feat: add automatic creation of reverse-proxy routing

docs/configuring-playbook-synapse.md

@@ -55,22 +55,3 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
 ## Synapse + OpenID Connect for Single-Sign-On
 
 If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
-
-In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
-
-```
- - idp_id: keycloak
-        idp_name: "Keycloak"
-        issuer: "https://url.ix/auth/realms/x"
-        client_id: "matrix"
-        client_secret: "{{ vault_synapse_keycloak }}"
-        scopes: ["openid", "profile"]
-        authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
-        token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
-        userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
-        user_mapping_provider:
-          config:
-            display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
-            email_template: "{%raw}{{ user.email }}{% endraw %}"
-```
-

roles/matrix-awx/tasks/backup_server.yml

@@ -54,6 +54,10 @@
     validate_certs: yes
   tags: use-survey
 
+- name: Run export.sh if this job template is run by the client
+  command: /bin/sh /root/export.sh
+  tags: use-survey
+
 - name: Include vars in matrix_vars.yml
   include_vars:
     file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
@@ -66,28 +70,8 @@
     mode: '0660'
   tags: use-survey
 
-- name: Run initial backup of /matrix/ and snapshot the database simultaneously 
+- name: Perform the borg backup
-  command: "{{ item }}" 
+  command: borgmatic
-  with_items:
-    - borgmatic -c /root/.config/borgmatic/config_1.yaml
-    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
-  register: _create_instances
-  async: 3600  # Maximum runtime in seconds.
-  poll: 0  # Fire and continue (never poll)
-  when: matrix_awx_backup_enabled|bool
-
-- name: Wait for both of these jobs to finish
-  async_status:
-    jid: "{{ item.ansible_job_id }}"
-  register: _jobs
-  until: _jobs.finished
-  delay: 5  # Check every 5 seconds.
-  retries: 720  # Retry for a full hour.
-  with_items: "{{ _create_instances.results }}"
-  when: matrix_awx_backup_enabled|bool
-
-- name: Perform borg backup of postgres dump
-  command: borgmatic -c /root/.config/borgmatic/config_2.yaml
   when: matrix_awx_backup_enabled|bool
 
 - name: Set boolean value to exit playbook

roles/matrix-awx/tasks/export_server.yml

@@ -1,33 +0,0 @@
-
-- name: Run export of /matrix/ and snapshot the database simultaneously 
-  command: "{{ item }}" 
-  with_items:
-    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
-    - /bin/sh /usr/local/bin/awx-export-service.sh 0 1
-  register: _create_instances
-  async: 3600  # Maximum runtime in seconds.
-  poll: 0  # Fire and continue (never poll)
-
-- name: Wait for both of these jobs to finish
-  async_status:
-    jid: "{{ item.ansible_job_id }}"
-  register: _jobs
-  until: _jobs.finished
-  delay: 5  # Check every 5 seconds.
-  retries: 720  # Retry for a full hour.
-  with_items: "{{ _create_instances.results }}"
-
-- name: Schedule deletion of the export in 24 hours
-  at:
-    command: rm /chroot/export/matrix*
-    count: 1
-    units: days
-    unique: yes
-
-- name: Set boolean value to exit playbook
-  set_fact:
-    end_playbook: true
-
-- name: End playbook if this task list is called.
-  meta: end_play
-  when: end_playbook is defined and end_playbook|bool

roles/matrix-awx/tasks/import_awx.yml

@@ -1,4 +1,15 @@
 
+- name: Ensure /matrix/awx is empty
+  shell: rm -r /matrix/awx/*
+  ignore_errors: yes
+
+- name: Ensure /matrix/synapse is empty
+  shell: rm -r /matrix/synapse/*
+  ignore_errors: yes
+
+- name: Extract from /chroot/export
+  shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
+
 - name: Ensure correct ownership of /matrix/awx
   shell: chown -R matrix:matrix /matrix/awx
 

roles/matrix-awx/tasks/main.yml

@@ -26,15 +26,6 @@
   tags:
     - backup-server
 
-# Perform a export of the server
-- include_tasks: 
-    file: "export_server.yml"
-    apply:
-      tags: export-server
-  when: run_setup|bool and matrix_awx_enabled|bool
-  tags:
-    - export-server
-
 # Create a user account if called
 - include_tasks: 
     file: "create_user.yml"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.1.57
+matrix_client_hydrogen_version: v0.1.56
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-grafana/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.0.2
+matrix_grafana_version: 8.0.0
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.36.0
+matrix_synapse_version: v1.35.1
-matrix_synapse_version_arm64: v1.36.0
+matrix_synapse_version_arm64: v1.35.1
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2977,4 +2977,19 @@ redis:
   password: {{ matrix_synapse_redis_password }}
 
 
+# Enable experimental features in Synapse.
+#
+# Experimental features might break or be removed without a deprecation
+# period.
+#
+experimental_features:
+  # Support for Spaces (MSC1772), it enables the following:
+  #
+  # * The Spaces Summary API (MSC2946).
+  # * Restricting room membership based on space membership (MSC3083).
+  #
+  # Uncomment to disable support for Spaces.
+  #spaces_enabled: false
+
+
 # vim:ft=yaml

roles/matrix-synapse/vars/workers.yml

@@ -51,9 +51,6 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
-  - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
-  - ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
-  - ^/_matrix/client/(api/v1|r0|unstable)/search$
 
   # Registration/login requests
   - ^/_matrix/client/(api/v1|r0|unstable)/login$