45:50 +03:00
Slavi Pantaleev
d6bd39c79d Add missing quotes
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089
2022-09-09 15:18:57 +03:00
Julian-Samuel Gebühr
5825a0c919
Cactus comments (#2089)
* Add construct for cactus comments role

* Adjust config files

* Add docker self build to defaults

* Adjust tasks

* Fix smaller syntax errors

* Fix env argument

* Add tmp path to allow container writing there

Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir

* Change port back to 5000 as not configurable in container

* Try to add appservice config file for synapse to use

* Inject appservice file

* Correct copied variable name

* Comment out unused app service file injection

would need mounting the appservice file to the synapse container i guess

* Move role before synapse to be able to inject during runtime

* Remove unused parts

* Change default user id to mirror official docs

* Add docs

* Update roles/matrix-cactus-comments/tasks/setup_install.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Generate secrets if necessary, adjust docs

* Rename cactusbot userid

* Shorten salt strings

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Use tmpfs instead of persistent mount

* Remove proxy option as it is nonsense

* Add download and serving of cc-client files

* Add documentation on client

* Clarify docs a bit

* Add nginx proxy to required services

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Use container address

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Correct comment of user id

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Use releases or local distributed client

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Move homeserver url to defaults

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Correct truth value

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add documentation of variables

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Tabs vs. spaces

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Make nginx root configurable

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Complete ake nginx root configurable

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix file permission

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix lint errors

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-09-09 14:37:52 +03:00
Aine
692a7af36a
postmoogle feedback 2022-09-09 13:19:25 +03:00
Aine
b92ff748e4
Update Postmoogle 0.9.0 -> 0.9.1 2022-09-09 10:47:00 +03:00
Shaleen Jain
0300c0e96e Update dendrite 0.9.5 -> 0.9.6
Remove appservice database setup/config as the latest update no longer requires it.
2022-09-02 09:31:17 +05:30
Slavi Pantaleev
8e0e9fa878 Deprecate matrix_synapse_account_threepid_delegates_email before Synapse v1.66.0
This is done in anticipation of this option's removal in the
upcoming Synapse v1.66.0 release (likely tomorrow).

See: https://matrix-org.github.io/synapse/v1.66/upgrade.html#delegation-of-email-validation-no-longer-supported
2022-08-30 18:51:35 +03:00
Shaleen Jain
f674afe5e8
appservice: add and use homeserver_container_* vars (#2045)
* appservice: add and use matrix_homeserver_* vars

* appservice: use the new vars

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-24 08:38:12 +03:00
Slavi Pantaleev
447b9313d7
Merge pull request #2043 from etkecc/add-postmoogle
add postmoogle
2022-08-23 13:58:39 +03:00
Aine
e764ab165f
Update group_vars/matrix_servers
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-23 10:25:32 +00:00
Aine
9c2a8addee
add postmoogle 2022-08-22 20:10:35 +03:00